Privacy Policy

Pre­am­ble

With the fol­low­ing pri­va­cy pol­i­cy we would like to inform you which types of your per­son­al data (here­inafter also abbre­vi­at­ed as data”) we process for which pur­pos­es and in which scope. The pri­va­cy state­ment applies to all pro­cess­ing of per­son­al data car­ried out by us, both in the con­text of pro­vid­ing our ser­vices and in par­tic­u­lar on our web­sites, in mobile appli­ca­tions and with­in exter­nal online pres­ences, such as our social media pro­files (here­inafter col­lec­tive­ly referred to as online services”).


The terms used are not gen­der-spe­cif­ic. Last Update: 27. Sep­tem­ber 2020



Table of contents

– Pre­am­ble
–Con­troller
–Overview of pro­cess­ing oper­a­tions
–Legal Bases for the Pro­cess­ing
–ecu­ri­ty Pre­cau­tions
–Trans­mis­sion and Dis­clo­sure of Per­son­al Data
–Data Pro­cess­ing in Third Coun­tries
–Use of Cook­ies
–Com­mer­cial Ser­vices
–Pro­vi­sion of online ser­vices and web host­ing
–Job Appli­ca­tion Process
–Cloud Ser­vices
–Pro­files in Social Net­works (Social Media)
–Plu­g­ins and embed­ded func­tions and con­tent
–Era­sure of data
–Changes and Updates to the Pri­va­cy Pol­i­cy
–Rights of Data Sub­jects
–Ter­mi­nol­o­gy and Definitions



Con­troller

Andrea Hen­ri­on-Pfeif­fer
Dipl-Ing. Architektur/​M.Arch.
Alte Schön­hauser Straße 29
10119 Berlin



Autho­rised Rep­re­sen­ta­tives Ralf Pfeif­fer, Dipl.-Ing. Architekt
mail@​pfeiffer-​architekten.​de
T +49. 30.28 88 45 80



The use of our website The use of our web­site does not require the user to pro­vide any per­son­al data. Data is trans­mit­ted that is auto­mat­i­cal­ly gen­er­at­ed by your Inter­net brows­er, as explained in the fol­low­ing Overview of pro­cess­ing”. In the event of mal­func­tions or hack­er attacks, it is pos­si­ble that, with­in the legal frame­work, this auto­mat­i­cal­ly col­lect­ed data will be used for crim­i­nal pros­e­cu­tion.

If you send us appli­ca­tion doc­u­ments, your data will be used for the selec­tion and sched­ul­ing of inter­views ect. After com­ple­tion of the process, your data will be delet­ed or used fur­ther only after your con­sent. (A. Henrion-Pfeiffer)



Overview of pro­cess­ing operations

The fol­low­ing table sum­maris­es the types of data processed, the pur­pos­es for which they are processed and the con­cerned data subjects.Daten­schutz­gen­er­a­torCategories of Processed Data
–Inven­to­ry data (e.g. names, address­es)
–Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by appli­cants).
–Con­tent data (e.g. text input, pho­tographs, videos)
–Con­tact data (e.g. e‑mail, tele­phone num­bers)
–Meta/​communication data (e.g. device infor­ma­tion, IP address­es)
–Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times)
–Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry)
–Pay­ment Data (e.g. bank details, invoic­es, pay­ment history)



Cat­e­gories of Data Subjects –Employ­ees (e.g. Employ­ees, job appli­cants).
–Job appli­cants.
–Busi­ness and con­trac­tu­al part­ners.
–Prospec­tive cus­tomers
–Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.)
–Cus­tomers
–Users (e.g. web­site vis­i­tors, users of online services)



Pur­pos­es of Processing –Pro­vi­sion of our online ser­vices and usabil­i­ty
–Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment rela­tion­ship.)
–Office and organ­i­sa­tion­al pro­ce­dures.
–Direct mar­ket­ing (e.g. by e‑mail or postal)
–con­tact requests and com­mu­ni­ca­tion
–Remar­ket­ing
–Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors)
–Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies)
–Con­trac­tu­al ser­vices and sup­port
–Man­ag­ing and respond­ing to inquiries)



Legal Bases for the Processing

In the fol­low­ing we inform you about the legal basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), on the basis of which we process per­son­al data. Please note that, in addi­tion to the reg­u­la­tions of the GDPR, the nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­i­dence or domi­cile. If, in addi­tion, more spe­cif­ic legal bases are applic­a­ble in indi­vid­ual cas­es, we will inform you of these in the data pro­tec­tion declaration.)



Con­sent (Arti­cle 6 [1][a] GDPR)The data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic purposes.)



Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 [1][b] GDPR)Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a contract.)



Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 [1][c] GDPR)Pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is subject.



Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR)Pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data.


Arti­cle 9 [1][b] GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 [1] GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 [2][b] GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 [1][c] GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employ­ee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 [1][d] GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 [1][a] GDPR.)



Nation­al data pro­tec­tion reg­u­la­tions in Ger­manyIn addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions apply to data pro­tec­tion in Ger­many. This includes in par­tic­u­lar the Law on Pro­tec­tion against Mis­use of Per­son­al Data in Data Pro­cess­ing (Fed­er­al Data Pro­tec­tion Act – BDSG). In par­tic­u­lar, the BDSG con­tains spe­cial pro­vi­sions on the right to access, the right to erase, the right to object, the pro­cess­ing of spe­cial cat­e­gories of per­son­al data, pro­cess­ing for oth­er pur­pos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-mak­ing, includ­ing pro­fil­ing. Fur­ther­more, it reg­u­lates data pro­cess­ing for the pur­pos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in par­tic­u­lar with regard to the estab­lish­ment, exe­cu­tion or ter­mi­na­tion of employ­ment rela­tion­ships as well as the con­sent of employ­ees. Fur­ther­more, data pro­tec­tion laws of the indi­vid­ual fed­er­al states may apply.



Secu­ri­ty Precautions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the state of the art, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of pro­cess­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk.


he mea­sures include, in par­tic­u­lar, safe­guard­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­a­ra­tion of the data. In addi­tion, we have estab­lished pro­ce­dures to ensure that data sub­jects’ rights are respect­ed, that data is erased, and that we are pre­pared to respond to data threats rapid­ly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as ear­ly as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice providers, in accor­dance with the prin­ci­ple of pri­va­cy by design and pri­va­cy by default.



Trans­mis­sion and Dis­clo­sure of Per­son­al Data

In the con­text of our pro­cess­ing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pa­nies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for exam­ple, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice providers com­mis­sioned with IT tasks or providers of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal require­ments will be respect­ed and in par­tic­u­lar cor­re­spond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­clud­ed with the recip­i­ents of your data.



Data Trans­mis­sion with­in the Group of Com­pa­niesWe may trans­fer per­son­al data to oth­er com­pa­nies with­in our group of com­pa­nies or oth­er­wise grant them access to this data. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of the data sub­jects or oth­er­wise a legal per­mis­sion is present.



Data Trans­fer with­in the Orga­ni­za­tionWe may trans­fer or oth­er­wise pro­vide access to per­son­al infor­ma­tion to oth­er loca­tions with­in our orga­ni­za­tion. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of those con­cerned or oth­er­wise a legal per­mis­sion is present.



Data Pro­cess­ing in Third Countries If we process data in a third coun­try (i.e. out­side the Euro­pean Union (EU), the Euro­pean Eco­nom­ic [EEA]) or the pro­cess­ing takes place in the con­text of the use of third par­ty ser­vices or dis­clo­sure or trans­fer of data to oth­er per­sons, bod­ies or com­pa­nies, this will only take place in accor­dance with the legal requirements. 


Sub­ject to express con­sent or trans­fer required by con­tract or law, we process or have processed the data only in third coun­tries with a recog­nised lev­el of data pro­tec­tion, on the basis of spe­cial guar­an­tees, such as a con­trac­tu­al oblig­a­tion through so-called stan­dard pro­tec­tion claus­es of the EU Com­mis­sion or if cer­ti­fi­ca­tions or bind­ing inter­nal data pro­tec­tion reg­u­la­tions jus­ti­fy the pro­cess­ing (Arti­cle 44 to 49 GDPR, infor­ma­tion page of the EU Com­mis­sion: https://​ec​.europa​.eu/​i​n​f​o​/​l​a​w​/​l​a​w​-​t​o​p​i​c​/​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​/​i​n​t​e​r​n​a​t​i​o​n​a​l​-​d​i​m​e​n​s​i​o​n​-​d​a​t​a​-​p​r​o​t​e​c​t​i​on_en)



Use of Cookies Cook­ies are text files that con­tain data from vis­it­ed web­sites or domains and are stored by a brows­er on the user’s com­put­er. A cook­ie is pri­mar­i­ly used to store infor­ma­tion about a user dur­ing or after his vis­it with­in an online ser­vice. The infor­ma­tion stored can include, for exam­ple, the lan­guage set­tings on a web­site, the login sta­tus, a shop­ping bas­ket or the loca­tion where a video was viewed. The term cook­ies” also includes oth­er tech­nolo­gies that ful­fil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as user IDs”).



The fol­low­ing types and func­tions of cook­ies are distinguished



Tem­po­rary cook­ies (also: ses­sion cook­ies)Tem­po­rary cook­ies are delet­ed at the lat­est after a user has left an online ser­vice and closed his browser.



