Privacy Statement

1. Data protection at a glance

General information

The information below will give you a simple overview of what happens with your personal data when you visit this website. Personal data (also referred to as “personal information”) is all information that can be used to identify you personally. For detailed information about data protection, please refer to our Privacy Statement below this text.

Data Collected by This Website

Who is responsible for data collection on this website?

Data on this website is processed by the site operator. You will find their contact data in the section “Note on the Data Controller” in this Privacy Statement.

How do we collect your data?

We collect some of your data by simply asking you to provide it. This could involve data that you enter in a contact form, for instance.

Other data is collected by our IT systems, either automatically or after you grant your consent, when you visit our website. This primarily involves technical information (such as internet browser, operating system, and time of your visit). This data is collected automatically as soon as you enter this website.

How do we use your data?

Some of the data is collected to ensure that the website is delivered free of errors. Other data can be used to analyze your usage patterns.

What rights do you have with regard to your data?

You have the right to obtain access free of charge regarding the origin, recipient, and purpose of the personal data we have saved for you. You also have the right to demand that this information be rectified or erased. If you have granted consent for the processing of your personal data, you can revoke this consent at any time for the future. You also have the right to demand restrictions to the processing of your personal data under certain circumstances. Lastly, you have the right to appeal to the responsible supervisory authority.

Please feel free to contact us at any time if you need more information about these and other questions regarding data protection.

Analytics Tools and Tools from Third-Party Providers

When you visit this website, your surfing patterns can be statistically evaluated. This is done primarily using analytics programs.

You will find detailed information about these analytics programs in the Privacy Statement below.

2. Hosting

We use the following provider to host the contents of our website:

DomainFactory

The provider is DomainFactory GmbH, c/o WeWork, Neuturmstrasse 5, 80331 Munich, Germany (herein: DomainFactory). When you visit our website, DomainFactory records a number of log files, including your IP addresses.

For more details, refer to DomainFactory’s privacy statement (in German): https://www.df.eu/de/datenschutz/.

DomainFactory is engaged on the basis of Art. 6(1f) GDPR (General Data Protection Regulation). We have a justified interest in having our website presented as reliably as possible. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG (Telecommunications Digital Services Data Protection Act), to the extent that the consent includes storing cookies or accessing information on the user’s device (for device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

Commissioned Data Processing

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This agreement is required by data protection laws and guarantees that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

3. General Information and Required Information

Data Protection

The operators of this website take the protection of your personal data seriously. We handle personal data confidentially and in accordance with statutory data protection regulations, as well as this Privacy Statement.

When you visit this website, a variety of personal data is collected. Personal data (also referred to as “personal information”) is information that can be used to identify you personally. This Privacy Statement explains which information we collect and what we use it for. It also explains how it is used and for which purpose.

We wish to point out that sending data over the internet (in email communications, for example) may be subject to certain security vulnerabilities. It is not possible to completely protect such data against third party access.

Note on the Data Controller

The data controller for the information on this website is:

gicom AG
Propsteistrasse 21
51491 Overath, Germany

Legal representation
gicom AG, represented by the Management Board
Dirk Eberle (CEO)
Stefan Hilger

Chair of the Supervisory Board
Hans-Jakob Reuter

Phone: +49 2206 9084 – 0
Email: info[at]gicom-group.com

The data controller is the natural person or legal entity that decides – alone or together with others – about the purposes and means used to process personal data (such as names, email addresses, and similar information).

Retention Period

Unless a more specific retention period is stated in this Privacy Statement, we will retain your personal data until the purpose for its processing no longer applies. If you enforce a justified right to erasure or revoke your consent for processing your personal data, your data will be deleted unless we have other legally valid reasons for retaining your personal data (such as retention periods specified for tax or commercial law); in the latter case, your information will be deleted when these reasons no longer apply.

General Information about the Legal Basis for Data Processing on This Website

Provided that you have consented to the processing of your data, we process your personal data based on Art. 6(1a) GDPR and Art. 9(2a) GDPR, as well as special data categories in accordance with Art. 9(1) GDPR. If you provide your explicit consent for transferring personal data to third countries, the data is also processed in accordance with Art. 49(1a) GDPR. If you consent to storing cookies or allowing access to information on your user device (via device fingerprinting, for example), the data is also processed in accordance with Sec. 25(1) TDDDG. You may revoke this consent at any time. If your data is required for contract fulfillment or to carry out pre-contractual activities, we process your data based on Art. 6(1b) GDPR. We also process your data to the extent required to fulfill legal obligations, based on Art. 6(1c) GDPR. Data processing may also take place based on our justified interest, pursuant to Art. 6(1f) GDPR. The pertinent legal basis applicable in individual cases are described below in this Privacy Statement.

