keyboard_arrow_up

I. Responsible party in the sense of the data protection laws is:

RHENUS DOCS TO DATA GMBH

Rhenus-Platz 1
59439 Holzwickede
 

 

II. Contact information of the data protection officer

If you have any questions regarding the processing of your personal data by us, please contact our data protection officer in writing or by E-Mail:

 

RDP Röhl · Dehm & Partner Rechtsanwälte mbB
Michaela Berger and Norbert Geyer
Moritzplatz 6
86150 Augsburg, Germany
dsb.docs-to-data@rdp-law.de

III. Automatic data processing when calling up the website

Personal data is already processed when the page is accessed. This happens automatically, without you having to take any further actions such as filling out and sending a contact form.

These automated processing operations concern:

Processing of the IP address

1. Description and scope of data processing
When you access this website, requests are sent to the server, which must answer them. For this purpose, your IP address must be collected and processed by the server so that the corresponding server requests can be answered.

 

2. Legal basis for data processing
The legal basis for the processing of this data is art. 6 para. 1 lit. f) GDPR.

 

3. Purpose of data processing
The purpose of processing your IP address is to establish and secure the functionality of the website and to technically enable the retrievability of the website.

 

4. Legitimate interest
The legitimate interest in the temporary storage of the IP address is that the functionality and provision of the technical retrievability of the website is not possible without this storage.

 

5. Duration of storage
The data will be deleted as soon as further storage is no longer necessary due to the fulfillment of its purpose. In the case of data collection for the provision of the website, this is the case when the retrieval process is completed.

 

6. Recipients of personal data
The IP address is processed by the following hosting provider:
Rhenus Assets & Services GmbH & Co. KG, Rhenus Platz 1, 59439 Holzwickede, Germany.
There also exists administrative access to the data within the context of maintenance and services.

 

7. Transfer to a third country
There is no intention to transfer the personal data to a third country or to an international organization.

 

8. Necessity of the provision
The provision of the data is necessary because the website is not accessible otherwise.

 

9. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.

 

Processing of server log files

 

1. Description and scope of data processing
The IP addresses collected when this website is accessed are also stored in server log files in order to detect and remedy technical malfunctions and/or attempts to manipulate or break into the server structure.
In addition, the provider of this website automatically collects, stores and processes information in server log files, which are automatically transmitted by your browser.

This information includes:
Browser type and browser version
Operating system
Referrer URL
Host name of the accessing computer
Time of the server request
This information, however, will not be merged with other data sources.

 

2. Legal basis for data processing
The legal basis for the processing of this data is art. 6 para. 1 lit. f) GDPR.

 

3. Purpose of data processing
The purpose of processing your IP address and the aforementioned information is to detect malfunctions and attempted intrusions. This serves the security structure of the website and the system integrity of the servers.

 

4. Legitimate interest
The legitimate interest in processing the IP address and the aforementioned information is to provide a functional and uncompromised technical website environment.

 

5. Duration of storage
The data will be deleted within 28 days.

 

6. Recipients of personal data
The IP address and the aforementioned information are processed by the following hosting provider:
Rhenus Assets & Services GmbH & Co. KG, Rhenus Platz 1, 59439 Holzwickede, Germany

 

7. Transfer to a third country
There is no intention to transfer the personal data to a third country or to an international organization.

 

8. Necessity of the provision
The provision of the data is necessary because the website cannot be accessed otherwise.

 

9. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.

 

Use of cookies

 

1. Description and scope of data processing
The site uses so-called "cookies". Cookies are text files that are stored in the memory and/or on a data carrier of the device used to visit this website and are processed by your web browser in accordance with the browser's settings.

The content of these cookies includes:
Name
PHPSESSID
Host
DOMAINNAME
Duration
Session
TypeInitial provider
Category
Necessary cookies
Description
PHP session cookie associated with embedded content from this domain.

Name
OptanonAlertBoxClosed
Host
DOMAINNAME
Duration
365 days
Type
Initial provider
Category
Necessary cookies
Description
This cookie is set by websites that use particular versions of OneTrust's cookie compliance solution. It is set after visitors see a cookie notification and in some cases only when they actively close the notification. It allows the website not to display the message more than once to a user. The cookie has a lifetime of one year and does not contain any personal information.