Per­ma­nent cook­ies Per­ma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login sta­tus can be saved or pre­ferred con­tent can be dis­played direct­ly when the user vis­its a web­site again. The inter­ests of users who are used for range mea­sure­ment or mar­ket­ing pur­pos­es can also be stored in such a cookie.



First-Par­ty-Cook­ies First-Par­ty-Cook­ies are set by ourselves.



Third par­ty cook­ies Third par­ty cook­ies are main­ly used by adver­tis­ers (so-called third par­ties) to process user information.



Nec­es­sary (also: essen­tial) cook­ies Cook­ies can be nec­es­sary for the oper­a­tion of a web­site (e.g. to save logins or oth­er user inputs or for secu­ri­ty reasons).



Sta­tis­tics, mar­ket­ing and per­son­al­i­sa­tion cook­iesCook­ies are also gen­er­al­ly used to mea­sure a web­site’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing cer­tain con­tent, using func­tions, etc.) are stored on indi­vid­ual web­sites in a user pro­file. Such pro­files are used, for exam­ple, to dis­play con­tent to users that cor­re­sponds to their poten­tial inter­ests. This pro­ce­dure is also referred to as track­ing”, i.e. track­ing the poten­tial inter­ests of users. If we use cook­ies or track­ing” tech­nolo­gies, we will inform you sep­a­rate­ly in our pri­va­cy pol­i­cy or in the con­text of obtain­ing consent.



Infor­ma­tion on legal basis The legal basis on which we process your per­son­al data with the help of cook­ies depends on whether we ask you for your con­sent. If this applies and you con­sent to the use of cook­ies, the legal basis for pro­cess­ing your data is your declared con­sent. Oth­er­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g. in a busi­ness oper­a­tion of our online ser­vice and its improve­ment) or, if the use of cook­ies is nec­es­sary to ful­fill our con­trac­tu­al obligations.



Reten­tion peri­od:Unless we pro­vide you with explic­it infor­ma­tion on the reten­tion peri­od of per­ma­nent cook­ies (e.g. with­in the scope of a so-called cook­ie opt-in), please assume that the reten­tion peri­od can be as long as two years.



Gen­er­al infor­ma­tion on With­draw­al of con­sent and objec­tion (Opt-Out) Respec­tive of whether pro­cess­ing is based on con­sent or legal per­mis­sion, you have the option at any time to object to the pro­cess­ing of your data using cook­ie tech­nolo­gies or to revoke con­sent (col­lec­tive­ly referred to as opt-out”). You can ini­tial­ly explain your objec­tion using the set­tings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online ser­vices). An objec­tion to the use of cook­ies for online mar­ket­ing pur­pos­es can be raised for a large num­ber of ser­vices, espe­cial­ly in the case of track­ing, via the web­sites https://​www​.aboutads​.info/​c​h​o​ices/ and https://​www​.youron​line​choic​es​.com. In addi­tion, you can receive fur­ther infor­ma­tion on objec­tions in the con­text of the infor­ma­tion on the used ser­vice providers and cookies.



Pro­cess­ing Cook­ie Data on the Basis of Con­sent Before we process or have processed data with­in the con­text of the usage of cook­ies, we ask the users for their con­sent, which can be revoked at any time. Before the con­sent has not been giv­en, we may use cook­ies that are nec­es­sary for the oper­a­tion of our online services.



Processed data types Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP addresses).



Data sub­jects Users (e.g. web­site vis­i­tors, users of online services).



Legal Basis Con­sent (Arti­cle 6 [1][a] GDPR), Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR).



Com­mer­cial Services We process data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tomers and inter­est­ed par­ties (col­lec­tive­ly referred to as con­trac­tu­al part­ners”) with­in the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and com­mu­ni­ca­tion with the con­trac­tu­al part­ners or pre-con­trac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to ful­fil our con­trac­tu­al oblig­a­tions, safe­guard our rights and for the pur­pos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the con­trac­tu­al part­ners with­in the scope of the applic­a­ble law to third par­ties inso­far as this is nec­es­sary for the afore­men­tioned pur­pos­es or for the ful­fil­ment of legal oblig­a­tions or with the con­sent of data sub­jects con­cerned (e.g. telecom­mu­ni­ca­tions, trans­port and oth­er aux­il­iary ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice providers or tax author­i­ties). The con­trac­tu­al part­ners will be informed about fur­ther pro­cess­ing, e.g. for mar­ket­ing pur­pos­es, as part of this pri­va­cy pol­i­cy.

