1.1 This information on the collection and further processing of personal data applies to the business unit of the data controller (hereinafter also: “we” / “us”):
1.2 This information is used to comply with the requirements of Articles 13 and 14 of the General Data Protection Regulation (GDPR) (information requirements) for the business unit of the controller, including related business. This only concerns data processing operations associated with a visit to our website.
1.3 Content from third-party providers which is accessed via links from our corporate website is covered by the data protection policies of the respective providers. Please see these data protection policies on the respective pages of said providers for more information. In particular, these providers are responsible for their own content and their data processing.
1.4 We will provide separate information on the processing of personal data in connection with the establishment of a contractual relationship within the scope of our business unit, and on the related activities, at the appropriate time.
2 Contact details of the Data Protection Officer
You can contact our Data Protection Officer by mail at the address stated above, or by email at email@example.com.
3.1 “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
3.2 “Personal data” means any information relating to an identified or identifiable natural person (hereinafter called “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.3 “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 “Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, in the form of a declaration or other clear confirmatory action, by which he or she signifies agreement to the processing of personal data relating to him or her.
3.5 “Collection” means the obtaining of personal data, either with the participation of the data subject or with the assistance of a third party.
4 The purposes of the intended processing of the personal data as well as the legal basis for the processing
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Our corporate website serves information purposes only and makes it easier to contact us.
SSL / TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator, this website uses SSL and TLS encryption. An encrypted connection is indicated by the browser’s address bar displaying “https://” instead of “http://” and by the lock icon appearing in your browser bar.
If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
4.1 Server log files
The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. These are the following types of data:
- Browser type and version
- Operating system in use
- Referrer URL
- Host name of the accessing PC
- Time of server request
- IP address
These data are not merged with any other data sources.
The data are stored in log files to ensure the functionality of our website. We also use these data to optimize the website and to ensure the security of our IT systems. These data are not used for marketing purposes.
The data will be erased when they are no longer necessary for the purposes for which they were collected. When data are collected for the purpose of providing the website, they will no longer be necessary after the individual session has ended.
When data are stored in log files, this will be the case after no more than seven days. Additional storage is possible. In this case, users’ IP addresses will be erased or modified so that it is no longer possible to identify the accessing client.
Data collection for the provision of the website and data storage in log files is essential for the operation of the website. For this reason, the user does not have the option to opt out.
The basis for data processing is Art. 6 (1b) GDPR, which allows the processing of data for the performance of a contract or pre-contractual measures.
4.2 Contact form and contact via email
If you send us enquiries via the contact form, we will store your details from the enquiry form, including the contact details which you provide there, in order to process the enquiry and any follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 (1a) GDPR).
You can also contact us via the provided email address. In this case, the personal data of the user which are sent via email are stored. These personal data are not disclosed to third parties. The data will be used exclusively for processing the communication with you.
The data will be erased when they are no longer necessary for the purposes for which they were collected. Personal data entered into the contact form or sent by email will no longer be necessary after the respective communication with the user has ended. The communication is deemed to have ended when it is apparent that the subject matter in question has been definitively clarified.
Personal data which are additionally collected during the sending process will be erased in seven days at the latest.
You may withdraw consent to the processing of your personal data at any time. To do this, it is enough to send us an informal message by email. The lawfulness of the data processing operations carried out prior to the withdrawal of consent shall remain unaffected.
We will store the data you have entered in the contact form until you ask us to erase them or withdraw your consent to their storage, or the purpose of the data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions — in particular retention periods — shall remain unaffected.
4.3 Application via email
If you apply online using our application form, your details from the form, including the contact details you provide there, will be stored in order for us to process your application. We will not share this information without your consent.
The processing of the data entered into the application form is therefore based exclusively on your consent (Art. 6 (1a) GDPR) and on data processing in the context of employment (Art. 88).
You can also contact us via the provided email address. In this case, the personal data of the user which are sent via email are stored. These personal data are not disclosed to third parties. The data will be used exclusively for the processing of the application.
The data will be erased when they are no longer necessary for the purposes for which they were collected. Personal data entered into the application form or sent by email will no longer be necessary after the user’s application process has been completed.
You may withdraw consent to the processing of your personal data at any time. To do this, it is enough to send us an informal message by email. The lawfulness of the data processing operations carried out prior to the withdrawal of consent shall remain unaffected.
