Pre­am­ble

Last Update: 11. March 2020

With the fol­low­ing pri­va­cy pol­i­cy we would like to inform you which types of your per­son­al data (here­inafter also abbre­vi­at­ed as data”) we process for which pur­pos­es and in which scope. The pri­va­cy state­ment applies to all pro­cess­ing of per­son­al data car­ried out by us, both in the con­text of pro­vid­ing our ser­vices and in par­tic­u­lar on our web­sites, in mobile appli­ca­tions and with­in exter­nal online pres­ences, such as our social media pro­files (here­inafter col­lec­tive­ly referred to as online ser­vices”).

The terms used are not gen­der spe­cif­ic.

Con­troller

talessio GmbH
Im Wägn­er 17
72070 Tübin­gen
Ger­many

Autho­rised Rep­re­sen­ta­tives: Michael Mehl

Email: hello@​talessio.​com
Phone: +49.7073.8009980
Legal Notice: https://​talessio​.com/​i​m​p​r​int

Overview of Pro­cess­ing Oper­a­tions

The fol­low­ing table sum­maris­es the types of data processed, the pur­pos­es for which they are processed and the con­cerned data sub­jects.

Cat­e­gories of Processed Data

  • Inven­to­ry data (e.g. names, address­es).
  • Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by appli­cants).
  • Con­tent data (e.g. text input, pho­tographs, videos).
  • Con­tact data (e.g. e‑mail, tele­phone num­bers).
  • Meta/​communication data (e.g. device infor­ma­tion, IP address­es).
  • Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).
  • Social data (Data sub­ject to a spe­cial social con­fi­den­tial­i­ty oblig­a­tion and processed, for exam­ple, by social insur­ance insti­tu­tions, social wel­fare insti­tu­tions or pen­sion author­i­ties.).
  • Loca­tion data (Data that indi­cates the loca­tion of the end device of an end user).
  • Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry).
  • Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry).

Spe­cial Cat­e­gories of Data

  • Data reveal­ing racial or eth­nic ori­gin.

Cat­e­gories of Data Sub­jects

  • Employ­ees (e.g. Employ­ees, job appli­cants).
  • Job appli­cants.
  • Busi­ness and con­trac­tu­al part­ners.
  • Prospec­tive cus­tomers.
  • Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Cus­tomers.
  • Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

  • A/​B Tests.
  • Pro­vi­sion of our online ser­vices and usabil­i­ty.
  • Con­ver­sion Track­ing.
  • Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment rela­tion­ship.).
  • Office and organ­i­sa­tion­al pro­ce­dures.
  • Click­track­ing.
  • Con­tent Deliv­ery Net­work (CDN).
  • Cross-Device Track­ing (Device-inde­pen­dent pro­cess­ing of user data for mar­ket­ing pur­pos­es).
  • Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. col­lect­ing feed­back via online form).
  • Heatmaps (“Heatmaps” are mouse move­ments of the users, which are com­bined to an over­all pic­ture).
  • Inter­est-based and behav­ioral mar­ket­ing.
  • con­tact requests and com­mu­ni­ca­tion.
  • Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties).
  • Pro­fil­ing (Cre­at­ing user pro­files).
  • Remar­ket­ing.
  • Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors).
  • Secu­ri­ty mea­sures.
  • Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies).
  • Polls and Ques­tion­naires (e.g. sur­veys with input options, mul­ti­ple choice ques­tions).
  • Con­trac­tu­al ser­vices and sup­port.
  • Man­ag­ing and respond­ing to inquiries.
  • Cus­tom Audi­ences (Selec­tion of rel­e­vant tar­get groups for mar­ket­ing pur­pos­es or oth­er out­put of con­tent).

Legal Bases for the Pro­cess­ing

In the fol­low­ing we inform you about the legal basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), on the basis of which we process per­son­al data. Please note that, in addi­tion to the reg­u­la­tions of the GDPR, the nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­i­dence or domi­cile. If, in addi­tion, more spe­cif­ic legal bases are applic­a­ble in indi­vid­ual cas­es, we will inform you of these in the data pro­tec­tion dec­la­ra­tion.

Con­sent (Arti­cle 6 (1) (a) GDPR)

The data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic pur­pos­es.

Per­for­mance of a Con­tract and Pri­or Requests (Arti­cle 6 (1) (b) GDPR)

Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.

Com­pli­ance with a Legal Oblig­a­tion (Arti­cle 6 (1) © GDPR)

Pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.

Pro­tec­tion of Vital Inter­ests (Arti­cle 6 (1) (d) GDPR)

Pro­cess­ing is nec­es­sary in order to pro­tect the vital inter­ests of the data sub­ject or of anoth­er nat­ur­al per­son.

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR)

Pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data.

Job Appli­ca­tion Process as a Pre-Con­trac­tu­al or Con­trac­tu­al Rela­tion­ship (Arti­cle 9 (1)(b) GDPR)

If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

Nation­al Data Pro­tec­tion Reg­u­la­tions in Ger­many

In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions apply to data pro­tec­tion in Ger­many. This includes in par­tic­u­lar the Law on Pro­tec­tion against Mis­use of Per­son­al Data in Data Pro­cess­ing (Fed­er­al Data Pro­tec­tion Act — BDSG). In par­tic­u­lar, the BDSG con­tains spe­cial pro­vi­sions on the right to access, the right to erase, the right to object, the pro­cess­ing of spe­cial cat­e­gories of per­son­al data, pro­cess­ing for oth­er pur­pos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-mak­ing, includ­ing pro­fil­ing. Fur­ther­more, it reg­u­lates data pro­cess­ing for the pur­pos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in par­tic­u­lar with regard to the estab­lish­ment, exe­cu­tion or ter­mi­na­tion of employ­ment rela­tion­ships as well as the con­sent of employ­ees. Fur­ther­more, data pro­tec­tion laws of the indi­vid­ual fed­er­al states may apply.

Secu­ri­ty Pre­cau­tions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the state of the art, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of pro­cess­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk.

The mea­sures include, in par­tic­u­lar, safe­guard­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­a­ra­tion of the data. In addi­tion, we have estab­lished pro­ce­dures to ensure that data sub­jects’ rights are respect­ed, that data is erased, and that we are pre­pared to respond to data threats rapid­ly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as ear­ly as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice providers, in accor­dance with the prin­ci­ple of pri­va­cy by design and pri­va­cy by default.

Mask­ing of the IP address

If it is pos­si­ble for us or the stor­age of the IP address is not nec­es­sary, we short­en or have your IP address short­ened. When the IP address is short­ened, also known as IP mask­ing”, the last octet, i.e. the last two num­bers of an IP address, is delet­ed (the IP address in this con­text is an iden­ti­fi­er indi­vid­u­al­ly assigned to an Inter­net con­nec­tion by the online access provider). With the short­en­ing of the IP address, the iden­ti­fi­ca­tion of a per­son on the basis of their IP address is to be pre­vent­ed or made con­sid­er­ably more dif­fi­cult.

SSL Encryp­tion (https)

In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­si­ble way, we use SSL encryp­tion. You can rec­og­nize such encrypt­ed con­nec­tions by the pre­fix https:// in the address bar of your brows­er.

Trans­mis­sion and Dis­clo­sure of Per­son­al Data

In the con­text of our pro­cess­ing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pa­nies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for exam­ple, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice providers com­mis­sioned with IT tasks or providers of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal require­ments will be respect­ed and in par­tic­u­lar cor­re­spond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­clud­ed with the recip­i­ents of your data.

Data Trans­mis­sion with­in the Group of Com­pa­nies

We may trans­fer per­son­al data to oth­er com­pa­nies with­in our group of com­pa­nies or oth­er­wise grant them access to this data. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of the data sub­jects or oth­er­wise a legal per­mis­sion is present.

Data Trans­fer with­in the Orga­ni­za­tion

We may trans­fer or oth­er­wise pro­vide access to per­son­al infor­ma­tion to oth­er loca­tions with­in our orga­ni­za­tion. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of those con­cerned or oth­er­wise a legal per­mis­sion is present.

Data Pro­cess­ing in Third Coun­tries

If we process data in a third coun­try (i.e. out­side the Euro­pean Union (EU), the Euro­pean Eco­nom­ic Area (EEA)) or the pro­cess­ing takes place in the con­text of the use of third par­ty ser­vices or dis­clo­sure or trans­fer of data to oth­er per­sons, bod­ies or com­pa­nies, this will only take place in accor­dance with the legal require­ments.

Sub­ject to express con­sent or trans­fer required by con­tract or law, we process or have processed the data only in third coun­tries with a recog­nised lev­el of data pro­tec­tion, which includes US proces­sors cer­ti­fied under the Pri­va­cy Shield” or on the basis of spe­cial guar­an­tees, such as a con­trac­tu­al oblig­a­tion through so-called stan­dard pro­tec­tion claus­es of the EU Com­mis­sion, the exis­tence of cer­ti­fi­ca­tions or bind­ing inter­nal data pro­tec­tion reg­u­la­tions (Arti­cle 44 to 49 GDPR, infor­ma­tion page of the EU Com­mis­sion: https://​ec​.europa​.eu/​i​n​f​o​/​l​a​w​/​l​a​w​-​t​o​p​i​c​/​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​/​i​n​t​e​r​n​a​t​i​o​n​a​l​-​d​i​m​e​n​s​i​o​n​-​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​_en).

Use of Cook­ies

Cook­ies are text files that con­tain data from vis­it­ed web­sites or domains and are stored by a brows­er on the user’s com­put­er. A cook­ie is pri­mar­i­ly used to store infor­ma­tion about a user dur­ing or after his vis­it with­in an online ser­vice. The infor­ma­tion stored can include, for exam­ple, the lan­guage set­tings on a web­site, the login sta­tus, a shop­ping bas­ket or the loca­tion where a video was viewed. The term cook­ies” also includes oth­er tech­nolo­gies that ful­fil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as user IDs”).

