Your privacy and the associated protection of your data is an important concern for us. This data protection statement explains how we handle your choices regarding the collection, use and disclosure of certain information - your personal data - in relation to our online offers. It goes without saying that we therefore take all available technical and organisational measures to protect your data from access by unauthorised third parties. In order to implement these measures, we strictly adhere to the legal provisions of the European Data Protection Regulation (DSGVO), the Federal Data Protection Act-new (BDSG-Neu) and Telemedia Act (TMG), the latter if still applicable in this context.
1. general information about the processing of your data
1.1 Data protection principles
1.2 Person responsible for data processing
The controller of your personal data is:
Am Goldenbach 5
Managing Director: Detlef Kühl
Phone: +49 (0)6557 9004392
The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data. Please note that for your and our security, we may be required to verify your identity before processing your request in the event that you contact us.
1.3 Data Protection Officer
The contact details of the Data Protection Officer are:
Named in 1.2
For all questions on the subject of data protection in connection with our online offers, you can also contact our data protection officer at any time. He or she can be reached at the above postal address and at the e-mail address given above. We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, we therefore request that you first contact us directly via this e-mail address.
1.4 Preamble personal data
We process your personal data in order to be able to offer the range of functions provided and to fulfil the use entered into with you.
Personal data is only collected if you provide it to us of your own accord. No other personal data is collected. Any processing of your personal data that goes beyond the scope of the legal permissions is only carried out on the basis of your express consent. According to Art. 4 (1) DSGVO, "personal data" means any information relating to an identified or identifiable natural person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We now want to inform you about the types of your personal data we process, for what purposes and to what extent. This privacy notice applies to all processing of personal data carried out by us. This includes, on the one hand, the provision of our services - especially within the scope of our online services - and, on the other hand, within external online presences, such as our social media profiles.
We also process your data if it is necessary to protect legitimate interests pursuant to Art. 6 DSGVO of us or of third parties. This may be the case in particular:
- to ensure IT security and IT operations, in particular also for support requests,
- to be able to prove facts in the event of legal disputes,
- to statistically evaluate the use of the website and to improve the user experience,
- to be able to react to any feedback from you.
1.5 Legal basis and purposes of data processing
1.5.1 Relevant legal bases
We would like to present you with an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations also apply. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). Furthermore, state data protection laws of the individual federal states may apply.
188.8.131.52 To fulfil contractual obligations
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
184.108.40.206 Within the framework of the balancing of interests
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the data processing. We use tools necessary for the operation of our online offers on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to enable you to use our website more conveniently and individually and thus to make its use more time-saving and effective.
It is our concern to make our online offers a safe place, whereby we are ideologically, party-politically and denominationally neutral and always stand by the free democratic basic order. We are committed to the principles of human rights, we actively oppose racist, anti-constitutional and xenophobic endeavours as well as discriminatory or inhuman behaviour, in particular on the basis of nationality, origin, ethical affiliation, religion, gender, age, sexual identity or disability. In order to safeguard this interest within the meaning of Art. 6 para. 1 lit. f DSGVO, we store the registration parameters of blocked users who have demonstrably violated our principles or whose behaviour was even abusive, in order to ensure and prevent any renewed registration and use of the associated online offers. The storage of personal data always takes place within the legal framework.
220.127.116.11 Based on your consent
The collection and use of our users' personal data regularly takes place only with the user's consent. Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis for the processing of personal data. We use all other tools, in particular those for marketing purposes, on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO and pursuant to Section 15 para. 3 sentence 1 TMG, insofar as usage profiles are created for the purposes of advertising or market research. Data processing with the help of these tools only takes place if we have received your consent in advance.
18.104.22.168 Due to legal requirements or in the public interest
We disclose personal data, except in the cases mentioned below, only if and insofar as we are required and obliged to do so by law or on the basis of a court or official order. The legal basis for this is Art. 6 (1) (1) c DSGVO (legal obligation). If processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority vested in the controller, Art. 6 (1) (e) DSGVO serves as the legal basis.
22.214.171.124 Due to vital interests
The collection and use of personal data pursuant to Art. 6 para. 1 lit. d DSGVO serves to safeguard, respect and protect vital interests of data subjects or another natural person. All tools and processes used are based on the aforementioned legal basis, whereby their use entails processing for the purpose of safeguarding vital interests.
1.5.2 Purposes of the data processing
Our users' master data (customer data) is used in accordance with the user's instructions, including any applicable terms in the user agreement and the user's use of the service functionalities and as required by law. We are considered by law to be a processor of User Data, with the User being the data controller. We use information to further our legitimate interests in the operation of our online offering and related services, websites and business.
We process personal data in accordance with the above legal basis for the following purposes, among others:
- Technical data - so that we can, for example, distinguish actual users from bots, prevent misuse and block illegal content that is also reported by other users; in anonymised form also for the purpose of statistical analyses; the legal basis of the processing is 6 para. 1 lit. f DSGVO.
