Preamble

Last Update: 7. Octo­ber 2019

With the fol­low­ing pri­va­cy pol­i­cy we would like to inform you which types of your per­son­al data (here­inafter also abbre­vi­at­ed as data”) we process for which pur­pos­es and in which scope. The pri­va­cy state­ment applies to all pro­cess­ing of per­son­al data car­ried out by us, both in the con­text of pro­vid­ing our ser­vices and in par­tic­u­lar on our web­sites, in mobile appli­ca­tions and with­in exter­nal online pres­ences, such as our social media pro­files (here­inafter col­lec­tive­ly referred to as online ser­vices”).

Controller

talessio GmbH
Im Wägn­er 17
72070 Tübin­gen
Ger­many

Autho­rised Rep­re­sen­ta­tives: Michael Mehl

Email: hello@​talessio.​com
Phone: +49.7073.8009980
Legal Notice: https://​talessio​.com/​i​m​p​r​int

Overview of Processing Operations

The fol­low­ing table sum­maris­es the types of data processed, the pur­pos­es for which they are processed and the con­cerned data sub­jects.

Categories of Processed Data

  • Inven­to­ry data (e.g. names, address­es).
  • Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by appli­cants).
  • Con­tent data (e.g. text input, pho­tographs, videos).
  • Con­tact data (e.g. e‑mail, tele­phone num­bers).
  • Meta/​communication data (e.g. device infor­ma­tion, IP address­es).
  • Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).
  • Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry).
  • Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry).

Special Categories of Data

  • Data reveal­ing racial or eth­nic ori­gin.

Categories of Data Subjects

  • Employ­ees (e.g. Employ­ees, job appli­cants).
  • Job appli­cants.
  • Busi­ness and con­trac­tu­al part­ners.
  • Prospec­tive cus­tomers.
  • Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Cus­tomers.
  • Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

  • Pro­vi­sion of our online ser­vices and usabil­i­ty.
  • Con­ver­sion Track­ing.
  • Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment rela­tion­ship.).
  • Office and organ­i­sa­tion­al pro­ce­dures.
  • Con­tent Deliv­ery Net­work (CDN).
  • Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. col­lect­ing feed­back via online form).
  • Inter­est-based and behav­ioral mar­ket­ing.
  • con­tact requests and com­mu­ni­ca­tion.
  • Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties).
  • Pro­fil­ing (Cre­at­ing user pro­files).
  • Remar­ket­ing.
  • Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors).
  • Secu­ri­ty mea­sures.
  • Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies).
  • Con­trac­tu­al ser­vices and sup­port.
  • Man­ag­ing and respond­ing to inquiries.

Legal Bases for the Processing

In the fol­low­ing we inform you about the legal basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), on the basis of which we process per­son­al data. Please note that, in addi­tion to the reg­u­la­tions of the GDPR, the nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­i­dence or domi­cile.

Consent (Article 6 (1) (a) GDPR)

The data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic pur­pos­es.

Performance of a Contract and Prior Requests (Article 6 (1) (b) GDPR)

Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a con­tract.

Compliance with a Legal Obligation (Article 6 (1) © GDPR)

Pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is sub­ject.

Protection of Vital Interests (Article 6 (1) (d) GDPR)

Pro­cess­ing is nec­es­sary in order to pro­tect the vital inter­ests of the data sub­ject or of anoth­er nat­ur­al per­son.

Legitimate Interests (Article 6 (1) (f) GDPR)

Pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data.

Job Application Process as a Pre-Contractual or Contractual Relationship (Article 9 (1)(b) GDPR)

If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

National Data Protection Regulations in Germany

In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions apply to data pro­tec­tion in Ger­many. This includes in par­tic­u­lar the Law on Pro­tec­tion against Mis­use of Per­son­al Data in Data Pro­cess­ing (Fed­er­al Data Pro­tec­tion Act — BDSG). In par­tic­u­lar, the BDSG con­tains spe­cial pro­vi­sions on the right to access, the right to erase, the right to object, the pro­cess­ing of spe­cial cat­e­gories of per­son­al data, pro­cess­ing for oth­er pur­pos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-mak­ing, includ­ing pro­fil­ing. Fur­ther­more, it reg­u­lates data pro­cess­ing for the pur­pos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in par­tic­u­lar with regard to the estab­lish­ment, exe­cu­tion or ter­mi­na­tion of employ­ment rela­tion­ships as well as the con­sent of employ­ees. Fur­ther­more, data pro­tec­tion laws of the indi­vid­ual fed­er­al states may apply.

Security Precautions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the state of the art, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of pro­cess­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk.

The mea­sures include, in par­tic­u­lar, safe­guard­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­a­ra­tion of the data. In addi­tion, we have estab­lished pro­ce­dures to ensure that data sub­jects’ rights are respect­ed, that data is erased, and that we are pre­pared to respond to data threats rapid­ly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as ear­ly as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice providers, in accor­dance with the prin­ci­ple of pri­va­cy by design and pri­va­cy by default.

Masking of the IP address

If it is pos­si­ble for us or the stor­age of the IP address is not nec­es­sary, we short­en or have your IP address short­ened. When the IP address is short­ened, also known as IP mask­ing”, the last octet, i.e. the last two num­bers of an IP address, is delet­ed (the IP address in this con­text is an iden­ti­fi­er indi­vid­u­al­ly assigned to an Inter­net con­nec­tion by the online access provider). With the short­en­ing of the IP address, the iden­ti­fi­ca­tion of a per­son on the basis of their IP address is to be pre­vent­ed or made con­sid­er­ably more dif­fi­cult.

SSL Encryption (https)

In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­si­ble way, we use SSL encryp­tion. You can rec­og­nize such encrypt­ed con­nec­tions by the pre­fix https:// in the address bar of your brows­er.

Transmission and Disclosure of Personal Data

In the con­text of our pro­cess­ing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pa­nies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for exam­ple, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice providers com­mis­sioned with IT tasks or providers of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal require­ments will be respect­ed and in par­tic­u­lar cor­re­spond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­clud­ed with the recip­i­ents of your data.

Data Transmission within the Group of Companies

We may trans­fer per­son­al data to oth­er com­pa­nies with­in our group of com­pa­nies or oth­er­wise grant them access to this data. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of the data sub­jects or oth­er­wise a legal per­mis­sion is present.

Data Processing in Third Countries

If we process data in a third coun­try (i.e. out­side the Euro­pean Union (EU), the Euro­pean Eco­nom­ic Area (EEA)) or the pro­cess­ing takes place in the con­text of the use of third par­ty ser­vices or dis­clo­sure or trans­fer of data to oth­er per­sons, bod­ies or com­pa­nies, this will only take place in accor­dance with the legal require­ments.

Sub­ject to express con­sent or trans­fer required by con­tract or law, we process or have processed the data only in third coun­tries with a recog­nised lev­el of data pro­tec­tion, which includes US proces­sors cer­ti­fied under the Pri­va­cy Shield” or on the basis of spe­cial guar­an­tees, such as a con­trac­tu­al oblig­a­tion through so-called stan­dard pro­tec­tion claus­es of the EU Com­mis­sion, the exis­tence of cer­ti­fi­ca­tions or bind­ing inter­nal data pro­tec­tion reg­u­la­tions (Arti­cle 44 to 49 GDPR, infor­ma­tion page of the EU Com­mis­sion: https://​ec​.europa​.eu/​i​n​f​o​/​l​a​w​/​l​a​w​-​t​o​p​i​c​/​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​/​i​n​t​e​r​n​a​t​i​o​n​a​l​-​d​i​m​e​n​s​i​o​n​-​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​_en).

Use of Cookies

Cook­ies” are small files that are stored on the user’s devices. Dif­fer­ent data can be stored with­in the cook­ies. The infor­ma­tion can include, for exam­ple, the lan­guage set­tings on a web­site, the login sta­tus, a shop­ping cart or the point to which a video was viewed.