Data Protection Officer

We have appointed a Data Protection Officer.
External Data Protection Officer DSBOK
Oliver Krause, Untergasse 2, 65474 Bischofsheim, Germany

Phone: +49 6144 402197
Email: gicom@dsbok.de

Recipients of Personal Information

In the course of our business activities, we work together with a variety of external entities. Some of this collaboration requires the transfer of personal data to these entities. We will only transfer personal data to external bodies if this is required for contract fulfillment, if we are legally required to do so (forwarding data to tax authorities, for example), if we have a justified interest in transferring the data pursuant to Art. 6(1f) GDPR, or if a different legal basis permits the transfer. If we commission data processors, we will only transfer the personal data of our customers based on a valid data processing agreement. In the case of joint processing, an agreement for joint processing will be concluded.

Revoking Your Consent for Data Processing

Many data processing operations are only possible with your explicit consent. Once granted, you can revoke your consent at any time. This does not negate the legality of the data processing that took place prior to the revocation.

Right to Object Against Data Collection in Special Cases and Against Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING TAKES PLACE BASED ON ART. 6(1E) OR 6(1F) GDPR, YOU HAVE THE RIGHT TO SUBMIT AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS RESULTING FROM YOUR SPECIAL SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. FOR INFORMATION ON THE LEGAL BASIS FOR PROCESSING, REFER TO THIS PRIVACY STATEMENT. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE CAN PROVIDE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND LIBERTIES OR IF THE PROCESSING SERVES THE ENFORCEMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT IT IS RELATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to Appeal to the Responsible Supervisory Authority

In the case of violations of the GDPR, data subjects have the right to appeal to a supervisory authority, particularly in the member state of your habitual residence, your workplace, or the site of the alleged violation. This right to appeal applies notwithstanding any other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data that we process automatically based on your consent or to fulfill a contract, either personally or via a third party, in a commonly used, machine-readable format. Should you request direct transfer of this data to a different controller, this will only be done to the extent technically feasible.

Information, Rectification, and Erasure

Within the framework of the applicable legal regulations, you have the right to obtain information about the personal data that has been collected for you, its origin and recipients, and the purpose of the data processing, as well as a right to the rectification or erasure of this data, if applicable. Please feel free to contact us at any time if you need more information about these and other questions regarding personal data.

Right to Restriction of Processing

You have the right to demand restrictions to the processing of your personal data. You can contact us at any time with such demands. You have the right to demand restrictions to processing in the following cases:

If you contest the accuracy of the personal data we have saved for you, we normally need some time to review the situation. You have the right to demand restrictions to the processing of your personal data for the duration of this review.
If the processing of your personal data is or was unlawful, you can demand restrictions to the processing of this data instead of erasure.
If we no longer need your personal data, but you still require it to exercise, defend, or assert legal claims, you have the right to demand restrictions to the processing of your personal data instead of its erasure.
If you have submitted an objection pursuant to Art. 21(1) GDPR, we need to weigh your interests against ours. Until it is determined whose interests prevail, you have the right to demand restrictions to the processing of your personal data.

If you have restricted the processing of your personal data, then this data – aside from storage – may only be processed with your consent or to assert, exercise, or defend against legal claims, or to protect the rights of another natural or legal person, or for reasons associated with an important public interest of the European Union or one of its member states.

SSL and TLS Encryption

For security reasons and to protect the transfer of confidential content, such as orders or inquiries, that you send to us, the site operator, this website uses SSL or TLS encryption. You can identify an encrypted connection because the URL field of your browser changes from “http://” to “https://” and a padlock icon appears.

When SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

Objection to Advertising Email

We hereby object to using the contact data provided to fulfill the obligation to provide publication information for the purposes of sending advertising and information materials that were not explicitly requested. The website operators expressly reserve the right to take legal action in the case of unsolicited distribution of advertising information, such as spam email.