- Location data - to provide any localised and location-based information and thus to ensure full functionality; the legal basis of the processing is 6 para. 1 lit. a DSGVO
- Contact data - to respond to your enquiries and to check the merits of the case, taking into account the regulations and circumstances applicable in your country; the legal basis of the processing is and 6 para. 1 lit. a and Art. 6 para. 1 lit. f DSGVO
- Other data - to personalise the user experience and provide information tailored to the user. This data is used and analysed for improvement - for example, to better understand your interests, to help personalise the user experience or to provide features specifically for you. Information regarding age may also be used to check whether you are old enough to use and benefit from the services; the legal basis for the processing is 6 para. 1 lit. a as well as Art. 6 para. 1 lit. f DSGVO.
In accordance with the aforementioned legal basis and in view of our legitimate interest, we combine the collection of the aforementioned data with the purposes of (a) optimal provision, improvement and development of our online offer and (b) targeted personalisation of content, advertising and marketing. To illustrate our legitimate interest with reference to the aforementioned types of data, we combine the following purposes and data by way of example:
(a) To optimally provide, improve and develop our online services:
- Conduct surveys and studies, test features as they are developed and analyse existing data to evaluate and improve products and services, develop new features and conduct testing and troubleshooting.
- Use of the user's email address to notify them of updates to our services and essential notifications about the associated user account.
- Use of age to implement an age restriction.
(b) For targeted personalisation of content, advertising and marketing:
- Use of location data to provide personalised content and recommendations.
- Use of automated profiling and grouping processing based on the information you provide to us, your interaction with our online services and information collected from third parties to deliver personalised content, advertising and promotional messages.
- Combining the data collected from you with data from business partners to use it to display more relevant advertisements.
Furthermore, there is the possibility of the existence of additional purposes that require separate consent for the further processing of personal data on the part of the user. The selection of the required data, which are processed on the basis of consent, depends on the purpose of the respective data processing. This traditionally includes the following purposes:
- Subscribe to the newsletter.
- Participation in surveys and market studies.
Furthermore, we process your data beyond the aforementioned purposes if this serves to protect our legitimate interests or the interests of third parties; the legal basis for the processing is Art. 6 (1) lit. f DSGVO. Our legitimate interests include in particular:
- the assertion of legal claims and the defence in legal disputes.
- the prevention and investigation of criminal offences.
- the management and further development of our business activities, including risk management.
- the detection of misuse and the identification and elimination of technical faults in the operation of our website.
We use your data in the interest of honest users to effectively counteract possible acts of abuse within our online offers and to protect ourselves and our users from damage in such cases. This also includes data processing that is necessary to enforce our rights and claims. If you make contact requests in our online offers, we may automatically collect and temporarily store personal data such as your e-mail address and first and last name. As a result, we try to recognise and block fraudulent contact requests in good time. At the same time, we can also evaluate this data in order to send you a fraud warning. In addition, we use your data to identify malfunctions and ensure system security, including detection and tracking of unauthorised access and attempted access to our servers.
1.6 Information security and security measures
We undertake to take appropriate technical, logical, administrative and physical protective measures which, against the background of the protection of personal data, are designed in such a way that accidental, unlawful or unauthorised losses, accesses, disclosures, uses, changes as well as transmissions are excluded with the greatest possible probability.
Even through intensive efforts, it is impossible to guarantee one hundred percent information security according to the current state of research. In particular, this is the case when mobile applications, websites, computer systems or the transmission of information via the Internet or another public network are used. Even if one hundred percent security is impossible, we take into account the sensitivity of the data we collect, process and store and ensure the greatest possible security by complying with the current state of the art. In order to maintain the greatest possible security of personal data, our systems, data protection guidelines and security measures are regularly checked for potential vulnerabilities and attacks, monitored and, if necessary, appropriately updated and improved.
Technical, logical, administrative and physical safeguards include, but are not limited to:
- Access restriction - Access to personal data is reserved exclusively for authorised employees with a legitimate interest.
- SSL/TLS encryption (https) - To protect our online offers and the transmitted data, we use SSL/TLS encrypted communication between clients and servers.
- Shortening of the IP address - If it is not necessary to process a complete IP address, this is shortened ("IP masking"). The shortening of the IP address is intended to prevent or make it significantly more difficult to identify a person.
1.7 Disclosure of data to companies, persons, institutions or other recipients
As a matter of principle, we do not disclose any personal data to third parties without authorisation - unless you have expressly given us your consent in accordance with Art. 6 (1) a DSGVO, this is legally permissible and necessary for the processing of the contractual relationship with you in accordance with Art. 6 (1) b DSGVO, thus there is a legitimate interest in the disclosure in accordance with Art. 6 (1) f DSGVO, unless there is reason to assume that you have an overriding interest worthy of protection in not having your data disclosed. With regard to the disclosure according to Art. 6 para. 1 lit. c DSGVO, there is a legal obligation. With regard to the transfer of data to recipients outside our company, we would like to inform you that we are obliged to maintain confidentiality about all user-related information, facts or evaluations. We may only pass on information about you if this is required by law, if you have consented, if we are authorised to provide information and if the processors commissioned by us guarantee compliance with the provisions of the GDPR.
