Data privacy policy

This data privacy policy applies to the website you are currently visiting as well as all other websites of our company and to our presence on social media and other platforms.

I. Controller

The controller responsible for collecting, processing and using your personal data through this internet platform is

CARAT Gesellschaft für Organisation und Softwareentwicklung mbH

Frankfurter Str. 155
63303 Dreieich

Telephone: +49 6103 9308-0
Fax: +49 6103 9308-319
E-Mail: info@carat.de

The controller responsible for processing personal data is the natural person or legal entity making decisions, alone or together with others, about the purposes and means of processing personal data.

The controller is simultaneously a service provider as defined by the German Telemedia Act (TMG).

You can reach our data protection officer

Herrn Erich Zimmermann

Postanschrift:
Erich Zimmermann c/o ZiDa-Datenschutz GmbH
Waldhofer Str. 102
69123 Heidelberg

e.zimmermann@zida-datenschutz.de
www.zida-datenschutz.de

We take the protection of the privacy of visitors to this website and our other company websites very seriously. We collect, process and use personal data exclusively in accordance with the applicable legal regulations and this data privacy policy.

Please read this data privacy policy carefully. It is intended to inform you about the extent, type and purpose of collecting, using and processing personal data of persons using this website.

Personal data is any data which can be used to identify you personally. This information includes, for instance, your name or contact information such as your phone number, address and e-mail address.

With the exception of your IP address, we only collect personal data when you voluntarily provide this data to us, for instance when registering on our website or using our contact form. This personal data is used to identify you as a user through your e-mail address and to initiate contact with you.

II. What data do we collect on our website?

1. Access data and logfiles

If you use our website purely for informational purposes, i.e. if you do not register or transmit information to us in other contexts, we only collect the data transmitted to our server by your browser (referred to as "server logfiles"). When you access our website, we collect the following data, which is technically required to display the website:

  • IP address (if possible, this is saved in an anonymised form)
  • Domain name of the referrer website
  • Names of the accessed files
  • Transmitted data volume in bytes
  • Access date and time
  • Name of your internet service provider
  • and potentially the operating system and browser version of your device

This data is processed in accordance with point (f) of Art. 6(1) GDPR based on our legitimate interest in the improvement of our website's stability and functionality. We process this data but we do not store it permanently. This data is not disclosed to third parties or used for any other purpose. However, we reserve the right to inspect the server logfiles at a later point, if there is specific evidence of unlawful usage.

The data is exclusively evaluated for statistical purposes. We do not create personalised user profiles.

2. Cookies

3. Hosting the website

Within the framework of processing on our behalf, a third-party provider located in a country of the European Union provides us with the services for hosting and displaying our website and provides the infrastructural services, computing capacity, storage space and database services, maintenance services and security service for this purpose. We or our hosting provider process all data created by use of our website. This includes user data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to our web presence.

Processing is based on our legitimate interest in efficient, secure provision of this web presence (point (f) of Art. 6(1) GDPR in conjunction with Art. 28 GDPR).

4. What data do we collect and use when you contact us?

We process user data (e.g. names, addresses and contact data) which you have provided to us when contacting us (e.g. using the contact form, e-mail or phone) in order to fulfil contractual obligations or to respond to your inquiries in accordance with point (b) of Art. 6(1) GDPR. What data is collected is apparent from the respective input forms. Information that is obligatory to process your request is marked as a mandatory field. When you send an inquiry through our website, we save the IP address and the time of the user action in question. This is based on our legitimate interests and the users' interest in the protection from misuse and unauthorised use of your data. You can withdraw consent to the above at any time (right to object). We do not disclose this data to third parties, unless this is required for asserting our claims or we are legally obligated to do so in accordance with point (c) of Art. 6(1) GDPR.

We will delete any data collected in this context once it is no longer necessary to retain it, or we will restrict processing, if legally mandated retention periods apply. We review the necessity of data storage every two years.