Which data are nec­es­sary for the afore­men­tioned pur­pos­es, we inform the con­tract­ing part­ners before or in the con­text of the data col­lec­tion, e.g. in online forms by spe­cial mark­ing (e.g. col­ors), and/​or sym­bols (e.g. aster­isks or the like), or personally.

We delete the data after expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a cus­tomer account or must be kept for legal rea­sons of archiv­ing (e.g., as a rule 10 years for tax pur­pos­es). In the case of data dis­closed to us by the con­trac­tu­al part­ner with­in the con­text of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gen­er­al after the end of the assignment.

If we use third-par­ty providers or plat­forms to pro­vide our ser­vices, the terms and con­di­tions and pri­va­cy poli­cies of the respec­tive third-par­ty providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.



Archi­tec­ture and plan­ning ser­vicesWe process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works and relat­ed tasks, as well as their pay­ment and deliv­ery, or exe­cu­tion or provision.

With­in the scope of our activ­i­ties, we may also process spe­cial cat­e­gories of data, in par­tic­u­lar infor­ma­tion on the health of cus­tomers. To this end, we obtain, if nec­es­sary, the express con­sent of the cus­tomer and process the spe­cial cat­e­gories of data oth­er­wise only if this cor­re­sponds to our con­trac­tu­al obligations.

The required details are iden­ti­fied as such with­in the frame­work of the con­clu­sion of the order, order or com­pa­ra­ble con­tract and include the details required for ser­vice pro­vi­sion and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any consultations.



Tech­ni­cal and Engi­neer­ing ser­vicesWe process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works as well as asso­ci­at­ed activ­i­ties and to pay for and make avail­able such ser­vices or works or to per­form such ser­vices or works.

The required infor­ma­tion is indi­cat­ed as such with­in the frame­work of the con­clu­sion of the agree­ment, order or equiv­a­lent con­tract and includes the infor­ma­tion required for the pro­vi­sion of ser­vices and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any con­sul­ta­tions. Inso­far as we gain access to the infor­ma­tion of end cus­tomers, employ­ees or oth­er per­sons, we process it in accor­dance with the legal and con­trac­tu­al requirements.



Rental Ser­vicesWe process the data of our ten­ants and of inter­est­ed par­ties (uni­form­ly referred to as ten­ant”) in accor­dance with the under­ly­ing rental or com­pa­ra­ble con­tract. Fur­ther­more, we can process the infor­ma­tion on the char­ac­ter­is­tics and cir­cum­stances of per­sons or items belong­ing to them if this is nec­es­sary with­in the frame­work of the rental rela­tion­ship. These can be, for exam­ple, infor­ma­tion on per­son­al cir­cum­stances, mobile or immov­able assets and finan­cial situation.

As part of our assign­ment it may be nec­es­sary for us to process spe­cial cat­e­gories of data with­in the mean­ing of Arti­cle 9 [1] GDPR, in par­tic­u­lar infor­ma­tion on the health of a per­son. The pro­cess­ing is done to pro­tect the health inter­ests of ten­ants and oth­er­wise only with the con­sent of tenants.

If nec­es­sary for the ful­fil­ment of the con­tract or legal­ly required, or agreed by the ten­ant or on the basis of our legit­i­mate inter­ests, we dis­close or trans­mit the data of the ten­ants with­in the scope of cov­er requests, con­clu­sions and exe­cu­tion of con­tracts, data e.g. to finan­cial ser­vice providers, cred­it insti­tu­tions, sup­pli­ers (e.g. elec­tric­i­ty) or authorities.



Processed data types Inven­to­ry data (e.g. names, address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer category).



Data sub­jects Prospec­tive cus­tomers, Busi­ness and con­trac­tu­al partners.



Pur­pos­es of Pro­cess­ing Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Man­ag­ing and respond­ing to inquiries.



Legal Basis Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 [1)[b] GDPR), Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 [1][c] GDPR), Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR).



Pro­vi­sion of online ser­vices and web hosting In order to pro­vide our online ser­vices secure­ly and effi­cient­ly, we use the ser­vices of one or more web host­ing providers from whose servers (or servers they man­age) the online ser­vices can be accessed. For these pur­pos­es, we may use infra­struc­ture and plat­form ser­vices, com­put­ing capac­i­ty, stor­age space and data­base ser­vices, as well as secu­ri­ty and tech­ni­cal main­te­nance services.

The data processed with­in the frame­work of the pro­vi­sion of the host­ing ser­vices may include all infor­ma­tion relat­ing to the users of our online ser­vices that is col­lect­ed in the course of use and com­mu­ni­ca­tion. This reg­u­lar­ly includes the IP address, which is nec­es­sary to be able to deliv­er the con­tents of online ser­vices to browsers, and all entries made with­in our online ser­vices or from websites.



