Privacy policy of Wichtel Akademie München GmbH

The protection and security of personal data is a high priority for us. In the following, we inform you about what data is collected, when and for what purpose, and what rights you have as a data subject. Our data protection declaration can be accessed at any time at https://www.wichtel-muenchen.com/en/privacy/

Content

Person responsible and data protection officer

  1. 1.1 Contact details of the person responsible
  2. 1.2 Contact details of the data protection officer

2. General information on data processing by the data controller

  1. 2.1 Scope of processing of personal data
  2. 2.2 Legal basis for processing of personal data
  3. 2.3 Data deletion and storage period
  4. 2.4 Obligation to provide personal data
  5. 2.5 No automated decision making
  6. 2.6 Recipients of the data
  7. 2.7 Data security
  8. 2.8 Definitions

3. Data processing

  1. 3.1 Server log files
  2. 3.2 Cookies
  3. 3.3 Contact requests
    1. 3.3.1 Contact via e-mail or contact form
    2. 3.3.2 Contact in the context of an application
    3. 3.3.3 Contact in the context of a pre-registration
  4. 3.4 Newsletter registration
  5. 3.5 Google Tag Manager
  6. 3.6 Google Analytics with anonymization function
  7. 3.7 Google Fonts
  8. 3.8 Google Maps
  9. 3.9 LinkedIn Insight Tag
  10. 3.10 Microsoft Advertising
  11. 3.11 Facebook Custom Audiences (for websites) / Conversion
  12. 3.12 Adobe Tyekit Fonts
  13. 3.13 YouTube
  14. 3.14 Online presence in social networks

4. Your rights
5. Reservation of right to change

 

1. Responsible person and data protection officer

1.1 Contact details of the person responsible

The responsible party within the meaning of the General Data Protection Regulation and the Federal Data Protection Act is:

Wichtel Akademie München GmbH
Herzog-Wilhelm-Straße 26
80331 Munich
Germany
www.wichtel-muenchen.com
(here in after referred to as “we” or “Wichtel Akademie”)

Full details of Wichtel Akademie München GmbH can be found in the imprint of this website.

If you have general questions or suggestions regarding data protection, please contact us by e-mail at [email protected].

1.2 Contact details of the data protection officer

The external data protection officer of the responsible party is:

Felix Leicht | Attorney at Law | Data Protection and IT Security Officer (TÜV)
Rettenbergerstraße 28
87561 Oberstdorf
E-Mail: [email protected]

2. General information on data processing by the data controller

2.1 Scope of the processing of personal data

As a matter of principle, we process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations.

2.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) sentence 1 lit. a) of the EU General Data Protection Regulation (hereinafter DSGVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) p. 1 lit. b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) p. 1 lit. c) DSGVO is the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, the legal basis for processing is Art. 6 (1) S. 1 lit. f) DSGVO.

2.3 Data deletion and storage period

The personal data of the data subject shall be deleted as soon as the purpose of storage ceases to apply. Storage can only take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity to continue storing the data for the conclusion or performance of a contract.

2.4 Obligation to provide personal data

The provision of personal data is not required by law or contract for the use of our website.

However, in some of the cases mentioned in this data protection information, it is necessary to provide personal data. This applies in particular to the conclusion of a contract, the registration for the newsletter, the processing of inquiries via the contact channels provided by us.

When collecting the personal data in each case, we point out in the respective context which data is required in each case (e.g. by marking it as mandatory data*). Without this required data, we cannot provide the respective service, e.g. send you a newsletter or respond to your inquiries.

2.5 No automated decision making

We do not use automated decision-making or profiling pursuant to Art. 22 (1) and (4) DSGVO.

2.6 Recipients of the data

Your data will only be processed by employees who need it to perform their duties. Data will only be forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary, if we have your consent or if we are authorized to provide information. Under these conditions, the following categories of recipients of personal data may exist:

  • Public bodies and institutions (e.g. tax office, LHS Munich, municipalities) if there is a legal or official obligation.
  • Recipients to whom the transfer is directly necessary for the processing of the application procedure or a contractual relationship, such as financial service providers or affiliated companies
  • insurance companies
  • Tax consultants, auditors and lawyers
  • Processors by category: IT service providers (e.g. maintenance, hosting service providers), software service providers (e.g. HR administration and financial software), communication companies (e.g. e-mail service providers).