4. Data Collected by This Website

Cookies

Our web pages use cookies, which are small data files that do not do any damage to your user device. They are saved on your device either for the duration of your session (session cookies) or in the long term (persistent cookies). Session cookies are deleted automatically at the end of your visit. Persistent cookies remain stored on your user device until you delete them yourself or they are deleted automatically by your web browser.

Cookies can originate from us (called “first-party cookies”) or from outside companies (called “third-party cookies”). Third-party cookies make it possible to integrate specific services from outside companies in websites (such as cookies for providing payment services).

Cookies have different functions. Many cookies are technically essential, because certain website functions (such as the shopping cart system and the display of videos) would not work without them. Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are required (strictly necessary cookies) to execute the electronic communication process, to provide certain functions you need (for the shopping cart function, for instance), or to optimize the website (such as cookies to measure the web audience) are stored based on Art. 6(1f) GDPR, provided that no other legal basis is specified. The website operator has a justified interest in the storage of strictly necessary cookies, to ensure that its services are technically free of errors and optimize performance. If consent to save cookies and comparable tracking technologies has been granted, processing takes place based exclusively on this consent (Art. 6(1a) GDPR and Section 25(1) TDDDG); you may revoke your consent at any time.

You can configure your browser to notify you when a website attempts to set cookies and only allow cookies for a specific case, generally accept or reject cookies for certain cases, and/or automatically delete all cookies when the browser is closed. If you deactivate cookies, it may restrict the functionality of this website.

For information about which cookies and services are used on this website, refer to this Privacy Statement.

Consent with Borlabs Cookie

Our website uses the consent technology of Borlabs Cookie to ask for your consent to save specific cookies in your browser or use specific technology, as well as document this consent in a data protection-compliant manner. This technology is provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter: Borlabs).

When you visit our website, a Borlabs Cookie is saved in your browser, which in turn stores the consents you have granted and/or revoked. This data is not forwarded to the provider of the Borlabs Cookie.

The recorded data is saved until you request its deletion or delete the Borlabs Cookie yourself, or if the purpose for the data processing no longer applies. This does not affect mandatory statutory retention periods. For details regarding data processing of the Borlabs Cookie, refer to https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.

We use the Borlabs Cookie consent technology to obtain the legally required consent for using cookies. The legal basis for this is Art. 6(1c) GDPR.

Server Log Files

The provider of this website automatically collects and stores information that your browser sends to us automatically in server log files. These are:

Browser and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

This data is recorded based on Art. 6(1f) GDPR. The website operator has a justified interest in a technically error-free presentation and optimization of its website – and server log files must be recorded to ensure this.

Contact Form

If you use our contact form to send us an inquiry, we will save your information from the contact form, including the contact data you entered there, for the purpose of processing your inquiry and in case we need to ask you any additional questions. We will not divulge this data without your consent.

This data is processed based on Art. 6(1b) GDPR, to the extent that your inquiry is related to the fulfillment of a contract or the execution of pre-contractual activities. In all other cases, processing is based on our justified interest in effectively processing the inquiries we are sent (Art. 6(1f) GDPR) or based on your consent (Art. 6(1a) GDPR), provided that your consent was requested; you may revoke this consent at any time.

The data you enter in the contact form will remain with us until you request its deletion, you revoke your consent to store it, or the purpose for storing the data no longer applies (after completing the processing of your inquiry, for instance). This does not affect the applicable legal regulations –particularly with regard to retention periods.

Inquiry by Email, Phone, or Fax

When you contact us by email, phone, or fax, your inquiry will be saved and processed, including all the resulting personal data (name, inquiry), for the purpose of processing your request. We will not divulge this data without your consent.

The data you provide us with will remain with us until you request its deletion, you revoke your consent to store it, or the purpose for storing the data no longer applies (after completing the processing of your request, for instance). This does not affect the applicable legal regulations –particularly with regard to statutory retention periods.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that we use to integrate tracking and statistics tools, as well as other technologies, on our website. Google Tag Manager itself does not create any user profiles, store cookies, or carry out independent analyses. It is used merely to manage and deploy the tools it integrates. Google Tag Manager also records your IP address, however, which can be sent to Google’s parent corporation in the United States.