We will store the data you have entered in the application form until you ask us to erase them or withdraw your consent to their storage, or the purpose of the data storage no longer applies (e.g. after the application process has been completed). Mandatory statutory provisions — in particular retention periods — shall remain unaffected.
4.4 References (links) to various social networks
Our website uses plugins of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. Facebook plugins are marked with the Facebook logo or the “Like” button. You can find an overview of Facebook plug-ins at https://developers.facebook.com/docs/plugins. When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged in to your Facebook account, you can link to the content of our website on your Facebook profile. As a result, Facebook can associate the visit to our website with your user account. We would like to point out that we as the website provider are not aware of the content of the data transmitted to Facebook and their use by Facebook. You can find detailed information on this in the Facebook Data Policy at https://www.facebook.com/policy.php.
If you do not want Facebook to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
Our website uses social plugins (“plugins”) from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera.”
When you call up a page on our website containing such a plugin, your browser establishes a direct connection to Instagram’s servers. Instagram transmits the content of the plugin directly to your browser, where it is incorporated into the page. Via this connection, Instagram receives the information that your browser has called up the page in question from our website, even if you do not have an Instagram profile or if you are not logged in to Instagram at that time. This information (which includes your IP address) is sent directly from your browser to an Instagram server in the USA, where it is stored.
If you are logged in to Instagram, Instagram can associate your visit to our website directly with your Instagram profile. If you interact with the plugins, for example by clicking the “Instagram” button, this information will also be sent directly to an Instagram server and stored there. This information will also be published on your Instagram account and shown to your contacts there.
For information on the purpose and scope of data collection and the further processing and use of data by Instagram, as well as your rights in this respect and settings options for protecting your privacy, please see Instagram’s Data Policy at https://help.instagram.com/155833707900388/.
If you do not want Instagram to associate the data collected via our website directly with your Instagram account, you must log out of Instagram before visiting our website.
You can also completely prevent Instagram plugins from loading by using add-ons for your browser, such as the script blocker “NoScript” (http://noscript.net/).
Our website uses YouTube components. YouTube is an internet video portal that allows video publishers to upload video clips free of charge, and other users to view, rate and comment on these clips, also free of charge. YouTube allows the publication of all types of videos. It makes complete films and television broadcasts, as well as music videos, trailers and user-made videos, available on its internet portal.
YouTube operates under the name of YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Upon each visit to one of the pages of this website operated by the controller and incorporating a YouTube component (YouTube video), the YouTube component automatically causes the internet browser on the data subject’s IT system to download a reproduction of the corresponding YouTube component from YouTube. More information on YouTube can be found at https://www.youtube.com/yt/about/. As part of this technical process, YouTube and Google are informed of which specific page of our website the data subject has visited.
If the data subject is logged in to YouTube at the same time as opening a page containing a YouTube video, YouTube will detect which specific page of our website the data subject has visited. This information will be collected by YouTube and Google and associated with the data subject’s YouTube account.
YouTube and Google will always receive information through the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the time of accessing our website. This happens regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish such information to be transferred to YouTube and Google, he or she may prevent the transfer by logging out of his or her YouTube account before visiting our website.
Our website contains functions of Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. If you use Twitter and, in particular, the “retweet” function, Twitter links your Twitter account to the websites you visit. This will be communicated to other Twitter users, especially to your followers. Data transfer to Twitter is carried out in the same way.
Twitter does not inform us as the website provider about the content of the transmitted data or the data usage. You can find more information at https://twitter.com/privacy.
Please note that you have the option to change your privacy settings on Twitter in your Twitter account settings at https://twitter.com/settings/account.
Our website contains references (links) to the external social network “XING” (XING AG, Gänsemarkt 43, 20354 Hamburg, Germany). The links on our website are indicated by the XING logo. If you follow these links, your browser connects directly to XING’s servers. When you visit our website, XING will not store your personal data. In particular, XING will not store any IP addresses. Up-to-date information on data protection by XING can be found at https://privacy.xing.com/en/privacy-policy.
Our website contains references (links) to the external social network “LinkedIn” (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). The links on our website are indicated by the LinkedIn logo. If you follow these links, your browser connects directly to LinkedIn’s servers. Up-to-date information on data protection by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.