2.7 Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

2.8 Definitions

Our privacy policy should be simple and understandable for everyone. The privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 DSGVO.

 

3. Data processing

3.1 Server log files

When you call up our website, it is technically necessary for data to be transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser and operating system used
  • (Complete) IP address of the requesting computer
  • Amount of data transferred

We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f DSGVO.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short time. On the basis of this data, it is not possible for us to draw conclusions about individual persons. After 14 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user.

3.2 Cookies

Our website uses so-called “cookies”. Cookies are small files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or to display advertising.

Technically necessary cookies

Technically necessary cookies are usually processed on the basis of Art. 6 (1) lit. f DSGVO or § 25 (2) No. 2 TTDSG. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services.

These cookies are absolutely technically necessary for the functionality of the website and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. These cookies are largely session cookies, and are therefore largely not stored beyond your visit to our website.

We process this data on the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO or § 25 para. 2 No. 2 TTDSG. You have the option to object to this interest by leaving the website and deleting all cookies.

On this legal basis, we use cookies for the following purposes:

Presentation of the website

For the presentation of our website, we collect and store the IP address assigned to your computer for the duration of your visit in order to transmit the contents of our website retrieved by you to your computer (e.g. texts, images as well as files made available for download, etc.). The website serves as the central external presentation of the responsible party. Furthermore, these cookies help you navigate through our site.

Protection against disturbances and misuse as well as improvement of the website

Personal usage data, such as your IP address as well as the times of your calls to our website, are processed via the website to determine as well as to track malfunctions or misuse of our online services or telecommunications services and equipment and to improve the performance of our website. This website uses services from “Cloudflare” (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall). The data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analyzed there to prevent attacks. Cloudflare uses cookies for this purpose to enable you to access our website. The use of Cloudflare is in the interest of a safe use of our Internet presence and the defense of harmful attacks from the outside. For more information, please see the Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

Opt-In/Opt-Out Cookies des Cookie Banners

In order to comply with our obligations to document your consent or revocation, whether given or not, we store your decision in the opt-in or opt-out cookie. For this purpose, we use the Borlabs cookie.

The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider. You can change the Borlabs cookie settings here: Borlabs Cookie Settings [borlabs-cookie type=”btn-cookie-preference” title=”Borlabs Cookie Settings” element=”link”/]

The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

Other cookies are only stored with your consent based on Art. 6 (1) lit. a DSGVO. The consent can be revoked at any time for the future. The legal basis may also arise from Art. 6 (1) lit. b DSGVO, if the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures, which are carried out at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and obtain your consent.

You can set your browser so that you are

  • be informed about the setting of cookies
  • allow cookies only in individual cases,
  • exclude the acceptance of cookies for certain cases or in general,
  • activate the automatic deletion of cookies when closing the browser.

The cookie settings can be managed under the following links for the respective browsers:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track” function. When this function is activated, the respective browser tells advertising networks, websites and applications that you do not want to be “tracked” for the purpose of behavior-based advertising and the like.

You can get information and instructions on how to edit this feature, depending on your browser provider, from the links below:

Additionally, you can prevent loading of so-called scripts by default. “NoScript” allows JavaScripts, Java and other plug-ins to run only on trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

The following cookies are used on this website
[borlabs-cookie type=”btn-cookie-preference” title=”Change cookie settings” element=”link”/]
[borlabs-cookie type=”cookie-list”/]

 

3.3 Contact requests

You have the option of contacting us by e-mail or via our contact forms. In these cases, we process the data provided to us by you in order to process your request.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process only serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data is deleted if it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case as soon as the respective conversation with you has ended. The conversation is terminated if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and no further processing is to take place.

We process the following personal data from you:

  • IP address of the user
  • Date and time of registration.

In addition, we process the other personal data of you differentiated according to the type of contact:

3.3.1 Contact via e-mail or contact form

  • Name
  • E-mail address
  • City (only in the contact form)
  • All data that you provide to us in your inquiry (optional).

The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DSGVO and, if applicable, Art. 6 (1) lit. b DSGVO if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f DSGVO.