1.7.1 Data transmission within the company and the group of companies
Certain personal data, such as data provided during registration, may be disclosed within the company and the group of companies for internal administrative purposes as well as for legitimate corporate and business interests, any contract-related obligations including joint user support. Data may be passed on - subject to the consent of the person concerned - if this is necessary for the use and if there is legal permission to use the data.
1.7.2 Processors as service providers bound by instructions
Other companies, agents or contractors help us provide services on our behalf or enable us to provide our services to you. We use service providers to do this, for example to provide marketing, advertising, communications, security, infrastructure and IT services, to customise, personalise and optimise our services, to provide customer services, to analyse data and to process and administer any customer surveys.
During the provision of such services, these service providers may have access to your personal data. We do not authorise their use or disclosure except in connection with the provision of their services. These service providers have been carefully selected by us and we have also entered into contract processing agreements with them. Without exception, these are service companies bound by instructions, which process data in accordance with Art. 28 as well as Art. 29 DSGVO on our behalf and according to our instructions. Appropriate data protection contract design ensures that this data transfer and processing is permissible without a separate legal basis.
1.7.3 Weitergabe an staatliche Stellen, an Geschädigte und zur Rechtsverfolgung
The legitimate interest within the meaning of Art. 6 (1) f DSGVO in the processing of data is to ensure the proper functioning of our online services and, if necessary, to assert, exercise or defend legal claims.
Furthermore, we are required by law within the meaning of Art. 6 para. 1 c DSGVO to provide information to certain public authorities upon request. This includes law enforcement authorities, authorities that prosecute administrative offences subject to fines and the tax authorities.
1.7.4 Business Transfers
In the event of a pending restructuring, reorganisation, merger, sale or related transfer of assets, we will transfer your personal data to the parties involved in the transfer, subject to the consent of the recipient, always in accordance with our privacy notice.
1.8 Data transfer to countries outside the European Economic Area
Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of orders or is required by law, if you have given us your consent or within the scope of commissioned data processing. If service providers in the third country are used, they are obliged to comply with the level of data protection in Europe by agreeing to the EU standard contractual clauses in addition to written instructions. If the European Commission has not issued an adequacy decision for the above-mentioned countries in accordance with Article 45 of the GDPR, we have already taken appropriate precautions to ensure an adequate level of data protection for any data transfers. If neither the aforementioned adequacy decision pursuant to Art. 45(1) DSGVO in conjunction with Art. 45(3) DSGVO is available nor one of the appropriate safeguards pursuant to Art. 46 DSGVO, we will base the data transfer on exceptions of Art. 49 DSGVO, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
1.9 Storage period and deletion of personal data
The stored personal data will be deleted immediately if the user revokes his or her consent to storage in accordance with Art. 17 (1) b DSGVO or if knowledge of this data is no longer required to fulfil the purpose pursued with the storage in accordance with Art. 17 (1) a DSGVO, in particular if the user account is deleted or if its storage is inadmissible for other legal reasons in accordance with Art. 17 (1) d DSGVO. If your data is transferred to third parties when using our online offers, they are responsible for its storage and deletion. You will be informed of the contact details of these third parties when using our online offers so that you can exercise your rights directly against the respective third party.
In principle, personal data is only processed and stored for as long as is absolutely necessary for the fulfilment of contractual or legal obligations as well as storage periods in accordance with Art. 17 (3) DSGVO. In order to comply with legal documentation obligations, data is stored accordingly for partly accounting reasons. The obligations arise from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The periods specified there for the retention of documents are two to ten years. During the statutory retention period, your personal data is blocked and not used for any other data processing. Thereafter, the relevant data will be routinely blocked or deleted or made anonymous in accordance with the statutory provisions.
1.10 Data subject rights
Users whose personal information is processed in certain countries, including the European Economic Area and the United Kingdom, have certain legal rights. Subject to any exceptions provided by law, you may have the right to request access to this information and to request that it be updated, deleted or corrected. An overview of the main rights available to you as a user is set out below:
1.10.1 Right to information
According to Art. 15 of the GDPR, you have the right to obtain information about your personal data at any time. This also includes the question of whether we process your data at all. If necessary, you are also entitled to request copies of the data we have stored about you. Furthermore, you can request information about the processing purposes, the category of data concerned, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making.
1.10.2 Right to rectification and completion
Pursuant to Art. 16 DSGVO, you have the right to have the personal data relating to you corrected and completed without delay if it is not or is no longer accurate or complete.
1.10.3 Right to erasure ("right to be forgotten")
According to Art. 17 DSGVO, you have the right to have your personal data stored by us deleted, for example if your data is no longer necessary for the purposes for which it was collected or processed. However, your right to erasure may be precluded due to a conflicting interest. We may be required to continue to retain some of your data subject data where this is necessary in appropriate circumstances. Causes for continued storage include legal obligations (e.g. under applicable tax or commercial law or to prevent fraud and abuse and to maintain and improve security). If your data is not required until the expiry of the statutory limitation period for the proof of civil claims or due to legal retention obligations, we delete it immediately.