Google Tag Manager is used based on Art. 6(1f) GDPR. The website operator has a justified interest in the rapid, simple integration and management of various tools on its website. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG , to the extent that the consent includes storing cookies or accessing information on the user’s device (device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an adequacy decision between the European Union and the U.S. that is intended to guarantee compliance with European data protection standards when data is processed in the U.S. Every company certified under the DPF undertakes to comply with these data protection standards. More information is available from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of Google Analytics, a web analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of its website visitors. In this process, the website operator receives a variety of user data, such as page impressions, length of stay on the site, operating systems used, and the user origins. This data is summarized in a user ID and assigned to the website visitor’s respective user device.

Google Analytics also enables us to record your mouse and scrolling movements, as well as clicks, among other information. In addition, Google Analytics uses a variety of modeling approaches to complement the recorded data records and uses machine learning technologies for data analytics.

Google Analytics uses technologies (like cookies or device fingerprinting) that enable user tracking, for the purpose of analyzing their behavior. The information recorded by Google regarding the usage of this website is normally sent to a Google server in the U.S. and stored there.

Usage of this service is based on your consent, in accordance with Art. 6(1a) GDPR and Section 25(1) TDDDG. You may revoke this consent at any time.

The data transfer to the U.S. is supported by the standard contractual clauses defined by the European Commission. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

Google Analytics IP Anonymization is active. As a result, Google will truncate your IP address within the member states of the European Union or in other member states of the Agreement on the European Economic Area before it is transferred to the U.S. In exceptional cases, the full IP address is transferred to a Google server in the U.S. and truncated there. Google will use this information on behalf of the website operator to analyze your use of the website, compile reports on website activities, and deliver other services related to website and internet use to the website operator. The IP address sent from your browser in the context of Google Analytics will not be merged with other Google data.

Browser Plug-In

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, refer to Google’s privacy statement: https://support.google.com/analytics/answer/6004245?hl=en.

Commissioned Data Processing

We have concluded a data processing agreement with Google and fully practice the strict requirements of the German data privacy authorities in our use of Google Analytics.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).

Hotjar is a tool for analyzing your user behavior on this website. Hotjar enables us to record your mouse and scrolling movements, as well as clicks, among other information. Hotjar can also determine how long you left the cursor idle in a specific place. Hotjar uses this information to generate “heat maps”, which show which areas of the website are viewed most by visitors.

In addition, we can determine how long you stayed on a page and when you left it. We can also determine the place where you stopped entering information in a contact form (“conversion funnels”).

Hotjar also makes it possible to solicit feedback directly from website visitors. This function is used to improve the website operator’s offerings.

Hotjar uses technologies (like cookies or device fingerprinting) that enable user tracking, for the purpose of analyzing their behavior.

Provided that consent was obtained, this service is used exclusively based on Art. 6(1a) GDPR and Section 25 TDDDG. You may revoke this consent at any time. If consent was not solicited, this service is used based on Art. 6(1f) GDPR; the website operator has a justified interest in analyzing user behavior to optimize both its web offerings and its advertising.

Deactivating Hotjar

If you want to deactivate data recording by Hotjar, click the link below and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that Hotjar must be deactivated separately for each browser and each user device.

For more information about Hotjar and the data it collects, refer to Hotjar’s privacy statement under the following link: https://www.hotjar.com/privacy

Commissioned Data Processing

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel from Facebook/Meta to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to information from Facebook, however, the collected data is also transferred to the U.S. and other third countries.

This makes it possible to track the behavior of website visitors after they are forwarded to the provider’s website by clicking a Facebook advertisement. In turn, this makes it possible to analyze the effectiveness of Facebook advertisements for statistical and market research purposes and optimize future advertising activities.

The collected data is anonymous for us as the website operator; we cannot draw any conclusions regarding the users’ identities. This data is stored and processed by Facebook, however, which means it can be linked with the respective user profile and Facebook can use this data for its own advertising purposes, in line with Facebook’s privacy policy (https://www.facebook.com/privacy/policy). As a result, Facebook can display advertising on Facebook pages and outside of Facebook. As the website operator, we have no influence over how this data is used.

Usage of this service is based on your consent, in accordance with Art. 6(1a) GDPR and Section 25(1) TDDDG. You may revoke this consent at any time.

We use the Advanced Matching feature within the Meta Pixel.