Types and Func­tions of Cook­ies

The fol­low­ing types and func­tions of cook­ies are dis­tin­guished:

  • Tem­po­rary cook­ies (also: ses­sion cookies):Temporary cook­ies are delet­ed at the lat­est after a user has left an online ser­vice and closed his brows­er.
  • Per­ma­nent cook­ies: Per­ma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login sta­tus can be saved or pre­ferred con­tent can be dis­played direct­ly when the user vis­its a web­site again. The inter­ests of users who are used for range mea­sure­ment or mar­ket­ing pur­pos­es can also be stored in such a cook­ie.
  • First-Par­ty-Cook­ies: First-Par­ty-Cook­ies are set by our­selves.
  • Third par­ty cook­ies: Third par­ty cook­ies are main­ly used by adver­tis­ers (so-called third par­ties) to process user infor­ma­tion.
  • Nec­es­sary (also: essen­tial) cook­ies: Cook­ies can be nec­es­sary for the oper­a­tion of a web­site (e.g. to save logins or oth­er user inputs or for secu­ri­ty rea­sons).
  • Sta­tis­tics, mar­ket­ing and per­son­al­i­sa­tion cook­ies: Cook­ies are also gen­er­al­ly used to mea­sure a website’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing cer­tain con­tent, using func­tions, etc.) are stored on indi­vid­ual web­sites in a user pro­file. Such pro­files are used, for exam­ple, to dis­play con­tent to users that cor­re­sponds to their poten­tial inter­ests. This pro­ce­dure is also referred to as track­ing”, i.e. track­ing the poten­tial inter­ests of users. . If we use cook­ies or track­ing” tech­nolo­gies, we will inform you sep­a­rate­ly in our pri­va­cy pol­i­cy or in the con­text of obtain­ing con­sent.

Infor­ma­tion on Legal Basis

The legal basis on which we process your per­son­al data with the help of cook­ies depends on whether we ask you for your con­sent. If this is the case and you accept the use of cook­ies, the legal basis for pro­cess­ing your data is your declared con­sent. Oth­er­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g., in a busi­ness oper­a­tion of our online ser­vices and their improve­ment) or if the use of cook­ies is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions.

Gen­er­al Infor­ma­tion on With­draw­al of Con­sent and Objec­tion (Opt-Out)

Respec­tive of whether pro­cess­ing is based on con­sent or legal per­mis­sion, you have the option at any time to object to the pro­cess­ing of your data using cook­ie tech­nolo­gies or to revoke con­sent (col­lec­tive­ly referred to as opt-out”). You can ini­tial­ly explain your objec­tion using the set­tings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online ser­vices). An objec­tion to the use of cook­ies for online mar­ket­ing pur­pos­es can be raised for a large num­ber of ser­vices, espe­cial­ly in the case of track­ing, via the web­sites https://​www​.aboutads​.info/​c​h​o​i​c​es/ and https://​www​.youron​line​choic​es​.com. In addi­tion, you can receive fur­ther infor­ma­tion on objec­tions in the con­text of the infor­ma­tion on the used ser­vice providers and cook­ies.

Pro­cess­ing Cook­ie Data on the Basis of Con­sent

Before we process or have processed data with­in the con­text of the usage of cook­ies, we ask the users for their con­sent, which can be revoked at any time. Before the con­sent has not been giv­en, we may use cook­ies that are nec­es­sary for the oper­a­tion of our online ser­vices. Their use is based on our inter­est and the user’s inter­est in the expect­ed func­tion­al­i­ty of our online ser­vices.

Our Cook­ie-Set­tings (Opt-Out)

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Com­mer­cial Ser­vices

We process data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tomers and inter­est­ed par­ties (col­lec­tive­ly referred to as con­trac­tu­al part­ners”) with­in the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and com­mu­ni­ca­tion with the con­trac­tu­al part­ners or pre-con­trac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to ful­fil our con­trac­tu­al oblig­a­tions, safe­guard our rights and for the pur­pos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the con­trac­tu­al part­ners with­in the scope of the applic­a­ble law to third par­ties inso­far as this is nec­es­sary for the afore­men­tioned pur­pos­es or for the ful­fil­ment of legal oblig­a­tions or with the con­sent of the con­trac­tu­al part­ners (e.g. telecom­mu­ni­ca­tions, trans­port and oth­er aux­il­iary ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice providers or tax author­i­ties). The con­trac­tu­al part­ners will be informed about fur­ther pro­cess­ing, e.g. for mar­ket­ing pur­pos­es, as part of this pri­va­cy pol­i­cy.

Which data are nec­es­sary for the afore­men­tioned pur­pos­es, we inform the con­tract­ing part­ners before or in the con­text of the data col­lec­tion, e.g. in on-line forms by spe­cial mark­ing (e.g. col­ors), and/​or sym­bols (e.g. aster­isks or the like), or per­son­al­ly.

We delete the data after expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a cus­tomer account or must be kept for legal rea­sons of archiv­ing (e.g., as a rule 10 years for tax pur­pos­es). In the case of data dis­closed to us by the con­trac­tu­al part­ner with­in the con­text of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gen­er­al after the end of the assign­ment.

If we use third-par­ty providers or plat­forms to pro­vide our ser­vices, the terms and con­di­tions and pri­va­cy poli­cies of the respec­tive third-par­ty providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Eco­nom­ic Analy­ses and Mar­ket Research

For eco­nom­ic rea­sons and in order to be able to recog­nise mar­ket trends, wish­es of con­trac­tu­al part­ners and users, we analyse the data avail­able to us on busi­ness trans­ac­tions, con­tracts, enquiries, etc., where­by the per­sons con­cerned may include con­trac­tu­al part­ners, inter­est­ed par­ties, cus­tomers, vis­i­tors and users of our online ser­vice.

The analy­ses are car­ried out for the pur­pose of busi­ness eval­u­a­tions, mar­ket­ing and mar­ket research (for exam­ple, to deter­mine cus­tomer groups with dif­fer­ent char­ac­ter­is­tics). If avail­able, we can take into account the pro­files of reg­is­tered users with infor­ma­tion, e.g. on the ser­vices they have used. The analy­ses serve us alone and are not dis­closed exter­nal­ly unless they are anony­mous analy­ses with sum­marised, i.e. anonymised val­ues. Fur­ther­more, we respect the pri­va­cy of the users and process the data for analy­sis pur­pos­es as pseu­do­ny­mous­ly as pos­si­ble and if pos­si­ble anony­mous­ly (e.g. as sum­ma­rized data).

Agency Ser­vices

We process the data of our cus­tomers with­in the scope of our con­trac­tu­al ser­vices, which may include e.g. con­cep­tu­al and strate­gic con­sult­ing, cam­paign plan­ning, soft­ware and design devel­op­ment /​con­sult­ing or main­te­nance, imple­men­ta­tion of cam­paigns and process­es, han­dling, serv­er admin­is­tra­tion, data analy­sis /​con­sult­ing ser­vices and train­ing ser­vices.

Edu­ca­tion and Train­ing Ser­vices

e process the data of the par­tic­i­pants of our edu­ca­tion and train­ing pro­grammes (uni­form­ly referred to as ” stu­dents”) in order to pro­vide them with our edu­ca­tion­al and train­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and edu­ca­tion­al rela­tion­ship. The pro­cess­ing also includes the per­for­mance eval­u­a­tion and eval­u­a­tion of our ser­vices and the teach­ers and instruc­tors.

As part of our activ­i­ties, we may also process spe­cial cat­e­gories of data, in par­tic­u­lar infor­ma­tion on the health of per­sons under­go­ing train­ing or fur­ther train­ing and data reveal­ing eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal con­vic­tions. To this end, we obtain, if nec­es­sary, the express con­sent of the stu­dents to be trained and fur­ther edu­cat­ed and process the spe­cial cat­e­gories of data oth­er­wise only if it is nec­es­sary for the pro­vi­sion of train­ing ser­vices, for pur­pos­es of health care, social pro­tec­tion or pro­tec­tion of vital inter­ests of the stu­dents to be trained and fur­ther edu­cat­ed.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the trainees, we dis­close or trans­fer the data of the stu­dents to third par­ties or agents, e.g. pub­lic author­i­ties or in the field of IT, office or com­pa­ra­ble ser­vices, in com­pli­ance with the require­ments of pro­fes­sion­al law.

Coach­ing

We process the data of our clients and inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as clients”) in order to pro­vide them with our ser­vices. The data processed, the type, scope and pur­pose of their pro­cess­ing and the neces­si­ty of their pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client rela­tion­ship.

With­in the scope of our ser­vices, we may also process spe­cial cat­e­gories of data, here in par­tic­u­lar infor­ma­tion on the health of clients, pos­si­bly with ref­er­ence to their sex­u­al life or sex­u­al ori­en­ta­tion and data reveal­ing racial or eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal beliefs. To this end, we obtain the express con­sent of clients where nec­es­sary and process the spe­cial cat­e­gories of data oth­er­wise for the pur­pos­es of health care, if the data is pub­lic or wit an oth­er legal persmis­sion.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­trac­tu­al oblig­a­tions, the pro­tec­tion of vital inter­ests or by law, or with theclients’s con­sent, we dis­close or trans­fer the clients’s data to third par­ties or agents, such as pub­lic author­i­ties, account­ing offices and in the field of IT, office or com­pa­ra­ble ser­vices, in com­pli­ance with pro­fes­sion­al reg­u­la­tions.

Con­sult­ing

We process the data of our clients, clients as well as inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as clients”) in order to pro­vide them with our con­sult­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client rela­tion­ship.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the client, we dis­close or trans­fer the client’s data to third par­ties or agents, such as author­i­ties, courts, sub­con­trac­tors or in the field of IT, office or com­pa­ra­ble ser­vices, tak­ing into account the pro­fes­sion­al require­ments.

Artis­tic and Lit­er­ary Ser­vices

We process the data of our clients in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works and relat­ed tasks, as well as their pay­ment and deliv­ery, or exe­cu­tion or pro­vi­sion.

The required details are iden­ti­fied as such with­in the frame­work of the con­clu­sion of the order, order or com­pa­ra­ble con­tract and include the details required for deliv­ery and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions.

Mobile Appli­ca­tion

We process the data of the users of our apps, reg­is­tered and any test users (here­inafter uni­form­ly referred to as users”) in order to pro­vide them with our con­trac­tu­al ser­vices and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our app and to devel­op it fur­ther. The required details are iden­ti­fied as such with­in the scope of the con­clu­sion of a con­tract for the use of the apps, the con­clu­sion of an order, an order or a com­pa­ra­ble con­tract and may include the details required for the pro­vi­sion of ser­vices and any invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. If our apps are pur­chased from plat­forms of oth­er app sup­pli­ers (e.g. Apple’s App Store or Google­Play), the terms and con­di­tions and data pro­tec­tion notices of the respec­tive plat­forms apply in the rela­tion­ship between the users and the app sup­pli­ers.

Project and Devel­op­ment Ser­vices

We process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works as well as asso­ci­at­ed activ­i­ties and to pay for and make avail­able such ser­vices or works or to per­form such ser­vices or works.

The required infor­ma­tion is indi­cat­ed as such with­in the frame­work of the con­clu­sion of the agree­ment, order or equiv­a­lent con­tract and includes the infor­ma­tion required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. Inso­far as we gain access to the infor­ma­tion of end cus­tomers, employ­ees or oth­er per­sons, we process it in accor­dance with the legal and con­trac­tu­al require­ments.