1.10.4 Right to restrict processing
According to Art. 18 DSGVO, you have the right to demand the restriction of the processing of your personal data. This right exists in particular if the accuracy of the data concerned is disputed between the user and the online services offered, the continued existence of your data is no longer necessary or unlawful processing has taken place.
1.10.5 Right to data portability
Pursuant to Art. 20 DSGVO, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request its transfer to another controller, if and to the extent that you have provided us with the data and we process it.
1.10.6 Right to complain to a supervisory authority
Pursuant to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. This applies in particular in the member state of your place of residence, place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
1.10.7 Right to revoke the consent given
According to Art. 7 (3) DSGVO, you have the right to revoke your consent at any time. This means that we will not continue the data processing based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent until the revocation.
1.10.8 Right of objection
According to Art. 6 para. 1 e DSGVO (data processing in the public interest) or Art. 6 para. 1 f DSGVO (data processing on the basis of a balance of interests), you have the right to object to the processing of your personal data in connection with Art. 21 DSGVO if a special situation is indicated. This applies in particular to profiling within the meaning of Art. 4 (4) DSGVO.
If your objection is directed against the processing of data for the purpose of direct marketing in accordance with Art. 21 (2) and (3) DSGVO, we will immediately stop the processing. In this case, it is not necessary to specify a particular situation. This also applies to profiling as described in Article 4 (4) of the GDPR, insofar as it is connected with such direct advertising.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims pursuant to Art. 21 (1) DSGVO. To exercise these rights and for further questions regarding the processing of your data, you can contact us at any time.
1.11 Provision of our services
1.11.1 Online offer, e-mail dispatch and web hosting
We process your data in order to provide you with the respective offer and the associated functions. For the secure and efficient use of our online services, we use servers that are managed by one or more web hosting providers. The servers used may also include so-called content delivery networks. Within the provision of the hosting offer, we process necessary, relevant data of our users in the context of a visit to our online offer - this also includes the use of our communication channels. If you transmit data in the context of our online offers, this includes entries and your IP address. Furthermore, we would like to point out that e-mails are encrypted by default on the transmission route, but are usually not stored in coded form on the servers used by the sender and recipient. This is the case, for example, if no end-to-end encryption procedure is used. Consequently, we cannot assume responsibility for a transmission path by e-mail.
1.11.2 Access data and log files
When using our online services, various information of a technical nature (such as the type of message, date and time of the message, trigger of the message, app used, indication of the content of the message) is automatically stored by the operating system of your end device in so-called log files as access data. This is necessary for technical and security reasons so that the services function properly and you can use the desired services to the full extent. These log files are evaluated exclusively for the recognition and treatment of possible errors or crashes. The legal basis is Art. 6 para. 1 lit. b DSGVO.
2. system authorisation and access rights
We pursue the goal of providing you with all functions flawlessly at all times, guaranteeing user security and being able to develop them further on an ongoing basis. In this context, our service accesses various interfaces of the end device you are using. These interfaces enable us to access your terminal device. These interfaces or system functions are mainly of a technical nature. Depending on the underlying operating system, device access is only possible with your consent in relation to the respective functionalities. These consents are stored locally in your end device in the form of system settings and can be adapted and revoked at any time. In the following, you will receive more detailed information on which authorisations our service requires.
2.1 Legal basis of access rights
Access to system functionalities as well as the processing of personal data associated with this is carried out on the basis of the legal grounds already explained, in particular taking into account our legitimate interest.
The provision of functionalities of our online offer is not exclusively linked to the processing of data, however, it is our legitimate interest to ensure the security of our services and also to take into account legal as well as business considerations, even if the processing of data is not necessary for any other purposes.
We would like to assure our users at this point that if they expressly revoke their consent to the processing of their data, we will immediately delete the stored personal data within the scope of the statutory retention obligations. Until the time of revocation, all processed data will be collected, evaluated, forwarded and analysed on the basis of the consent given. This will of course be done within the scope of your declaration of consent.
2.2 Categories of Device Authorisations
2.2.1 Identity and contacts
If the user uses a user account within the scope of this online offer, access to the account information, such as the e-mail address, is required. As a user, your e-mail address or common "social logins" are then available for registration. In the case of registration via the e-mail address, information such as "e-mail address, first name and last name" is requested. The option of a "social login" in the form of a single sign-on requires the authorisation "identity" or its characteristics, so that a user account registration can be carried out via social networking services, such as Google, Facebook or Twitter.
2.2.2 Account and Device ID
For security purposes and to create a user account, your device ID may be collected. Access to your device identifier enables, among other things, so-called user targeting, which prevents unauthorised login attempts and ensures legitimate use of the user account.
2.2.3 Network Connection Information
Under certain circumstances, this authorisation is required to read the signal strength of network connections in order to be able to carry out system improvements and troubleshooting.
2.2.4 Geobased location data
This authorisation is always subject to the user's consent and allows for the localisation of your location and is used to provide services and any content of our online offer as well as to display information and services related to your location. Geobased location services must be available and activated on your device in order to be used for our online offer and the service associated with it.