In gen­er­al, cook­ies are also used when the inter­ests of users or their behav­iour (e.g. view­ing cer­tain con­tent, use of func­tions, etc.) are secured via indi­vid­ual web­sites in a user pro­file. These pro­files are used, for exam­ple, to dis­play ads to users that cor­re­spond to their poten­tial inter­ests. This pro­ce­dure is also referred to as track­ing”, mean­ing track­ing the poten­tial inter­ests of users. The term cook­ies” also includes oth­er tech­nolo­gies that per­form the same func­tions as cook­ies (e.g. when user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as user IDs”).

If we use cook­ies or track­ing” tech­nolo­gies, we will inform you about this in our pri­va­cy pol­i­cy.

Information on Legal Basis

The legal basis on which we process your per­son­al data with the help of cook­ies depends on whether we ask you for your con­sent. If this is the case and you accept the use of cook­ies, the legal basis for pro­cess­ing your data is your declared con­sent. Oth­er­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g., in a busi­ness oper­a­tion of our online ser­vices and their improve­ment) or if the use of cook­ies is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions.

General Information on Withdrawal of Consent and Objection (Opt-Out)

Irre­spec­tive of whether pro­cess­ing is based on con­sent or legal per­mis­sion, you have the option at any time to object to the pro­cess­ing of your data using cook­ie tech­nolo­gies or to revoke con­sent (col­lec­tive­ly referred to as opt-out”).

You can ini­tial­ly explain your objec­tion using the set­tings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online ser­vices).

An objec­tion to the use of cook­ies for online mar­ket­ing pur­pos­es can be raised for a large num­ber of ser­vices, espe­cial­ly in the case of track­ing, via the US web­site http://​www​.aboutads​.info/​c​h​o​i​c​es/ or the EU web­site http://​www​.youron​line​choic​es​.com/ or gen­er­al­ly on http://​optout​.aboutads​.info/.

Fur­ther infor­ma­tion on the pos­si­bil­i­ty of oppo­si­tion is also giv­en in the con­text of the infor­ma­tion on the respec­tive pro­cess­ing oper­a­tions in this pri­va­cy pol­i­cy.

Processing Cookie Data on the Basis of Consent

Before we process or have processed data with­in the con­text of the usage of cook­ies, we ask the users for their con­sent, which can be revoked at any time. Before the con­sent has not been giv­en, we may use cook­ies that are nec­es­sary for the oper­a­tion of our online ser­vices. Their use is based on our inter­est and the user’s inter­est in the expect­ed func­tion­al­i­ty of our online ser­vices.

Our Cookie-Settings (Opt-Out)

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Commercial Services

We process data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tomers and inter­est­ed par­ties (col­lec­tive­ly referred to as con­trac­tu­al part­ners”) with­in the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and com­mu­ni­ca­tion with the con­trac­tu­al part­ners or pre-con­trac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to ful­fil our con­trac­tu­al oblig­a­tions, safe­guard our rights and for the pur­pos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the con­trac­tu­al part­ners with­in the scope of the applic­a­ble law to third par­ties inso­far as this is nec­es­sary for the afore­men­tioned pur­pos­es or for the ful­fil­ment of legal oblig­a­tions or with the con­sent of the con­trac­tu­al part­ners (e.g. telecom­mu­ni­ca­tions, trans­port and oth­er aux­il­iary ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice providers or tax author­i­ties). The con­trac­tu­al part­ners will be informed about fur­ther pro­cess­ing, e.g. for mar­ket­ing pur­pos­es, as part of this pri­va­cy pol­i­cy.

Which data are nec­es­sary for the afore­men­tioned pur­pos­es, we inform the con­tract­ing part­ners before or in the con­text of the data col­lec­tion, e.g. in on-line forms by spe­cial mark­ing (e.g. col­ors), and/​or sym­bols (e.g. aster­isks or the like), or per­son­al­ly.

We delete the data after expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a cus­tomer account or must be kept for legal rea­sons of archiv­ing (e.g., as a rule 10 years for tax pur­pos­es). In the case of data dis­closed to us by the con­trac­tu­al part­ner with­in the con­text of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gen­er­al after the end of the assign­ment.

If we use third-par­ty providers or plat­forms to pro­vide our ser­vices, the terms and con­di­tions and pri­va­cy poli­cies of the respec­tive third-par­ty providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Economic Analyses and Market Research

For eco­nom­ic rea­sons and in order to be able to recog­nise mar­ket trends, wish­es of con­trac­tu­al part­ners and users, we analyse the data avail­able to us on busi­ness trans­ac­tions, con­tracts, enquiries, etc., where­by the per­sons con­cerned may include con­trac­tu­al part­ners, inter­est­ed par­ties, cus­tomers, vis­i­tors and users of our online ser­vice.

The analy­ses are car­ried out for the pur­pose of busi­ness eval­u­a­tions, mar­ket­ing and mar­ket research (for exam­ple, to deter­mine cus­tomer groups with dif­fer­ent char­ac­ter­is­tics). If avail­able, we can take into account the pro­files of reg­is­tered users with infor­ma­tion, e.g. on the ser­vices they have used. The analy­ses serve us alone and are not dis­closed exter­nal­ly unless they are anony­mous analy­ses with sum­marised, i.e. anonymised val­ues. Fur­ther­more, we respect the pri­va­cy of the users and process the data for analy­sis pur­pos­es as pseu­do­ny­mous­ly as pos­si­ble and if pos­si­ble anony­mous­ly (e.g. as sum­ma­rized data).

Agency Services

We process the data of our cus­tomers with­in the scope of our con­trac­tu­al ser­vices, which may include e.g. con­cep­tu­al and strate­gic con­sult­ing, cam­paign plan­ning, soft­ware and design devel­op­ment /​con­sult­ing or main­te­nance, imple­men­ta­tion of cam­paigns and process­es, han­dling, serv­er admin­is­tra­tion, data analy­sis /​con­sult­ing ser­vices and train­ing ser­vices.

Education and Training Services

e process the data of the par­tic­i­pants of our edu­ca­tion and train­ing pro­grammes (uni­form­ly referred to as ” stu­dents”) in order to pro­vide them with our edu­ca­tion­al and train­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and edu­ca­tion­al rela­tion­ship. The pro­cess­ing also includes the per­for­mance eval­u­a­tion and eval­u­a­tion of our ser­vices and the teach­ers and instruc­tors.

As part of our activ­i­ties, we may also process spe­cial cat­e­gories of data, in par­tic­u­lar infor­ma­tion on the health of per­sons under­go­ing train­ing or fur­ther train­ing and data reveal­ing eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal con­vic­tions. To this end, we obtain, if nec­es­sary, the express con­sent of the stu­dents to be trained and fur­ther edu­cat­ed and process the spe­cial cat­e­gories of data oth­er­wise only if it is nec­es­sary for the pro­vi­sion of train­ing ser­vices, for pur­pos­es of health care, social pro­tec­tion or pro­tec­tion of vital inter­ests of the stu­dents to be trained and fur­ther edu­cat­ed.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the trainees, we dis­close or trans­fer the data of the stu­dents to third par­ties or agents, e.g. pub­lic author­i­ties or in the field of IT, office or com­pa­ra­ble ser­vices, in com­pli­ance with the require­ments of pro­fes­sion­al law.

Coaching

We process the data of our clients and inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as clients”) in order to pro­vide them with our ser­vices. The data processed, the type, scope and pur­pose of their pro­cess­ing and the neces­si­ty of their pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client rela­tion­ship.