3.3.2 Contact in the context of an application

Categories of personal data

  • Standard data:
    Applicant master data (title, first name, last name, address, contact data, job position) Qualification data (cover letter, resume, previous activities, professional qualifications) (employment) references and certificates (performance data, assessment data, etc.).
  • Special information that may be required due to the position to be filled:Police clearance certificate (only if the employment contract is concluded).
  • Other information:Voluntary information, such as an application photo, information on severely disabled status or other information that you voluntarily provide to us in your application. This may also include special categories of personal data (e.g. information on a severe disability).In addition, we may process personal data that we have permissibly obtained from publicly accessible professional networks such as Xing or LinkedIn. We do not carry out any further research on your person, e.g. by means of online search engines.

Purposes and legal basis of processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG).

Data processing for the purposes of the application relationship (Section 26 (1) BDSG).

The legal basis for this is Article 88 DSGVO in conjunction with Section 26 BDSG and, if applicable, Article 6 (1) UAbs. 1 lit. b DSGVO for the initiation or implementation of employment relationships. We only collect the personal data (in particular first name, last name, address, e-mail address, position applied for, resume and cover letter) from you that is required for the application process. In order to fully review your application, it is necessary that you also provide us with information about your previous professional career.

The necessity and scope of the data collection will depend, among other things, on the position to be filled. If the position you are seeking is associated with the performance of particularly confidential tasks or increased personnel and/or financial responsibility, more extensive data collection may be necessary.

Data processing based on your consent (Art. 6 para.1 p. 1 lit. a) DSGVO, § 26 para. 2 BDSG)

If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 UAbs. 1 lit. a DSGVO. Consent given can be revoked at any time with effect for the future.

This is particularly the case for inclusion in our applicant pool, i.e. beyond the current application process for consideration in subsequent application processes, or if we forward your data to an affiliated company for an application process.

Data processing based on a legitimate interest (Art. 6 para.1 p. 1 lit. f) DSGVO).

Furthermore, we may process personal data about you to the extent necessary to defend asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 (f) DSGVO. The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). You have a right to object, more information on this can be found below under data subject rights.

Further processing

If an employment relationship arises between you and us, we may, in accordance with Art. 88 DSGVO in conjunction with Section 26 BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

Source of the data

We process personal data that we receive from you personally, by post, by e-mail or via our application form in the course of contacting you or receiving your application. In some cases, we receive personal data from service providers for applicant placement, e.g. if you have registered with such a service provider, or from affiliated companies if you have consented to a transfer.

Recipients of the data

Your data will mainly be processed by our HR department and the department head who fills your position. In some cases, however, other internal departments are also involved in the processing of your data, insofar as this is necessary to make a hiring decision (e.g., the management).

If your applicant profile matches a vacancy at a company affiliated with us, the controller will request consent from you to then forward your data to one of these companies, if applicable. You will find more detailed information about the affiliated company in this consent.

Otherwise, data will only be forwarded to recipients outside the company if this is permitted or required by law, if the forwarding is necessary to process the application procedure, if we have your consent, or if we are authorized to provide information (see also II.6. Recipients of the data).

Data transfer to third countries

Your personal data will not be transferred to third countries.

Storage period

We store your personal data for as long as is necessary to make a decision about your application. Your personal data and application documents will be deleted no later than six months after the end of the application process, unless longer storage is legally required or permitted. We store your personal data beyond this only insofar as this is required by law or in the specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute.

In the event that you have consented to a longer storage of your personal data, we will store it in accordance with your declaration of consent.

If an employment, training or internship relationship is established following the application process, your data will initially continue to be stored to the extent necessary and permissible and then transferred to the personnel file.

Contact via Whatsapp Chat

We also offer you the possibility to submit your inquiries about job offers via the chat service WhatsApp and to receive corresponding feedback on your request via WhatsApp. The operator of this service is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”), a subsidiary of the Meta Group (formerly Facebook). Through your communication with us via WhatsApp, both we and WhatsApp receive your phone number and the information that you have contacted our customer hotline.

The aforementioned data is also forwarded by WhatsApp to Facebook’s servers in the USA and processed by WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which also includes processing for their own purposes, such as improving the WhatsApp service. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. We would like to point out that WhatsApp also accesses the address book of the device used and the contact data stored therein. For more information about the purpose and scope of data collection and the further processing of this data by WhatsApp and Facebook, as well as related rights and setting options for protecting your privacy, please refer to WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

We process your telephone number, your name and other data provided by you and the content of your request or message in order to process your request and answer any queries you may have.