2.2.5 Camera and microphone
This authorisation is always linked to the user's consent and is used in the context of the use of our online offer to process audio, image and video recordings of users by accessing the microphone and camera function.
2.2.6 Videos, photos and audio recordings
This authorisation allows access to the memory of your terminal device with the aim of processing the videos, photos and audio recordings contained therein and creating new media data. We are fully aware of the sensitivity involved in processing this category of personal data, which is why we guarantee that we will only process it in accordance with its functionality.
2.2.7 Contact details
Granting this authorisation allows access to your contact directory. It is now possible to check whether others of your contacts are also using our online offer. A data comparison takes place on our servers, whereby this is used exclusively for the purpose of a comparison.
2.3 Removing Device Access
The uninstallation of our app leads to a removal of the set system permissions within the scope of app use. Previously granted consents in the form of system settings are stored locally on your end device and can therefore be adjusted and, of course, revoked at any time.
2.4 Age restriction and child protection
It is a matter of course for us to protect your privacy if you have decided to use our online services. In this respect, we feel particularly obliged to protect the privacy of children if they intend to visit our offers. We expressly ask all parents to regularly observe and monitor the activities of their children.
Children in particular deserve special protection when it comes to their personal data, as children may be less aware of the risks, consequences and safeguards involved and of their rights when it comes to the processing of personal data. Such special protection should in particular concern the use of children's personal data for advertising or personal or user profiling purposes and the collection of children's personal data when using services offered directly to children. At this point, we strictly adhere to the requirements of Art. 8 DSGVO. Here, Art. 8 (1) of the GDPR stipulates which regulations must be observed for personal data in connection with data protection for children. In this context, two basic distinctions can be made:
- The child has reached the age of 16 - the processing of personal data is lawful.
- The child has not reached the age of 16 - the lawfulness of the processing of children's personal data is subject to the consent of the parents for the child or with the consent of the child.
The Federal Republic of Germany does not make use of the opening clause to reduce the minimum age in the context of data protection of vulnerable children. Consequently, the minimum age of 16 years is decisive for us in the context of the age restriction.
Data controllers under Article 8(2) of the GDPR are required to make appropriate technical efforts to ascertain consent.
3. collection and analysis of personal data
The collection of personal data within the scope of our online offers is generally linked to consent in accordance with Art. 6 Para. 1 lit. a DSGVO, is used for the fulfilment of contracts and for pre-contractual enquiries in accordance with Art. 6 Para. 1 lit. b DSGVO, upholds legal obligations in accordance with Art. 6 Para. 1 lit. c DSGVO and is collected, processed and recorded to safeguard our legitimate interests in accordance with Art. 6 Para. 1 lit. f DSGVO. Furthermore, the protection of vital interests according to Art. 6 para. 1 lit. d DSGVO is observed and the safeguarding of public interests according to Art. 6 para. 1. lit. e DSGVO is ensured. You can find more detailed information in the "Legal basis and purposes of data processing" section of our data protection declaration. If special categories of personal data are stored and processed within the scope of an application procedure pursuant to Art. 9 Para. 1 DSGVO, they are processed in accordance with the exceptions pursuant to Art. 9 Para. 2 lit. a DSGVO, Art. 9 Para. 2 lit. b DSGVO, Art. 9 Para. 2 lit. c DSGVO and Art. 9 Para. 2 lit. h DSGVO.
The following list provides an overview of data collection and the types of data associated with it, including potential personal data:
- Contact details: E-mail address, telephone number, country of residence
- Inventory data: Name, gender, age, address
- Applicant data: Cover letter, curriculum vitae, certificates, qualifications
- Usage data: Access times, click rates, viewing habits, web pages visited
- Technical data / metadata: IP address; time of registration; operating system; device type.
- Location data: GPS data; WLAN connection data; radio cell interrogation; manual specification.
- Interaction data: Entries within the app; responses to surveys; language selection.
- Contract / payment data: Bank details, subject of contract, term, invoices
- Particularly sensitive data: biometric data, such as fingerprints and iris pattern; data on ethnic and cultural origin, political, religious and philosophical beliefs, health, sexuality and trade union membership
We will only retain your personal data for as long as is necessary to provide the Services or for other necessary purposes. This includes complying with our legal obligations, resolving disputes and enforcing our terms and conditions and policies. For more detailed information on any purposes, please refer to the sections of this chapter and the chapter "Purposes of data processing".
3.1 Third-party providers and services
3.1.1 Cookies and tracking pixels
Below we would like to draw your attention to some important information:
- You may be assigned cookies and tracking pixels when you use online services.
- "Permanent cookies" are stored permanently, for example to fill in login details.
- "Session cookies" are stored for the duration of your visit to an online service.
- "First-party cookies" are stored on your device by operators of the online service.
- "Third-party cookies" are mainly used by advertisers (so-called third parties).
- Data from cookies and similar technologies can be combined with other data.