Name
OptanonConsent
Host
DOMAINNAME
Duration
365 days
Type
Initial provider
Category
Necessary cookies
Description
This cookie is set by OneTrust's cookie compliance solution. It stores information about the cookie categories that the website uses and whether visitors have given or revoked their consent for the use of each category. This allows website owners to prevent cookies from being set in each category in the user's browser if consent is not given. The cookie has a default lifetime of one year, so that returning visitors will remember their preferences. It does not contain any information that could identify the website visitor.

Name
XSRF-TOKEN
Host
media.rhenus.group
Duration
A few seconds
Type
Third party
Category
Necessary cookies
Description
This cookie was written to help website security prevent cross-site request forgery attacks.

Name
laravel_session
Host
media.rhenus.group
Duration
A few seconds
Type
Third party
Category
Necessary cookies
Description
Cookie identifying a session instance for the user.

 

2. Legal basis for data processing
The legal basis for the processing is art. 6 para. 1 lit. f) GDPR.

 

3. Purpose of data processing
The cookies contain technical information for the provision of website functionalities within the scope of use. This enables the technical realization of the website.

 

4. Legitimate interest according to art. 6 para. 1 lit. f) GDPR
The cookies used only contain technical data. The use of these cookies is necessary to provide the user with a functionality of our internet presence that meets their expectations.

 

5. Duration of storage as well as possibilities of objection and removal
The so-called "session cookies" are automatically deleted from your browser cache/memory at the end of your visit to this website and/or when you close your browser, provided that you have activated this functionality in your browser. The persistent cookies are automatically deleted after a specified duration, which is set depending on each cookie.
You can view which cookies are set and how long they are stored in the settings of your web browser (e.g., Firefox, Internet Explorer, Edge, Chrome, Opera, Safari). Your web browser also gives you the option of regulating the handling of cookies or deactivating them altogether. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

 

6. Recipients of personal data
The IP address and the aforementioned information are processed by the following hosting provider:
Rhenus Assets & Services GmbH & Co. KG, Rhenus Platz 1, 59439 Holzwickede, Germany.

 

7. Transfer to a third country
There is no intention to transfer personal data to a third country or to an international organization.

 

8. Necessity of the provision
The provision of the data is necessary because the website cannot be accessed otherwise.

 

9. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.
In addition, depending on your selection made through the Consent Manager, we process additional cookies that we process only if you consent. You can find information about these cookies in the Consent Manager settings.

IV. Processing of personal data through the contact form

1. Description and scope of data processing

A contact form is available on this website for the purpose of contacting you electronically. We process your personal data to respond to your contact request.
For inquiries made using the contact form, the following data is processed:

First and last name*
Company*
E-Mail address*
Telephone number
Postal code*
Your message

The fields marked with a "*" symbol are mandatory fields. Without their completion, no inquiry can be sent to us using this contact form.

The indication of your name serves for addressing you personally in the context of the processing of your inquiry.
Please only enter the telephone number if you would like us to contact you by telephone or if you would like us to call you back.

When you enter data in the forms, no data is transmitted to us. This only happens after you click on the "Send message" button.

At the time of sending the message, the following data is also processed:

Date and time of the request

 

2. Legal basis for data processing
The legal basis for the processing of personal data to handle and respond to your inquiries is art. 6 para. 1 lit. f) GDPR. 
The legal basis for the processing of personal data serving the preparation and/or implementation of a contractual relationship is art. 6 (1) lit. b) GDPR.

 

3. Purpose of data processing
The processing of personal data through the contact form serves the purpose of contacting and enabling the company to address the customer informatively on the customer's initiative (answering the inquiry).
Depending on the intention and content of your inquiry, the purpose may also be the initiation and/or implementation of a contractual relationship, in which case the purpose is also to nurture the relationship with the customer.

 

4. Legitimate interest
The legitimate interest in data processing lies in the possibility to process your request and to respond according to that request. The collected data is processed on the basis of a request from you. This processing is also in your interest so that we can respond to your request in accordance with your expectations.

 

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose of their collection or are not subject to any further legal retention obligations (e.g., 10 years according to AO, 6 years according to HGB). For your data entered in our contact form, this is the case when the respective conversation with the user has ended.
The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.