The basis for this processing and the transmission to WhatsApp in this context is primarily Art. 6 (1) b DSGVO in conjunction with Section 26 (1) BDSG, insofar as your request concerns the establishment of an employment relationship with us or serves to initiate such a contractual relationship. Otherwise, this data processing is carried out on the basis of Art. 6 para. 1 p. 1 f) DSGVO, whereby our legitimate interest is the careful processing of your respective request and the solution of any problems. We take your interests into account by the fact that communication via WhatsApp only exists as an additional option. Of course, you can also contact us by other means, for example by phone call, email or via our contact form on the website, as described in this privacy policy.

3.3.3 Contact in the context of a pre-registration

Categories of personal data

  • Mandatory data
    • Salutation
    • First and last name
    • Address data
    • Telephone number
    • E-mail address
    • Name of the child for whom a KiTa place is requested
    • Date of birth of this child
    • Desired KiTA location
    • Desired entry date
    • Type of KiTa place (nursery/kindergarten/daycare)
  • Optional information
    • Further remarks

Purpose and legal basis of the processing

The mandatory data are processed in order to select a suitable childcare place for the child and subsequently to ensure communication about a commitment and the exchange of documents. The legal basis for the processing of the data is the initiation of a care contract (Art. 6 (1) lit. b DSGVO).

The optional data are processed in order to establish a more precise reference of the registration. In this respect, there is a legitimate interest (Art. 6 para. 1 lit. f DSGVO) to process your request. You can object to this (see section “Your rights”).

Source of the data

We process personal data that we receive from you in person, by post, by e-mail or via our registration form on the website in the course of contacting you.

Recipients of the data

Your data will be processed by the Parental Advisory and Place Allocation Department through our parent company Babilou Family Deutschland GmbH, which handles place allocation for us. The legal basis for the transfer is Art. 6 (1) lit. f DSGVO, as there is a legitimate interest in a centrally organized allocation of places for fast and reliable selection. You can object to this processing of your personal data at any time.

Data transfer to third countries

There is no transfer of data to third countries.

Storage period

If no commitment can be made, your data will generally be deleted 6 months after the entry date you selected. In this respect, there is a legitimate interest (Art. 6 para. 1 lit. f DSGVO) in effective protection against legal disputes. You can object to this (see section “Your rights”). We store your personal data beyond this only to the extent that this is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute, or if you have communicated an interest in storage in order to be taken into account in a subsequent allocation of places.

3.4 Newsletter registration

The newsletter is sent on the basis of your registration on our website. For this purpose, we use a double opt-in procedure to ensure that only persons who also have access to the corresponding e-mail address can register for a newsletter.

Purpose

Your data is processed in order to send you the newsletter or to ensure that you really want to receive it.

Type of processing

On our website there is the possibility to subscribe to a free newsletter. In doing so, the data from the input mask is transmitted to us when you register for the newsletter. To register, you only need to enter your e-mail address. When you register for the newsletter, we store your IP address and the date of registration. This storage serves solely as evidence in the event that a third party misuses an e-mail address and registers to receive the newsletter without the knowledge of the authorized person.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the [borlabs-cookie type=”btn-cookie-preference” title=”cookie settings” element=”link”/] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

To send the newsletter, we use the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany, to whom we pass on data provided by you during registration. The data entered by users for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach’s servers in Germany or Ireland. The data protection information of CleverReach can be found at: https://www.cleverreach.com/de/datenschutz/.

Storage period

We store your data until you revoke your consent or unsubscribe from the newsletter.

Newsletter tracking

To improve the quality, optimization and further development of our content and customer communication in our newsletters, we use newsletter tracking via our newsletter provider CleverReach; in doing so, we have no way of identifying you personally. The following statistical data is transmitted to us by CleverReach:

  • Opening rate
  • Click behavior

In addition, it is also recorded whether newsletters could be delivered and for which e-mail addresses no delivery was possible. Technical information is collected by the service provider (e.g. time of retrieval, IP address, browser type and operating system). You can prevent the measurement of the opening rate by disabling the loading of images in your email client. CleverReach also uses Google Analytics; we have described all information on this in detail in this privacy policy.

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

3.5 Google Tag Manager

We use the Google Tag Manager on our website.