Col­lec­tion of Access Data and Log FilesWe, our­selves or our web host­ing provider, col­lect data on the basis of each access to the serv­er (so-called serv­er log files). Serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, data vol­umes trans­ferred, noti­fi­ca­tion of suc­cess­ful access, brows­er type and ver­sion, the user’s oper­at­ing sys­tem, refer­rer URL (the pre­vi­ous­ly vis­it­ed page) and, as a gen­er­al rule, IP address­es and the request­ing provider.

The serv­er log files can be used for secu­ri­ty pur­pos­es, e.g. to avoid over­load­ing the servers (espe­cial­ly in the case of abu­sive attacks, so-called DDoS attacks) and to ensure the sta­bil­i­ty and opti­mal load bal­anc­ing of the servers.



Processed data types Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP addresses)



Data sub­jects Users (e.g. web­site vis­i­tors, users of online services).



Legal Basis Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR).



Job Appli­ca­tion Process

The appli­ca­tion process requires appli­cants to pro­vide us with the data nec­es­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion con­tained therein. 

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, a con­tact option and proof of the qual­i­fi­ca­tions required for a par­tic­u­lar employ­ment. Upon request, we will be hap­py to pro­vide you with addi­tion­al information.

If made avail­able, appli­cants can sub­mit their appli­ca­tions via an online form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail. Please note, how­ev­er, that e‑mails on the Inter­net are gen­er­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our serv­er. For the pur­pos­es of search­ing for appli­cants, sub­mit­ting appli­ca­tions and select­ing appli­cants, we may make use of the appli­cant man­age­ment and recruit­ment soft­ware, plat­forms and ser­vices of third-par­ty providers in com­pli­ance with legal require­ments. Appli­cants are wel­come to con­tact us about how to sub­mit their appli­ca­tion or send it to us by reg­u­lar mail.



Pro­cess­ing of spe­cial cat­e­gories of data If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 [1] GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can exer­cise his/​her rights aris­ing from labour law and social secu­ri­ty and social pro­tec­tion law and ful­fil his/​her duties in this regard, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 [1][b] GDPR, in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons pur­suant to Arti­cle 9 [1][c] GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employ­ee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 [1][h] GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 [1][a] GDPR.



Erea­sure of data In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment rela­tion­ship. Oth­er­wise, if the appli­ca­tion for a job offer is not suc­cess­ful, the appli­can­t’s data will be delet­ed. Appli­cants’ data will also be delet­ed if an appli­ca­tion is with­drawn, to which appli­cants are enti­tled at any time. Sub­ject to a jus­ti­fied revo­ca­tion by the appli­cant, the dele­tion will take place at the lat­est after the expiry of a peri­od of six months, so that we can answer any fol­low-up ques­tions regard­ing the appli­ca­tion and com­ply with our duty of proof under the reg­u­la­tions on equal treat­ment of appli­cants. Invoic­es for any reim­burse­ment of trav­el expens­es are archived in accor­dance with tax regulations.



Admis­sion to a tal­ent pool Admis­sion to an tal­ent pool, if offered, is based on con­sent. Appli­cants are informed that their con­sent to be includ­ed in the tal­ent pool is vol­un­tary, has no influ­ence on the cur­rent appli­ca­tion process and that they can revoke their con­sent at any time for the future.



Processed data types Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).



Data sub­jectsJob appli­cants



Pur­pos­es of Pro­cess­ing Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment relationship.).



Legal BasisArti­cle 9 [1][b] GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 [1] GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 [2][b] GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 [1][c] GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employ­ee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 [1][d] GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 [1][a] GDPR.).



Cloud Ser­vices We use Inter­net-acces­si­ble soft­ware ser­vices (so-called cloud ser­vices”, also referred to as Soft­ware as a Ser­vice”) pro­vid­ed on the servers of its providers for the fol­low­ing pur­pos­es: doc­u­ment stor­age and admin­is­tra­tion, cal­en­dar man­age­ment, e‑mail deliv­ery, spread­sheets and pre­sen­ta­tions, exchange of doc­u­ments, con­tent and infor­ma­tion with spe­cif­ic recip­i­ents or pub­li­ca­tion of web­sites, forms or oth­er con­tent and infor­ma­tion, as well as chats and par­tic­i­pa­tion in audio and video conferences.

With­in this frame­work, per­son­al data may be processed and stored on the provider’s servers inso­far as this data is part of com­mu­ni­ca­tion process­es with us or is oth­er­wise processed by us in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of data sub­jects, data on process­es, con­tracts, oth­er pro­ceed­ings and their con­tents. Cloud ser­vice providers also process usage data and meta­da­ta that they use for secu­ri­ty and ser­vice opti­miza­tion purposes.