With­in the scope of our ser­vices, we may also process spe­cial cat­e­gories of data, here in par­tic­u­lar infor­ma­tion on the health of clients, pos­si­bly with ref­er­ence to their sex­u­al life or sex­u­al ori­en­ta­tion and data reveal­ing racial or eth­nic ori­gin, polit­i­cal opin­ions, reli­gious or philo­soph­i­cal beliefs. To this end, we obtain the express con­sent of clients where nec­es­sary and process the spe­cial cat­e­gories of data oth­er­wise for the pur­pos­es of health care, if the data is pub­lic or wit an oth­er legal persmis­sion.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­trac­tu­al oblig­a­tions, the pro­tec­tion of vital inter­ests or by law, or with theclients’s con­sent, we dis­close or trans­fer the clients’s data to third par­ties or agents, such as pub­lic author­i­ties, account­ing offices and in the field of IT, office or com­pa­ra­ble ser­vices, in com­pli­ance with pro­fes­sion­al reg­u­la­tions.

Consulting

We process the data of our clients, clients as well as inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as clients”) in order to pro­vide them with our con­sult­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client rela­tion­ship.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the client, we dis­close or trans­fer the client’s data to third par­ties or agents, such as author­i­ties, courts, sub­con­trac­tors or in the field of IT, office or com­pa­ra­ble ser­vices, tak­ing into account the pro­fes­sion­al require­ments.

Artistic and Literary Services

We process the data of our clients in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works and relat­ed tasks, as well as their pay­ment and deliv­ery, or exe­cu­tion or pro­vi­sion.

The required details are iden­ti­fied as such with­in the frame­work of the con­clu­sion of the order, order or com­pa­ra­ble con­tract and include the details required for deliv­ery and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions.

Mobile Application

We process the data of the users of our apps, reg­is­tered and any test users (here­inafter uni­form­ly referred to as users”) in order to pro­vide them with our con­trac­tu­al ser­vices and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our app and to devel­op it fur­ther. The required details are iden­ti­fied as such with­in the scope of the con­clu­sion of a con­tract for the use of the apps, the con­clu­sion of an order, an order or a com­pa­ra­ble con­tract and may include the details required for the pro­vi­sion of ser­vices and any invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. If our apps are pur­chased from plat­forms of oth­er app sup­pli­ers (e.g. Apple’s App Store or Google­Play), the terms and con­di­tions and data pro­tec­tion notices of the respec­tive plat­forms apply in the rela­tion­ship between the users and the app sup­pli­ers.

Project and Development Services

We process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works as well as asso­ci­at­ed activ­i­ties and to pay for and make avail­able such ser­vices or works or to per­form such ser­vices or works.

The required infor­ma­tion is indi­cat­ed as such with­in the frame­work of the con­clu­sion of the agree­ment, order or equiv­a­lent con­tract and includes the infor­ma­tion required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. Inso­far as we gain access to the infor­ma­tion of end cus­tomers, employ­ees or oth­er per­sons, we process it in accor­dance with the legal and con­trac­tu­al require­ments.

Publishing Activities

We process the data of our con­tact part­ners, inter­viewed per­sons and oth­er per­sons who are the sub­ject of our edi­to­r­i­al, jour­nal­is­tic and relat­ed activ­i­ties. Here we refer to the valid­i­ty of pro­tec­tion reg­u­la­tions of free­dom of opin­ion and free­dom of the press accord­ing to Arti­cle 85 GDPR in con­nec­tion with the respec­tive nation­al laws. The pro­cess­ing serves us the ful­fil­ment of order activ­i­ties and is oth­er­wise based in par­tic­u­lar on the inter­est of the gen­er­al pub­lic in infor­ma­tion and media prod­ucts.

Software and Platform Services

We process the data of our users, reg­is­tered and any test users (here­inafter uni­form­ly referred to as users”) in order to pro­vide them with our con­trac­tu­al ser­vices and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our offer and to devel­op it fur­ther. The required details are iden­ti­fied as such with­in the con­text of the con­clu­sion of the agree­ment, order or com­pa­ra­ble con­tract and include the details required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any fur­ther con­sul­ta­tions.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Special Categories of Data

Health Data (Arti­cle 9 (1) GDPR), Data relat­ed to sex­u­al pref­er­ences, sex life, and/​or sex­u­al ori­en­ta­tion (Arti­cle 9 (1) GDPR), Rre­li­gious or philo­soph­i­cal beliefs (Arti­cle 9 (1) GDPR), Data reveal­ing racial or eth­nic ori­gin.

Data Subjects

Prospec­tive cus­tomers, Busi­ness and con­trac­tu­al part­ners, Cus­tomers.

Purposes of Processing

Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Man­ag­ing and respond­ing to inquiries, Con­ver­sion Track­ing, Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files).

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Blogs and Publication Media

We use blogs or com­pa­ra­ble means of online com­mu­ni­ca­tion and pub­li­ca­tion (here­inafter pub­li­ca­tion medi­um”). Read­ers’ data will only be processed for the pur­pos­es of the pub­li­ca­tion medi­um to the extent nec­es­sary for its pre­sen­ta­tion and com­mu­ni­ca­tion between authors and read­ers or for secu­ri­ty rea­sons. For the rest, we refer to the infor­ma­tion on the pro­cess­ing of vis­i­tors to our pub­li­ca­tion medi­um with­in the scope of this pri­va­cy pol­i­cy.

Comment and Contributions

When users leave com­ments or oth­er con­tri­bu­tions, their IP address­es may be stored based on our legit­i­mate inter­ests. This is done for our safe­ty, if some­one leaves ille­gal con­tents (insults, for­bid­den polit­i­cal pro­pa­gan­da, etc.) in com­ments and con­tri­bu­tions. In this case, we our­selves can be pros­e­cut­ed for the com­ment or con­tri­bu­tion and are there­fore inter­est­ed in the author’s iden­ti­ty.

Fur­ther­more, we reserve the right to process user data for the pur­pose of spam detec­tion on the basis of our legit­i­mate inter­ests.

On the same legal basis, in the case of sur­veys, we reserve the right to store the IP address­es of users for the dura­tion of the sur­veys and to use cook­ies in order to avoid mul­ti­ple votes.

The per­son­al infor­ma­tion pro­vid­ed in the course of com­ments and con­tri­bu­tions, any con­tact and web­site infor­ma­tion as well as the con­tent infor­ma­tion will be stored per­ma­nent­ly by us until the user objects.

Comment Subscriptions

Fol­low-up com­ments can be sub­scribed to by users with their con­sent. Users will receive a con­fir­ma­tion email to ver­i­fy that they are the own­er of the email address entered. Users can unsub­scribe from cur­rent com­ment sub­scrip­tions at any time. The con­fir­ma­tion email will con­tain infor­ma­tion on the can­cel­la­tion options. For the pur­pos­es of prov­ing the users’ con­sent, we store the time of reg­is­tra­tion along with the users’ IP address and delete this infor­ma­tion when users unsub­scribe from the sub­scrip­tion.

You can can­cel the receipt of our sub­scrip­tion at any time, i.e. revoke your con­sent. We may store the unsub­scribed email address­es for up to three years based on our legit­i­mate inter­ests before delet­ing them to pro­vide evi­dence of pri­or con­sent. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defense against claims. An indi­vid­ual dele­tion request is pos­si­ble at any time, pro­vid­ed that the for­mer exis­tence of a con­sent is con­firmed at the same time.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

Con­trac­tu­al ser­vices and sup­port, Feed­back (e.g. col­lect­ing feed­back via online form), Secu­ri­ty mea­sures, Man­ag­ing and respond­ing to inquiries, con­tact requests and com­mu­ni­ca­tion.

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR), Ppro­tec­tion of vital inter­ests (Arti­cle 6 (1) (d) GDPR).

Contacting us

When con­tact­ing us (e.g. by con­tact form, e‑mail, tele­phone or via social media), the data of the inquir­ing per­sons are processed inso­far as this is nec­es­sary to answer the con­tact enquiries and any request­ed activ­i­ties.

The response to con­tact enquiries with­in the frame­work of con­trac­tu­al or pre-con­trac­tu­al rela­tion­ships is made in order to ful­fil our con­trac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and oth­er­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos).