Intended use

The Google Tag Manager enables an efficient organization and integration of the individual analysis tools on our website.

Type of processing

The Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. For this purpose, small sections of code (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies are integrated into the Google Tag Manager and managed from there. The Google Tag Manager does not access this data. Further information on how the Google Tag Manager works can be found here: https://support.google.com/tagmanager/?hl=en#topic=3441530.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the [borlabs-cookie type=”btn-cookie-preference” title=”cookie settings” element=”link”/] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

Google Tag Manager itself does not store cookies, user profiles, analytics, etc. How long the analysis tools integrated via the Google Tag Manager store your data can therefore be found in the respective text passages.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further notes:

Further information on data use by Google, on setting and objection options, and on data protection can be found on the following Google web pages:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain „www.googleadservices.com“ (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link  http://optout.aboutads.info. We would like to point out that this setting will also be deleted when you delete your cookies.

3.6 Google Analytics with anonymization function

We have integrated the Google Analytics component with anonymization function on our website.

Purpose

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. A web analysis is mainly used for the optimization of a website and for the cost-benefit analysis of internet advertising.

Type of processing

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

During your website visit, your user behavior is recorded in the form of “events”. Events may include:

  • Page views
  • First visit to the website
  • Start of session
  • Your “click path”, interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Seen / clicked ads
  • Language settings

Also recorded:

  • your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/ via which advertising medium you came to this website)

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

Google Dynamic Remarketing

We use the remarketing function of Google. If you have given your consent, Google links your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account.

To support this feature, Google Analytics-authenticated IDs of users are collected and temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account follow this link: https://adssettings.google.com/anonymous  For more information and the privacy policy, please see Google’s privacy policy at: https://www.google.com/policies/technologies/ads/

Google Ads Conversion

Google’s conversion tracking tool helps us measure what happens after the user has clicked on one of our ads and whether this has resulted in a purchase, subscription or download. If you arrive at our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 90 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers’ websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and store your IP address.

Google Audiences

Google Audiences allow us to create target groups that are more likely to be interested in one of our services.

A remarketing audience includes cookies or mobile advertising IDs for a group of users. Remarketing audiences are created based on user behavior on our website and then used as the basis for remarketing campaigns in other accounts such as Google Ads. Through this technology, users who have visited our websites can be shown targeted advertising from us on other external sites in the Google Partner Network. GA Audience receives access to the data of the cookies created in the context of the use of Google Analytics. In the course of use, data, such as in particular the IP address and activities of users, may be transmitted to a Google server and stored there. Google may transfer this information to third parties.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent pursuant to Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the [borlabs-cookie type=”btn-cookie-preference” title=”cookie settings” element=”link”/] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (aas processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

The data sent by us and linked to cookies are automatically deleted after 14 months at the latest. Data whose retention period has been reached is automatically deleted once a month.

Third country transfer

Whenever our Internet pages are visited, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further notes

SYou can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, this may limit the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

  1. not giving your consent to the setting of the cookie or
  2. downloading and installing the browser add-on to disable Google Analytics HIER.

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/en/ and https://policies.google.com/?hl=en.

3.7 Google Fonts

We have integrated components from Google Fonts on our website.

Purpose

The data processing enables us to use external fonts, so-called Google Fonts. We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Type of processing

When you access our website, the required Google Fonts are loaded into your browser cache by your web browser. This is necessary so that your browser can also display a visually improved representation of our texts. If your browser does not support this function, a standard font will be used by your computer for display. The integration of these web fonts is done by a server call, usually a Google server in the USA. This transmits to the server which page of our website you have visited. The IP address of the browser of the visitor’s terminal device is also stored by Google.

Legal basis

The storage of and access to information in the end user’s terminal device is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

Google stores data partially only for one day (CSS assets), the font files are stored by Google for one year

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, will be transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further notes:

Further information on data use by Google, on setting and objection options, and on data protection can be found on the following Google web pages:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain  „www.googleadservices.com“ (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. We would like to point out that this setting will also be deleted when you delete your cookies.

3.8 Google Maps

Our homepage uses the online map service provider Google Maps via an interface.

Purpose

Data is processed for the purpose of using the functionalities of the map service and optimizing the findability of our locations and website.