Pub­lish­ing Activ­i­ties

We process the data of our con­tact part­ners, inter­viewed per­sons and oth­er per­sons who are the sub­ject of our edi­to­r­i­al, jour­nal­is­tic and relat­ed activ­i­ties. Here we refer to the valid­i­ty of pro­tec­tion reg­u­la­tions of free­dom of opin­ion and free­dom of the press accord­ing to Arti­cle 85 GDPR in con­nec­tion with the respec­tive nation­al laws. The pro­cess­ing serves us the ful­fil­ment of order activ­i­ties and is oth­er­wise based in par­tic­u­lar on the inter­est of the gen­er­al pub­lic in infor­ma­tion and media prod­ucts.

Soft­ware and Plat­form Ser­vices

We process the data of our users, reg­is­tered and any test users (here­inafter uni­form­ly referred to as users”) in order to pro­vide them with our con­trac­tu­al ser­vices and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our offer and to devel­op it fur­ther. The required details are iden­ti­fied as such with­in the con­text of the con­clu­sion of the agree­ment, order or com­pa­ra­ble con­tract and include the details required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any fur­ther con­sul­ta­tions.

Tech­ni­cal and Engi­neer­ing Ser­vices

We process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works as well as asso­ci­at­ed activ­i­ties and to pay for and make avail­able such ser­vices or works or to per­form such ser­vices or works.

The required infor­ma­tion is indi­cat­ed as such with­in the frame­work of the con­clu­sion of the agree­ment, order or equiv­a­lent con­tract and includes the infor­ma­tion required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. Inso­far as we gain access to the infor­ma­tion of end cus­tomers, employ­ees or oth­er per­sons, we process it in accor­dance with the legal and con­trac­tu­al require­ments.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Data that indi­cates the loca­tion of the end device of an end user).

Spe­cial Cat­e­gories of Data

Health Data (Arti­cle 9 (1) GDPR), Data relat­ed to sex­u­al pref­er­ences, sex life, and/​or sex­u­al ori­en­ta­tion (Arti­cle 9 (1) GDPR), Rre­li­gious or philo­soph­i­cal beliefs (Arti­cle 9 (1) GDPR), Data reveal­ing racial or eth­nic ori­gin.

Data Sub­jects

Prospec­tive cus­tomers, Busi­ness and con­trac­tu­al part­ners, Cus­tomers.

Pur­pos­es of Pro­cess­ing

Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Man­ag­ing and respond­ing to inquiries.

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Blogs and Pub­li­ca­tion Media

We use blogs or com­pa­ra­ble means of online com­mu­ni­ca­tion and pub­li­ca­tion (here­inafter pub­li­ca­tion medi­um”). Read­ers’ data will only be processed for the pur­pos­es of the pub­li­ca­tion medi­um to the extent nec­es­sary for its pre­sen­ta­tion and com­mu­ni­ca­tion between authors and read­ers or for secu­ri­ty rea­sons. For the rest, we refer to the infor­ma­tion on the pro­cess­ing of vis­i­tors to our pub­li­ca­tion medi­um with­in the scope of this pri­va­cy pol­i­cy.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Con­trac­tu­al ser­vices and sup­port, Feed­back (e.g. col­lect­ing feed­back via online form), Secu­ri­ty mea­sures, Man­ag­ing and respond­ing to inquiries, con­tact requests and com­mu­ni­ca­tion.

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR), Ppro­tec­tion of vital inter­ests (Arti­cle 6 (1) (d) GDPR).

Con­tact­ing us

When con­tact­ing us (e.g. by con­tact form, e‑mail, tele­phone or via social media), the data of the inquir­ing per­sons are processed inso­far as this is nec­es­sary to answer the con­tact enquiries and any request­ed activ­i­ties.

The response to con­tact enquiries with­in the frame­work of con­trac­tu­al or pre-con­trac­tu­al rela­tion­ships is made in order to ful­fil our con­trac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and oth­er­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Pur­pos­es of Pro­cess­ing

Con­tact requests and com­mu­ni­ca­tion.

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Hub­Spot

Man­age­ment of con­tact requests and com­mu­ni­ca­tion; Ser­vice Provider: Hub­Spot, Inc., 25 First St., 2nd floor, Cam­bridge, Mass­a­chu­setts 02141, USA; Web­site: https://​www​.hub​spot​.de; Pri­va­cy Pol­i­cy: https://​legal​.hub​spot​.com/​d​e​/​p​r​i​v​a​c​y​-​p​o​l​icy.

Com­mu­ni­ca­tion via Mes­sen­ger

We use Mes­sen­ger ser­vices for com­mu­ni­ca­tion pur­pos­es and there­fore ask you to observe the fol­low­ing infor­ma­tion regard­ing the func­tion­al­i­ty of the Mes­sen­ger, encryp­tion, use of the meta­da­ta of the com­mu­ni­ca­tion and your objec­tion options.

You can also con­tact us by alter­na­tive means, e.g. tele­phone or e‑mail. Please use the con­tact options pro­vid­ed to you or use the con­tact options pro­vid­ed with­in our online ser­vices.

In the case of encryp­tion ofcon­tent (i.e. the con­tent of your mes­sage and attach­ments), we point out that the com­mu­ni­ca­tion con­tent (i.e. the con­tent of the mes­sage and attach­ments) is encrypt­ed end-to-end. This means that the con­tent of the mes­sages is not vis­i­ble, not even by the mes­sen­ger providers them­selves. You should always use a cur­rent ver­sion of the mes­sen­ger with acti­vat­ed encryp­tion, so that the encryp­tion of the mes­sage con­tents is guar­an­teed.

How­ev­er, we would like to point out to our com­mu­ni­ca­tion part­ners that although mes­sen­ger ser­vice providers do not see the con­tent, they can find out that and when com­mu­ni­ca­tion part­ners com­mu­ni­cate with us and process tech­ni­cal infor­ma­tion on the com­mu­ni­ca­tion partner’s device used and, depend­ing on the set­tings of their device, also loca­tion infor­ma­tion (so-called meta­da­ta).

Infor­ma­tion on Legal Basis

If we ask com­mu­ni­ca­tion part­ners for per­mis­sion before com­mu­ni­cat­ing with them via Mes­sen­ger, the legal basis of our pro­cess­ing of their data is their con­sent. Oth­er­wise, if we do not request con­sent and you con­tact us, for exam­ple, vol­un­tar­i­ly, we use Mes­sen­ger in our deal­ings with our con­trac­tu­al part­ners and as part of the con­tract ini­ti­a­tion process as a con­trac­tu­al mea­sure and in the case of oth­er inter­est­ed par­ties and com­mu­ni­ca­tion part­ners on the basis of our legit­i­mate inter­ests in fast and effi­cient com­mu­ni­ca­tion and meet­ing the needs of our com­mu­ni­ca­tion part­ners for com­mu­ni­ca­tion via mes­sen­gers. We would also like to point out that we do not trans­mit the con­tact data pro­vid­ed to us to the mes­sen­ger ser­vice providers for the first time with­out your con­sent.

With­draw­al, Objec­tion and Dele­tion

You can with­draw your con­sent or object to com­mu­ni­ca­tion with us via Mes­sen­ger at any time​.In the case of com­mu­ni­ca­tion via mes­sen­ger, we delete the mes­sages in accor­dance with our gen­er­al data reten­tion pol­i­cy (i.e. as described above after the end of con­trac­tu­al rela­tion­ships, archiv­ing require­ments, etc.) and oth­er­wise as soon as we can assume that we have answered any infor­ma­tion pro­vid­ed by the com­mu­ni­ca­tion part­ners, if no ref­er­ence to a pre­vi­ous con­ver­sa­tion is to be expect­ed and there are no legal oblig­a­tions to store the mes­sages to pre­vent their dele­tion.

Reser­va­tion of Ref­er­ence to Oth­er Means of Com­mu­ni­ca­tion

Final­ly, we would like to point out that we reserve the right, for rea­sons of your safe­ty, not to answer inquiries about Mes­sen­ger. This is the case if, for exam­ple, inter­nal con­trac­tu­al mat­ters require spe­cial secre­cy or if an answer via the mes­sen­ger does not meet the for­mal require­ments. In such cas­es we refer you to more appro­pri­ate com­mu­ni­ca­tion chan­nels.

Skype

The end-to-end encryp­tion of Skype requires its acti­va­tion (unless it is enabled by default).

Processed Data Types

Con­tact data (e.g. e‑mail, tele­phone num­bers), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Con­tent data (e.g. text input, pho­tographs, videos).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Pur­pos­es of Pro­cess­ing

Con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Apple iMes­sage and Face­time

Apple iMes­sage and Face­time; Ser­vice provider: Apple Inc., One Apple Park Way, Cuper­ti­no, CA 95014 USA; Web­site: https://​www​.apple​.com/; Pri­va­cy Pol­i­cy: https://​sup​port​.apple​.com/​d​e​-​d​e​/​H​T​209110.

Face­book Mes­sen­ger

Face­book-Mes­sen­ger with end-to-end encryp­tion (the end-to-end Face­book Mes­sen­ger encryp­tion requires acti­va­tion, unless enabled by default); Ser­vice provider: https://​www​.face​book​.com, Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland, Par­ent Com­pa­ny: Face­book, 1 Hack­er Way, Men­lo Park, CA 94025, USA; Web­site: https://​www​.face​book​.com; Pri­va­cy Pol­i­cy: https://​www​.face​book​.com/​a​b​o​u​t​/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​y​w​A​A​C​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: https://​www​.face​book​.com/​s​e​t​t​i​n​g​s​?​t​a​b​=​ads.

Skype

Skype Mes­sen­ger with end-to-end encryp­tion; Ser­vice provider: Microsoft Cor­po­ra­tion, One Microsoft Way, Red­mond, WA 98052 – 6399 USA; Web­site: https://​www​.skype​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.microsoft​.com/​d​e​-​d​e​/​p​r​i​v​a​c​y​s​t​a​t​e​m​ent, Secu­ri­ty infor­ma­tion: https://​www​.microsoft​.com/​d​e​-​d​e​/​t​r​u​s​t​c​e​n​ter; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​K​z​N​a​A​A​K​&​s​t​a​t​u​s​=​A​c​t​ive.

Slack

Slack Mes­sen­ger with­out end-to-end encryp­tion; Ser­vice provider: Slack Tech­nolo­gies, Inc., 500 Howard Street, San Fran­cis­co, CA 94105, USA; Web­site: https://​slack​.com/; Pri­va­cy Pol­i­cy: https://​slack​.com/​i​n​t​l​/​d​e​-​d​e​/​l​e​gal; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​M​B​A​A​0​&​s​t​a​t​u​s​=​A​c​t​ive.