Data Subjects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Purposes of Processing

Con­tact requests and com­mu­ni­ca­tion.

Legal Basis

Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Communication via Messenger

We use Mes­sen­ger ser­vices for com­mu­ni­ca­tion pur­pos­es and there­fore ask you to observe the fol­low­ing infor­ma­tion regard­ing the func­tion­al­i­ty of the Mes­sen­ger, encryp­tion, use of the meta­da­ta of the com­mu­ni­ca­tion and your objec­tion options.

You can also con­tact us by alter­na­tive means, e.g. tele­phone or e‑mail. Please use the con­tact options pro­vid­ed to you or use the con­tact options pro­vid­ed with­in our online ser­vices.

In the case of encryp­tion ofcon­tent (i.e. the con­tent of your mes­sage and attach­ments), we point out that the com­mu­ni­ca­tion con­tent (i.e. the con­tent of the mes­sage and attach­ments) is encrypt­ed end-to-end. This means that the con­tent of the mes­sages is not vis­i­ble, not even by the mes­sen­ger providers them­selves. You should always use a cur­rent ver­sion of the mes­sen­ger with acti­vat­ed encryp­tion, so that the encryp­tion of the mes­sage con­tents is guar­an­teed.

How­ev­er, we would like to point out to our com­mu­ni­ca­tion part­ners that although mes­sen­ger ser­vice providers do not see the con­tent, they can find out that and when com­mu­ni­ca­tion part­ners com­mu­ni­cate with us and process tech­ni­cal infor­ma­tion on the com­mu­ni­ca­tion partner’s device used and, depend­ing on the set­tings of their device, also loca­tion infor­ma­tion (so-called meta­da­ta).

Information on Legal Basis

If we ask com­mu­ni­ca­tion part­ners for per­mis­sion before com­mu­ni­cat­ing with them via Mes­sen­ger, the legal basis of our pro­cess­ing of their data is their con­sent. Oth­er­wise, if we do not request con­sent and you con­tact us, for exam­ple, vol­un­tar­i­ly, we use Mes­sen­ger in our deal­ings with our con­trac­tu­al part­ners and as part of the con­tract ini­ti­a­tion process as a con­trac­tu­al mea­sure and in the case of oth­er inter­est­ed par­ties and com­mu­ni­ca­tion part­ners on the basis of our legit­i­mate inter­ests in fast and effi­cient com­mu­ni­ca­tion and meet­ing the needs of our com­mu­ni­ca­tion part­ners for com­mu­ni­ca­tion via mes­sen­gers. We would also like to point out that we do not trans­mit the con­tact data pro­vid­ed to us to the mes­sen­ger ser­vice providers for the first time with­out your con­sent.

Withdrawal, Objection and Deletion

You can with­draw your con­sent or object to com­mu­ni­ca­tion with us via Mes­sen­ger at any time​.In the case of com­mu­ni­ca­tion via mes­sen­ger, we delete the mes­sages in accor­dance with our gen­er­al data reten­tion pol­i­cy (i.e. as described above after the end of con­trac­tu­al rela­tion­ships, archiv­ing require­ments, etc.) and oth­er­wise as soon as we can assume that we have answered any infor­ma­tion pro­vid­ed by the com­mu­ni­ca­tion part­ners, if no ref­er­ence to a pre­vi­ous con­ver­sa­tion is to be expect­ed and there are no legal oblig­a­tions to store the mes­sages to pre­vent their dele­tion.

Reservation of Reference to Other Means of Communication

Final­ly, we would like to point out that we reserve the right, for rea­sons of your safe­ty, not to answer inquiries about Mes­sen­ger. This is the case if, for exam­ple, inter­nal con­trac­tu­al mat­ters require spe­cial secre­cy or if an answer via the mes­sen­ger does not meet the for­mal require­ments. In such cas­es we refer you to more appro­pri­ate com­mu­ni­ca­tion chan­nels.

Skype

The end-to-end encryp­tion of Skype requires its acti­va­tion (unless it is enabled by default).

Processed Data Types

Con­tact data (e.g. e‑mail, tele­phone num­bers), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Con­tent data (e.g. text input, pho­tographs, videos).

Data Subjects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Purposes of Processing

Con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Apple iMessage and Facetime

Apple iMes­sage and Face­time; Ser­vice provider: Apple Inc., One Apple Park Way, Cuper­ti­no, CA 95014 USA; Web­site: https://​www​.apple​.com/; Pri­va­cy Pol­i­cy: https://​sup​port​.apple​.com/​d​e​-​d​e​/​H​T​209110.

Skype

Skype Mes­sen­ger with end-to-end encryp­tion; Ser­vice provider: Microsoft Cor­po­ra­tion, One Microsoft Way, Red­mond, WA 98052 – 6399 USA; Web­site: https://​www​.skype​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.microsoft​.com/​d​e​-​d​e​/​p​r​i​v​a​c​y​s​t​a​t​e​m​ent, Secu­ri­ty infor­ma­tion: https://​www​.microsoft​.com/​d​e​-​d​e​/​t​r​u​s​t​c​e​n​ter; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​K​z​N​a​A​A​K​&​s​t​a​t​u​s​=​A​c​t​ive.

Slack

Slack Mes­sen­ger with­out end-to-end encryp­tion; Ser­vice provider: Slack Tech­nolo­gies, Inc., 500 Howard Street, San Fran­cis­co, CA 94105, USA; Web­site: https://​slack​.com/; Pri­va­cy Pol­i­cy: https://​slack​.com/​i​n​t​l​/​d​e​-​d​e​/​l​e​gal; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​M​B​A​A​0&​s​t​a​t​u​s​=​A​c​t​ive.

WhatsApp

What­sApp Mes­sen­ger with end-to-end encryp­tion; Ser­vice provider: What­sApp Inc. What­sApp Legal 1601 Wil­low Road Men­lo Park, Cal­i­for­nia 94025, USA; Web­site: https://​www​.what​sapp​.com/; Pri­va­cy Pol­i­cy: https://​www​.what​sapp​.com/​l​e​gal; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​S​n​w​A​A​G​&​s​t​a​t​u​s​=​A​c​t​ive.

Online Conferences, Meetings and Webinars

We use third-par­ty plat­forms and appli­ca­tions (here­inafter referred to as third par­ty providers”) for the pur­pos­es of con­duct­ing video and audio con­fer­ences, webi­na­rs and oth­er types of video and audio meet­ings. When select­ing third-par­ty providers and their ser­vices, we observe the legal require­ments.

In this con­text, data of the com­mu­ni­ca­tion par­tic­i­pants will be processed and stored on the servers of third par­ties, as far as these are part of com­mu­ni­ca­tion process­es with us. This data may include, but is not lim­it­ed to, reg­is­tra­tion and con­tact details, visu­al and voice con­tri­bu­tions, chat entries and shared screen con­tent.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to observe the data pro­tec­tion infor­ma­tion of the respec­tive third par­ty providers.

Information on Legal Basis

If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures.

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Cisco WebEx

Con­fer­nce-Soft­ware; Ser­vice provider: Webex Com­mu­ni­ca­tions Deutsch­land GmbH, Hansaallee 249, c/​o Cis­co Sys­tems GmbH, 40549 Düs­sel­dorf, par­ent com­pa­ny: Cis­co Sys­tems, Inc. 170 West Tas­man Dr., San Jose, CA 95134, USA; Web­site: https://​www​.webex​.com; Pri­va­cy Pol­i­cy: https://​www​.cis​co​.com/​c​/​d​e​_​d​e​/​a​b​o​u​t​/​l​e​g​a​l​/​p​r​i​v​a​c​y​-​f​u​l​l​.​h​tml; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​J​2​A​A​K​&​s​t​a​t​u​s​=​A​c​t​ive.