4.5 Analytic tools and advertising
This website uses functions of Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for storing Google Analytics cookies is Art. 6 (1f) of the GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
We have activated the IP anonymization function on this website. This means that Google will first truncate your IP address within the member states of the European Union, or in other contracting parties to the Agreement on the European Economic Area, before it transmits your IP address to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. Google will utilize the information on behalf of the operator of this website for the purpose of evaluating your usage of the website, generating reports on website activity, and providing the website operator with additional services in connection with usage of the website and the internet. The IP address supplied by your browser in connection with Google Analytics is not combined with other data held by Google.
You can prevent cookies from being saved by adjusting your browser software accordingly. However, please note that in this event you may not be able to use all functions of this website to their full extent. You may furthermore prevent Google from collecting and processing the data generated by the cookie regarding your utilization of this website (incl. your IP address) by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Objection to data collection
You can prevent data collection by Google Analytics by clicking on the link below. This sets an opt-out cookie, which will prevent collection of your data when you visit this website in future: Deactivate Google Analytics.
Demographics with Google Analytics
This website uses the Demographics feature of Google Analytics. This feature makes it possible to generate reports that contain information on the age, gender and interests of visitors. These data come from interest-related advertising by Google and from third-party visitor data. These data cannot be associated with a specific person. You can disable this feature at any time via the ad settings in your Google Account, or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection.”
4.6 Plugins and tools
- Language settings are stored for eight hours.
- The session cookie is stored for 30 days.
Stored cookies can be viewed and managed for each website:
- Chrome: Click on the lock icon next to the address bar (for SSL-certified pages), or on the information icon (i). Select the menu option “Cookies ([number] in use).”
- Firefox: Click the icon in the top right corner next to the web address. Select “Options” from the drop-down menu. You can manage cookies under “Privacy & Security.”
- Internet Explorer: Click on the gear icon in the top right corner and select “Internet options” from the drop-down menu. Click the “Privacy” tab. Go to “Settings” and click on “Advanced” to see cookie management options.
You can disable or restrict cookies by changing the settings in your internet browser. Stored cookies can be erased at any time. This can also be automated. If cookies are disabled for our website, it may not be possible to use all functions of the website to their full extent. Storing cookies allows our website to adjust its content and structure to the individual requirements of the user. Website settings are stored for a limited time and retrieved when you visit the website again.
4.7 Newsletter and email delivery
The newsletter service provider may use recipients’ data in a pseudonymous form, i.e. without association with a user, to optimize or improve its own services, e.g. for technical optimization of the delivery and display of newsletters, or for statistical purposes. However, the service provider will not use the data of our newsletter recipients to contact them itself, and will not pass the data on to third parties.
5 Recipients or categories of recipients of the personal data
5.1 Personal data of the data subject may be disclosed or transferred to third parties in circumstances other than those described here only if:
- Disclosure is legally permissible and required pursuant to Art. 6 (1b) GDPR for the preparation or performance of contractual relations, or the data subject has given explicit consent pursuant to Art. 6 (1a) GDPR;
- Disclosure is required for the establishment, exercise or defense of legal claims pursuant to Art. 6 (1f) GDPR, and there is no reason to assume that the data subject has an overriding legitimate interest in non-disclosure of his or her data; or
- Disclosure is a legal obligation pursuant to Art. 6 (1c) GDPR.
5.2 Within our company, the persons who have access to the data of the data subject are those who need these data to fulfill our contractual and legal obligations. Any processors or service providers (in particular for IT systems and file destruction) that we may employ may also receive data for these purposes if they comply with our instructions under data protection law. We use processors in particular for our IT services as well as for destroying files.
5.3 We use the web host of our corporate website as a processor and have concluded a data processing agreement with it.
6 Planned data transfers outside the EU
6.1 Personal data are processed on or via our corporate website on servers located in Germany.
6.2 In principle, we do not intend to transfer personal data to a third country (a country outside the European Union or the European Economic Area).
6.3 When an email is sent via the MailChimp component, your data will be transmitted to a server of Rocket Science Group in the USA and will be processed there in compliance with the EU–US Privacy Shield.
7 Storage duration
7.1 We store the personal data we have collected for as long as they are required for our purposes, or for the additional period which the data subject has consented to in accordance with the provisions of the GDPR.
7.3 The personal data collected for the purposes of a contract will also be stored until the expiry of our statutory retention obligations. The data will be erased thereafter, unless processing remains necessary for compliance with a legal obligation to which we are subject.