Furthermore, we would like to inform you about typical uses:
- Identification of your person or your terminal device
- Enabling access to and use of an online offer
- Improvement of products, services and system security
- Statistical measurement of the use of an online offer
- Performance monitoring (including data traffic and loading times)
- Marketing through usage-based advertising
These technologies are used, among other things, by third parties for tracking and tracing (real-time and follow-up) your online activities. Subsequently, your user experience is personalised according to your wishes and needs by any advertising networks.
126.96.36.199 Technical cookies
188.8.131.52 Functional cookies
Functionally necessary cookies may be used to provide improved, more personalised functions and to store information already provided. Fields of application include, for example, the intermediate storage of form entries and language settings as well as the provision of video and audio files.
Performance cookies may be used to improve user-friendliness and performance. Fields of application include the collection of information about the way the online offer is used (including click rates, viewing habits and displayed error messages).
184.108.40.206 Marketing Cookies
Statistical, marketing and personalisation cookies can be used for marketing and market research purposes. Areas of application include improving targeting, personalising advertisements, measuring the effectiveness and reach of marketing campaigns, and tracking and tracing across multiple online offerings.
220.127.116.11 Cookies settings
3.1.2 Social Media Netzwerke und Plugins
To complete our online offer, there is the possibility of using social media and social networks. If we make use of this, we may be represented online in these social networks. We pursue the purpose of communicating with interested parties and active users as well as informing them about our range of services. When using social networks, personal data may be transmitted and processed, for example in the context of third-party cookies and social media plugins. For this purpose, so-called marketing cookies are normally used for market research and advertising purposes and thus potentially to analyse your usage behaviour. Furthermore, the integration of social media plugins can support us in logging into our app with the existing user accounts (single sign-on) or sharing posts and content via these networks, as well as integrating other external media. We would like to point out that through the use of social media services, your data may be stored and processed in third countries in and outside the European Union. In this context, we cannot fully exclude potential risks from our side. This applies, for example, to the protection and enforcement of user rights.
3.1.3 Cloud Computing und Software as a Service (SaaS)
Software as a Service (SaaS) is a sub-area of cloud computing and describes a licensing and distribution model. SaaS offers the possibility to outsource software and related services. IT service providers or third parties offer an underlying, external IT infrastructure (storage, server, network connection) and platform (operating system, middleware, runtime environment) as well as the software services (applications and data) based on it. Purposes of use include the storage, administration and exchange of e-mails, documents, content and other information as well as the use of websites, forms, calendars, chats and participation in audio and video conferences.
Consequently, transfer and processing of personal data may take place - such as for the aforementioned purposes and potentially associated third-party cookies from IT service providers. Processing may include the storage of master, contact and contract data on external third-party servers. Traditionally, IT service providers collect usage and metadata for security and service optimisation purposes. For more detailed information, please see our chapters on data sharing with companies, individuals, institutions or other recipients and the section for cookies and tracking pixels as well as the data usage policies of the respective SaaS provider.
3.1.4 Tools and Widgets
Personal data that can be collected may include, in particular:
- User data (name, email address, location, language setting, whereabouts)
- Data on the first start and on the app (version and versions)
- Data on the number of users and sessions (duration and time)
- Technical data, such as information on the end device (operating system, IP address and device type)
- Usage data, such as interactions with the app (content viewed and click-through rates)
The categories of applicable tools are listed below.
18.104.22.168 Technical tools
Technically necessary tools may be used to provide and use our online services. Areas of application include login authentication, language settings and the storage of other details and information already entered until the next visit to the app.
22.214.171.124 Functional tools
Functionally necessary cookies can be used to provide improved, more personalised functions. Fields of application include the provision of additional communication, presentation and payment channels as well as the optimisation of usability.
126.96.36.199 Analysis Tools
Analysis tools may be used to further develop our online offer. Areas of application include the statistical collection and analysis of user behaviour and the evaluation of various marketing channels.
Marketing tools can be used for advertising and market research purposes. Areas of application include recording customer satisfaction, improving targeting, personalising advertisements and measuring the effectiveness and reach of marketing campaigns.
3.1.5 Advertising networks and online marketing
We may process your personal data for online marketing purposes (including marketing advertising space or displaying promotional content). As part of the marketing, user profiles may be created and stored in a cookie - alternatively, similar processes with the same purpose may be used. Details of the profiles may include content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymisation) may be used as a security measure for your personal protection. When using online marketing, we generally only receive access to information about the effectiveness of our advertisements and about any conversation rates for the analysis of marketing measures used.
3.2 Communication and marketing
3.2.1 Customer relationship management and contact channels
To maintain our customer relationships, we enable you to contact us as part of our customer relationship management. Contact can potentially be made in a number of ways, such as by email, telephone, fax, form request or via the social media we use. If you send us an enquiry, your details and data will be used and stored for the purpose of processing and resolving any issues. Please use the contact options offered in our online offers.