What­sApp

What­sApp Mes­sen­ger with end-to-end encryp­tion; Ser­vice provider: What­sApp Inc. What­sApp Legal 1601 Wil­low Road Men­lo Park, Cal­i­for­nia 94025, USA; Web­site: https://​www​.what​sapp​.com/; Pri­va­cy Pol­i­cy: https://​www​.what​sapp​.com/​l​e​gal; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​S​n​w​A​A​G​&​s​t​a​t​u​s​=​A​c​t​ive.

Online Con­fer­ences, Meet­ings and Webi­na­rs

We use third-par­ty plat­forms and appli­ca­tions (here­inafter referred to as third par­ty providers”) for the pur­pos­es of con­duct­ing video and audio con­fer­ences, webi­na­rs and oth­er types of video and audio meet­ings. When select­ing third-par­ty providers and their ser­vices, we observe the legal require­ments.

In this con­text, data of the com­mu­ni­ca­tion par­tic­i­pants will be processed and stored on the servers of third par­ties, as far as these are part of com­mu­ni­ca­tion process­es with us. This data may include, but is not lim­it­ed to, reg­is­tra­tion and con­tact details, visu­al and voice con­tri­bu­tions, chat entries and shared screen con­tent.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to observe the data pro­tec­tion infor­ma­tion of the respec­tive third par­ty providers.

Infor­ma­tion on Legal Basis

If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures.

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Cis­co WebEx

Con­fer­nce-Soft­ware; Ser­vice provider: Webex Com­mu­ni­ca­tions Deutsch­land GmbH, Hansaallee 249, c/​o Cis­co Sys­tems GmbH, 40549 Düs­sel­dorf, par­ent com­pa­ny: Cis­co Sys­tems, Inc. 170 West Tas­man Dr., San Jose, CA 95134, USA; Web­site: https://​www​.webex​.com; Pri­va­cy Pol­i­cy: https://​www​.cis​co​.com/​c​/​d​e​_​d​e​/​a​b​o​u​t​/​l​e​g​a​l​/​p​r​i​v​a​c​y​-​f​u​l​l​.​h​tml; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​J​2​A​A​K​&​s​t​a​t​u​s​=​A​c​t​ive.

Chat­bots and Chat Func­tions

We pro­vide a so-called chat­bot” as a com­mu­ni­ca­tions chan­nel. The chat­bot is soft­ware that answers users’ ques­tions or informs them about mes­sages. If you talk to our chat­bot, we can process your per­son­al data.

If you com­mu­ni­cate with the chat­bot with­in an online plat­form, an iden­ti­fi­ca­tion num­ber is also stored with­in the used plat­form. We may also col­lect infor­ma­tion about which users inter­act with our chat­bot and when. Fur­ther­more, we store the con­tent of your con­ver­sa­tions exchanged with the chat­bot and log reg­is­tra­tion and con­sent process­es in order to be able to prove these accord­ing to legal require­ments.

We would like to point out that the respec­tive plat­form provider can find out that and when users can com­mu­ni­cate with our chat­bot, as well as tech­ni­cal infor­ma­tion about the user’s device used and, depend­ing on the set­tings of their device, also loca­tion infor­ma­tion (so-called meta­da­ta) for pur­pos­es of opti­mis­ing the respec­tive ser­vices and secu­ri­ty. Like­wise, the meta­da­ta of com­mu­ni­ca­tion via chat­bot (i.e. e.g. the infor­ma­tion who has com­mu­ni­cat­ed with whom) may be used by the respec­tive plat­form provider in accor­dance with its con­di­tions, to which we refer for the pur­pose of fur­ther infor­ma­tion, for the pur­pos­es of mar­ket­ing or dis­play­ing adver­tis­ing tai­lored to users.

If users agree to the chat­bot to acti­vate infor­ma­tion with reg­u­lar mes­sages, you have the option at any time to unsub­scribe from the infor­ma­tion for the future. The chat­bot informs users how and with which terms they can unsub­scribe from the mes­sages. By unsub­scrib­ing from chat­bot mes­sages, user data is delet­ed from the mes­sage recipient’s direc­to­ry.

We use the afore­men­tioned infor­ma­tion to oper­ate our chat­bot, e.g. to address users per­son­al­ly, to answer your ques­tions to the chat­bot, to trans­mit any request­ed con­tent, as well as to improve our chat­bot (e.g. to teach” answers to fre­quent­ly asked ques­tions or to rec­og­nize unan­swered requests).

Infor­ma­tion on Legal Basis

We use the chat­bot on the basis of a con­sent if we first obtain the per­mis­sion of the users to process their data by the chat­bot (this applies in cas­es where users are asked for con­sent, e.g. so that the chat­bot reg­u­lar­ly sends them mes­sages). If we use the chat­bot to answer user queries about our ser­vices or our com­pa­ny, this is done for con­trac­tu­al and pre-con­trac­tu­al com­mu­ni­ca­tion. In addi­tion, we use the Chat­bot based on our legit­i­mate inter­ests in opti­miz­ing the Chat­bot, its oper­at­ing effi­cien­cy and enhanc­ing the pos­i­tive user expe­ri­ence.

With­draw­al, Objec­tion and Dele­tion

You can revoke a giv­en con­sent at any time or con­tra­dict the pro­cess­ing of your data in the con­text of our chat­bot use.

Processed Data Types

Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal), Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Con­ver­sion Track­ing, Pro­fil­ing (Cre­at­ing user pro­files), Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Hub­Spot

Chat­bot and assis­tance soft­ware and relat­ed ser­vices; Ser­vice provider: Hub­Spot, Inc., 25 First St., 2nd floor, Cam­bridge, Mass­a­chu­setts 02141, USA; Web­site: https://​www​.hub​spot​.com; Pri­va­cy Pol­i­cy: https://​legal​.hub​spot​.com/​p​r​i​v​a​c​y​-​p​o​l​icy.

Pro­vi­sion of Online Ser­vices and Web Host­ing

In order to pro­vide our online ser­vices secure­ly and effi­cient­ly, we use the ser­vices of one or more web host­ing providers from whose servers (or servers they man­age) the online ser­vices can be accessed. For these pur­pos­es, we may use infra­struc­ture and plat­form ser­vices, com­put­ing capac­i­ty, stor­age space and data­base ser­vices, as well as secu­ri­ty and tech­ni­cal main­te­nance ser­vices.

The data processed with­in the frame­work of the pro­vi­sion of the host­ing ser­vices may include all infor­ma­tion relat­ing to the users of our online ser­vices that is col­lect­ed in the course of use and com­mu­ni­ca­tion. This reg­u­lar­ly includes the IP address, which is nec­es­sary to be able to deliv­er the con­tents of online ser­vices to browsers, and all entries made with­in our online ser­vices or from web­sites.

Processed Data Types

Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Con­tent Deliv­ery Net­work (CDN).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Host Europe

Host­ing; Ser­vice provider: Host Europe GmbH, Hans­es­trasse 111, 51149 Köln, Ger­many; Web­site: https://​www​.hos​teu​rope​.de/; Pri­va­cy Pol­i­cy: https://​www​.hos​teu​rope​.de/​A​G​B​/​D​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​u​ng/.

Job Appli­ca­tion Process

The appli­ca­tion process requires appli­cants to pro­vide us with the data nec­es­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion con­tained there­in.

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, a con­tact option and proof of the qual­i­fi­ca­tions required for a par­tic­u­lar employ­ment. Upon request, we will be hap­py to pro­vide you with addi­tion­al infor­ma­tion.

If made avail­able, appli­cants can sub­mit their appli­ca­tions via an online form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail. Please note, how­ev­er, that e‑mails on the Inter­net are gen­er­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our serv­er. For the pur­pos­es of search­ing for appli­cants, sub­mit­ting appli­ca­tions and select­ing appli­cants, we may make use of the appli­cant man­age­ment and recruit­ment soft­ware, plat­forms and ser­vices of third-par­ty providers in com­pli­ance with legal require­ments. Appli­cants are wel­come to con­tact us about how to sub­mit their appli­ca­tion or send it to us by reg­u­lar mail.

Pro­cess­ing of Spe­cial Cat­e­gories of Data

If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can exer­cise his/​her rights aris­ing from labour law and social secu­ri­ty and social pro­tec­tion law and ful­fil his/​her duties in this regard, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons pur­suant to Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

Era­sure of Data

In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment rela­tion­ship. Oth­er­wise, if the appli­ca­tion for a job offer is not suc­cess­ful, the applicant’s data will be delet­ed. Appli­cants’ data will also be delet­ed if an appli­ca­tion is with­drawn, to which appli­cants are enti­tled at any time. Sub­ject to a jus­ti­fied revo­ca­tion by the appli­cant, the dele­tion will take place at the lat­est after the expiry of a peri­od of six months, so that we can answer any fol­low-up ques­tions regard­ing the appli­ca­tion and com­ply with our duty of proof under the reg­u­la­tions on equal treat­ment of appli­cants. Invoic­es for any reim­burse­ment of trav­el expens­es are archived in accor­dance with tax reg­u­la­tions.

Admis­sion to a Tal­ent Pool

Admis­sion to an tal­ent pool, if offered, is based on con­sent. Appli­cants are informed that their con­sent to be includ­ed in the tal­ent pool is vol­un­tary, has no influ­ence on the cur­rent appli­ca­tion process and that they can revoke their con­sent at any time for the future.

Dura­tion of data reten­tion in the appli­cant pool: 12 months.

Processed Data Types

Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by appli­cants).

Data Sub­jects

Job appli­cants, Employ­ees (e.g. Employ­ees, job appli­cants).

Pur­pos­es of Pro­cess­ing

Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment rela­tion­ship.).

Legal Basis

Arti­cle 9 (1)(b) GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.).

Job­men­sa

Recruit­ing plat­tform; Ser­vice provider: Stu­ditemps GmbH, Im Medi­a­park 4a, 50670 Köln, Deutsch­land; Web­site: https://​www​.job​men​sa​.de/; Pri­va­cy Pol­i­cy: https://​www​.job​men​sa​.de/​d​a​t​e​n​s​c​h​utz.

Cloud Ser­vices

We use Inter­net-acces­si­ble soft­ware ser­vices (so-called cloud ser­vices”, also referred to as Soft­ware as a Ser­vice”) pro­vid­ed on the servers of its providers for the fol­low­ing pur­pos­es: doc­u­ment stor­age and admin­is­tra­tion, cal­en­dar man­age­ment, e‑mail deliv­ery, spread­sheets and pre­sen­ta­tions, exchange of doc­u­ments, con­tent and infor­ma­tion with spe­cif­ic recip­i­ents or pub­li­ca­tion of web­sites, forms or oth­er con­tent and infor­ma­tion, as well as chats and par­tic­i­pa­tion in audio and video con­fer­ences.