Advanced Matching enables us to send the different types of data of our customers and prospects that we collect through our website (such as city of residence, state, postal code, hashed email addresses, name, gender, date of birth, and phone number) and send it to Meta (Facebook). This activation lets us tailor our advertising campaigns on Facebook more precisely to people who are interested in our offerings. Advanced matching also improves the assignment of website conversions and advanced custom audiences.

To the extent that personal data is collected on our website by the tools described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are the joint controllers of this data processing (Art. 26 GDPR). This shared responsibility is strictly limited to the collection of the data and its forwarding to Facebook. The subsequent processing by Facebook after the data transfer is not part of our joint responsibility. Our joint obligations for the above are described in a joint data processing agreement. You will find the wording of this agreement under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for issuing the data protection information when the Facebook tool is used and for ensuring the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert your rights as a data subject (such as right of access) with regard to the data processed by Facebook directly with Facebook. If you assert your rights as a data subject with us, we are required to forward your request to Facebook.

The data transfer to the U.S. is supported by the standard contractual clauses defined by the European Commission. You can find the details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.

Facebook’s privacy statement contains additional information about the protection of your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing feature in the settings for advertising under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you must be registered at Facebook.

If you do not have a Facebook account, you can deactivate targeted advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/your-ad-choices.

SalesViewer® Technology

This website uses SalesViewer® technology from SalesViewer® GmbH, based on the website operator’s justified interest (Art. 6(1f) GDPR) in collecting data for the purposes of marketing, market research, and website optimization.

To this end, a JavaScript-based code is used to collect enterprise-specific data and the corresponding use. The data collected using this technology is encrypted through a hashing function. The data is pseudonymized immediately and is not used to personally identify this website’s visitors.

The data stored in the SalesViewer® framework is deleted as soon as it is no longer needed for its intended purpose and no statutory retention periods preclude its deletion.

You can object to the data collection and storage with future effect at any time by clicking this link https://www.salesviewer.com/opt-out. This will prevent future collection by SalesViewer® on this website. This sets an opt-out cookie for this website on your device. If you delete your cookies in this browser, you will need to click the link again.

6. Plug-Ins and Tools

YouTube with Privacy-Enhanced Mode

This website integrates videos from YouTube’s website. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our web pages where YouTube is embedded, a connection to YouTube’s servers is established. In this process, the YouTube server is informed of which of our pages you have visited. If you are logged on to your YouTube account, you enable YouTube to allocate your surfing behavior directly to your personal profile. You can prevent this by logging off from your YouTube account.

We use YouTube in privacy-enhanced mode. According to information from YouTube, videos that are played in privacy-enhanced mode are not used to personalize surfing on YouTube. Advertisements that are played in privacy-enhanced mode are not personalized either. No cookies are set in privacy-enhanced mode. Instead, local storage elements are stored in the user’s browser which, like cookies, contain personal data and can be used for user tracking. More information about privacy-enhanced mode is available here: https://support.google.com/youtube/answer/171780.

After you activate a YouTube video, this may trigger additional data processing operations that are beyond our own control.

We use YouTube in the interest of providing attractive online offerings. This represents a justified interest according to Art. 6(1f) GDPR. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG , to the extent that the consent includes storing cookies or accessing information on the user’s device (device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

Additional information about privacy at YouTube is available in their privacy statement under: https://policies.google.com/privacy.

Google Fonts (Local Hosting)

To ensure the uniform presentation of fonts, this website uses “Google Fonts”, which are provided by Google. The Google Fonts are installed locally. No connection to Google’s servers is established.

More information about Google Fonts is available under https://developers.google.com/fonts/faq and in Google’s privacy statement: https://policies.google.com/privacy.

Google Maps

This website uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. This service lets us integrate maps in our website.

To use the features of Google Maps, it is necessary to store your IP address. The information is normally sent to a Google server in the U.S. and stored there. This transfer of data is beyond the control of the operator of this website. When Google Maps is activated, Google may use Google Fonts to ensure uniform presentation of the fonts. When Google Maps is called, your browser downloads the required web fonts to your browser cache, to display texts and fonts correctly.