Type of processing

If you consent to the display of Google Maps on our website, data (in particular your IP address) is then transmitted to Google and at least one cookie is set. This cookie then stores data about your user behavior, which Google uses to improve its own services and, if necessary, to play out individual, personalized advertising.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 Para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

According to Google, the storage period of the NID cookie set by Google Maps in your browser is 6 months.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further notes:

Further information on data use by Google, on setting and objection options, and on data protection can be found on the following Google web pages:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain „www.googleadservices.com“ (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link  http://optout.aboutads.info. We would like to point out that this setting will also be deleted when you delete your cookies.

3.9 LinkedIn Insight Tag

We use LinkedIn Insight Tag on our site.

Intended use

This allows us to serve personalized advertisements on LinkedIn to visitors of our website.

Type of processing

The LinkedIn Insight Tag allows us to collect data about visits to your website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed.

LinkedIn does not share personally identifiable information with the site owner, but only provides reports and notifications (in which you are not identified) about site audience and ad performance. LinkedIn also provides retargeting for website visitors so that we, as the website owner, can use this data to display targeted ads outside of our website without identifying the member. LinkedIn also use data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent pursuant to Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by LinkedIn.

Storage period

Members’ direct identifiers are removed within seven days to pseudonymize the data. Personal data stored by advertisers in LinkedIn Campaign Manager is automatically deleted on a regular basis; within 30 days with respect to contact lists (e.g., hashed emails), within 90 days on an ongoing basis for audiences created based on contact lists (if not actively used by the customer), within 90 days for data submitted in lead generation forms, and within 180 days for pseudonymized website visitor data.

Third Country Transfer

This personal data, including the IP address of the internet connection used by the data subject, may be transferred to LinkedIn in the United States of America. This personal data may be stored by LinkedIn in the United States of America. LinkedIn may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of LinkedIn Ireland Unlimited Company, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by LinkedIn cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

3.10 Microsoft Advertising

We use Microsoft Advertising.

Purpose

Micorsoft Advertising uses both “Microsoft Clarity” and “Microsoft Universal Event Tracking (UET)”.

“Microsoft Clarity” is a Microsoft procedure that enables user analysis, for example, by evaluating data on mouse movements or performance data on certain Internet presentations. The purpose of the processing is tracking (e.g. interest/behavior-based profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavioral marketing, profiling (creation of user profiles), reach measurement (e.g. access statistics, recognition of returning users), cross-device tracking (cross-device processing of user data for marketing purposes).

With “Microsoft Universal Event Tracking (UET)”, a cookie is stored on your computer if you have accessed our website via a Microsoft Bing ad. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, been redirected to our website and reached a previously determined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user’s identity is disclosed.

Type of processing

In particular, we process usage data (e.g. Internet presentations visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or a person), movement data (mouse movements, scrolling movements).

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients are/could be:

  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
  • Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA;

Please note that Microsoft also acts as its own controller and processes data for its own purposes. We have entered into a user agreement with Microsoft, which also contains information on data processing as a controller. More information:

Storage period

The data collected by Microsoft Clarity can be viewed by us for three months after it has been recorded. The CLID cookie has an expiration period of one year.

Third country transfer

This personal data, including the IP address of the Internet connection used by the data subject, may be transferred to Microsoft in the United States of America. This personal data may be stored by Microsoft in the United States of America. Microsoft may share this personal data collected via the technical process with third parties. Where data is processed outside the EU/EEA and there is no level of data protection equivalent to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Microsoft Ireland Operations Limited, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Microsoft cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

3.11 Facebook Custom Audiences (for websites) / Conversion

We use the so-called “Facebook Pixel” and the “Facebook Conversions API”.

Purpose

As part of Facebook (Website) Custom Audiences, we use the Facebook Pixel and the Conversions API for remarketing purposes in order to be able to address you again within 180 days. This allows interest-based advertisements (“Facebook Ads”) to be displayed after you have used our website in the context of visiting the social network “Facebook” or other websites that also use the procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our website or offers more interesting for you.

In the context of Facebook Conversion, we want to use the Facebook Pixel and the Conversions API to ensure that our Facebook Ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook Pixel, we can track the effectiveness of the Facebook Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook Ad (so-called “conversion”).