With­in this frame­work, per­son­al data may be processed and stored on the provider’s servers inso­far as this data is part of com­mu­ni­ca­tion process­es with us or is oth­er­wise processed by us in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of data sub­jects, data on process­es, con­tracts, oth­er pro­ceed­ings and their con­tents. Cloud ser­vice providers also process usage data and meta­da­ta that they use for secu­ri­ty and ser­vice opti­miza­tion pur­pos­es.

If we use cloud ser­vices to pro­vide doc­u­ments and con­tent to oth­er users or pub­licly acces­si­ble web­sites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user set­tings (e.g. in the case of media con­trol).

Infor­ma­tion on Legal Basis

If we ask for per­mis­sion to use cloud ser­vices, the legal basis for pro­cess­ing data is con­sent. Fur­ther­more, their use can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of cloud ser­vices has been agreed in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and col­lab­o­ra­tion process­es).

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive cus­tomers, Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Pur­pos­es of Pro­cess­ing

Office and organ­i­sa­tion­al pro­ce­dures.

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Drop­box

Cloud stor­age ser­vices; Ser­vice provider: Drop­box, Inc., 333 Bran­nan Street, San Fran­cis­co, Cal­i­for­nia 94107, USA; Web­site: https://​www​.drop​box​.com; Pri­va­cy Pol­i­cy: https://​www​.drop​box​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​C​L​A​A​0​&​s​t​a​t​u​s​=​A​c​t​ive; Stan­dard Con­trac­tu­al Claus­es (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in tthird coun­try): https://​assets​.drop​box​.com/​d​o​c​u​m​e​n​t​s​/​e​n​/​l​e​g​a​l​/​d​a​t​a​-​p​r​o​c​e​s​s​i​n​g​-​a​g​r​e​e​m​e​n​t​-​d​f​b​-​013118​.​pdf.

Microsoft Cloud Ser­vices

Newslet­ter and Broad­cast Com­mu­ni­ca­tion

We send newslet­ters, e‑mails and oth­er elec­tron­ic com­mu­ni­ca­tions (here­inafter referred to as newslet­ters”) only with the con­sent of the recip­i­ent or a legal per­mis­sion. Inso­far as the con­tents of the newslet­ter are specif­i­cal­ly described with­in the frame­work of reg­is­tra­tion, they are deci­sive for the con­sent of the user. Oth­er­wise, our newslet­ters con­tain infor­ma­tion about our ser­vices and us.

In order to sub­scribe to our newslet­ters, it is gen­er­al­ly suf­fi­cient to enter your e‑mail address. We may, how­ev­er, ask you to pro­vide a name for the pur­pose of con­tact­ing you per­son­al­ly in the newslet­ter or to pro­vide fur­ther infor­ma­tion if this is required for the pur­pos­es of the newslet­ter.

Dou­ble Opt-in Pro­ce­dure

The reg­is­tra­tion to our newslet­ter takes place in gen­er­al in a so-called Dou­ble-Opt-In pro­ce­dure. This means that you will receive an e‑mail after reg­is­tra­tion ask­ing you to con­firm your reg­is­tra­tion. This con­fir­ma­tion is nec­es­sary so that no one can reg­is­ter with exter­nal e‑mail address­es.

The reg­is­tra­tions for the newslet­ter are logged in order to be able to prove the reg­is­tra­tion process accord­ing to the legal require­ments. This includes stor­ing the login and con­fir­ma­tion times as well as the IP address. Like­wise the changes of your data stored with the dis­patch ser­vice provider are logged.

Dele­tion and Restric­tion of Pro­cess­ing

We may store the unsub­scribed email address­es for up to three years based on our legit­i­mate inter­ests before delet­ing them to pro­vide evi­dence of pri­or con­sent. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defense against claims. An indi­vid­ual dele­tion request is pos­si­ble at any time, pro­vid­ed that the for­mer exis­tence of a con­sent is con­firmed at the same time. In the case of an oblig­a­tion to per­ma­nent­ly observe an objec­tion, we reserve the right to store the e‑mail address sole­ly for this pur­pose in a black­list.

Infor­ma­tion on Legal Basis

The send­ing of the newslet­ter is based on the con­sent of the recip­i­ents or, if con­sent is not required, on the basis of our legit­i­mate inter­ests in direct mar­ket­ing. Inso­far as we engage a ser­vice provider for send­ing e‑mails, this is done on the basis of our legit­i­mate inter­ests. The reg­is­tra­tion pro­ce­dure is record­ed on the basis of our legit­i­mate inter­ests for the pur­pose of demon­strat­ing that it has been con­duct­ed in accor­dance with the law.

Con­tents

Infor­ma­tion about us, our ser­vices, pro­mo­tions and offers.

Per­for­mance Mea­sure­ment

The newslet­ters con­tain a so-called web-bea­con”, i.e. a pix­el-sized file, which is retrieved from our serv­er when the newslet­ter is opened or, if we use a mail­ing ser­vice provider, from its serv­er. With­in the scope of this retrieval, tech­ni­cal infor­ma­tion such as infor­ma­tion about the brows­er and your sys­tem, as well as your IP address and time of retrieval are first col­lect­ed.

This infor­ma­tion is used for the tech­ni­cal improve­ment of our newslet­ter on the basis of tech­ni­cal data or tar­get groups and their read­ing behav­iour on the basis of their retrieval points (which can be deter­mined with the help of the IP address) or access times. This analy­sis also includes deter­min­ing whether newslet­ters are opened, when they are opened and which links are clicked. For tech­ni­cal rea­sons, this infor­ma­tion can be assigned to the indi­vid­ual newslet­ter recip­i­ents. It is, how­ev­er, nei­ther our endeav­our nor, if used, that of the ship­ping ser­vice provider to observe indi­vid­ual users. The eval­u­a­tions serve us much more to rec­og­nize the read­ing habits of our users and to adapt our con­tent to them or to send dif­fer­ent con­tent accord­ing to the inter­ests of our users.

The eval­u­a­tion of the newslet­ter and the mea­sure­ment of suc­cess is car­ried out, sub­ject to the express con­sent of the user, on the basis of our legit­i­mate inter­ests for the pur­pos­es of using a user-friend­ly and secure newslet­ter sys­tem which serves both our busi­ness inter­ests and the expec­ta­tions of the user.

A sep­a­rate objec­tion to the per­for­mance mea­sure­ment is unfor­tu­nate­ly not pos­si­ble, in this case the entire newslet­ter sub­scrip­tion must be can­celled or object­ed to.

Pre­req­ui­site for the Use of Free Ser­vices

Con­sent to the send­ing of mail­ings can be made depen­dent on the use of free ser­vices (e.g. access to cer­tain con­tent or par­tic­i­pa­tion in cer­tain cam­paigns) as a pre­req­ui­site. If the users would like to take advan­tage of the free ser­vice with­out reg­is­ter­ing for the newslet­ter, we offer them to con­tact us.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Direct mar­ket­ing (e.g. by e‑mail or postal), Con­trac­tu­al ser­vices and sup­port.

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Opt-Out

You can can­cel the receipt of our newslet­ter at any time, i.e. revoke your con­sent or object to fur­ther receipt. You will find a link to can­cel the newslet­ter either at the end of each newslet­ter or you can oth­er­wise use one of the con­tact options list­ed above, prefer­ably e‑mail.

Hub­Spot

Email mar­ket­ing plat­form; Ser­vice provider: Hub­Spot, Inc., 25 First St., 2nd floor, Cam­bridge, Mass­a­chu­setts 02141, USA; Web­site: https://​www​.hub​spot​.com; Pri­va­cy Pol­i­cy: https://​legal​.hub​spot​.com/​p​r​i​v​a​c​y​-​p​o​l​icy.

Com­mer­cial Com­mu­ni­ca­tion by E‑Mail, Postal Mail, Fax or Tele­phone

We process per­son­al data for the pur­pos­es of pro­mo­tion­al com­mu­ni­ca­tion, which may be car­ried out via var­i­ous chan­nels, such as e‑mail, tele­phone, post or fax, in accor­dance with the legal require­ments.

The recip­i­ents have the right to with­draw their con­sent at any time or to object to the adver­tis­ing com­mu­ni­ca­tion at any time.

After with­draw­al or objec­tion, we may store the data required to prove con­sent for up to three years on the basis of our legit­i­mate inter­ests before we delete them. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defense against claims. An indi­vid­ual dele­tion request is pos­si­ble at any time, pro­vid­ed that the for­mer exis­tence of a con­sent is affirmed.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Pur­pos­es of Pro­cess­ing

Direct mar­ket­ing (e.g. by e‑mail or postal).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Web Analy­sis and Opti­miza­tion

Web analy­sis is used to eval­u­ate the vis­i­tor traf­fic on our web­site and may include the behav­iour, inter­ests or demo­graph­ic infor­ma­tion of users, such as age or gen­der, as pseu­do­ny­mous val­ues. With the help of web analy­sis we can e.g. rec­og­nize, at which time our online ser­vices or their func­tions or con­tents are most fre­quent­ly used or request­ed for repeat­ed­ly, as well as which areas require opti­miza­tion.

In addi­tion to web analy­sis, we can also use test pro­ce­dures, e.g. to test and opti­mize dif­fer­ent ver­sions of our online ser­vices or their com­po­nents.

For these pur­pos­es, so-called user pro­files can be cre­at­ed and stored in a file (so-called cook­ie”) or sim­i­lar pro­ce­dures in which the rel­e­vant user infor­ma­tion for the afore­men­tioned analy­ses is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web pages vis­it­ed and ele­ments and tech­ni­cal data used there, such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on times of use. If users have con­sent­ed to the col­lec­tion of their loca­tion data, these may also be processed, depend­ing on the provider.

The IP address­es of the users are also stored. How­ev­er, we use any exist­ing IP mask­ing pro­ce­dure (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to pro­tect the user. In gen­er­al, with­in the frame­work of web analy­sis, A/​B test­ing and opti­mi­sa­tion, no user data (such as e‑mail address­es or names) is stored, but pseu­do­nyms. This means that we, as well as the providers of the soft­ware used, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their pro­files for the pur­pos­es of the respec­tive process­es.

Infor­ma­tion on Legal Basis

If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Con­ver­sion Track­ing, Pro­fil­ing (Cre­at­ing user pro­files), Click­track­ing, A/​B Tests, Feed­back (e.g. col­lect­ing feed­back via online form), Heatmaps (“Heatmaps” are mouse move­ments of the users, which are com­bined to an over­all pic­ture.), Polls and Ques­tion­naires (e.g. sur­veys with input options, mul­ti­ple choice ques­tions).