III. How long do we save your data?

We process, delete or restrict the processing of the data processed by us based on Art. 17 and Art. 18 GDPR. As a rule, we only save your personal data created while using our website for as long as this is required by the above-mentioned purposes. However, if legally mandated retention periods make it impossible to delete the data, data processing will merely be restricted, i.e. the data will be blocked from further use and cannot be processed for any other purpose.

In particular, the following obligations to provide proof and retain data are relevant: 6 years according to § 57, section 1 HGB - German Commercial Code (for account books, inventories, opening balance sheets, annual financial statements, business letters, posting documents, etc.), 10 years according to § 147 section 1 AO - German General Tax Code (accounts, records, posting documents, trade and business letters, documents relevant for taxation, etc.). Personal data may also sometimes be retained for the period in which claims against us can be asserted (legal limitation period of three or up to thirty years).

IV. Why do we process your data (purpose of processing) and on what legal basis?

We process the data created by your visit to our website or your use of offered contact options in line with the regulations of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Law (BDSG). Depending on the reason you are contacting us via our website, there may be different legal grounds for data processing. The specific legal basis for data processing depends on the context and purpose for which we have received your data. In general, the legal basis for data processing is derived from the following options:

Point (a) of Art. 6(1) GDPR is the legal basis for data processing when we have asked for consent to a specific processing purpose. After you have given consent, you may withdraw it at any time.

If processing personal data is required to fulfil a contract, a contract party of which is the data subject, which is, for instance, the case for the processing required for delivery of goods or performance of other services or return services, processing is based on point (b) of Art. 6(1) GDPR. The same applies to processing required for completing pre-contractual measures, for instance inquiries about our products or services.

If we are subject to a legal obligation requiring processing of personal data, for instance complying with tax obligations, this processing will be based on point (c) of Art. 6(1) GDPR.

Processing may also be based on point (f) of Art. 6(1) GDPR. This is the legal basis for processing that is not based on any of the aforementioned legal grounds, if processing is required to pursue a legitimate interest of our company or a third party, except where such interests are overridden by the data subject's interests or fundamental rights and freedoms.

V. Disclosure of your personal data to third parties?

When you visit a website, IP addresses are automatically transmitted to the server where the website is operated. These IP addresses are necessarily transmitted to third parties, whenever a third-party component (a script, an image, a font, any other digital resource) is embedded on the website. This data privacy policy lists which components are embedded on this website. The aforementioned information also shows the recipients of your IP address or the categories of recipients. Aside from the above, we only use your personal data for performance of contracts. We comply with the principles of purpose limitation and data minimisation.

Your personal data will not be transmitted to third parties for any purpose except those listed below. We will only transmit your personal data to third parties if:

  • you have given your explicit consent in accordance with point (a) of Art. 6(1) GDPR,
  • the transmission is necessary in accordance with point (f) of Art. 6(1) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding compelling interest in non-transmission of your data,
  • there is a legal obligation to disclose the data in accordance with point (c) of Art. 6(1) GDPR and
  • this is legally permissible and required for performance of a contract of which you are a party according to point (b) of Art. 6(1) GDPR.
  • you have requested a qualified consultation by a specialist retailer near you. If this was requested by you, this specialist will also send product information and make service offers. We would like to note explicitly that consultation services are not provided by the portal operator but by a specialist retailer near you.

VI. Am I obligated to provide data?

In the context of our business relationship, you are only obligated to provide the personal data required for establishing, performing and terminating a business relationship or which we are legally obligated to collect.
Without this data we will generally have to reject entering into a contract or processing the order or will no longer be able to perform an existing order and may have to terminate it.