Type of processing

Due to the marketing tools used (Facebook Pixel and Conversions API), your browser automatically establishes a direct connection with Facebook’s server as soon as you have agreed to the use of cookies requiring consent. Through the cookie, personal data (including your IP address) is transferred to Facebook. Through the integration of the Facebook pixel and the use of the Conversions API, Facebook receives the information that you have called up the corresponding web page of our website, or clicked on an ad from us. If you are registered with a Facebook service, Facebook can assign the visit to your account.

The processing of data by Facebook takes place within the framework of Facebook’s data usage policy. Specific information and details about the Facebook pixel and the Conversions API and how it works can also be found in Facebook’s help section.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent pursuant to Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the [borlabs-cookie type=”btn-cookie-preference” title=”cookie settings” element=”link”/] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients are/could be:

  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta)
  • Meta Platforms Inc (Meta), 1601 Willow Rd, Menlo Park, California, 94025-1452

Shared Responsibility

We are jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transfer of data as part of this process. This is for the following purposes:

  • The creation of individualized or appropriate advertisements, as well as for their optimization.
  • The delivery of commercial and transactional messages (e.g. via Messenger).

The following processing operations are therefore not covered by joint processing:

  • Processing that takes place after collection and transmission is the sole responsibility of Meta.
  • The creation of reports and analyses in aggregated and anonymized form is carried out as part of a commissioned processing and is therefore our responsibility.

For joint responsibility, we have concluded a corresponding agreement with Facebook, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This sets out the respective responsibilities for fulfilling the obligation under the GDPR with regard to shared responsibility.

The contact details of the responsible company, as well as Facebook’s data protection officer, are available here: https://www.facebook.com/about/privacy.

We have agreed with Meta that Meta can be used as a point of contact for the exercise of data subject rights. This does not affect the competence of the data subject rights.

Further information on how Meta processes personal data, including its legal basis and further information on data subject rights can be found here: https://www.facebook.com/about/privacy. We transfer the data within the scope of shared responsibility on the basis of legitimate interest pursuant to Art. 6 (1) f DSGVO

Storage period

The cookies set lose their validity after 180 days.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, may be transferred to Meta in the United States of America. This personal data may be stored by Meta in the United States of America. Meta may disclose this personal data collected via the technical process to third parties. To the extent that data is processed outside the EU/EEA and there is no level of data protection equivalent to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Meta Platforms Ireland Limited, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Meta cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Information on the data security conditions can be found here: https://www.facebook.com/legal/terms/data_security_terms and on processing based on standard contractual clauses can be found here:  https://www.facebook.com/legal/EU_data_transfer_addendum.

3.12 Adobe Typekit Fonts

We have integrated Adobe Typekit Fonts on our website.

Purpose

The data processing enables us to use external fonts. We use Adobe Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly.

Type of processing

To integrate the fonts we use, your browser must establish a connection to an Adobe server in the USA and download the font required for our website. Adobe thereby receives the information that our website was accessed from your IP address. Adobe Fonts does not set cookies. For more information on Adobe Typekit, please see Adobe’s privacy policy, which you can access here: https://www.adobe.com/privacy/policies/adobe-fonts.html.

Legal basis

The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent in accordance with Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/may be

  • Adobe Systems Software Ireland Companies (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland.
  • Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA

It cannot be ruled out that U.S. authorities may access the data stored by Adobe.

Storage period

The length of time that Adobe Typekit retains user data (IP addresses, browser information, operating system, limited usage data, and location data) cannot be clearly limited. Adobe states that it does not process IP addresses (https://www.adobe.com/privacy/policies/adobe-fonts.html), which corresponds to deletion after the respective session.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

3.13 YouTube

We have integrated components from YouTube on our website.

Purpose

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television shows, but also music videos, trailers or videos made by users themselves can be accessed via the Internet portal. We use YouTube videos on our website to post our own videos and make them publicly available.

Type of processing

In the event that you follow a link on YouTube, we point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.

We also directly embed videos stored on YouTube on some of our web pages. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called “framing”. If you call up a (sub-)page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.

The integration of YouTube content only takes place in “extended data protection mode”. YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. When you call up the relevant pages, however, the IP address as well as the browser type, the operating system, information about the website you previously visited and the pages you called up, your location, your mobile phone provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information and thus in particular which of our Internet pages you visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service (e.g. Google+) before accessing the page or are permanently logged in.

As soon as you start the playback of an embedded video by clicking on it, YouTube only saves cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.