188.8.131.52 Instant messenger
Contacts established through the use of messenger services - such as the messengers of established social media networks like WhatsApp and Facebook Messenger - are conventionally encrypted end-to-end. The content of your messages and attachments sent to us, as well as any personal data, are not directly visible to the messenger provider. However, it is possible for the messenger provider to indirectly collect personal data - so-called metadata. The identification of the sender and the addressee, the date and time, technical device data and location data are possible metadata. If you do not agree to this type of data collection, please use an alternative contact method.
184.108.40.206 Virtual chat assistants
Contact initiation through chat services and virtual chat assistants include text-based automated dialogue systems. These information systems allow communication with a technical system via the input and output of a natural language. Chat assistants answer users' questions and concerns as interactive agents. Problem solutions as well as information about our online offers can thus be provided without waiting times. The collection of personal data is absolutely necessary for the online chat to function. Furthermore, we store and log the content of your conversations via the chat services. The collected data and information can be used to address users personally, to transmit any requested content and problem solutions, to interact with further information systems on behalf of the user if necessary and also to improve the artificial intelligence of the chat assistance. The latter enables chatbots to learn responses to frequently asked queries and to recognise unanswered queries so that a personal contact can be suggested. Therefore, if you do not agree with the way data is collected, please use an alternative contact channel.
We would also like to point out that chatbots may be offered by third parties and therefore the privacy policies of the respective provider apply. Only the respective operators of the virtual assistants have access to the data concerning you and are in a position to implement direct actions and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the chatbot providers. Should problems nevertheless arise, we will of course be happy to help and advise you.
220.127.116.11 Push messages
Contact initiations through push messages are one-way communication channels. These messages show you current information as well as news on your end device without opening the associated app. Traditionally, registration for push messages is automatic. If you no longer wish to receive these notifications at a later date, you can use the settings of your mobile device to deactivate them. The accompanying collection of personal data potentially serves advertising and marketing purposes, the processing of location data if messages are sent based on location, and the analysis and measurement of success for optimisation purposes. Messages may be statistically recorded and analysed, for example, to identify data on the user's usage habits (including retrieval behaviour and time of display) and to personalise push messages. Therefore, if you do not agree to this type of data collection, please use an alternative contact method.
We would also like to point out that push messages may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the messages have access to the data concerning you and are in a position to carry out direct action and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
Contact initiations through newsletters are one-way communication channels. These emails may contain regular information and updates on our online offers. A valid e-mail address is required for the receipt of newsletters - thus also processing for sending the newsletter - as well as consent and approval for the delivery itself.
For your protection, it is necessary to implement a double opt-in procedure for the receipt of newsletters. To implement the double opt-in procedure, after a newsletter registration (first opt-in), you will receive another e-mail/SMS to confirm registration (second opt-in), so that misuse of e-mail addresses is prevented. Furthermore, your IP address, date and time of registration and the time of confirmation are recorded for logging the registration procedure in order to prevent any misuse.
As a provider or user of a newsletter service, we are required to comply with legal obligations in the context of newsletter subscriptions and thus to support you in protecting your interests when disclosing your personal data. Therefore, we generally commit to the following security measures:
- Deactivated checkbox for data protection consent including a link to data protection
- Deactivated checkbox for newsletter registration
- For non-anonymous tracking, deactivated checkbox for consent to tracking of the user
- Use of unique and independent checkboxes
- Application of the minimum principle for data collection in the registration form
- No advertising in the confirmation email of the double opt-in procedure
You are not required to provide your personal data during the registration process. However, if you do not provide the required personal data, your subscription may not be processed or not processed completely. Subsequently, your data will be stored for the duration of the newsletter delivery. Should the confirmation email not receive any attention from you, your data will be deleted after a legally appropriate period of time. The span of the aforementioned period takes into account that the sender of the newsletter must observe legal and, if applicable, contractual retention obligations. The processing of the aforementioned data is carried out for the justification, exercise and defence of legal claims.
Evaluations of user behaviour can be carried out in a specific or anonymous manner. The analysis may include, for example, the opening rates of newsletters, the number of clicks on integrated links, the reach or the reading time. We are happy to tailor the offers and information sent to you to your personal interests and to continuously optimise our content and communication. The analysis is implemented with the help of counting pixels embedded in the newsletters. If you do not wish to have your usage behaviour analysed, you can unsubscribe from the newsletter or deactivate graphics by default in your e-mail programme.
We would also like to point out that newsletters may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the newsletters have access to the data concerning you and are in a position to carry out direct action and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.2 Affiliate Marketing
Affiliate programmes and networks may appeal in the context of referral marketing of our online offers. For example, affiliate links and similar references (including search masks and widgets) may refer to third-party offers and services. In return for the successful marketing of third party offers - users follow affiliate links or subsequently take up the offers - we receive a commission.
3.2.3 Publication media
In connection with publication media, such as blogs, podcasts or forums, personal data of readers may be processed. The processing purpose lies in the presentation and communication between authors and readers or in the context of necessary information security measures.