VII. Which data protection rights do I have?

You have the right:

  • according to Art. 15 GDPR, to demand information about your personal data processed by us. In particular you have the right to demand information about the purposes of processing, the category of personal data, the category of recipients to which the data was or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to file a complaint, the origin of your data, if it was not collected by us, and the existence of any automated decision-making including profiling and, if applicable, meaningful information on the details thereof;
  • according to Art. 16 GDPR, to demand immediate rectification of incorrect personal data or completion of incomplete personal data stored by us;
  • according to Art. 17 GDPR, to demand the erasure of personal data stored by us, provided the processing thereof is not required to exercise the right to free speech and freedom of information, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
  • according to Art. 18 GDPR, to demand the restriction of processing of your personal data, provided you are contesting the correctness of the data, processing is unlawful but you do not want the data to be erased, or we no longer need your data, but you require the data to establish, exercise or defend legal claims or you have objected to processing according to Art. 21 GDPR;
  • according to Art. 20 GDPR, to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
  • according to Art. 7(3) GDPR, to withdraw your consent given to us at any time. This means that we are no longer permitted to continue data processing based on this consent in the future and
  • according to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority without prejudice to any other administrative or judicial remedy. In general, you can contact the supervisory authority of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the General Data Protection Regulation of the EU (GDPR).

Right to object

If your personal data is processed based on legitimate interests in accordance with point (f) of Art. 6(1) GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons resulting from your special situation or your objection is related to direct marketing. In the latter case you have a general right to object, which we will abide by without indication of any special situation. If you would like to make use of your right to withdraw consent or object, simply send an e-mail to the e-mail address listed in the legal information section on our website.

Withdrawing consent

After you have given consent, you may withdraw it at any time. This also applies to declarations of consent given to us before the General Data Protection Regulation came into effect, i.e. before 25 May 2018.

Please note that withdrawing your consent only has an effect on future processing. It does not affect processing performed prior to withdrawing your consent.

VIII. What should I keep in mind with regard to links to other websites?

Our website/app may occasionally contain links to third-party websites or other websites published by us. If you follow a link to one of these websites, we would like to point out that these websites have their own data privacy policies and that we do not assume any responsibility or liability for these policies. Please read these data privacy policies before disclosing personal data to these websites.

IX. What data security measures do we take?

We use the TLS procedure (Transport Layer Security) in conjunction with the highest level of encryption supported by your browser. You can see whether an individual page of our web presence is encrypted by checking for the key or locked padlock symbol in the status bar of your browser.

We use suitable technical and organisational measures to protect our website and other IT systems against loss, destruction, unauthorised access, unauthorised modification or unauthorised distribution of your data. Nevertheless, complete protection against all danger is not feasible in all cases, despite taking the greatest possible care.

X. Changes to this data privacy policy

We reserve the right to change this data privacy policy, if the legal situation, this web presence or the manner of data collection change. However, this only applies to statements regarding data processing. If user consent is required or parts of the data privacy policy contain provisions governing the contractual relationship with users, the data privacy policy will only be changed after the user has given consent.

For this reason, please familiarise yourself with this data privacy policy, in particular if you are providing personal data.

Explanation of tools and resources used

Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The Google Tag Manager is a cookie-free domain and does not record personal data. However, the tool triggers other components, which may then collect data. Google Tag Manager does not access this data. If this tool was deactivated on the domain or cookie level, this deactivation will persist for all tracking tags implemented with Google Tag Manager. For further information on the Google Tag Manager, refer to the Google data privacy policy.

 

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google Analytics

We use the analysis service Google Analytics. This web analysis service is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use Google Analytics to evaluate your use of our website and to compile reports about user activities.

This analysis tool operates primarily on the basis of cookies. A cookie is a text file sent when visiting a website and saved temporarily on the website user's hard drive to permit analysis of your visit to the website. The information saved by the cookie is generally transmitted to a Google server in the USA and stored there.

As a result of IP anonymisation, Google will first truncate your IP address if you are in a EU member state or another signatory state to the European Economic Area treaty. Google uses the transmitted information to create a report about how our website is used on our behalf. We have entered into a processing contract with Google. If you wish to prevent the use of cookies, you can do so by changing the local settings in the web browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox, etc.), i.e. the program used to open and display websites. Moreover you can prevent your data from being collected and processed by the Google cookie by downloading and installing the browser plugin offered by Google at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

You can prevent collection by Google Analytics by using the opt-in solution used on this website.