 

6. Recipients of personal data
The data is processed by the following service provider:
Rhenus Assets & Services GmbH & Co. KG, Rhenus Platz 1, 59439 Holzwickede, Germany
Rhenus Office Systems GmbH, Rhenus Platz 1, 59439 Holzwickede, Germany
RHENUS DOCS TO DATA GMBH, Rhenus-Platz 1, 59439 Holzwickede, Germany

 

7. Transfer to a third country
There is no intention to transfer personal data to a third country or to an international organization.

 

8. Necessity of the provision
It is also possible to contact us by telephone or mail. If necessary, this may entail restrictions, especially with regard to response times.

 

9. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.

V. Processing of personal data in the case of customer and supplier contact and the handover of business cards

1. Description and scope of data processing
In the course of making contact, handing over business cards or carrying out business and customer relations, we process personal data of the participating individuals. In most cases, this is the contact data of the internal employee provided to us by our customers or suppliers.

This data is fed into our CRM.
This data can be:
Name, first name
Company
E-Mail address
Telephone number, cell phone number
Job title in the company

 

2. Legal basis for data processing and legitimate interest
The legal basis for processing is art. 6 (1) lit. b) GDPR, insofar as the data is processed for the initiation or implementation of a contractual relationship.
In addition, in the case of employees acting as the contact, the legal basis is art. 6 (1) (f) GDPR, as the processing is carried out in the legitimate interest.
This legitimate interest stems from the fact that the data has been given to us for the purpose of maintaining a business relationship and for contacting you at a later date. In addition, the processing of data of business contacts is necessary to maintain a business relationship.

 

3. Purpose of data processing
The data listed above and handed over to us are processed exclusively for the purpose for which the data were handed over to us (by handing over the business card, by naming the responsible business contact, etc.). In addition to the implementation of a business relationship, this can also be the initiation of a business relationship, the facilitation of a subsequent contact or the exploration of common and future business interests.

 

4. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal retention obligations (e.g., 10 years according to AO, 6 years according to HGB).

 

5. Recipients of personal data
Processing of data in the context of maintenance and services of the CRM system and the IT infrastructure:
Rhenus Assets & Services GmbH & Co. KG, Rhenus-Platz 1, 59439 Holzwickede, Germany.
Processing of data in the context of sales activities:

Rhenus BPO Services GmbH, Rhenus Platz 1, 59439 Holzwickede, Germany.

 

6. Transfer to a third country
There is no intention to transfer personal data to a third country or to an international organization.

 

7. Necessity of the provision
The provision of the data is necessary within the framework of an ongoing business relationship, as otherwise it is not possible to address the relevant individuals in a targeted manner.

 

8. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.

VI. Processing of personal data via E-Mail

1. Description and scope of data processing
In the case of inquiries or a communication via E-Mail, personal data will be processed depending on the content of your E-Mail:

In any case, these will be your E-Mail address, the date and time as well as the content of the message. In addition, depending on the content of your E-Mail, the following personal data may be processed:
First name, last name, telephone number, job title in the company, department, etc.

The data is used for the processing of the conversation and/or the implementation and/or initiation of a contractual relationship.

 

2. Legal basis for data processing
The legal basis for the processing of data in the context of generic E-Mail communication is art. 6 para. 1 lit. f) GDPR. If the contact by E-Mail also has the objective of concluding and/or executing a contract, the additional legal basis for the processing is art. 6 para. 1 lit. b) GDPR.

 

3. Purpose of data processing
The processing of personal data of E-Mail communication serves the purpose of maintaining business operations in an appropriate manner. E-Mail communication has become an integral part of business, both for internal corporate communication as well as for communication with customers, suppliers and potential business associates.

 

4. Legitimate interest
The legitimate interest in communicating via E-Mail is to provide a commonly accepted standard of communication. E-Mail communication enables us to minimize response times and thus to meet the expectations of customers, suppliers and business associates.

 

5. Duration of storage
The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal retention obligations (e.g., 10 years according to AO, 6 years according to HGB). For your E-Mail, this is the case when the respective conversation with the user has ended.
The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.

 

6. Recipients of personal data
Processing of data in the context of maintenance and services of the IT infrastructure:
Rhenus Assets & Services GmbH & Co. KG, Rhenus-Platz 1, 59439 Holzwickede, Germany
Rhenus Office Systems GmbH, Rhenus-Platz 1, 59439 Holzwickede, Germany

RHENUS DOCS TO DATA GMBH, Rhenus-Platz 1, 59439 Holzwickede, Germany

 

7. Transfer to a third country
There is no intention to transfer personal data to a third country or to an international organization.