If the publication medium offers the possibility to leave contributions, your IP address may be stored for security reasons. Should an author publish illegal content - for example, insults or forbidden political propaganda - the IP address can be used to forward the identity of the author to competent authorities and ensure self-protection against legal consequences for third-party content. Furthermore, the processing can be used for spam detection and elimination or, for example, to prevent multiple voting in surveys. It is our legitimate interest to permanently store contributions as well as associated comments, including potentially contained information on websites, apps and contact data, in order to maintain the publication medium without gaps until the user objects.
If the publication medium also offers the option of subscribing to articles and comments, various implementations are conceivable. For example, the subscription can be integrated into the app and additionally linked to push messages or sent as a newsletter to an email address. We ask you to read the sections on newsletters and push messages accordingly, as these may contain relevance for post and comment subscriptions. Please pay particular attention to the explanations on functions, purposes, data processing and the right of revocation.
Finally, we would like to point out that publication media may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the media have access to the data concerning you and are in a position to carry out direct action and to provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.4 Conference platforms
In the context of video and audio conferences, such as webinars, meetings and online workshops, personal data of conference participants may be processed. The type and extent of processing and the storage period depend on the data requirements of the respective conference and the functions used (including screen sharing, chat, surveys and recording functions) as well as on any service optimisations and security measures in the context of information security and the law.
We encourage you to also comply with data protection measures when using conference platforms. For the duration of a conference, please observe data and privacy protection, especially in the background of your recordings (including pictures and involuntary participants), and that unauthorised disclosure of access data to conference rooms is not permitted. Finally, we would like to point out that conference platforms may be offered by third-party providers and therefore the data protection guidelines of the respective provider apply. Only the respective operators of the platforms have access to the data concerning you and are in a position to take direct action and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.5 Applicants and candidate pool
A basic requirement of application procedures is the transfer of applicant data for the purpose of assessment, comparison and selection. Depending on the position advertised, we request the information required for the application. We are aware that, among other things, particularly sensitive categories of data are transferred. Furthermore, we would like to point out that the minimum principle must be applied when transferring data. In addition, please note that application data via e-mail is usually encrypted in transit (end-to-end), but not necessarily on the servers. We cannot therefore guarantee secure transmission by e-mail and the associated responsibility. Alternatively, you can apply by post or online form. If offered, voluntary inclusion in an applicant pool is based on consent. However, participation in an applicant pool has no influence on the current application process and can be withdrawn by you at any time.
For your own security, we delete your personal data in the event of an unsuccessful application or in the event of withdrawal. The storage period and deletion is also based - subject to a justified revocation - on our legitimate interest (including follow-up questions regarding the application) as well as a legally reasonable period of time to comply with our obligations to provide evidence (including regulations on equal treatment of applicants). Finally, we would like to inform you that recruitment software and platforms as well as services may be used by third-party providers and that the data protection guidelines of the respective provider therefore apply. Only the respective providers have access to the data concerning you and are in a position to carry out direct action and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.4 Analysis of visitor flows and behaviour
In the course of evaluating visitor flows to our online offer, your personal data may be collected and analysed. Among other things, behaviour, interests and demographic information are analysed. The analysis produces insights into when our offers and its functions or content are most frequently used and which areas need optimisation. As part of the analysis, user profiles may be created (profiling) and stored in a cookie - alternatively, similar procedures with the same purpose may be used. Details of the profiles may include content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymisation) may be used as a security measure for your personal protection.
4. overview and listing of (third-party) providers and services
In the following section, we would like to provide you with a condensed overview and list of the service providers and services we use. The cooperation with third-party providers and external service providers is well-considered, opportunities and risks are weighed and standards for compliance with data protection regulations are applied. For reasons of transparency, we list relevant information on all service providers and services used in the following overview - of course, we have data processing agreements with them. In order to support the allocation of content and for your personal reading comfort, we have summarised the individual providers alphanumerically according to the table of contents of this data protection declaration:
Information & Explanation
1. general information about the processing of your data
1.11 Provision of our services
3. collection and analysis of personal data
3.1 Third-party providers and service
3.3 Communication and marketing
3.4 Analysis of visitor flows and behaviour
This glossary provides you with an overview of the most important and central terms used in this data protection declaration and also contains explanations for you. Below you will find an alphanumeric list of all relevant definitions:
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
"Data Subject" means an identified or identifiable natural person to whom Personal Data relate.
"Special categories of personal data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person's sex life or sexual orientation.
"Cookie" is a small file containing a string of characters that is sent to your terminal device when you access a website or app. The next time you visit the online offer, it can recognise your terminal device on the basis of the cookie. Cookies can store user settings and other information. Your device can be configured to reject all cookies separately. Some services of our online offer may not be fully functional without cookies.
"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
"Recipient" means a natural or legal person, public authority, agency or other body to whom personal data are disclosed.
"IP Address" is assigned as a number to each device connected to the Internet. This is called an Internet Protocol (IP) address. These numbers are usually assigned in blocks that are associated with specific geographical areas. The IP address can often be used to identify the location from which the device connects to the Internet.
"Personal data" means any data and information relating to an identified or identifiable natural person ("data subject"). A natural person shall be regarded as identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation performed upon personal data, whether or not by automatic means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction and erasure.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.