If we use cloud ser­vices to pro­vide doc­u­ments and con­tent to oth­er users or pub­licly acces­si­ble web­sites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user set­tings (e.g. in the case of media control).



Infor­ma­tion on legal basis If we ask for per­mis­sion to use cloud ser­vices, the legal basis for pro­cess­ing data is con­sent. Fur­ther­more, their use can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of cloud ser­vices has been agreed in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and col­lab­o­ra­tion processes).



Processed data types Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP addresses).



Data sub­jects Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive cus­tomers, Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).



Pur­pos­es of Pro­cess­ing Office and organ­i­sa­tion­al procedures.



Legal Basis Con­sent (Arti­cle 6 [1][a] GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 [1][b] GDPR), Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR).



Ser­vices and ser­vice providers being used



Drop­box Cloud stor­age ser­vices; Ser­vice provider: Drop­box, Inc., 333 Bran­nan Street, San Fran­cis­co, Cal­i­for­nia 94107, USA; Web­site: https://​www​.drop​box​.com; Pri­va­cy Pol­i­cy: https://​www​.drop​box​.com/​p​r​ivacy; Stan­dard Con­trac­tu­al Claus­es (Safe­guard­ing the lev­el of data pro­tec­tion when pro­cess­ing data in third coun­tries): https://​assets​.drop​box​.com/​d​o​c​u​m​e​n​t​s​/​e​n​/​l​e​g​a​l​/​d​a​t​a​-​p​r​o​c​e​s​s​i​n​g​-​a​g​r​e​e​m​e​n​t​-​d​f​b​-​013118.pdf.



Microsoft Cloud Ser­vices: Cloud Ser­vices; Ser­vice provider: Microsoft Cor­po­ra­tion, One Microsoft Way, Red­mond, WA 98052 – 6399 USA; Web­site: https://​microsoft​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.microsoft​.com/​d​e​-​d​e​/​p​r​i​v​a​c​y​s​t​a​t​ement, Secu­ri­ty infor­ma­tion: https://​www​.microsoft​.com/​d​e​-​d​e​/​t​r​u​s​t​c​enter.



Pro­files in Social Net­works (Social Media) We main­tain online pres­ences with­in social net­works and process user data in this con­text in order to com­mu­ni­cate with the users active there or to offer infor­ma­tion about us.

We would like to point out that user data may be processed out­side the Euro­pean Union. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights.

In addi­tion, user data is usu­al­ly processed with­in social net­works for mar­ket research and adver­tis­ing pur­pos­es. For exam­ple, user pro­files can be cre­at­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user pro­files can then be used, for exam­ple, to place adver­tise­ments with­in and out­side the net­works which are pre­sumed to cor­re­spond to the inter­ests of the users. For these pur­pos­es, cook­ies are usu­al­ly stored on the user’s com­put­er, in which the user’s usage behav­iour and inter­ests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are mem­bers of the respec­tive net­wors or will become mem­bers lat­er on).

For a detailed descrip­tion of the respec­tive pro­cess­ing oper­a­tions and the opt-out options, please refer to the respec­tive data pro­tec­tion dec­la­ra­tions and infor­ma­tion pro­vid­ed by the providers of the respec­tive networks.

Also in the case of requests for infor­ma­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effec­tive­ly pur­sued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate mea­sures and pro­vide infor­ma­tion. If you still need help, please do not hes­i­tate to con­tact us.



Face­bookWe are joint­ly respon­si­ble (so called joint con­troller”) with Face­book Ire­land Ltd. for the col­lec­tion (but not the fur­ther pro­cess­ing) of data of vis­i­tors to our Face­book page. This data includes infor­ma­tion about the types of con­tent users view or inter­act with, or the actions they take (see Things that you and oth­ers do and pro­vide” in the Face­book Data Pol­i­cy: https://​www​.face​book​.com/​p​olicy), and infor­ma­tion about the devices used by users (e.g., IP address­es, oper­at­ing sys­tem, brows­er type, lan­guage set­tings, cook­ie infor­ma­tion; see Device Infor­ma­tion” in the Face­book Data Pol­i­cy: https://​www​.face​book​.com/​p​olicy). As explained in the Face­book Data Pol­i­cy under How we use this infor­ma­tion?” Face­book also col­lects and uses infor­ma­tion to pro­vide ana­lyt­ics ser­vices, known as page insights,” to site oper­a­tors to help them under­stand how peo­ple inter­act with their pages and with con­tent asso­ci­at­ed with them. We have con­clud­ed a spe­cial agree­ment with Face­book (“Infor­ma­tion about Page-Insights”, https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​p​a​g​e​_​c​o​n​t​r​o​l​l​e​r​_​a​d​d​endum), which reg­u­lates in par­tic­u­lar the secu­ri­ty mea­sures that Face­book must observe and in which Face­book has agreed to ful­fill the rights of the per­sons con­cerned (i.e. users can send infor­ma­tion access or dele­tion requests direct­ly to Face­book). The rights of users (in par­tic­u­lar to access to infor­ma­tion, era­sure, objec­tion and com­plaint to the com­pe­tent super­vi­so­ry author­i­ty) are not restrict­ed by the agree­ments with Face­book. Fur­ther infor­ma­tion can be found in the Infor­ma­tion about Page Insights” (https://​www​.face​book​.com/​l​e​g​a​l​/​t​e​r​m​s​/​i​n​f​o​r​m​a​t​i​o​n​_​a​b​o​u​t​_​p​a​g​e​_​i​n​s​i​g​h​t​s​_data).