Secu­ri­ty Mea­sures

IP Mask­ing (Pseu­do­nymiza­tion of the IP address).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Hub­Spot

Test­ing and Opti­miza­tion; Ser­vice provider: Hub­Spot, Inc., 25 First St., 2nd floor, Cam­bridge, Mass­a­chu­setts 02141, USA; Web­site: https://​www​.hub​spot​.com; Pri­va­cy Pol­i­cy: https://​legal​.hub​spot​.com/​p​r​i​v​a​c​y​-​p​o​l​icy.

Online Mar­ket­ing

We process per­son­al data for the pur­pos­es of online mar­ket­ing, which includes in par­tic­u­lar the dis­play of adver­tis­ing and oth­er con­tent (col­lec­tive­ly referred to as con­tent”) based on the poten­tial inter­ests of users.

For these pur­pos­es, so-called user pro­files are cre­at­ed and stored in a file (so-called cook­ie”) or sim­i­lar pro­ce­dure in which the rel­e­vant user infor­ma­tion for the dis­play of the afore­men­tioned con­tent is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web­sites vis­it­ed, online net­works used, com­mu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on usage times. If users have con­sent­ed to the col­lec­tion of their side­line data, these can also be processed.

The IP address­es of the users are also stored. How­ev­er, we use pro­vid­ed IP mask­ing pro­ce­dures (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to ensure the pro­tec­tion of the user’s by using a pseu­do­nym. In gen­er­al, with­in the frame­work of the online mar­ket­ing process, no clear user data (such as e‑mail address­es or names) is secured, but pseu­do­nyms. This means that we, as well as the providers of online mar­ket­ing pro­ce­dures, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their pro­files.

The infor­ma­tion in the pro­files is usu­al­ly stored in the cook­ies or sim­i­lar mem­o­riz­ing pro­ce­dures. These cook­ies can lat­er, gen­er­al­ly also on oth­er web­sites that use the same online mar­ket­ing tech­nol­o­gy, be read and ana­lyzed for pur­pos­es of con­tent dis­play, as well as sup­ple­ment­ed with oth­er data and stored on the serv­er of the online mar­ket­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the pro­files. This is the case, for exam­ple, if the users are mem­bers of a social net­work whose online mar­ket­ing tech­nol­o­gy we use and the net­work links the pro­files of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social net­work providers or oth­er ser­vice providers, e.g. by con­sent­ing as part of a reg­is­tra­tion process.

As a mat­ter of prin­ci­ple, we only gain access to sum­marised infor­ma­tion about the per­for­mance of our adver­tise­ments. How­ev­er, with­in the frame­work of so-called con­ver­sion mea­sure­ment, we can check which of our online mar­ket­ing process­es have led to a so-called con­ver­sion, i.e. to the con­clu­sion of a con­tract with us. The con­ver­sion mea­sure­ment is used alone for the per­for­mance analy­sis of our mar­ket­ing activ­i­ties.

Unless oth­er­wise stat­ed, we kind­ly ask you to con­sid­er that cook­ies used will be stored for a peri­od of two years.

Infor­ma­tion on Legal Basis

If we ask users for their con­sent (e.g. in the con­text of a so-called cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing data for online mar­ket­ing pur­pos­es is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Google Ana­lyt­ics Audi­ences

We use Google Ana­lyt­ics to dis­play ads placed by Google and its part­ners only to users who have shown an inter­est in our online ser­vices or who have spe­cif­ic char­ac­ter­is­tics (e.g. inter­ests in spe­cif­ic top­ics or prod­ucts deter­mined on the basis of the web­sites vis­it­ed) that we trans­mit to Google (so-called Remar­ket­ing Audi­ences” or Google Ana­lyt­ics Audi­ences”). With the help of remar­ket­ing audi­ences, we also want to ensure that our ads match the poten­tial inter­est of users.

Google Uni­ver­sal Ana­lyt­ics

We use Google Ana­lyt­ics in the form of Uni­ver­sal Ana­lyt­ics (https://​sup​port​.google​.com/​a​n​a​l​y​t​i​c​s​/​a​n​s​w​e​r​/​2790010​?​h​l​=​e​n​&​r​e​f​_​t​o​p​i​c​=​6010376) Uni­ver­sal Ana­lyt­ics” refers to a Google Ana­lyt­ics process in which user analy­sis is per­formed on the basis of a pseu­do­ny­mous user ID, there­by cre­at­ing a pseu­do­ny­mous pro­file of the user with infor­ma­tion from the use of var­i­ous devices (so-called cross-device track­ing”).

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Data that indi­cates the loca­tion of the end device of an end user), Social data (Data sub­ject to a spe­cial social con­fi­den­tial­i­ty oblig­a­tion and processed, for exam­ple, by social insur­ance insti­tu­tions, social wel­fare insti­tu­tions or pen­sion author­i­ties).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices), Prospec­tive cus­tomers, Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc).

Pur­pos­es of Pro­cess­ing

Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Con­ver­sion Track­ing, Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files), Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties), Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors), Cross-Device Track­ing (Device-inde­pen­dent pro­cess­ing of user data for mar­ket­ing pur­pos­es).

Secu­ri­ty Mea­sures

IP Mask­ing (Pseu­do­nymiza­tion of the IP address).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Opt-Out

We refer to the pri­va­cy poli­cies of the respec­tive ser­vice providers and the pos­si­bil­i­ties for objec­tion (so-called opt-out”). If no explic­it opt-out option has been spec­i­fied, it is pos­si­ble to deac­ti­vate cook­ies in the set­tings of your brows­er. How­ev­er, this may restrict the func­tions of our online offer. We there­fore rec­om­mend the fol­low­ing addi­tion­al opt-out options, which are offered col­lec­tive­ly for each area: a) Europe: https://​www​.youron​line​choic​es​.eu. b) Cana­da: https://​www​.yourad​choic​es​.ca/​c​h​o​i​ces. c) USA: https://​www​.aboutads​.info/​c​h​o​i​ces. d) Cross-region­al: http://​optout​.aboutads​.info.

Google Tag Man­ag­er

Google Tag Man­ag­er is a web tag man­age­ment solu­tion that allows us to man­age web­site tags through a sin­gle inter­face (includ­ing Google Ana­lyt­ics and oth­er Google mar­ket­ing ser­vices in our online ser­vices). The Tag Man­ag­er itself (which imple­ments the tags) does not process any per­son­al user data. With regard to the pro­cess­ing of users’ per­son­al data, ref­er­ence is made to the infor­ma­tion below regard­ing Google ser­vices. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Ana­lyt­ics

Online mar­ket­ing and web ana­lyt­ics; Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com/​i​n​t​l​/​e​n​/​a​b​o​u​t​/​a​n​a​l​y​t​i​cs/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

Google Uni­ver­sal Ana­lyt­ics

Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Secu­ri­ty mea­sures: IP Mask­ing (Pseu­do­nymiza­tion of the IP address); Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Ads and Con­ver­sion Track­ing

We use the Google Ads” online mar­ket­ing method to place ads on the Google adver­tis­ing net­work (e.g., in search results, videos, web­sites, etc.) so that they are dis­played to users who have an alleged inter­est in the ads. We also mea­sure the con­ver­sion of the ads. How­ev­er, we only know the anony­mous total num­ber of users who clicked on our ad and were redi­rect­ed to a page tagged with a con­ver­sion track­ing tag. How­ev­er, we our­selves do not receive any infor­ma­tion that can be used to iden­ti­fy users. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Ad Man­ag­er

We use the Google Mar­ket­ing Plat­form” (and ser­vices like Google Ad Man­ag­er”) to place ads in the Google adver­tis­ing net­work (e.g., in search results, in videos, on web­sites, etc.). The Google Mar­ket­ing Plat­form” is char­ac­terised by the fact that ads are dis­played in real time accord­ing to the pre­sumed inter­ests of the users. This allows us to dis­play ads for and with­in our online ser­vices in a more tar­get­ed man­ner in order to present users only with ads that poten­tial­ly match their inter­ests. If, for exam­ple, a user is shown ads for prod­ucts in which he is inter­est­ed on oth­er online offers, this is referred to as remar­ket­ing”. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Pro­files in Social Net­works

We main­tain online pres­ences with­in social net­works in order to com­mu­ni­cate with the users active there or to offer ind infor­ma­tion about us there.

We would like to point out that user data may be processed out­side the Euro­pean Union. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights. With regard to US providers cer­ti­fied under the Pri­va­cy Shield or offer­ing com­pa­ra­ble guar­an­tees of a secure lev­el of data pro­tec­tion, we would like to point out that they there­by com­mit them­selves to com­ply with EU data pro­tec­tion stan­dards.

In addi­tion, user data is usu­al­ly processed with­in social net­works for mar­ket research and adver­tis­ing pur­pos­es. For exam­ple, user pro­files can be cre­at­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user pro­files can then be used, for exam­ple, to place adver­tise­ments with­in and out­side the net­works which are pre­sumed to cor­re­spond to the inter­ests of the users. For these pur­pos­es, cook­ies are usu­al­ly stored on the user’s com­put­er, in which the user’s usage behav­iour and inter­ests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are mem­bers of the respec­tive net­wors or will become mem­bers lat­er on).

For a detailed descrip­tion of the respec­tive pro­cess­ing oper­a­tions and the opt-out options, please refer to the respec­tive data pro­tec­tion dec­la­ra­tions and infor­ma­tion pro­vid­ed by the providers of the respec­tive net­works.

Also in the case of requests for infor­ma­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effec­tive­ly pur­sued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate mea­sures and pro­vide infor­ma­tion. If you still need help, please do not hes­i­tate to con­tact us.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Con­tact requests and com­mu­ni­ca­tion, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Face­book

Social net­work; Ser­vice provider: Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland, par­ent com­pa­ny: Face­book, 1 Hack­er Way, Men­lo Park, CA 94025, USA; Web­site: https://​www​.face​book​.com; Pri­va­cy Pol­i­cy: https://​www​.face​book​.com/​a​b​o​u​t​/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​y​w​A​A​C​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Set­tings for adver­tise­ments: https://​www​.face​book​.com/​s​e​t​t​i​n​g​s​?​t​a​b​=​ads; Addi­tion­al infor­ma­tion on data pro­tec­tion: Agree­ment on the joint con­troll of pro­cess­ing of per­son­al data on Face­book pages: https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​p​a​g​e​_​c​o​n​t​r​o​l​l​e​r​_​a​d​d​e​n​dum, pri­va­cy pol­i­cy for Face­book pages: https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​i​n​f​o​r​m​a​t​i​o​n​_​a​b​o​u​t​_​p​a​g​e​_​i​n​s​i​g​h​t​s​_​d​ata.