Provision of Online Services and Web Hosting

In order to pro­vide our online ser­vices secure­ly and effi­cient­ly, we use the ser­vices of one or more web host­ing providers from whose servers (or servers they man­age) the online ser­vices can be accessed. For these pur­pos­es, we may use infra­struc­ture and plat­form ser­vices, com­put­ing capac­i­ty, stor­age space and data­base ser­vices, as well as secu­ri­ty and tech­ni­cal main­te­nance ser­vices.

The data processed with­in the frame­work of the pro­vi­sion of the host­ing ser­vices may include all infor­ma­tion relat­ing to the users of our online ser­vices that is col­lect­ed in the course of use and com­mu­ni­ca­tion. This reg­u­lar­ly includes the IP address, which is nec­es­sary to be able to deliv­er the con­tents of online ser­vices to browsers, and all entries made with­in our online ser­vices or from web­sites.

Collection of Access Data and Log Files

We, our­selves or our web host­ing provider, col­lect data on the basis of each access to the serv­er (so-called serv­er log files). Serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, data vol­umes trans­ferred, noti­fi­ca­tion of suc­cess­ful access, brows­er type and ver­sion, the user’s oper­at­ing sys­tem, refer­rer URL (the pre­vi­ous­ly vis­it­ed page) and, as a gen­er­al rule, IP address­es and the request­ing provider.

The serv­er log files can be used for secu­ri­ty pur­pos­es, e.g. to avoid over­load­ing the servers (espe­cial­ly in the case of abu­sive attacks, so-called DDoS attacks) and to ensure the sta­bil­i­ty and opti­mal load bal­anc­ing of the servers .

Content-Delivery-Network

We use a so-called Con­tent Deliv­ery Net­work” (CDN). A CDN is a ser­vice with whose help con­tents of our online ser­vices, in par­tic­u­lar large media files, such as graph­ics or scripts, can be deliv­ered faster and more secure­ly with the help of region­al­ly dis­trib­uted servers con­nect­ed via the Inter­net.

Processed Data Types

Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

Con­tent Deliv­ery Net­work (CDN).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Cloudflare

Con­tent-Deliv­ery-Net­work (CDN); Ser­vice provider: Cloud­flare, Inc., 101 Townsend St, San Fran­cis­co, CA 94107, USA; Web­site: https://​www​.cloud​flare​.com; Pri­va­cy Pol­i­cy: https://​www​.cloud​flare​.com/​p​r​i​v​a​c​y​p​o​l​i​cy/; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​Z​K​A​A​0&​s​t​a​t​u​s​=​A​c​t​ive.

Host Europe

Host­ing; Ser­vice provider: Host Europe GmbH, Hans­es­trasse 111, 51149 Köln, Ger­many; Web­site: https://​www​.hos​teu​rope​.de/; Pri­va­cy Pol­i­cy: https://​www​.hos​teu​rope​.de/​A​G​B​/​D​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​u​ng/.

Job Application Process

The appli­ca­tion process requires appli­cants to pro­vide us with the data nec­es­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion con­tained there­in.

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, a con­tact option and proof of the qual­i­fi­ca­tions required for a par­tic­u­lar employ­ment. Upon request, we will be hap­py to pro­vide you with addi­tion­al infor­ma­tion.

If made avail­able, appli­cants can sub­mit their appli­ca­tions via an online form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail. Please note, how­ev­er, that e‑mails on the Inter­net are gen­er­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our serv­er. For the pur­pos­es of search­ing for appli­cants, sub­mit­ting appli­ca­tions and select­ing appli­cants, we may make use of the appli­cant man­age­ment and recruit­ment soft­ware, plat­forms and ser­vices of third-par­ty providers in com­pli­ance with legal require­ments. Appli­cants are wel­come to con­tact us about how to sub­mit their appli­ca­tion or send it to us by reg­u­lar mail.

Processing of Special Categories of Data

If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can exer­cise his/​her rights aris­ing from labour law and social secu­ri­ty and social pro­tec­tion law and ful­fil his/​her duties in this regard, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons pur­suant to Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

Erasure of Data

In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment rela­tion­ship. Oth­er­wise, if the appli­ca­tion for a job offer is not suc­cess­ful, the applicant’s data will be delet­ed. Appli­cants’ data will also be delet­ed if an appli­ca­tion is with­drawn, to which appli­cants are enti­tled at any time. Sub­ject to a jus­ti­fied revo­ca­tion by the appli­cant, the dele­tion will take place at the lat­est after the expiry of a peri­od of six months, so that we can answer any fol­low-up ques­tions regard­ing the appli­ca­tion and com­ply with our duty of proof under the reg­u­la­tions on equal treat­ment of appli­cants. Invoic­es for any reim­burse­ment of trav­el expens­es are archived in accor­dance with tax reg­u­la­tions.

Admission to a Talent Pool

Admis­sion to an tal­ent pool, if offered, is based on con­sent. Appli­cants are informed that their con­sent to be includ­ed in the tal­ent pool is vol­un­tary, has no influ­ence on the cur­rent appli­ca­tion process and that they can revoke their con­sent at any time for the future.

Dura­tion of data reten­tion in the appli­cant pool: 12 months.

Processed Data Types

Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by appli­cants), Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Job appli­cants, Employ­ees (e.g. Employ­ees, job appli­cants).

Purposes of Processing

Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment rela­tion­ship.).

Legal Basis

Arti­cle 9 (1)(b) GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Jobmensa

Recruit­ing plat­tform; Ser­vice provider: Stu­ditemps GmbH, Im Medi­a­park 4a, 50670 Köln, Deutsch­land; Web­site: https://​www​.job​men​sa​.de/; Pri­va­cy Pol­i­cy: https://​www​.job​men​sa​.de/​d​a​t​e​n​s​c​h​utz.

Cloud Services

We use Inter­net-acces­si­ble soft­ware ser­vices (so-called cloud ser­vices”, also referred to as Soft­ware as a Ser­vice”) pro­vid­ed on the servers of its providers for the fol­low­ing pur­pos­es: doc­u­ment stor­age and admin­is­tra­tion, cal­en­dar man­age­ment, e‑mail deliv­ery, spread­sheets and pre­sen­ta­tions, exchange of doc­u­ments, con­tent and infor­ma­tion with spe­cif­ic recip­i­ents or pub­li­ca­tion of web­sites, forms or oth­er con­tent and infor­ma­tion, as well as chats and par­tic­i­pa­tion in audio and video con­fer­ences.

With­in this frame­work, per­son­al data may be processed and stored on the provider’s servers inso­far as this data is part of com­mu­ni­ca­tion process­es with us or is oth­er­wise processed by us in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of data sub­jects, data on process­es, con­tracts, oth­er pro­ceed­ings and their con­tents. Cloud ser­vice providers also process usage data and meta­da­ta that they use for secu­ri­ty and ser­vice opti­miza­tion pur­pos­es.

If we use cloud ser­vices to pro­vide doc­u­ments and con­tent to oth­er users or pub­licly acces­si­ble web­sites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user set­tings (e.g. in the case of media con­trol).

Information on Legal Basis

If we ask for per­mis­sion to use cloud ser­vices, the legal basis for pro­cess­ing data is con­sent. Fur­ther­more, their use can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of cloud ser­vices has been agreed in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and col­lab­o­ra­tion process­es).

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive cus­tomers, Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).

Purposes of Processing

Office and organ­i­sa­tion­al pro­ce­dures.

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Microsoft Clouddienste

Online Marketing

We process per­son­al data for the pur­pos­es of online mar­ket­ing, which includes in par­tic­u­lar the dis­play of adver­tis­ing and oth­er con­tent (col­lec­tive­ly referred to as con­tent”) based on the poten­tial inter­ests of users.