Legal basis

The use of YouTube requires your consent. This was requested via our Cookie Consent Tool, or is obtained again before clicking on the respective video, if necessary. The storage of and access to information in the end user’s terminal equipment is carried out in accordance with Section 25 (1) TTDSG. The legal basis for further data processing is your consent pursuant to Art. 6 para. 1 lit. a, if applicable Art. 49a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the [borlabs-cookie type=”btn-cookie-preference” title=”cookie settings” element=”link”/] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

According to Google, log data is anonymized by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively. For more information on how Google retains your data, click here https://policies.google.com/technologies/retention?hl=de and here https://policies.google.com/privacy?hl=de#inforetaining.

Third country transfer

This personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties. Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Further notes:

Further information on data use by Google, on setting and objection options, and on data protection can be found on the following Google web pages:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain „www.googleadservices.com“ (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. We would like to point out that this setting will also be deleted when you delete your cookies.

The privacy policy published by YouTube, which is available at https://www.google.de/intl/en/policies/privacy/ provides information about the collection, processing and use of personal data by YouTube and Google.

3.14 Online presence in social networks

We are active on various social networks with online presences in order to communicate there, among other things, with applicants and interested parties and to inform them about our products and services.

For this purpose we use the following social networks:

  • Facebook fan page of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland („Facebook“)
  • Instagram fan page of Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland („Instagram“)
  • LinkedIn company page of LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland („LinkedIn“)
  • Xing Company profile of  XING SE, Dammtorstraße 30, 20354 Hamburg („Xing“)
  • Pinterest profile of Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”)
  • YouTube channel of YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Youtube”)

As part of the operation of our online presences in social networks, it is possible that we can access information such as statistics on the use of our online presences, which are provided by the operator of the social network. This is aggregated data that provides information about how people interact with our site, so-called page insights. Page Insights may be based on personal data collected in connection with a visit or interaction of persons on or with our site and in connection with content provided. These Page Insights are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country), employment-related information (e.g., job, function, industry, work experience, company size), and data about interaction with our online presence (e.g., likes, shares, subscriptions, viewing of images and videos) and the posts and content distributed through it. This may also provide information about the interests of users and which content and topics are particularly relevant to them. This information may also be used by us to adapt the design and our activities and content on the online presences and to optimize them for our audience. We are jointly responsible with the operator of the social network for the collection and use of these page insights.

For more information on shared responsibility, the nature and scope of these statistics, and how to contact the social network, see:

The legal basis for this data processing is Art. 6 (1) lit. b DSGVO, in order to stay in contact with and inform our customers and to carry out pre-contractual measures with interested parties, as well as 6 (1) lit. f DSGVO, based on our legitimate interest in the optimized presentation of our offer and effective information and communication with the aforementioned persons.

Please note that we have no influence on the data collection and further processing by the social networks. However, we point out that when you visit the online presences, data about your usage behavior may be transmitted to the operator of the social network. The operators of the social networks may process the aforementioned information to compile more detailed statistics and for their own market research and advertising purposes, over which we have no influence. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements are then placed within the social network, for example, but also on third-party websites. More information on this can be found in the data protection notices of the social networks:

Insofar as we receive your personal data when operating the online presence in the social networks, you are entitled to the rights stated in this data protection declaration. If, in addition, you wish to assert your rights against the operator of the social network, the easiest way to do so is to contact them directly. We have no influence on the processing of your personal data by the provider and how it is handled. Likewise, we do not have any information on this. For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options regarding data processing by the provider. The provider knows both the details of the technical operation of the platforms and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights, insofar as this is possible for us, and forward your requests to the operator of the social network.

4. Your rights

In the following, you will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us pursuant to Article 15 of the GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.

The right, in accordance with Art. 16 DSGVO, to demand the immediate correction of incorrect or completion of your personal data stored by us.

The right, pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO.

The right, pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

The right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace for this purpose.

The right to revoke consent given in accordance with Art. 7 (3) DSGVO: You have the right to revoke consent to the processing of data once given at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right of objection

Insofar as your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.

If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to the above e-mail address.

5. Reservation of right to change

We reserve the right to adapt or update this data protection declaration if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take into account changes to our services, e.g. when introducing new services. The most current version applies to your visit.

Status of this data protection declaration: 02.08.2022