Twit­ter

Social net­work; Ser­vice provider: Twit­ter Inc., 1355 Mar­ket Street, Suite 900, San Fran­cis­co, CA 94103, USA; Pri­va­cy Pol­i­cy: https://​twit​ter​.com/​d​e​/​p​r​i​v​acy, (Set­tings) https://​twit​ter​.com/​p​e​r​s​o​n​a​l​i​z​a​t​ion; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​O​R​z​A​A​O​&​s​t​a​t​u​s​=​A​c​t​ive.

Xing

Social net­work; Ser­vice provider: XING AG, Damm­torstraße 29 – 32, 20354 Ham­burg, Ger­many; Web­site: https://​www​.xing​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.xing​.com/​d​e​/​d​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​ung.

Plu­g­ins and Embed­ded Func­tions and Con­tent

With­in our online ser­vices, we inte­grate func­tion­al and con­tent ele­ments that are obtained from the servers of their respec­tive providers (here­inafter referred to as third-par­ty providers”). These may, for exam­ple, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­inafter uni­form­ly referred to as Con­tent”).

The inte­gra­tion always pre­sup­pos­es that the third-par­ty providers of this con­tent process the IP address of the user, since they could not send the con­tent to their brows­er with­out the IP address. The IP address is there­fore required for the pre­sen­ta­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respec­tive offer­ers use the IP address only for the dis­tri­b­u­tion of the con­tents. Third par­ties may also use so-called pix­el tags (invis­i­ble graph­ics, also known as web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er infor­ma­tion about the use of our web­site, as well as may be linked to such infor­ma­tion from oth­er sources.

Infor­ma­tion on Legal Basis

If we ask users for their con­sent (e.g. in the con­text of a so-called cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­va­cy pol­i­cy.

Inte­gra­tion of Third-Par­ty Soft­ware, Scripts or Frame­works

We incor­po­rate into our online ser­vices soft­ware which we retrieve from servers of oth­er providers (e.g. func­tion libraries which we use for the pur­pose of dis­play­ing or user-friend­li­ness of our online ser­vices). The respec­tive providers col­lect the user’s IP address and can process it for the pur­pos­es of trans­fer­ring the soft­ware to the user’s brows­er as well as for secu­ri­ty pur­pos­es and for the eval­u­a­tion and opti­mi­sa­tion of their ser­vices.

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Data that indi­cates the loca­tion of the end device of an end user), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos).

Data Sub­jects

Users (e.g. web­site vis­i­tors, users of online ser­vices), Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Pur­pos­es of Pro­cess­ing

Pro­vi­sion of our online ser­vices and usabil­i­ty, Con­trac­tu­al ser­vices and sup­port, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Feed­back (e.g. col­lect­ing feed­back via online form), con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal), Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR).

Google Fonts

We inte­grate the fonts (“Google Fonts”) of the provider Google, where­by the data of the users are used sole­ly for pur­pos­es of the rep­re­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uni­form pre­sen­ta­tion and con­sid­er­a­tion of pos­si­ble licens­ing restric­tions for their inte­gra­tion. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​fonts​.google​.com/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Maps

We inte­grate the maps of the ser­vice Google Maps” from the provider Google. The data processed may include, in par­tic­u­lar, IP address­es and loca­tion data of users, which are not col­lect­ed with­out their con­sent (usu­al­ly with­in the frame­work of the set­tings of their mobile devices). Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​maps​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

MyFonts

Fonts; data processed in the font request process includes the iden­ti­fi­ca­tion num­ber of the web font project (anonymized), the URL of the licensed web­site asso­ci­at­ed with our num­ber to iden­ti­fy the licensee and the licensed web fonts, and the refer­rer URL; the anonymized web font project iden­ti­fi­ca­tion num­ber is stored in encrypt­ed log files with such data for 30 days to deter­mine the month­ly num­ber of page views; after such extrac­tion and stor­age of the num­ber of page views the log files are delet­ed; Ser­vice provider: Mono­type Imag­ing Hold­ings Inc., 600 Uni­corn Park Dri­ve, Woburn, Mass­a­chu­setts 01801, USA; Web­site: https://​www​.myfonts​.com; Pri­va­cy Pol­i­cy: https://​www​.myfonts​.com/​i​n​f​o​/​l​e​g​a​l​/​#​P​r​i​v​acy.

ReCaptcha

We inte­grate the func­tion ReCaptcha” for the recog­ni­tion of bots, e.g. for entries in online forms. The behav­iour data of the users (e.g. mouse move­ments or queries) are eval­u­at­ed in order for us to be able to dis­tin­guish between peo­ple and bots. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​www​.google​.com/​r​e​c​a​p​t​c​ha/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

Shar­iff

We use the pri­va­cy-secure Shar­iff” but­tons. Shar­iff” was devel­oped to pro­vide more pri­va­cy on the net and to replace the usu­al share” but­tons of social net­works. It is not the brows­er of the user, but the serv­er on which this online offer is locat­ed, which estab­lish­es a con­nec­tion with the serv­er of the respec­tive social media plat­forms and queries, for exam­ple, the num­ber of Likes, etc.. The user remains anony­mous. More infor­ma­tion about the Shar­iff project can be found at the devel­op­ers of the mag­a­zine c’t: https://​www​.heise​.de/​c​t​/​a​r​t​i​k​e​l​/​S​h​a​r​i​f​f​-​S​o​c​i​a​l​-​M​e​d​i​a​-​B​u​t​t​o​n​s​-​m​i​t​-​D​a​t​e​n​s​c​h​u​t​z​-​2467514​.​h​tml. Ser­vice provider: Heise Medi­en GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Han­nover, Ger­many; Web­site: https://​www​.heise​.de/​c​t​/​a​r​t​i​k​e​l​/​S​h​a​r​i​f​f​-​S​o​c​i​a​l​-​M​e​d​i​a​-​B​u​t​t​o​n​s​-​m​i​t​-​D​a​t​e​n​s​c​h​u​t​z​-​2467514​.​h​tml; Pri­va­cy Pol­i­cy: https://​www​.heise​.de/​D​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​u​n​g​-​d​e​r​-​H​e​i​s​e​-​M​e​d​i​e​n​-​G​m​b​H​-​C​o​-​K​G​-​4860​.​h​tml.

Type­kit-Fonts by Adobe

We inte­grate the fonts (“Type­kit fonts”) of the provider Adobe, where­by the data of the users are used sole­ly for pur­pos­es of the rep­re­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uni­form pre­sen­ta­tion and con­sid­er­a­tion of pos­si­ble licens­ing restric­tions for their inte­gra­tion. Ser­vice provider: Adobe Sys­tems Soft­ware Ire­land Lim­it­ed, 4 – 6 River­walk, City­west Busi­ness Cam­pus, Dublin 24, Ire­land; Web­site: https://​www​.adobe​.com; Pri­va­cy Pol­i­cy: https://​www​.adobe​.com/​p​r​i​v​a​c​y​.​h​tml; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​N​o​9​A​A​G​&​s​t​a​t​u​s​=​A​c​t​ive.

Plan­ning, Orga­ni­za­tion and Util­i­ties

We use ser­vices, plat­forms and soft­ware from oth­er providers (here­inafter referred to as ” third-par­ty providers”) for the pur­pos­es of orga­niz­ing, admin­is­ter­ing, plan­ning and pro­vid­ing our ser­vices. When select­ing third-par­ty providers and their ser­vices, we com­ply with the legal require­ments.

With­in this con­text, per­son­al data may be processed and stored on the servers of third-par­ty providers. This may include var­i­ous data that we process in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of users, data on process­es, con­tracts, oth­er process­es and their con­tents.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to read the data pro­tec­tion notices of the respec­tive third par­ty providers.

Infor­ma­tion on Legal Basis

If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Sub­jects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Pur­pos­es of Pro­cess­ing

Con­tact requests and com­mu­ni­ca­tion, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Man­ag­ing and respond­ing to inquiries, Feed­back (e.g. col­lect­ing feed­back via online form), Polls and Ques­tion­naires (e.g. sur­veys with input options, mul­ti­ple choice ques­tions), Pro­fil­ing (Cre­at­ing user pro­files), Cus­tom Audi­ences (Selec­tion of rel­e­vant tar­get groups for mar­ket­ing pur­pos­es or oth­er out­put of con­tent).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Cal­end­ly

Sched­ul­ing; Ser­vice provider: Cal­end­ly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA; Web­site: https://​cal​end​ly​.com; Pri­va­cy Pol­i­cy: https://​cal​end​ly​.com/​d​e​/​p​a​g​e​s​/​p​r​i​v​acy; Secu­ri­ty Notice: https://​cal​end​ly​.com/​d​e​/​p​a​g​e​s​/​s​e​c​u​r​ity.

Click­Up

Task and Project Man­age­ment; Ser­vice provider: Man­go Tech­nolo­gies Inc., 215 Low­ell Ave, Palo Alto, CA 94301, USA; Web­site: https://​click​up​.com; Pri­va­cy Pol­i­cy: https://​click​up​.com/​p​r​i​v​acy; Secu­ri­ty Infor­ma­tion: https://​click​up​.com/​s​e​c​u​r​ity; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​00000004​E​g​o​A​A​E​&​s​t​a​t​u​s​=​A​c​t​ive.

Hoot­suite

Social media man­age­ment plat­form that pro­vides a set of inte­grat­ed solu­tions for mea­sure­ment & bench­mark­ing, per­for­mance opti­miza­tion, visu­al­iza­tion & analy­sis, con­tent cre­ation & pub­lish­ing and com­mu­ni­ty main­te­nance; Ser­vice provider: Hoot­Suite Media Inc., 5 East 8th Avenue. Van­cou­ver, V5T 1R6, Cana­da; Web­site: https://​hoot​suite​.com; Pri­va­cy Pol­i­cy: https://​hoot​suite​.com/​l​e​g​a​l​/​p​r​i​v​acy.

Time­ly

Time Track­ing; Ser­vice provider: Time­ly AS, Mølleparken 2, Oslo, Nor­way; Web­site: https://​timelyapp​.com/; Pri­va­cy Pol­i­cy: https://​timelyapp​.com/​d​a​t​a​-​s​e​c​u​r​i​t​y​-​g​d​pr/.

Todoist

Task and Project Man­age­ment; Ser­vice Provider: Doist Ltd., Win­ter­both­am Place, Marl­bor­ough & Queen Streets, P.O. Box N‑3026, Nas­sau, The Bahamas; Web­site: https://​todoist​.com/; Pri­va­cy Pol­i­cy: https://​todoist​.com/​p​r​i​v​acy.