For these pur­pos­es, so-called user pro­files are cre­at­ed and stored in a file (so-called cook­ie”) or sim­i­lar pro­ce­dure in which the rel­e­vant user infor­ma­tion for the dis­play of the afore­men­tioned con­tent is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web­sites vis­it­ed, online net­works used, com­mu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on usage times. If users have con­sent­ed to the col­lec­tion of their side­line data, these can also be processed.

The IP address­es of the users are also stored. How­ev­er, we use pro­vid­ed IP mask­ing pro­ce­dures (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to ensure the pro­tec­tion of the user’s by using a pseu­do­nym. In gen­er­al, with­in the frame­work of the online mar­ket­ing process, no clear user data (such as e‑mail address­es or names) is secured, but pseu­do­nyms. This means that we, as well as the providers of online mar­ket­ing pro­ce­dures, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their pro­files.

The infor­ma­tion in the pro­files is usu­al­ly stored in the cook­ies or sim­i­lar mem­o­riz­ing pro­ce­dures. These cook­ies can lat­er, gen­er­al­ly also on oth­er web­sites that use the same online mar­ket­ing tech­nol­o­gy, be read and ana­lyzed for pur­pos­es of con­tent dis­play, as well as sup­ple­ment­ed with oth­er data and stored on the serv­er of the online mar­ket­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the pro­files. This is the case, for exam­ple, if the users are mem­bers of a social net­work whose online mar­ket­ing tech­nol­o­gy we use and the net­work links the pro­files of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social net­work providers or oth­er ser­vice providers, e.g. by con­sent­ing as part of a reg­is­tra­tion process.

As a mat­ter of prin­ci­ple, we only gain access to sum­marised infor­ma­tion about the per­for­mance of our adver­tise­ments. How­ev­er, with­in the frame­work of so-called con­ver­sion mea­sure­ment, we can check which of our online mar­ket­ing process­es have led to a so-called con­ver­sion, i.e. to the con­clu­sion of a con­tract with us. The con­ver­sion mea­sure­ment is used alone for the per­for­mance analy­sis of our mar­ket­ing activ­i­ties.

Information on Legal Basis

If we ask users for their con­sent (e.g. in the con­text of a so-called cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing data for online mar­ket­ing pur­pos­es is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices), Prospec­tive cus­tomers.

Purposes of Processing

Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Con­ver­sion Track­ing, Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files), Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties), Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors).

Security Measures

IP Mask­ing (Pseu­do­nymiza­tion of the IP address).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Opt-Out

We refer to the pri­va­cy poli­cies of the respec­tive ser­vice providers and the pos­si­bil­i­ties for objec­tion (so-called opt-out”). If no explic­it opt-out option has been spec­i­fied, it is pos­si­ble to deac­ti­vate cook­ies in the set­tings of your brows­er. How­ev­er, this may restrict the func­tions of our online offer. We there­fore rec­om­mend the fol­low­ing addi­tion­al opt-out options, which are offered col­lec­tive­ly for each area: a) Europe: https://​www​.youron​line​choic​es​.eu. b) Cana­da: https://​www​.yourad​choic​es​.ca/​c​h​o​i​ces. c) USA: https://​www​.aboutads​.info/​c​h​o​i​ces. d) Cross-region­al: http://​optout​.aboutads​.info.

Google Tag Manager

Google Tag Man­ag­er is a web tag man­age­ment solu­tion that allows us to man­age web­site tags through a sin­gle inter­face (includ­ing Google Ana­lyt­ics and oth­er Google mar­ket­ing ser­vices in our online ser­vices). The Tag Man­ag­er itself (which imple­ments the tags) does not process any per­son­al user data. With regard to the pro­cess­ing of users’ per­son­al data, ref­er­ence is made to the infor­ma­tion below regard­ing Google ser­vices. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Analytics

Online mar­ket­ing and web ana­lyt­ics; Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com/​i​n​t​l​/​e​n​/​a​b​o​u​t​/​a​n​a​l​y​t​i​cs/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

Google Ads and Conversion Tracking

We use the Google Ads” online mar­ket­ing method to place ads on the Google adver­tis­ing net­work (e.g., in search results, videos, web­sites, etc.) so that they are dis­played to users who have an alleged inter­est in the ads. We also mea­sure the con­ver­sion of the ads. How­ev­er, we only know the anony­mous total num­ber of users who clicked on our ad and were redi­rect­ed to a page tagged with a con­ver­sion track­ing tag. How­ev­er, we our­selves do not receive any infor­ma­tion that can be used to iden­ti­fy users. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​mar​ket​ing​plat​form​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​000000001​L​5​A​A​I​&​s​t​a​t​u​s​=​A​c​t​ive.

Profiles in Social Networks

We main­tain online pres­ences with­in social net­works in order to com­mu­ni­cate with the users active there or to offer ind infor­ma­tion about us there.

We would like to point out that user data may be processed out­side the Euro­pean Union. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights. With regard to US providers cer­ti­fied under the Pri­va­cy Shield or offer­ing com­pa­ra­ble guar­an­tees of a secure lev­el of data pro­tec­tion, we would like to point out that they there­by com­mit them­selves to com­ply with EU data pro­tec­tion stan­dards.

In addi­tion, user data is usu­al­ly processed with­in social net­works for mar­ket research and adver­tis­ing pur­pos­es. For exam­ple, user pro­files can be cre­at­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user pro­files can then be used, for exam­ple, to place adver­tise­ments with­in and out­side the net­works which are pre­sumed to cor­re­spond to the inter­ests of the users. For these pur­pos­es, cook­ies are usu­al­ly stored on the user’s com­put­er, in which the user’s usage behav­iour and inter­ests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are mem­bers of the respec­tive net­wors or will become mem­bers lat­er on).

For a detailed descrip­tion of the respec­tive pro­cess­ing oper­a­tions and the opt-out options, please refer to the respec­tive data pro­tec­tion dec­la­ra­tions and infor­ma­tion pro­vid­ed by the providers of the respec­tive net­works.

Also in the case of requests for infor­ma­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effec­tive­ly pur­sued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate mea­sures and pro­vide infor­ma­tion. If you still need help, please do not hes­i­tate to con­tact us.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

Con­tact requests and com­mu­ni­ca­tion, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Facebook

Social net­work; Ser­vice provider: Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland, par­ent com­pa­ny: Face­book, 1 Hack­er Way, Men­lo Park, CA 94025, USA; Web­site: https://​www​.face​book​.com; Pri­va­cy Pol­i­cy: https://​www​.face​book​.com/​a​b​o​u​t​/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​G​n​y​w​A​A​C​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Set­tings for adver­tise­ments: https://​www​.face​book​.com/​s​e​t​t​i​n​g​s​?​t​a​b​=​ads; Addi­tion­al infor­ma­tion on data pro­tec­tion: Agree­ment on the joint con­troll of pro­cess­ing of per­son­al data on Face­book pages: https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​p​a​g​e​_​c​o​n​t​r​o​l​l​e​r​_​a​d​d​e​n​dum, pri­va­cy pol­i­cy for Face­book pages: https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​i​n​f​o​r​m​a​t​i​o​n​_​a​b​o​u​t​_​p​a​g​e​_​i​n​s​i​g​h​t​s​_​d​ata.

Twitter

Social net­work; Ser­vice provider: Twit­ter Inc., 1355 Mar­ket Street, Suite 900, San Fran­cis­co, CA 94103, USA; Pri­va­cy Pol­i­cy: https://​twit​ter​.com/​d​e​/​p​r​i​v​acy, (Set­tings) https://​twit​ter​.com/​p​e​r​s​o​n​a​l​i​z​a​t​ion; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​O​R​z​A​A​O​&​s​t​a​t​u​s​=​A​c​t​ive.

Xing

Social net­work; Ser­vice provider: XING AG, Damm­torstraße 29 – 32, 20354 Ham­burg, Ger­many; Web­site: https://​www​.xing​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.xing​.com/​d​e​/​d​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​ung.