For further information on the terms of use of Google and Google Analytics and on the associated data privacy policy, visit https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/en/policies

We would like to note that the "anonymizeIp" extension has been added to Google Analytics. It ensures anonymised collection of IP addresses.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google Analytics Remarketing

We use the Remarketing function provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This function is intended to show website users interest-based advertisements within the context of the Google advertising network DoubleClick.

To do so, the website user's browser saves cookies, which allow the user to be recognised when the user accesses websites belonging to Google's advertising network.

These websites can then show the user advertisements referring to content accessed previously by the user on websites using the Google Remarketing function.

Should you wish to prevent use of the Remarketing function, you can deactivate it by making the corresponding settings.

You can also deactivate the cookies via the advertising network initiative, by following the instructions.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google AdSense

We use AdSense ("AdSense"), a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). AdSense makes it possible to embed advertisements on websites.
AdSense uses cookies, which allow Google to analyse your use of this website. Moreover, invisible graphics referred to as "web beacons" are used, which allow Google to collect information, such as clicks on the website. The aforementioned information, your IP address and the provision of advertising formats are transmitted to Google's servers.
Google may transmit this information to third parties, if Google has commissioned third parties to process the data.
You can prevent the aforementioned cookies from being saved on your computer by changing the settings in your web browser accordingly.
However, this may mean that your use of website functions is limited.

 

For further information on data privacy and cookies used by Google AdSense, visit the Google data privacy policy, the processor terms for Google advertising products and the data processing terms for controllers of Google advertising products.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

DoubleClick

DoubleClick by Google ("DoubleClick") is a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

DoubleClick uses cookies, for instance to display the most relevant advertisements possible. Google records, which advertisements were displayed and on which of them you clicked. Use of the DoubleClick cookies allows Google and its advertising network to display advertisements based on your previous visits to websites (or apps). The information generated by the cookies is transmitted to a Google server for analysis and stored there. You can prevent cookies from being stored by changing the settings of your browser software accordingly. Moreover, you can prevent collection of the data generated by the cookies referring to your use of websites and processing of this data by Google.

To do so, click on the following link: Data privacy policies of DoubleClick and Google.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google AdWords and Google Conversion Tracking

We use the advertising program Google AdWords with user evaluation provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

If you click on an advertisement displayed via the Google advertising program, a cookie is stored on your computer.

If you visit specific pages on our website and the cookie has not expired, Google and we can detect that you clicked the advertisement (including potentially on a different website) and were referred to this page.

The information collected with the aid of these cookies is used to create conversion statistics. This means we will learn the total number of users who have clicked on one of the Google AdWords advertisements we have published and were referred to a page with an embedded user evaluation function.

We do not receive any information that would allow personal identification of users. Processing is based on point (f) of Art. 6 (1) GDPR (legitimate interest regarding targeted advertising and analysis of effect and efficiency of our advertisements).

You have the right to object to this manner of processing your personal data at any time. To do so, you can prevent cookies from being saved by deactivating cookies in your browser. However, if you do so, you may not be able to use some functions of this website to their full extent.

Moreover, you can change the Google advertising settings to deactivate personalised advertisement. You can also deactivate third-party cookies.

For further information, refer to the Google data privacy policy.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Facebook Pixel

We use the user access statistics (Remarketing function) "Custom Audiences" provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"), also known as Facebook Pixel. This function allows us to address the users of our website with targeted advertising by publishing personalised, interest-based Facebook advertisements for the users of this website when they visit the social network Facebook. This function will only be activated after you have given consent. If this function is activated, a visit to this website will establish a direct connection to a Facebook server. The data transmitted to the Facebook server shows which of our websites you have visited. Facebook links this information to your personal Facebook user account. For further information on how data is collected and used by Facebook, your rights with regard to this and options for protecting your privacy, please refer to the Facebook data privacy policy, which you can find at https://www.facebook.com/about/privacy/. If you do not want Facebook to be able to link the collected information directly to your Facebook user account, you can deactivate the remarketing function "Custom Audiences" here. You have to be logged into Facebook to use this option.