 

8. Necessity of the provision
It is also possible to contact us by telephone or mail. If necessary, this may entail restrictions, especially with regard to response times.

 

9. Automated decision-making / profiling
No automated decision-making or so-called profiling is carried out.

VII. Processing of personal data via telephone

1. Description and scope of data processing

In the case of telephone inquiries, personal data is processed depending on the content of the conversation:

Depending on the information you provide during the telephone call, this may include the following personal data:

 

First name, last name

Telephone number

Customer number

Payment data

Contractual data

 

The data will be used exclusively for the processing of the conversation and/or the implementation and/or initiation of a contractual relationship.

 

2. Legal basis for data processing

Due to the explicit request of the user via telephone, the legal basis for the processing of the data is art. 6 para. 1 lit. f) GDPR. If the contact via telephone also aims at the conclusion and/or execution of a contract, the additional legal basis for the processing is art. 6 para. 1 lit. b) GDPR.

 

3. Purpose of data processing

The processing of personal data via telephone calls serves the sole purpose of establishing initial contact and enabling the company to address the customer in an informative manner on the customer's initiative.

Depending on the intention and content of your inquiry, the purpose may also be the initiation and/or implementation of a contractual relationship as well as the maintenance of the customer relationship.

 

4. Legitimate interest

The legitimate interest in the data processing lies in the possibility to process your request and to be able to answer you according to your request. The collected data is processed on the basis of a request from you. This processing is also in your interest to be able to respond to your request according to your expectation.

 

5. Duration of storage

The data will be deleted within 6 months after they are no longer required to achieve the purpose for which they were collected or are not subject to any further legal retention obligations (e.g., 10 years according to AO, 6 years according to HGB). For your E-Mail, this is the case when the respective conversation with the user has ended.

The conversation is terminated when the circumstances indicate that the matter in question has been conclusively clarified.

 

6. Recipients of personal data

The data is processed by the following service provider:

Rhenus Assets & Services GmbH & Co. KG, Rhenus-Platz 1, 59439 Holzwickede, Germany

Rhenus Office Systems GmbH, Rhenus-Platz 1, 59439 Holzwickede, Germany

RHENUS DOCS TO DATA GMBH, Rhenus-Platz 1, 59439 Holzwickede, Germany

IN-telegence GmbH, Oskar-Jäger-Strasse 125, 50825 Cologne, Germany

 

7. Transfer to a third country

There is no intention to transfer personal data to a third country or to an international organization.

 

8. Necessity of the provision

The provision of the data is necessary in the context of an ongoing business relationship, as otherwise it is not possible to address the relevant individuals in a targeted manner.

 

9. Automated decision-making / profiling

No automated decision-making or so-called profiling is carried out.

VIII. Processing of personal data in the context of unsolicited applications

If you apply for specific job advertisements of Rhenus Docs to Data, you will find the information on the processing of your data in the context of online applications.

 

The following applies to unsolicited applications:

 

1. Description and scope of data processing

 

You can send us your unsolicited application either by regular mail or by E-Mail.

The following personal data may be processed by us in the process:

 

Name, address and contact information

Curriculum vitae including all further given information

Personal cover letter

Qualifications

Interests

 

If you send us your data by E-Mail, we also process your E-Mail address, the date and time as well as the content of the message. In addition, depending on the content of your E-Mail, the following personal data may be processed:

 

First name, last name

Telephone number

 

The data will be used exclusively within the scope of the application procedure for the decision on filling the respective position.

 

2. Legal basis for data processing

The legal basis for the processing of data within the scope of the application procedure is art. 6 para. 1 lit. b) GDPR, § 26 para. 1 BDSG.

 

If you provide us with special categories of personal data within the scope of the application procedure, such as an existing status as a handicapped person or state of health, which are necessary for the assessment of your employability for a specific position, the processing of this data provided on your initiative is carried out in accordance with art. 9 para. 2 lit. b), lit. h) GDPR, § 26 para. 3 BDSG.

 

3. Purpose of data processing

The processing of personal data in the context of the application procedure serves the sole purpose of staff planning and the establishment of employment relationships.