Processed data types Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP addresses).



Data sub­jects Users (e.g. web­site vis­i­tors, users of online services)



Pur­pos­es of Pro­cess­ing: con­tact requests and com­mu­ni­ca­tion, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).



Legal Basis Legit­i­mate Inter­ests (Arti­cle 6 [1][f] GDPR).



Ser­vices and ser­vice providers being used



Insta­gram Social net­work; Ser­vice provider: Insta­gram Inc., 1601 Wil­low Road, Men­lo Park, CA, 94025, USA, , Mut­terun­ternehmen: Face­book, 1 Hack­er Way, Men­lo Park, CA 94025, USA; Web­site: https://​www​.insta​gram​.com; Pri­va­cy Pol­i­cy: https://​insta​gram​.com/​a​b​o​u​t​/​l​e​g​a​l​/​p​r​ivacy.



Face­book Social net­work; Ser­vice provider: Face­book Ire­land Ltd., 4 Grand Canal Square, Grand Canal Har­bour, Dublin 2, Irland, par­ent com­pa­ny: Face­book, 1 Hack­er Way, Men­lo Park, CA 94025, USA; Web­site: https://​www​.face​book​.com; Pri­va­cy Pol­i­cy: https://​www​.face​book​.com/​a​b​o​u​t​/​p​r​ivacy; Opt-Out: Set­tings for adver­tise­ments: https://​www​.face​book​.com/​s​e​t​t​i​n​g​s​?​t​a​b=ads.



LinkedIn Social net­work; Ser­vice provider: LinkedIn Ire­land Unlim­it­ed Com­pa­ny, Wilton Place, Dublin 2, Ire­land; Web­site: https://​www​.linkedin​.com; Pri­va­cy Pol­i­cy: https://​www​.linkedin​.com/​l​e​g​a​l​/​p​r​i​v​a​c​y​-​p​olicy; Opt-Out: https://​www​.linkedin​.com/​p​s​e​t​t​i​n​g​s​/​g​u​e​s​t​-​c​o​n​t​r​o​l​s​/​r​e​t​a​r​g​e​t​i​n​g​-​o​p​t-out.



Xing Social net­work; Ser­vice provider: XING AG, Damm­torstraße 29 – 32, 20354 Ham­burg, Ger­many; Web­site: https://​www​.xing​.com; Pri­va­cy Pol­i­cy: https://​pri​va​cy​.xing​.com/en.



Plu­g­ins and embed­ded func­tions and content

With­in our online ser­vices, we inte­grate func­tion­al and con­tent ele­ments that are obtained from the servers of their respec­tive providers (here­inafter referred to as third-par­ty providers”). These may, for exam­ple, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­inafter uni­form­ly referred to as Con­tent”).

The inte­gra­tion always pre­sup­pos­es that the third-par­ty providers of this con­tent process the IP address of the user, since they could not send the con­tent to their brows­er with­out the IP address. The IP address is there­fore required for the pre­sen­ta­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respec­tive offer­ers use the IP address only for the dis­tri­b­u­tion of the con­tents. Third par­ties may also use so-called pix­el tags (invis­i­ble graph­ics, also known as web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er infor­ma­tion about the use of our web­site, as well as may be linked to such infor­ma­tion from oth­er sources.



Infor­ma­tion on legal basis If we ask users for their con­sent (e.g. in the con­text of a so-called cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­va­cy policy.



Processed data types Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/​communication data (e.g. device infor­ma­tion, IP addresses).



Data sub­jects Users (e.g. web­site vis­i­tors, users of online services).



Pur­pos­es of Pro­cess­ing Pro­vi­sion of our online ser­vices and usability



Era­sure of data The data processed by us will be erased in accor­dance with the statu­to­ry pro­vi­sions as soon as their pro­cess­ing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or they are not required for the purpose).