7.4 We will store the personal data which we have collected for the order/contract until the expiry of the statutory retention periods (6 years after the end of the calendar year in which the contract was terminated), at which point we will erase the data, unless we are obliged to store the data for a longer period of time pursuant to Art. 6 (1c) GDPR due to retention and documentation obligations under tax and commercial law (the German Commercial Code HGB, the German Penal Code StGB or the German Tax Code AO), or the customer has consented to additional storage pursuant to Art. 6 (1a) GDPR.
7.5 The applicable retention and documentation obligations under tax and commercial law stipulate a retention period of six or ten years for the commercial documents specified in Sections 238 and 257 of the German Commercial Code. Corresponding regulations are specified in Section 147 of the German Tax Code for the retention of the documents mentioned herein.
7.6 The expiry of the retention period does not automatically mean we are obliged to erase the data, since we may still have a legitimate interest in archiving the data, for example to be able to provide information in the case of legal disputes.
8. Legal basis for processing of personal data
Provided we obtain the consent of the data subject for processing of personal data, Art. 6 (1a) of the European General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
Art. 6 (1b) GDPR shall be the legal basis for processing of personal data which is required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations required to carry out pre-contractual measures.
Art. 6 (1c) GDPR shall be the legal basis where our company needs to process personal data to fulfill a legal obligation.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1d) GDPR shall be the legal basis.
In cases where data processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interests, Art. 6 (1f) GDPR shall be the legal basis for data processing.
Rights of the data subject
8.1 Right of access
You are entitled to obtain information about your personal data that have been stored, their origin, their recipients and the purpose of data processing, at any time and free of charge, within the scope of the applicable legal provisions.
8.2 Right to rectification
You have a right to have your personal data rectified and/or completed by the controller, if your personal data which are processed are incorrect or incomplete.
8.3 Right to restriction of processing
You may, under certain circumstances, request the restriction of the processing of your personal data. Such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
If data processing has been restricted, you will be informed by the controller before the restriction of processing is lifted.
8.4 Right to erasure
You have the right to have your data erased. The personal data concerned will be erased or blocked as soon as the purpose of the storage is no longer applicable. Additional storage of the data may take place if this has been provided for by the European or national legislature in the form of EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is required for conclusion or performance of a contract.
If your personal data have been made public, and their erasure is mandatory in accordance with Art. 17 (1) GDPR, all controllers will be notified that you have requested the erasure of the links to these personal data, or of copies or replications of these personal data.
The right to erasure shall not apply to the extent that processing is necessary. More information on this can be found in Art. 17 (3) GDPR.
8.5 Right to information
If you have contacted the controller to exercise the right to rectification, erasure or restriction of processing of your personal data, each recipient to whom the personal data in question have been disclosed will be notified of this change, unless this proves impossible or involves disproportionate effort.
You have the right to be informed about said recipients.
8.6 Right to data portability
You have the right to personally receive data that we automatically process on the basis of your consent or for performance of a contract, or to have it delivered to a third party, in a commonly used and machine-readable format. If you require the data to be sent directly to another controller, this will only be done to the extent that it is technically feasible.
8.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time, to processing of your personal data which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.
Your personal data will no longer be processed unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of the establishment, exercise or defense of legal claims.
8.8 Right to withdraw declaration of consent provided under data protection law
Many data processing operations can only be performed with your explicit consent. You can withdraw consent you have given previously at any time. To do this, it is enough to send us an informal message by email. The lawfulness of the data processing carried out prior to the withdrawal of consent shall remain unaffected.
8.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that apply to you or similarly significantly affects you.
This does not apply if the decision:
Is necessary for entering into, or performance of, a contract between you and the controller;
Is authorized by legal provisions which are laid down by the European Union or the member states, to which the controller is subject, and which contain suitable measures to safeguard your rights, freedoms and legitimate interests; or
Is made with your explicit consent.
However, such decisions may not be based on special categories of personal data as referred to in Art. 9 (1) GDPR, unless point (a) or (g) of Art. 9 (2) applies and suitable measures to safeguard rights and freedoms as well as your legitimate interests are in place.
8.10 Right to lodge a complaint with a supervisory authority
In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for matters concerning data protection law is the data protection officer of the German federal state in which our company is based. A list of data protection officers and their contact details can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
You can contact us at any time at the address stated in the legal notice for further information on this or other issues concerning personal data.
9 Objection to advertising emails
The use of contact details which are published in accordance with the German legal requirements to provide a legal notice in order to send advertising and information materials not explicitly requested is hereby prohibited. The site operators expressly reserve the right to take legal action in the event of unsolicited sending of promotional information, for instance through spam emails.