Plugins and Embedded Functions and Content

With­in our online ser­vices, we inte­grate func­tion­al and con­tent ele­ments that are obtained from the servers of their respec­tive providers (here­inafter referred to as third-par­ty providers”). These may, for exam­ple, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­inafter uni­form­ly referred to as Con­tent”).

The inte­gra­tion always pre­sup­pos­es that the third-par­ty providers of this con­tent process the IP address of the user, since they could not send the con­tent to their brows­er with­out the IP address. The IP address is there­fore required for the pre­sen­ta­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respec­tive offer­ers use the IP address only for the dis­tri­b­u­tion of the con­tents. Third par­ties may also use so-called pix­el tags (invis­i­ble graph­ics, also known as web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er infor­ma­tion about the use of our web­site, as well as may be linked to such infor­ma­tion from oth­er sources.

Information on Legal Basis

If we ask users for their con­sent (e.g. in the con­text of a so-called cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos).

Data Subjects

Users (e.g. web­site vis­i­tors, users of online ser­vices).

Purposes of Processing

Pro­vi­sion of our online ser­vices and usabil­i­ty, Con­trac­tu­al ser­vices and sup­port, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Feed­back (e.g. col­lect­ing feed­back via online form).

Legal Basis

Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR).

Google Fonts

We inte­grate the fonts (“Google Fonts”) of the provider Google, where­by the data of the users are used sole­ly for pur­pos­es of the rep­re­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uni­form pre­sen­ta­tion and con­sid­er­a­tion of pos­si­ble licens­ing restric­tions for their inte­gra­tion. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​fonts​.google​.com/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive.

Google Maps

We inte­grate the maps of the ser­vice Google Maps” from the provider Google. The data processed may include, in par­tic­u­lar, IP address­es and loca­tion data of users, which are not col­lect­ed with­out their con­sent (usu­al­ly with­in the frame­work of the set­tings of their mobile devices). Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​maps​.google​.com; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

MyFonts

Fonts; data processed in the font request process includes the iden­ti­fi­ca­tion num­ber of the web font project (anonymized), the URL of the licensed web­site asso­ci­at­ed with our num­ber to iden­ti­fy the licensee and the licensed web fonts, and the refer­rer URL; the anonymized web font project iden­ti­fi­ca­tion num­ber is stored in encrypt­ed log files with such data for 30 days to deter­mine the month­ly num­ber of page views; after such extrac­tion and stor­age of the num­ber of page views the log files are delet­ed; Ser­vice provider: Mono­type Imag­ing Hold­ings Inc., 600 Uni­corn Park Dri­ve, Woburn, Mass­a­chu­setts 01801, USA; Web­site: https://​www​.myfonts​.com; Pri­va­cy Pol­i­cy: https://​www​.myfonts​.com/​i​n​f​o​/​l​e​g​a​l​/​#​P​r​i​v​acy.

ReCaptcha

We inte­grate the func­tion ReCaptcha” for the recog­ni­tion of bots, e.g. for entries in online forms. The behav­iour data of the users (e.g. mouse move­ments or queries) are eval­u­at­ed in order for us to be able to dis­tin­guish between peo­ple and bots. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, , par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://​www​.google​.com/​r​e​c​a​p​t​c​ha/; Pri­va­cy Pol­i­cy: https://​poli​cies​.google​.com/​p​r​i​v​acy; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​R​k​E​A​A​W​&​s​t​a​t​u​s​=​A​c​t​ive; Opt-Out: Opt-Out-Plu­g­in: http://​tools​.google​.com/​d​l​p​a​g​e​/​g​a​o​p​t​o​u​t​?​h​l​=en, Set­tings for the Dis­play of Adver­tise­ments: https://​ads​set​tings​.google​.com/​a​u​t​h​e​n​t​i​c​a​ted.

Shariff

We use the pri­va­cy-secure Shar­iff” but­tons. Shar­iff” was devel­oped to pro­vide more pri­va­cy on the net and to replace the usu­al share” but­tons of social net­works. It is not the brows­er of the user, but the serv­er on which this online offer is locat­ed, which estab­lish­es a con­nec­tion with the serv­er of the respec­tive social media plat­forms and queries, for exam­ple, the num­ber of Likes, etc.. The user remains anony­mous. More infor­ma­tion about the Shar­iff project can be found at the devel­op­ers of the mag­a­zine c’t: https://​www​.heise​.de/​c​t​/​a​r​t​i​k​e​l​/​S​h​a​r​i​f​f​-​S​o​c​i​a​l​-​M​e​d​i​a​-​B​u​t​t​o​n​s​-​m​i​t​-​D​a​t​e​n​s​c​h​u​t​z​-​2467514​.​h​tml. Ser­vice provider: Heise Medi­en GmbH & Co. KG, Karl-Wiechert-Allee 10, 30625 Han­nover, Ger­many; Web­site: https://​www​.heise​.de/​c​t​/​a​r​t​i​k​e​l​/​S​h​a​r​i​f​f​-​S​o​c​i​a​l​-​M​e​d​i​a​-​B​u​t​t​o​n​s​-​m​i​t​-​D​a​t​e​n​s​c​h​u​t​z​-​2467514​.​h​tml; Pri­va­cy Pol­i­cy: https://​www​.heise​.de/​D​a​t​e​n​s​c​h​u​t​z​e​r​k​l​a​e​r​u​n​g​-​d​e​r​-​H​e​i​s​e​-​M​e​d​i​e​n​-​G​m​b​H​-​C​o​-​K​G​-​4860​.​h​tml.

Typekit-Fonts by Adobe

We inte­grate the fonts (“Type­kit fonts”) of the provider Adobe, where­by the data of the users are used sole­ly for pur­pos­es of the rep­re­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uni­form pre­sen­ta­tion and con­sid­er­a­tion of pos­si­ble licens­ing restric­tions for their inte­gra­tion. Ser­vice provider: Adobe Sys­tems Soft­ware Ire­land Lim­it­ed, 4 – 6 River­walk, City­west Busi­ness Cam­pus, Dublin 24, Ire­land; Web­site: https://​www​.adobe​.com; Pri­va­cy Pol­i­cy: https://​www​.adobe​.com/​p​r​i​v​a​c​y​.​h​tml; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​0000000​T​N​o​9​A​A​G​&​s​t​a​t​u​s​=​A​c​t​ive.

Planning, Organization and Utilities

We use ser­vices, plat­forms and soft­ware from oth­er providers (here­inafter referred to as ” third-par­ty providers”) for the pur­pos­es of orga­niz­ing, admin­is­ter­ing, plan­ning and pro­vid­ing our ser­vices. When select­ing third-par­ty providers and their ser­vices, we com­ply with the legal require­ments.

With­in this con­text, per­son­al data may be processed and stored on the servers of third-par­ty providers. This may include var­i­ous data that we process in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of users, data on process­es, con­tracts, oth­er process­es and their con­tents.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to read the data pro­tec­tion notices of the respec­tive third par­ty providers.

Information on Legal Basis

If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy pol­i­cy.

Processed Data Types

Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP address­es).

Data Subjects

Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online ser­vices).

Legal Basis

Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Calendly

Sched­ul­ing; Ser­vice provider: Cal­end­ly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA; Web­site: https://​cal​end​ly​.com; Pri­va­cy Pol­i­cy: https://​cal​end​ly​.com/​d​e​/​p​a​g​e​s​/​p​r​i​v​acy; Secu­ri­ty Notice: https://​cal​end​ly​.com/​d​e​/​p​a​g​e​s​/​s​e​c​u​r​ity.

ClickUp

Task and Project Man­age­ment; Ser­vice provider: Man­go Tech­nolo­gies Inc., 215 Low­ell Ave, Palo Alto, CA 94301, USA; Web­site: https://​click​up​.com; Pri­va­cy Pol­i­cy: https://​click​up​.com/​p​r​i​v​acy; Secu­ri­ty Infor­ma­tion: https://​click​up​.com/​s​e​c​u​r​ity; Pri­va­cy Shield (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in the USA): https://​www​.pri​va​cyshield​.gov/​p​a​r​t​i​c​i​p​a​n​t​?​i​d​=​a​2​z​t​00000004​E​g​o​A​A​E​&​s​t​a​t​u​s​=​A​c​t​ive.