If the data is not delet­ed because they are required for oth­er and legal­ly per­mis­si­ble pur­pos­es, their pro­cess­ing is lim­it­ed to these pur­pos­es. This means that the data will be restrict­ed and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be stored for com­mer­cial or tax rea­sons or for which stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal person.

Fur­ther infor­ma­tion on the era­sure of per­son­al data can also be found in the indi­vid­ual data pro­tec­tion notices of this pri­va­cy policy



Changes and Updates to the Pri­va­cy Policy

We kind­ly ask you to inform your­self reg­u­lar­ly about the con­tents of our data pro­tec­tion dec­la­ra­tion. We will adjust the pri­va­cy pol­i­cy as changes in our data pro­cess­ing prac­tices make this nec­es­sary. We will inform you as soon as the changes require your coop­er­a­tion (e.g. con­sent) or oth­er indi­vid­ual notification.

If we pro­vide address­es and con­tact infor­ma­tion of com­pa­nies and orga­ni­za­tions in this pri­va­cy pol­i­cy, we ask you to note that address­es may change over time and to ver­i­fy the infor­ma­tion before con­tact­ing us.



Rights of Data Subjects As data sub­ject, you are enti­tled to var­i­ous rights under the GDPR, which arise in par­tic­u­lar from Arti­cles 15 to 21 of the GDPR.



Right to ObjectYou have the right, on grounds aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data which is based on let­ter [e] or [f] of Arti­cle 6 [1] GDPR, includ­ing pro­fil­ing based on those provisions.Where per­son­al data are processed for direct mar­ket­ing pur­pos­es, you have the right to object at any time to the pro­cess­ing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is relat­ed to such direct marketing.



Right of with­draw­al for con­sents You have the right to revoke con­sents at any time.



Right of access You have the right to request con­fir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive fur­ther infor­ma­tion and a copy of the data in accor­dance with the pro­vi­sions of the law.



Right to rec­ti­fi­ca­tion You have the right, in accor­dance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fi­ca­tion of the incor­rect data con­cern­ing you.



Right to Era­sure and Right to Restric­tion of Pro­cess­ing In accor­dance with the statu­to­ry pro­vi­sions, you have the right to demand that the rel­e­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the pro­cess­ing of the data be restrict­ed in accor­dance with the statu­to­ry provisions.



Right to data porta­bil­i­ty You have the right to receive data con­cern­ing you which you have pro­vid­ed to us in a struc­tured, com­mon and machine-read­able for­mat in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er controller.



Com­plaint to the super­vi­so­ry author­i­ty You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your habit­u­al res­i­dence, place of work or place of the alleged infringe­ment if you con­sid­er that the pro­cess­ing of per­son­al data relat­ing to you infringes the GDPR.



Ter­mi­nol­o­gy and Definitions This sec­tion pro­vides an overview of the terms used in this pri­va­cy pol­i­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal def­i­n­i­tions are bind­ing. The fol­low­ing expla­na­tions, on the oth­er hand, are intend­ed above all for the pur­pose of com­pre­hen­sion. The terms are sort­ed alphabetically.



Con­troller Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.



Per­son­al Data per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al person.



Pro­cess­ing The term pro­cess­ing” cov­ers a wide range and prac­ti­cal­ly every han­dling of data, be it col­lec­tion, eval­u­a­tion, stor­age, trans­mis­sion or erasure.



Remar­ket­ing Remar­ket­ing” or retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing pur­pos­es which prod­ucts a user is inter­est­ed in on a web­site in order to remind the user of these prod­ucts on oth­er web­sites, e.g. in advertisements. 



Tar­get­ing Track­ing” is the term used when the behav­iour of users can be traced across sev­er­al web­sites. As a rule, behav­ior and inter­est infor­ma­tion with regard to the web­sites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called pro­fil­ing). This infor­ma­tion can then be used, for exam­ple, to dis­play adver­tise­ments to users pre­sum­ably cor­re­spond­ing to their interests.



Web Ana­lyt­ics Web Ana­lyt­ics serves the eval­u­a­tion of vis­i­tor traf­fic of online ser­vices and can deter­mine their behav­ior or inter­ests in cer­tain infor­ma­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for exam­ple, can rec­og­nize at what time vis­i­tors vis­it their web­site and what con­tent they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the con­tent of the web­site to bet­ter meet the needs of their vis­i­tors. For pur­pos­es of web ana­lyt­ics, pseu­do­ny­mous cook­ies and web bea­cons are fre­quent­ly used in order to recog­nise return­ing vis­i­tors and thus obtain more pre­cise analy­ses of the use of an online service.



(Daten­schutz­gen­er­a­tor Dr. Schwenke 2021