If you do not have a Facebook account, you can deactivate usage-based advertisements by Facebook here: https://www.youronlinechoices.com/uk/your-ad-choices/.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Facebook, whose headquarters are in the USA, when this tool is embedded.

Social media

YouTube videos

We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played on our website due to the embed. The videos are embedded with the option for advanced data protection settings activated. If you play these videos, YouTube cookies and DoubleClick cookies will be saved on your computer and data may be transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), the operator of YouTube.

When playing videos stored by YouTube, at least the following data is currently transmitted to Google, who operate YouTube and the DoubleClick network: IP address and cookie, the specific address of our site you have accessed, the system data and time of access, your browser identification.

This data is transmitted regardless of whether you have a Google user account and are logged into it or whether you do not have an account. If you are logged into your account, Google may link this data directly to your account. If you do not want the data linked to your profile, you have to log out before activating the play button of the video.

YouTube / Google will save this data as usage profiles and may use them for advertising purposes, market research and / or demand-based design of their websites. This analysis is also and in particular performed (including for users that are not logged in) to provide demand-specific advertisement and to inform other users about your activities on our website. You have a right to object to creation of these user profiles. To assert this right, you will have to do so against Google as the provider of YouTube.
For further information on the purpose & extent of data collection and processing by Google, visit this information page.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Vimeo videos

We have embedded Vimeo videos on our website, which are stored on the servers of the provider Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA ("Vimeo") and can be played on our website due to the embed. If you play these videos, cookies will be saved on your computer and data may be transmitted to Vimeo.

When playing videos stored by Vimeo, at least the following data is currently transmitted to Vimeo LLC: IP address and cookie, the specific address of our site you have accessed, the system data and time of access, your browser identification.

This data is transmitted regardless of whether you have a Vimeo user account and are logged into it or whether you do not have an account. If you are logged into your account, Vimeo LLC may link this data directly to your account. If you do not want the data linked to your profile, you have to log out before activating the play button of the video on the Vimeo platform.

For further information on the purpose & extent of data collection and processing by Vimeo, visit this information page.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Vimeo, whose headquarters are in the USA, when this tool is embedded.

Social media plugins with the Shariff plugin

We use the social media plugins of Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn or Tumblr. To ensure data protection, these plugins are secured using the Shariff plugin. This allows you to give consent prior to activation of the respective social media plugin, so that the plugin is only loaded afterwards and your data (IP address, etc.) is also only transmitted to the respective social media plugin provider afterwards.

If you are logged into your social media account at the same time, the respective social media platform may link your visit to our website to your social media account.

Facebook plugin

We use the Facebook plugin provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The plugin displays a like button for our Facebook page. The plugin will send data to Facebook as soon as you open our website. This data includes your IP address, the time at which you accessed the website and the address of the accessed page.

If you click the like button and are logged into your Facebook account, Facebook will link your use of the like button to your user profile. Even if you do not click the like button, Facebook can link your visit to our website to your Facebook account if you are logged in.

You can change your advertising settings in your Facebook user account at the following link: https://www.facebook.com/settings?tab=ads

You can find Facebook's data privacy policy at the following link:
https://www.facebook.com/about/privacy/

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Facebook, whose headquarters are in the USA, when this tool is embedded.

Twitter plugin

We use the functions of the Twitter service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). If you use the Twitter buttons, the websites you have visited will be linked to your Twitter account and disclosed to other users. Data will also be transmitted to Twitter. If you do not want Twitter to link your activities on our website to your account, please log out of your Twitter account before visiting our website or using the Twitter plugin.
For further information, please refer to the Twitter data privacy policy.
You can change your Twitter privacy settings in the account settings, if you have a Twitter account.