 

4. Duration of storage

In the event of an application being rejected, the data will be deleted within 6 months of the rejection. Data of successful applications are subject to the retention obligations resulting from the labor law and social law regulations, the AO and the HGB.

 

5. Recipients of personal data

Rhenus Assets & Services GmbH & Co. KG, Rhenus-Platz 1, 59439 Holzwickede, Germany

Rhenus Office Systems GmbH, Rhenus-Platz 1, 59439 Holzwickede, Germany

RHENUS DOCS TO DATA GMBH, Rhenus-Platz 1, 59439 Holzwickede, Germany

 

6. Transfer to a third country

There is no intention to transfer personal data to a third country or to an international organization.

 

7. Necessity of the provision

The provision of the data is necessary, otherwise no decision on the application can be made.

 

8. Automated decision-making / profiling

No automated decision-making or so-called profiling is carried out.

IX. Friendly Captcha

We use Friendly Captcha on our website, a service provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is a privacy-friendly protection solution to make it more difficult for automated programs and scripts (so-called "bots") to use websites. Friendly Captcha thus protects websites from misuse. For this purpose, we have integrated a program code from Friendly Captcha in certain areas of our website, e.g. in a contact form. This causes the visitor's end device to establish a connection to the Friendly Captcha servers in connection with the protected area (e.g. sending a contact form). The visitor's browser receives a calculation task from Friendly Captcha. The complexity of the calculation task depends on various risk factors. The visitor's end device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device.

In addition, the visitor's browser transmits connection data, environmental data, interaction data and functional data to Friendly Captcha. Friendly Captcha evaluates this data and determines how likely it is that it is a human user or bot and transmits the result to our web server.

Friendly Captcha does not store any personal data about the visitor. Data that could identify the visitor (such as IP addresses) is anonymized using one-way hashing. Friendly Captcha does not use HTTP cookies and does not store any data in the persistent browser memory.

The legal basis for the use of Friendly Captcha is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in protecting the website from abusive, automated crawling and spam.

Further information can be found at: https://friendlycaptcha.com/legal/privacy-end-users/

X. SalesViewer®

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes. 

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally 

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. 

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again. 

 

XI. Rights of the affected individual (data subject)

If your personal data are processed, you are the data subject within the meaning of the General Data Protection Regulation. Therefore, you are entitled to the following rights with respect to the processing party (controller).

To exercise your data subject rights against us as the controller, please contact us at the following E-Mail address: dsb.docs-to-data@rdp-law.de

 

1. Right to information - art. 15 GDPR
You have the right to request confirmation from the controller as to whether personal data concerning you is being processed.

 

If such processing does exist, you have the right to obtain information about this personal data and the following information:

• The purposes for which the personal data are processed;

• The categories of personal data that are processed;

• The recipients or categories of recipients to whom the personal data have been or will be disclosed;

• If possible, the planned duration for which the personal data will be stored or, if it is not possible, the criteria for determining the storage period;

• The existence of a right to rectify or erase the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

• The existence of a right of appeal to a supervisory authority;

• All available information about the origin of the data, if the personal data are not collected from the data subject;

• The existence of automated decision-making, including profiling, pursuant to art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

In addition, you have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may also request to be informed about the appropriate safeguards pursuant to art. 46 GDPR in connection with the transfer.

 

2. Right to rectification - art. 16 GDPR
You have the right to obtain rectification and/or integration of the data concerning you from the controller without undue delay if the personal data processed are inaccurate or incomplete.

 

3. Right to erasure - art. 17 GDPR
Obligation to delete:
You have the right to request the immediate erasure of your personal data at any time, provided that one of the following reasons is given:

• The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed;

• You have withdrawn your consent on which the processing was based in accordance with art. 6 (1) (a) or art. 9 (2) (a) GDPR and there is no other legal basis for the processing;

• You have objected to the processing in accordance with art. 21 (1) and there are no overriding legitimate grounds for the processing, or you have objected to the processing in accordance with art. 21 (2) GDPR;

• The personal data concerning you have been processed unlawfully;

• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject;

• The personal data concerning you has been collected in relation to information services offered in accordance with art. 8 (1) of the GDPR.

