With the following data protection declaration, we would like to inform you about which types of your personal data (hereinafter also referred to as "data") we process for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as .B our social media profiles (hereinafter collectively referred to as "online offer").
The terms used are not gender-specific. As of November 13, 2020
- Overview of processing
- Relevant legal bases
- Security measures
- Transfer and disclosure of personal data
- Data processing in third countries
- Commercial and business services
- Use of online marketplaces for e-commerce
- Provision of the online offer and web hosting
- Registration, registration and user account
- Blogs and publication media
- Communication via messenger
- Video conferences, online meetings, webinars and screen sharing
Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook via Facebook pixel (via apps or other means), e.B. and relates to persons or their actions; The data includes, for example.B information about visits to websites, interactions with content, functions, installation of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as.B. written comments), no login information and no contact information (i.e. no names, e-mail addresses and telephone numbers). Event data will be deleted by Facebook after a maximum of two years, the target groups formed from them with the deletion of our Facebook account).
Applicant data (e.B. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as.B cover letter, curriculum vitae, certificates and other information about their person or qualification provided voluntarily by applicants with regard to a specific position or voluntarily).
Overview of processing
The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.
Types of data processed
- Event data (Facebook) ("Event data" is data that can be transmitted by us to Facebook via Facebook pixel (via apps or other means), e.B. and relates to persons or their actions; The data includes, for example.B information about visits to websites, interactions with content, functions, installation of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event data does not include the actual content (such as.B. written comments), no login information and no contact information (i.e. no names, e-mail addresses and telephone numbers). Event data will be deleted by Facebook after a maximum of two years, the target groups formed from them with the deletion of our Facebook account).
- Applicant data (e.B. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as.B cover letter, curriculum vitae, certificates and other information about their person or qualification provided voluntarily by applicants with regard to a specific position or voluntarily).
- Content data (e.B. entries in online forms).
- Contact details (e.B. e-mail, telephone numbers).
- Meta/communication data (e.B. device information, IP addresses).
- Usage data (e.B websites visited, interest in content, access times).
- Image and/or video recordings (e.B. photographs or video recordings of a person).
- Location data (information on the geographical position of a device or person).
- Contract data (e.B subject matter of the contract, term, customer category).
- Payment data (e.B. bank details, invoices, payment history).
Special categories of data
- Data showing racial and ethnic origin. Categories of persons concerned
- Employees (e.B. employees, applicants, former employees).
- Business and contractual partners.
- Interested parties.
- Communication partners.
- Users (e.B. website visitors, users of online services).
Purposes of processing
- Affiliate tracking.
- Provision of our online offer and user-friendliness.
- Conversion measurement (measuring the effectiveness of marketing measures).
- Application procedure (justification and possible subsequent implementation as well as possible later termination of the employment relationship).
- Office and organizational procedures.
- Cross-device tracking (cross-device processing of user data for marketing purposes).
- Direct marketing (e.B. by e-mail or post).
- Feedback (e.B. Collecting feedback via online form).
- Interest-based and behavioral marketing.
- Contact requests and communication.
- Profiling (creation of user profiles).
- Reach measurement (e.B. access statistics, recognition of returning visitors).
- Security measures.
- Provision of contractual services and customer service.
- Managing and responding to requests.
- Target grouping (determination of target groups relevant for marketing purposes or other output of content).
Relevant legal bases
In the following, we inform you of the legal bases of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements may apply in your or our country of residence and domicile. If, in addition, more specific legal bases are decisive in individual cases, we will inform you of these in the data protection declaration.
- Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
- Performance of the contract and pre-contractual requests (Art. 6 para. 1 sentence 1 lit.b. GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
- Legal obligation (Art. 6 para. 1 sentence 1 lit.c. GDPR) – The processing is necessary to fulfill a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR) – The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject that require the protection of personal data prevail.
- Application procedure as a pre-contractual or contractual relationship (Art. 9 para. 2 lit.b GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.B. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the controller or the data subject is covered by labour law and social security law and the can exercise social protection rights and fulfil his or her obligations in this regard, their processing is carried out in accordance with Art. 9 para. 2 lit.b. GDPR, in the case of the protection of vital interests of the applicants or other persons in accordance with Art. 9 para. 2 lit.c. GDPR or for the purposes of health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 para. 2 lit. h. GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Art. 9 para. 2 lit. a. GDPR. National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection apply in Germany. This includes, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.
Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access, input, disclosure, ensuring availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.
Transmission and disclosure of personal data
As part of our processing of personal data, it happens that the data is transmitted to other bodies, companies, legally independent organisational units or persons or disclosed to them. The recipients of this data may include, for example.B payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.
Data transfer within the group of companies:
We may transfer personal data to other companies within our group of companies or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate business and business interests or takes place if it is necessary for the fulfilment of our contractual obligations or if there is a consent of the data subjects or a legal permission
Data transfer within the organization:
We may transfer personal data to other entities within our organization or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of the data is based on our legitimate business and business interests or takes place if it is necessary to fulfil our contractual obligations or if there is a consent of the persons concerned or a legal permission.
Data transfer within the organization:Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only take place in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de ).
Cookies are text files that contain data from websites or domains visited and are stored by a browser on the user's computer. A cookie is primarily used to store the information about a user during or after his visit within an online offer. The stored information may include.B, for example, the language settings on a website, the login status, a shopping cart or the place where a video was watched. The term cookies also includes other technologies that fulfil the same functions as cookies (e.B., if user information is stored on the basis of pseudonymous online identifiers, also referred to as "user IDs")
The following cookie types and functions are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and his or her browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for range measurement or marketing purposes may be stored in such a cookie.
- First-party cookies: First-party cookies are set by ourselves.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or strictly necessary) cookies: Cookies may be strictly necessary for the operation of a website (e.B. to store logins or other user input or for security reasons).
Information on legal bases:
If we do not provide you with explicit information on the storage period of permanent cookies (e.B. as part of a so-called cookie opt-in), please assume that the storage period can be up to two years.
General information on revocation and objection (opt-out):
Processing of cookie data on the basis of consent:
- Types of data processed: Usage data (e.B. websites visited, interest in content, access times), meta/communication data (e.B. device information, IP addresses).
- Data subjects: users (e.B. website visitors, users of online services).
- Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).