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Twitter, whose headquarters are in the USA, when this tool is embedded.

Pinterest plugin

We use the Pinterest social media plugin provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest").

The plugin establishes a connection to a Pinterest server when you visit our website. Your IP address and the site you have visited will be transmitted to Pinterest.

If you use the plugin (i.e. click it, for instance by clicking the Pinterest button or if you visit a website on which we have actively embedded the plugin) and you are logged into your Pinterest account, Pinterest can link your visit to our website to your user account.

For further information on data collection and setting options, please refer to the Pinterest data privacy policy at https://policy.pinterest.com/en/privacy-policy

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Pinterest, whose headquarters are in the USA, when this tool is embedded.

Instagram Plugin

We use the function of the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA ("Instagram").

If you use the Instagram buttons, the websites you have visited will be linked to your Instagram account and disclosed to other users. Data will also be transmitted to Instagram. If you do not want Instagram to link your activities on our website to your account, please log out of your Instagram account before visiting our website or using the Instagram plugin.

You can find the Instagram data privacy policy at the following link:
https://help.instagram.com/519522125107875

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Instagram, whose headquarters are in the USA, when this tool is embedded.

XING plugin

We use a plugin provided by NEW WORK SE, Dammtorstraße 30, 20354 Hamburg, Germany ("XING"). XING is obligated to adhere to all GDPR provisions.

When you access our website, your IP address together with the time of access, the visited page and your browser information are transmitted to XING. XING may analyse your user behaviour to show you targeted content, if you are logged into a user account on the XING platform. If you are logged into such an account, XING can also link your visit to our website to your user account on the XING platform. If you would like to prevent this, please log out of your XING platform account.

You can change your XING privacy settings in the account settings, if you have a XING account.

You can use this link to deactivate analysis of your data by XING, even if you do not have a XING account.

You can find the XING data privacy policy at the following link:

https://privacy.xing.com/en/privacy-policy

Newsletter

CleverReach

We use an e-mail marketing solution provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany ("CleverReach"). If you use any function of our site that requires you to enter your e-mail address, it may be saved on a CleverReach server. CleverReach performs statistical evaluation of our newsletters on our behalf. The CleverReach e-mails sent to you may contain a tracking pixel, which permits tracking of your user behaviour (in particular, it can determine whether you open an e-mail or click links in the e-mail). Moreover, CleverReach can determine if you perform an action after clicking a link (for instance purchasing a product). In addition, technical information is collected (this includes the time at which you accessed the e-mail, your IP address, information on your browser and your operating system). This data is collected by CleverReach in a pseudonymised fashion and will not be linked to your other personal data. You can unsubscribe from the e-mails at any time by clicking the link at the end of one of the e-mails received from CleverReach (right to object). For further information, refer to the CleverReach data privacy policy.

We have entered into a processing contract with CleverReach to obligate CleverReach to treat your data according to the applicable data protection regulations.

Hosting

WordPress

We use WordPress as the editing system for our website. WordPress uses functional (necessary) cookies to provide the log-in process for editors and administrators.
In particular, a cookie with the name of wordpress_test_cookie is saved when an attempt is made to log into the WordPress administration interface. This cookie is used exclusively for the active session and is deleted as soon as you close your browser.
The cookie is not used for user analysis.