Exceptions:
There is no right to erasure insofar as the processing is necessary

• For the exercise of the right to freedom of expression and information;

• For compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject; or

• For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

• For reasons of public interest in the field of public health in accordance with art. 9 (2) (h) and (i) and art. 9 (3);

• For archiving, scientific or historical research purposes in the public interest or for statistical purposes pursuant to art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

• For the assertion, exercise or defense of legal claims.

 

4. Right to restriction of processing - art. 18 GDPR
You have the right to request the restriction of the personal data concerning you under the following conditions:

• If you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

• If the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

• If the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or

• If you have objected to the processing in accordance with art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from storage - only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted on the basis of the above conditions, you will be informed by the controller before the restriction is lifted.

 

5. Right to information - art. 19 GDPR
If you have exercised one of your rights to rectification, erasure or restriction of processing, we are obligated to inform all recipients to whom the personal data concerning you has been disclosed of the rectification, erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

In addition, you have the right to be informed about these recipients.

 

6. Right to data portability - art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was provided, provided that

a) the processing is based on consent pursuant to art. 6 (1) a) GDPR or art. 9 (2) a) GDPR or on a contract pursuant to art. 6 (1) b) GDPR and

b) the processing is carried out with the help of automated procedures.

In exercising this right to data portability, you also have the right to obtain that the personal data concerning you is transferred directly from one controller to another controller, insofar as this is technically feasible.

 

7. Right of objection - art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information services - irrespective of Directive 2002/58/EC - to exercise your right of objection by means of automated procedures using technical specifications.

 

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

 

9. Right to complain to a supervisory authority - art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which you file a complaint shall inform you, as the complainant, of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 of the GDPR.

 

 

This privacy notice will be updated on a regular basis.

XII. Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

DoubleClick is used to show you interest-based ads across the Google advertising network. In order to be able to show users interest-based advertising, DoubleClick must recognize the respective viewer and be able to assign the websites they have visited, clicks and other information on user behavior to them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). Google DoubleClick uses a special cookie script. This draws among other things on:

• the number of page views,

• the surfing behavior of users on the site,

• the IP address of the user,

• previously visited pages and

• for searching for used keywords.

The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the user concerned. If you have a Google account, the search engine associates the data obtained with the information available in the Google account.

As part of processing by Google, data may be transmitted to the USA. The following recipients may include Google LLC. and Alphabet Inc. The level of data protection in the USA is currently not equivalent to that in the EU. This is due in particular to far-reaching official access rights to personal data processed by companies and insufficient legal protection options for data subjects. The security of the transmission is secured by so-called standard contractual clauses, which ensure that the processing of personal data is subject to a security level that corresponds to that of the GDPR.

Processing takes place exclusively on the basis of Article 6 (1) (b) GDPR. 6 paragraph 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For more information on how to object to the ads displayed by Google, please see https://policies.google.com/technologies/ads?hl=en

 

XIII. Google AdWords Conversion

This website uses functions of the service "Google Ads" (formerly Google AdWords), a service of  Google  Ireland  Limited,  Google  Building  Gordon  House,  Barrow  St,  Dublin  4,  Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called "AdServers". For this purpose, we use so-called AdServer cookies, which can be used to measure certain parameters for measuring success, such as display of the ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view  conversions),  opt-out  information  (marking  that  the  user  no  longer  wishes  to  be addressed). These cookies allow Google to recognize your web browser. If a user visits certain pages  of  an  Ads  customer's  website  and  the  cookie  stored  on  their  computer  has  not  yet expired,  Google  and  the  customer  can  recognize  that  the  user  clicked  on  the  ad  and  was redirected  to  that  page.  A  different  cookie  is  assigned  to  each  Ads  customer.  Cookies  can therefore  not  be  tracked  across  Ads  customers'  websites.  We  ourselves  do  not  collect  and process  any  personal  data  in  the  aforementioned  advertising  measures.  We  only  receive statistical  evaluations  from  Google.  Based  on  these  evaluations,  we  can  see  which  of  the advertising measures used are particularly effective. We do not receive any further data from the  use  of  the  advertising  tools;  in  particular,  we  cannot  identify  users  on  the  basis  of  this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is the possibility that Google learns your IP address and stores it. The legal basis for the processing is your consent pursuant to Art. 6 (1) lit. a GDPR. If you do not  want  Google  Ads  to  collect  and  process  the  aforementioned  data,  you  can  refuse  your consent or revoke it at any time with effect for the future. In the context of processing by Google Ads, data may be transmitted to the USA. The following recipients  may  be,  among  others,  Google  LLC.  and  Alphabet  Inc.  The  security  of  the transmission  is  secured  via  so-called  standard  contractual  clauses,  which  ensure  that  the processing  of  personal  data  is  subject  to  a  level  of  security  that  corresponds  to  that  of  the GDPR.