Era­sure of Data

The data processed by us will be erased in accor­dance with the statu­to­ry pro­vi­sions as soon as their pro­cess­ing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or they are not required for the pur­pose).

If the data is not delet­ed because they are required for oth­er and legal­ly per­mis­si­ble pur­pos­es, their pro­cess­ing is lim­it­ed to these pur­pos­es. This means that the data will be restrict­ed and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be stored for com­mer­cial or tax rea­sons or for which stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal per­son.

Fur­ther infor­ma­tion on the era­sure of per­son­al data can also be found in the indi­vid­ual data pro­tec­tion notices of this pri­va­cy pol­i­cy.

Changes and Updates to the Pri­va­cy Pol­i­cy

We kind­ly ask you to inform your­self reg­u­lar­ly about the con­tents of our data pro­tec­tion dec­la­ra­tion. We will adjust the pri­va­cy pol­i­cy as changes in our data pro­cess­ing prac­tices make this nec­es­sary. We will inform you as soon as the changes require your coöper­a­tion (e.g. con­sent) or oth­er indi­vid­ual noti­fi­ca­tion.

If we pro­vide address­es and con­tact infor­ma­tion of com­pa­nies and orga­ni­za­tions in this pri­va­cy pol­i­cy, we ask you to note that address­es may change over time and to ver­i­fy the infor­ma­tion before con­tact­ing us.

Rights of Data Sub­jects

As data sub­ject, you are enti­tled to var­i­ous rights under the GDPR, which arise in par­tic­u­lar from Arti­cles 15 to 18 and 21 of the GDPR:

Right to Object

ou have the right, on grounds aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data which is based on let­ter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing pro­fil­ing based on those pro­vi­sions. Where per­son­al data are processed for direct mar­ket­ing pur­pos­es, you have the right to object at any time to the pro­cess­ing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is relat­ed to such direct mar­ket­ing.

Right of With­draw­al for Con­sents

You have the right to revoke con­sents at any time.

Right of Access

You have the right to request con­fir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive fur­ther infor­ma­tion and a copy of the data in accor­dance with the pro­vi­sions of the law.

Right to Rec­ti­fi­ca­tion

You have the right, in accor­dance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fi­ca­tion of the incor­rect data con­cern­ing you.

Right to Era­sure and Right to Restric­tion of Pro­cess­ing

In accor­dance with the statu­to­ry pro­vi­sions, you have the right to demand that the rel­e­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the pro­cess­ing of the data be restrict­ed in accor­dance with the statu­to­ry pro­vi­sions.

Right to Data Porta­bil­i­ty

You have the right to receive data con­cern­ing you which you have pro­vid­ed to us in a struc­tured, com­mon and machine-read­able for­mat in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er con­troller.

Com­plaint to the Super­vi­so­ry Author­i­ty

You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your habit­u­al res­i­dence, place of work or place of the alleged infringe­ment if you con­sid­er that the pro­cess­ing of per­son­al data relat­ing to you infringes the GDPR.

Our Super­vi­so­ry Author­i­ty

Der Lan­des­beauf­tragte für den Daten­schutz und die Infor­ma­tions­frei­heit Baden-Würt­tem­berg
Post­fach 10 29 32
70025 Stuttgart

or:

Königstraße 10a
70173 Stuttgart

Phone: +49.711.615541 – 0
Fax: +49.711.6 5541 – 15

Email: poststelle@​lfdi.​bwl.​de
Web­site: http://​www​.baden​-wuert​tem​berg​.daten​schutz​.de

Ter­mi­nol­o­gy and Def­i­n­i­tions

This sec­tion pro­vides an overview of the terms used in this pri­va­cy pol­i­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal def­i­n­i­tions are bind­ing. The fol­low­ing expla­na­tions, on the oth­er hand, are intend­ed above all for the pur­pose of com­pre­hen­sion. The terms are sort­ed alpha­bet­i­cal­ly.

A/​B Tests

A/​B tests are designed to improve the usabil­i­ty and per­for­mance of online ser­vices. For exam­ple, users are pre­sent­ed with dif­fer­ent ver­sions of a web­site or its ele­ments, such as input forms, on which the place­ment of the con­tents or labels of the nav­i­ga­tion ele­ments can dif­fer. The behav­iour of users, e.g. pro­longed vis­its to the site or more fre­quent inter­ac­tion with the ele­ments, can then be used to deter­mine which of these sites or ele­ments are more respon­sive to users’ needs.

Click­track­ing

Click­track­ing allows users to keep track of their move­ments with­in an entire web­site. Since the results of these tests are more accu­rate if the inter­ac­tion of the users can be fol­lowed over a cer­tain peri­od of time (e.g. if a user likes to return), cook­ies are usu­al­ly stored on the com­put­ers of the users for these test pur­pos­es.

Con­tent Deliv­ery Net­work (CDN)

A Con­tent Deliv­ery Net­work” (CDN) is a ser­vice with whose help con­tents of our online ser­vices, in par­tic­u­lar large media files, such as graph­ics or scripts, can be deliv­ered faster and more secure­ly with the help of region­al­ly dis­trib­uted servers con­nect­ed via the Inter­net.

Con­troller

Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.

Con­ver­sion Track­ing

Con­ver­sion Track­ing” refers to a pro­ce­dure by which the effec­tive­ness of mar­ket­ing mea­sures can be deter­mined. As a rule, a cook­ie is stored on the devices of the users with­in the web­sites on which the mar­ket­ing mea­sures are car­ried out and then called up again on the tar­get web­site (e.g. this enables us to track whether the ads we placed on oth­er web­sites were suc­cess­ful).

Cross-Device Track­ing

Cross-Device Track­ing is a form of track­ing in which behav­ior and inter­est infor­ma­tion of the user is record­ed across all devices in so-called pro­files by assign­ing an online iden­ti­fi­er to the user. This means that user infor­ma­tion can usu­al­ly be analysed for mar­ket­ing pur­pos­es, regard­less of the brows­er or device used (e.g. mobile phone or desk­top com­put­er). With most Cross-Device Track­ing providers, the online iden­ti­fi­er is not linked to plain data such as names, postal address­es or e‑mail address­es.

Cus­tom Audi­ences

Tar­get group for­ma­tion (or cus­tom audi­ences”) is the term used when tar­get groups are deter­mined for adver­tis­ing pur­pos­es, e.g. dis­play of adver­tise­ments. For exam­ple, a user’s inter­est in cer­tain prod­ucts or top­ics on the Inter­net may be used to infer that that user is inter­est­ed in adver­tise­ments for sim­i­lar prod­ucts or the online store in which they viewed the prod­ucts. Looka­like Audi­ences” (or sim­i­lar tar­get groups) is the term used to describe con­tent that is viewed as suit­able by users whose pro­files or inter­ests pre­sum­ably cor­re­spond to the users for whom the pro­files were cre­at­ed. Cook­ies are gen­er­al­ly used for the pur­pos­es of cre­at­ing cus­tom audi­ences and looka­like audi­ences. Tar­get groups can be cre­at­ed by pro­cess­ing vis­i­tors of an online ser­vice or can be uploaded to the provider of an online mar­ket­ing tech­nol­o­gy by means of upload­ing (which is usu­al­ly done pseu­do­nymised).

Heatmaps

Heatmaps” are mouse move­ments of the users, which are com­bined to an over­all pic­ture, with the help of which it can be rec­og­nized, for exam­ple, which web page ele­ments are pre­ferred and which web page ele­ments users pre­fer less.

IP Mask­ing

IP mask­ing is a method by which the last octet, i.e. the last two num­bers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a per­son. IP mask­ing is there­fore a means of pseu­do­nymis­ing pro­cess­ing meth­ods, par­tic­u­lar­ly in online mar­ket­ing.

Inter­est-based and Behav­ioral Mar­ket­ing

Inter­est-relat­ed and/​or behav­iour-relat­ed mar­ket­ing is the term used when poten­tial user inter­est in adver­tise­ments and oth­er con­tent is pre­dict­ed if pos­si­ble. This is done on the basis of infor­ma­tion on the pre­vi­ous behav­iour of users (e.g. vis­it­ing and stay­ing on cer­tain web­sites, pur­chas­ing behav­iour or inter­ac­tion with oth­er users), which is stored in a so-called pro­file. For these pur­pos­es cook­ies are usu­al­ly used.

Per­son­al Data

Per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al per­son.

Pro­cess­ing

The term pro­cess­ing” cov­ers a wide range and prac­ti­cal­ly every han­dling of data, be it col­lec­tion, eval­u­a­tion, stor­age, trans­mis­sion or era­sure.

Pro­fil­ing

Pro­fil­ing” means any auto­mat­ed pro­cess­ing of per­son­al data con­sist­ing in the use of such per­son­al data to analyse, eval­u­ate or pre­dict cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son (depend­ing on the type of pro­fil­ing, this includes infor­ma­tion regard­ing age, gen­der, loca­tion and move­ment data, inter­ac­tion with web­sites and their con­tents, shop­ping behav­iour, social inter­ac­tions with oth­er peo­ple) (e.g. inter­ests in cer­tain con­tents or prod­ucts, click behav­iour on a web­site or the loca­tion). Cook­ies and web bea­cons are often used for pro­fil­ing pur­pos­es.

Remar­ket­ing

Remar­ket­ing” or retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing pur­pos­es which prod­ucts a user is inter­est­ed in on a web­site in order to remind the user of these prod­ucts on oth­er web­sites, e.g. in adver­tise­ments.

Tar­get­ing

Tar­get­ing” is the term used when the behav­iour of users can be traced across sev­er­al web­sites. As a rule, behav­ior and inter­est infor­ma­tion with regard to the web­sites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called pro­fil­ing). This infor­ma­tion can then be used, for exam­ple, to dis­play adver­tise­ments to users pre­sum­ably cor­re­spond­ing to their inter­ests.

Web Ana­lyt­ics

Web Ana­lyt­ics serves the eval­u­a­tion of vis­i­tor traf­fic of online ser­vices and can deter­mine their behav­ior or inter­ests in cer­tain infor­ma­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for exam­ple, can rec­og­nize at what time vis­i­tors vis­it their web­site and what con­tent they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the con­tent of the web­site to bet­ter meet the needs of their vis­i­tors. For pur­pos­es of web ana­lyt­ics, pseu­do­ny­mous cook­ies and web bea­cons are fre­quent­ly used in order to recog­nise return­ing vis­i­tors and thus obtain more pre­cise analy­ses of the use of an online ser­vice.