Other tools

Google reCAPTCHA

To protect your communication via internet forms, we use the component reCAPTCHA provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). reCAPTCHA reduces misuse by automated machine processing. reCAPTCHA transmits your IP address and potentially other data required by Google for reCAPTCHA to Google. Your input in the reCAPTCHA component is transmitted to Google and processed there. By using reCAPTCHA you consent to your image recognition contributing to the digitalisation of old works. The IP address transmitted by your browser when you use reCAPTCHA will not be linked to any other data stored by Google. The differing Google data privacy policy applies to this data. For further information on Google's data privacy policy, click here: https://www.google.com/intl/en/policies/privacy/

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google fonts

This site uses specific fonts provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google") for its presentation. When you open a page, your browser loads these fonts. During this process, your IP address and the page (URL) you have visited is transmitted to a Google server. For further information on Google fonts, visit https://developers.google.com/fonts/faq and the Google data privacy policy at https://www.google.com/policies/privacy/

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Google Maps

This web presence uses the map software Google Maps provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). By using this website you consent to the collection, processing and use of data potentially collected through automated processing by Google and its representatives. terms of use for Google Maps. For additional information, refer to the the Google data privacy policy. Google Maps loads fonts to display the map correctly. The Google fonts are also loaded from a Google server. For further information on these Google fonts, visit https://developers.google.com/fonts/faq.

 

Please also note that, due to the Cloud Act, American intelligence services may gain access to personal data which, due to the internet protocol, is necessarily transmitted to Google, whose headquarters are in the USA, when this tool is embedded.

Our own services

Processing of job applicant data

We offer the option of applying for a job at our company (e.g. by e-mail, mail or via the online job application form). Below we would like to inform you about the extent, purpose and usage of personal data collected in the context of the application process. We would like to assure you that the collection, processing and usage of your data is in line with the applicable data protection laws and all other legal regulations and that your data will be treated strictly confidentially.

Extent and purpose of data collection

If you submit a job application to our company, we will process your associated personal data (e.g. contact and communication data, application documents, notes made during job interviews, etc.) insofar as this is required for making a decision regarding the establishment of an employment relationship. The legal basis for the above is § 26 new BDSG (German Federal Data Protection Law) according to German law (initiation of an employment relationship), point (b) of Art. 6(1) GDPR (general steps prior to entering a contract) and – provided you have given consent – point (a) of Art. 6(1) GDPR. You have the right to withdraw your consent at any time. Within our company, your personal data will only be disclosed to persons involved in processing your application.

If your application is successful, the submitted data will be stored in our data processing systems based on § 26 new BDSG and point (b) of Art. 6(1) GDPR for the purpose of establishing an employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data submitted to us for up to 6 months from the end of the application process (rejection or withdrawal of the application) based on our legitimate interest (point (f) of Art. 6(1) GDPR).

Afterwards the data will be deleted and any physical application documents will be destroyed. This retention is primarily for the purpose of providing proof in the event of a legal dispute. If it becomes apparent that the data will be required after the end of the 6-month period (e.g. due to an imminent or active legal dispute), the data will only be deleted once the purpose for continued storage no longer applies.

A longer retention period may also apply, if you have given your consent (point (a) of Art. 6(1) GDPR) or if mandatory retention periods prevent erasure.

Acceptance into the applicant pool

If we are unable to make you a job offer, we may still accept you into our applicant pool. Should you be accepted, all documents and information from the application will be included in the applicant pool, so that we can contact you if we have any suitable vacancies.

Any acceptance into the applicant pool will be based exclusively on your explicit consent (point (a) of Art. 6(1) GDPR). Giving your consent to the above is voluntary and in no way related to the ongoing application process. The data subject can withdraw consent at any time. In this case the data will be irrevocably deleted from the applicant pool, provided no legal grounds for retention apply.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

SIMIS seal of quality

We use the data privacy seal of quality of SiMiS - Systematic safety - GmbH
Schwarzwaldstr. 17, 68163 Mannheim, Germany ("SiMiS") as an embedded image. If the image is loaded from a SiMiS server, an agreement with SiMiS exists that the data necessarily collected by the internet protocol when accessing the image will not be used for analyses.

As the website operator, we are responsible for adhering to the data privacy policy notes transmitted to us by SiMiS in a data privacy report.

You can find the SiMiS data privacy policy at the following link:

https://www.simis.org/datenschutz.html

This data privacy policy was created with kind support of SiMiS (Systematic safety).


 


 

ds232v5