For more information about data processing by Google, please refer to Google's privacy policy:

https://policies.google.com/privacy?hl=en.

XIV. Meta Pixel (formerly Facebook-Pixel)

We use Meta Pixel (formerly Facebook Pixel) on our website. The joint controller (Art. 26 GDPR) for this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter "Meta"). Meta's data protection officer can be contacted via the contact form or by post at the above address.  The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. 

We use the meta pixel to measure the effectiveness of the advertising measures we place on the Facebook platform. This allows us to analyze the behavior of site visitors after they have been redirected to our website by clicking on our Facebook ad. This allows future advertising measures to be optimized. 

The following data may be processed Usage data (e.g. websites visited, interactions with content, access times), meta/communication data (e.g. device information, browser data, IP addresses), location data (data indicating the location of an end user's end device). The data collected is deleted after 90 days. If you are registered/logged in to a Facebook service, Facebook can assign the visit to your account. 

The use of meta pixels is based on your consent in accordance with Art. 6 para. 1 a) GDPR and § 25 para. 1 TDDDG (german law). You can withdraw your consent at any time with effect for the future by accessing the cookie settings under "Cookie preferences" and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. 

Meta Platforms, Inc. is the American holding company of Meta Platforms Ireland Limited. The data transfer to the USA is based on the adequacy decision of the EU Commission (announced in July 2023). The adequacy decision states that the USA (compared to the EU) ensures an adequate level of data protection for personal data transferred from the EU to companies in the USA that are certified under the DPF. Meta Platforms, Inc. is certified under the EU-US Privacy Framework. You can find more information here

Within the scope of joint responsibility with Meta, you can exercise your data subject rights pursuant to Art. 15, 16, 17, 18, 20, 21 GDPR both with Meta and with us. Meta assumes the fulfilment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of data subject rights. If you wish to make use of your data subject rights, please contact Meta directly. If you do not want Meta to be able to assign your visit to our pages to your Facebook user account, please log out of your user account. 
For further information on the scope and processing of your personal data, please refer to Facebook's privacy policy and terms of use

This privacy notice will be updated on a regular basis.

XV. Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics 4 uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 has IP anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transferred by your browser as part of Google Analytics will not be merged with other Google data.

The following visitor data, which is not assigned to a person, can be collected:

  • Acquisition (= source of visitors, e.g. Google search, direct entry);
  • User behaviour (pages visited, bounce rate, links clicked);
  • Geographical data (country, region, city, language);
  • Technology (browser, device category mobile / desktop, screen resolution, device model, operating system).

We use Google Analytics 4 for the following purposes: tracking user behaviour in order to derive optimisation potential (ROI maximisation), reporting website performance, monitoring the success of campaigns. The legal basis is your consent pursuant to Art.6 para.1 p.1 lit.a GDPR and § 25 para. 1 p.1 TTDSG.

In addition, Google Analytics 4 is integrated via server-side tag management, i.e. the visitor data is not transferred directly to Google Analytics 4. The data is first transmitted to a so-called tagging server (via Google Cloud) in Germany and from there transferred to Google Analytics 4 in a controlled manner (i.e. no personal/demographic data).

Recipients of the data may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR).;
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA;
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA:


For the USA, the European Commission adopted a news adequacy decision on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider to establish an appropriate level of data protection in those countries.

The data sent by us and linked to cookies are automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. The deletion of data whose retention period has been reached occurs automatically once a month.

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) by Google, and the processing of this data by Google, by not giving your consent to the setting of the cookie or downloading and installing the browser add-on to deactivate Google Analytics HERE.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

XVI. LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company (hereinafter referred to as "LinkedIn"), Wilton Plaza, Wilton Place, Dublin 2, Ireland. We are jointly responsible for the processing of the data with LinkedIn. The agreement pursuant to Art. 26 GDPR can be found here: https://legal.linkedin.com/pages-joint-controller-addendum. LinkedIn's data protection officer can be contacted via the following link: https://www.linkedin.com/help/linkedin/ask/ppq. The contact details of our data protection officer can be found in Section II of this Privacy Policy.