We use Google Maps in the interest of an attractive presentation of our online offerings and to make it easy to find the locations specified on our website. This represents a justified interest according to Art. 6(1f) GDPR. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG , to the extent that the consent includes storing cookies or accessing information on the user’s device (device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

The data transfer to the U.S. is supported by the standard contractual clauses defined by the European Commission. You can find the details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information about the handling of user data, refer to Google’s privacy statement: https://support.google.com/analytics/answer/6004245?hl=en.

OpenStreetMap

We use the map service from OpenStreetMap (OSM).

We integrate maps by OpenStreetMap on the servers of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, UK. The United Kingdom is considered to be a third country with an adequacy decision. This means that the UK has a level of data security that corresponds to that of the European Union. When the OpenStreetMap maps are used, a connection is established with the servers of the OpenStreetMap Foundation. In this process, your IP address and other information about your behavior on this website may be forwarded to the OSMF. To this end, OpenStreetMap may set cookies on your browser or use comparable tracking technologies.

We use OpenStreetMap in the interest of attractive presentation of our online offerings and to make it easy to find the locations specified on our website. This represents a justified interest according to Art. 6(1f) GDPR. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG , to the extent that the consent includes storing cookies or accessing information on the user’s device (device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

Google reCAPTCHA

We use Google reCAPTCHA (hereinafter: “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is intended to determine whether the data entered on this website (in a contact form, for example) was submitted by a person or an automated program. To do so, reCAPTCHA analyzes the behavior of the website visitor based on a number of characteristics. This analysis starts automatically as soon as a visitor visits the website. To perform this analysis, reCAPTCHA analyzes a variety of information (such as IP address, length of stay on the site, and mouse movements by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analytics run completely in the background. Website visitors are not informed that an analysis is being performed.

This data is stored and analyzed based on Art. 6(1f) GDPR. The website operator has a justified interest in protecting its web offerings against intrusive bots and spam. Provided that the corresponding consent was asked for, processing is performed exclusively based on Art 6(1a) GDPR and Sec. 25(1) TDDDG , to the extent that the consent includes storing cookies or accessing information on the user’s device (device fingerprinting, for instance) within the meaning of the TDDDG. You may revoke this consent at any time.

For more information about Google reCAPTCHA, refer to Google’s privacy statement and terms of use under the following links: https://policies.google.com/privacy and https://policies.google.com/terms.

7. Internal Services

Handling of Applicant Data

We give you the opportunity to apply for a position with us (for example, via email, postal mail, or the online application form). In the following, we will inform you about the scope, purpose, and usage of your personal data that is collected in the framework of the application process. We ensure you that we will collect, process, and use your data in compliance with applicable data protection laws and all other legal regulations and that your data will be handled with strict confidentiality.

Scope and Purpose of Data Collection

If you send us an application, we process your associated personal data (such as contact and communication data, application materials, notes taken during job interviews, and so on) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 BDSG, according to German law (employment-related purposes), Art. 6(1b) GDPR (pre-contractual measures), and – provided that you have granted consent – Art. 6(1a) GDPR. You may revoke this consent at any time. You personal data will only be passed on to people within our company who are involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing systems based on Section 26 BDSG and Art. 6(1b) DSGVO, for the purpose of establishing the employment relationship.

Retention Period for Data

If we are unable to offer you a position or if you reject an offered position or withdraw your application, we reserve the right to retain the data you provided us with based on our justified interests (Art. 6(1f) GDPR) for up to six months after conclusion of the application process (rejection or withdrawal of the application). After this, your data will be deleted and all physical application materials will be destroyed. This retention is intended above all to ensure that evidence is available in the case of a legal dispute. If it is apparent that this data will be needed after the usual six-month retention period expires (due to an imminent or pending legal dispute, for instance), the data will not be deleted until the purpose for continuing to retain it no longer applies.

A longer retention period could also apply if you have granted us corresponding consent (Art. 6(1a) GDPR) or if statutory retention requirements preclude deletion.

Inclusion in Our Applicant Pool

If we are unable to offer you a position, we may wish to add you to our applicant pool. In this case, all documents and information from your application will be added to our applicant pool, so we can contact you if we have a suitable vacancy.

You will only be added to our applicant pool if you grant your explicit consent (Art. 6(1a) GDPR). Refusing consent in this case is voluntary and will have no relation to an active application process. As the data subject, you may revoke your consent at any time. In this case, your data will be irretrievably deleted from our applicant pool, as long as no statutory retention requirements apply.