Timely

Time Track­ing; Ser­vice provider: Time­ly AS, Mølleparken 2, Oslo, Nor­way; Web­site: https://​timelyapp​.com/; Pri­va­cy Pol­i­cy: https://​timelyapp​.com/​d​a​t​a​-​s​e​c​u​r​i​t​y​-​g​d​pr/.

Erasure of Data

The data processed by us will be erased in accor­dance with the statu­to­ry pro­vi­sions as soon as their pro­cess­ing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or they are not required for the pur­pose).

If the data is not delet­ed because they are required for oth­er and legal­ly per­mis­si­ble pur­pos­es, their pro­cess­ing is lim­it­ed to these pur­pos­es. This means that the data will be restrict­ed and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be stored for com­mer­cial or tax rea­sons or for which stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal per­son.

Fur­ther infor­ma­tion on the era­sure of per­son­al data can also be found in the indi­vid­ual data pro­tec­tion notices of this pri­va­cy pol­i­cy.

Changes and Updates to the Privacy Policy

We kind­ly ask you to inform your­self reg­u­lar­ly about the con­tents of our data pro­tec­tion dec­la­ra­tion. We will adjust the pri­va­cy pol­i­cy as changes in our data pro­cess­ing prac­tices make this nec­es­sary. We will inform you as soon as the changes require your coöper­a­tion (e.g. con­sent) or oth­er indi­vid­ual noti­fi­ca­tion.

Rights of Data Subjects

As data sub­ject, you are enti­tled to var­i­ous rights under the GDPR, which arise in par­tic­u­lar from Arti­cles 15 to 18 and 21 of the GDPR:

Right to Object

ou have the right, on grounds aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data which is based on let­ter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing pro­fil­ing based on those pro­vi­sions. Where per­son­al data are processed for direct mar­ket­ing pur­pos­es, you have the right to object at any time to the pro­cess­ing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is relat­ed to such direct mar­ket­ing.

Right of Withdrawal for Consents

You have the right to revoke con­sents at any time.

Right of Access

You have the right to request con­fir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive fur­ther infor­ma­tion and a copy of the data in accor­dance with the pro­vi­sions of the law.

Right to Rectification

You have the right, in accor­dance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fi­ca­tion of the incor­rect data con­cern­ing you.

Right to Erasure and Right to Restriction of Processing

In accor­dance with the statu­to­ry pro­vi­sions, you have the right to demand that the rel­e­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the pro­cess­ing of the data be restrict­ed in accor­dance with the statu­to­ry pro­vi­sions.

Right to Data Portability

You have the right to receive data con­cern­ing you which you have pro­vid­ed to us in a struc­tured, com­mon and machine-read­able for­mat in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er con­troller.

Complaint to the Supervisory Authority

You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your habit­u­al res­i­dence, place of work or place of the alleged infringe­ment if you con­sid­er that the pro­cess­ing of per­son­al data relat­ing to you infringes the GDPR.

Our Supervisory Authority

Der Lan­des­beauf­tragte für den Daten­schutz und die Infor­ma­tions­frei­heit Baden-Würt­tem­berg
Post­fach 10 29 32
70025 Stuttgart

or:

Königstraße 10a
70173 Stuttgart

Phone: +49.711.615541 – 0
Fax: +49.711.6 5541 – 15

Email: poststelle@​lfdi.​bwl.​de
Web­site: http://​www​.baden​-wuert​tem​berg​.daten​schutz​.de

Terminology and Definitions

This sec­tion pro­vides an overview of the terms used in this pri­va­cy pol­i­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal def­i­n­i­tions are bind­ing. The fol­low­ing expla­na­tions, on the oth­er hand, are intend­ed above all for the pur­pose of com­pre­hen­sion. The terms are sort­ed alpha­bet­i­cal­ly.

Content Delivery Network (CDN)

A Con­tent Deliv­ery Net­work” (CDN) is a ser­vice with whose help con­tents of our online ser­vices, in par­tic­u­lar large media files, such as graph­ics or scripts, can be deliv­ered faster and more secure­ly with the help of region­al­ly dis­trib­uted servers con­nect­ed via the Inter­net.

Controller

Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.

Conversion Tracking

Con­ver­sion Track­ing” refers to a pro­ce­dure by which the effec­tive­ness of mar­ket­ing mea­sures can be deter­mined. As a rule, a cook­ie is stored on the devices of the users with­in the web­sites on which the mar­ket­ing mea­sures are car­ried out and then called up again on the tar­get web­site (e.g. this enables us to track whether the ads we placed on oth­er web­sites were suc­cess­ful).

IP Masking

IP mask­ing is a method by which the last octet, i.e. the last two num­bers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a per­son. IP mask­ing is there­fore a means of pseu­do­nymis­ing pro­cess­ing meth­ods, par­tic­u­lar­ly in online mar­ket­ing.

Interest-based and Behavioral Marketing

Inter­est-relat­ed and/​or behav­iour-relat­ed mar­ket­ing is the term used when poten­tial user inter­est in adver­tise­ments and oth­er con­tent is pre­dict­ed if pos­si­ble. This is done on the basis of infor­ma­tion on the pre­vi­ous behav­iour of users (e.g. vis­it­ing and stay­ing on cer­tain web­sites, pur­chas­ing behav­iour or inter­ac­tion with oth­er users), which is stored in a so-called pro­file. For these pur­pos­es cook­ies are usu­al­ly used.

Personal Data

Per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al per­son.

Processing

The term pro­cess­ing” cov­ers a wide range and prac­ti­cal­ly every han­dling of data, be it col­lec­tion, eval­u­a­tion, stor­age, trans­mis­sion or era­sure.

Profiling

Pro­fil­ing” means any auto­mat­ed pro­cess­ing of per­son­al data con­sist­ing in the use of such per­son­al data to analyse, eval­u­ate or pre­dict cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son (depend­ing on the type of pro­fil­ing, this includes infor­ma­tion regard­ing age, gen­der, loca­tion and move­ment data, inter­ac­tion with web­sites and their con­tents, shop­ping behav­iour, social inter­ac­tions with oth­er peo­ple) (e.g. inter­ests in cer­tain con­tents or prod­ucts, click behav­iour on a web­site or the loca­tion). Cook­ies and web bea­cons are often used for pro­fil­ing pur­pos­es.

Remarketing

Remar­ket­ing” or retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing pur­pos­es which prod­ucts a user is inter­est­ed in on a web­site in order to remind the user of these prod­ucts on oth­er web­sites, e.g. in adver­tise­ments.

Targeting

Tar­get­ing” is the term used when the behav­iour of users can be traced across sev­er­al web­sites. As a rule, behav­ior and inter­est infor­ma­tion with regard to the web­sites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called pro­fil­ing). This infor­ma­tion can then be used, for exam­ple, to dis­play adver­tise­ments to users pre­sum­ably cor­re­spond­ing to their inter­ests.

Web Analytics

Web Ana­lyt­ics serves the eval­u­a­tion of vis­i­tor traf­fic of online ser­vices and can deter­mine their behav­ior or inter­ests in cer­tain infor­ma­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for exam­ple, can rec­og­nize at what time vis­i­tors vis­it their web­site and what con­tent they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the con­tent of the web­site to bet­ter meet the needs of their vis­i­tors. For pur­pos­es of web ana­lyt­ics, pseu­do­ny­mous cook­ies and web bea­cons are fre­quent­ly used in order to recog­nise return­ing vis­i­tors and thus obtain more pre­cise analy­ses of the use of an online ser­vice.