Personal data is processed and stored on the LinkedIn platform if you do not have a LinkedIn account yourself. Even in the case of a temporary visitor, personal data such as the IP address, the browser type, the operating system, information on previously accessed websites, the location, the mobile phone provider, the device used, the search terms used and cookie information are processed. In addition, LinkedIn transmits data to third countries, in particular the USA. This data transfer is secured by standard contractual clauses of the EU Commission.
 

  1. Company profile on LinkedIn

We have a LinkedIn company profile. You can access our company profile regularly on the Internet at any time, regardless of whether you have created a user account on the corresponding platform yourself or not. If you are logged into your LinkedIn account, LinkedIn can assign this to your user account. In both cases, however, your data will be processed by LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. If you post or comment on your data publicly on our LinkedIn profile, it will be visible to other registered and unregistered visitors to our LinkedIn profile worldwide.

On our LinkedIn company profile, you also have the option of reacting to our posts, writing comments, creating a post on our site yourself or sending us private messages. All data provided by you in this context will be processed by us. We process your personal data on the basis of our legitimate interest in responding to your request in accordance with Art. 6 (1) (f) GDPR and, if applicable, Art. 6 (1) (b) GDPR, provided that your request is aimed at concluding a contract.
 

In general, we receive the following data from you:

  • Information about the profile of the user;
  • Information you provide in your message or comment to us;
  • If you have responded to our post and type of response, or you have shared or commented on it;
  • Mode of interaction.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no legal obligations to retain them. For the personal data from messages, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

  2. LinkedIn Insight Tag

The LinkedIn Insight Tag is a small JavaScript code snippet that we use on our website. The LinkedIn Insight Tag enables the collection of data about visits to our website, including URL, referrer URL, IP address, device and browser properties, timestamps and page views. LinkedIn does not share any personal data with us. We are only provided with summarized data as page insights, which makes it impossible for us to draw conclusions about individual persons or members. In doing so, we can obtain the following information such as industry, job title, company size, career level and location of website visitors.

The processing of the data via the Page Insights is carried out by LinkedIn and us as joint controllers within the meaning of the GDPR. The purpose of this data processing is exclusively the evaluation and analysis of the actions and activities on our LinkedIn company profile as well as the improvement based on this data. The legal basis for the processing of personal data is Article 6 (1) (a) GDPR.

This data is encrypted, anonymized within 7 days and the anonymized data is deleted within 90 days.
 

3. LinkedIn Ads

We have integrated LinkedIn Ads on our website. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and thus display targeted advertisements on LinkedIn. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to LinkedIn, possibly also to the USA. The use of LinkedIn Ads is based on your consent in accordance with Art. 6 (1) (a) GDPR.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and there are no legal obligations to retain them. The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn.
 

4. Possibilities of objection and rights of data subjects

LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website and link it to your membership data stored on LinkedIn, you can log out of LinkedIn before visiting our website.

In addition, you can deactivate the cookies here, regardless of whether you are a LinkedIn member: Opt-Out.

As part of the joint responsibility with LinkedIn, you can assert your rights as a data subject in accordance with Art. 15, 16, 17, 18, 20, 21 GDPR both with LinkedIn and with us. LinkedIn assumes the fulfillment of the obligations under the GDPR for the processing of Insights data, in particular the safeguarding of the rights of data subjects. If you wish to exercise your rights as a data subject, please contact LinkedIn directly.

For more information, please see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy

XVII. Google Tag Manager

This website uses functions of the "Google Tag Manager" service of Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The Google Tag Manager is an organizational tool that allows us to integrate and manage website tags centrally and via a user interface. We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and processes even personal data only for technically necessary purposes. The Google Tag Manager itself does not store any data. This ensures that other components are loaded, which in turn may collect data. The Google Tag Manager does not access this data. Please note that American authorities, such as intelligence agencies, may have access to personal data due to American laws. For more information about Google Tag Manager, please refer to Google's privacy policy.

https://policies.google.com/privacy?hl=en&gl=de