The data from the applicant pool will be irretrievably deleted two years after you grant your consent, at the latest.

Our Social Media Presence

This Privacy Statement applies to our presence on the following social media:

Data Processing by Social Networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed further below.

Social networks such as Facebook, X, and so on, can usually analyze your user behavior in detail when you visit their respective website or a website with integrated social media content (such as Like buttons or advertising banners). When you visit our social media pages, this usually triggers a number of processing operations that are relevant for data protection. In detail:

If you are logged on to your social media account and visit our social media page, the operator of the social media portal can allocate this visit to your user account. Under certain circumstances, however, your personal data can be recorded even if you are not logged on or do not have an account with the respective social media portal. In this case, the data is collected using cookies that are stored on your user device, for instance, or by recording your IP address.

With this collected data, the operators of the social media portals can create user profiles that save your preferences and interests. This, in turn, enables them to display targeted advertising within and outside the respective social media pages. If you have an account with the respective social network, this targeted advertising may appear on all devices on which you are logged on or have logged on.

Please also note that we cannot trace all processing operations on the social media portals. As such, the operators of the social media portals may carry out additional processing operations, depending on the provider. For more details, refer to the terms of use and privacy statements of the respective social media portals.

Legal Basis

Our social media accounts are intended to provide as comprehensive a presence as possible on the internet. This represents a justified interest according to Art. 6(1f) GDPR. The analytics processes initiated by the social networks may be based on different legal bases, which the operators of the social networks must specify (such as consent pursuant to Art. 6(1a) GDPR).

Controllers and Assertion of Rights

When you visit one of our social media sites (such as Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations that are triggered by this visit. You can generally enforce your rights (to access, rectification, erasure, restriction of processing, data portability, and appeal) with us and with the operator of the respective social media portal (such as Facebook).

Please note that despite the joint responsibility we share with the social media portal operators, we do not have full control over the data processing operations on the social medial portals. Our options are substantially dependent on the respective provider’s business policies.

Retention Period

The data recorded directly by us through our social media presence will be deleted from our system as soon as you request its deletion, revoke your consent for storing it, or the purpose for storing the data no longer applies. Saved cookies remain on your user device until you delete them. This does not affect the applicable legal regulations – particularly with regard to retention periods.

We have no control over the storage duration of your data that the social network operators store for their own purposes. For details about this, please consult the operators of the social networks directly (in their privacy statements, for instance – see below).

Your Rights

You have the right to obtain access free of charge regarding the origin, recipient, and purpose of the personal data we have saved for you. You also have the right to object, to data portability, and to appeal to the responsible supervisory authority. Furthermore, you may demand the rectification, blocking, deletion, and – under certain circumstances – restriction of processing of your personal data.

The Individual Social Networks

Facebook

We have a profile on Facebook. This service is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter: “Meta”). According to information from Meta, the collected data is also transferred to the U.S. and other third countries.

We have concluded an agreement for joint processing with Meta (“Controller Addendum”). This agreement defines which data processing operations we and Meta are responsible for when you visit our Facebook page. You can read this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do so, click the following link and log on: https://www.facebook.com/settings?tab=ads.

For more details, refer to Facebook’s privacy statement: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For details about the handling of your personal data, refer to Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

XING

We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. For details about the handling of your personal data, refer to XING’s privacy policy: https://privacy.xing.com/en/privacy-policy.

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to deactivate LinkedIn advertising cookies, use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transfer to the U.S. is supported by the standard contractual clauses defined by the European Commission. You can find the details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details about the handling of your personal data, refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details about the handling of your personal data, refer to YouTube’s privacy statement: https://policies.google.com/privacy.

Apple Podcasts

We have a channel with Apple Podcasts. The provider of this service is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA.

When you subscribe to or listen to our podcasts via Apple Podcasts, personal information such as your IP address, usage behavior (such as which episodes you listened to), and device information may be collected and processed by Apple. Apple processes this data to generate statistics and to offer you personalized content and advertising, among other purposes.

Please note that we have no direct influence over Apple’s data processing. For more information about data processing by Apple Podcasts, refer to Apple’s privacy statement.

The data transfer to the U.S. takes place based on the standard contractual clauses defined by the European Commission. For more information, refer to: https://www.apple.com/legal/privacy/en-ww/.