Privacy Policy (webpage)
Content:
4. Legal Bases for the Processing of Personal Data
5. Your Rights under the European Data Protection Regulation
12. Information for Applicants
14. Plugins und Content Delivery Networks
16. Additional Information for Business Partners
1. Preface and selected Terms
On the one hand, this privacy policy informs visitors and users of our website about the data processing operations that take place online and involve the processing of personal data. On the other hand, you will receive information about our processing operations that do not primarily take place online.
- GDPR is the abbreviation for the European Data Protection Regulation.
- BDSG is the abbreviation for the Federal Data Protection Act in its current version.
- Personal data are all individual details that allow conclusions to be drawn about a natural person (for definition see Art. 4 (1) GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses or customer numbers.
- The processing of personal data includes all operations, for example the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 (2) GDPR).
- The data subject within the meaning of data protection law is any natural person from whom personal data are processed.
- Further definitions of terms can be taken from the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (Definitions).
2. Responsible Party
Responsible Party for data processing
USCALE GmbH
Silberburgstrasse 112
70176 Stuttgart
+49 711 6200 140
kontakt@uscale.digital
External Data Protection Officer
DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Certified Data Protection Officer
Certified Information Security Officer
E-Mail info@externer-datenschutzbeauftragter-stuttgart.de
Web https://www.externer-datenschutzbeauftragter-stuttgart.de
3. A brief Overview
The following contents provide you with a brief overview of the processing of personal data; more detailed information can be found in the respective passages presented in detail.
Security on our website (SSL Secure Socket Layer)
Our website is equipped with an SSL certificate, with the help of which data transmission processes are encrypted. This happens, for example, when you send us a message via a form. However, as a precaution, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.
Data that you transmit to us
We process data you enter yourself, for example in a form. In this case, the purpose of the processing results from the type of form and. Also, if you send us a message by e-mail, for example, or contact us in any other way, we process your data in accordance with the purpose of your request.
Automatic server log files
On the other hand, our server automatically records all accesses and thus also IP addresses (log files), this serves the defense against attacks, the analysis of access figures and the smooth operation.
Use of cookies
Cookies help us to provide various services. Cookies are small text files that are stored in your browser and can be read. We use both our own cookies and third-party cookies, you can find more information in this privacy policy.
Analysis Tools
In addition to the pure server log files, which also provide us with information about page views, we use analysis tools or tracking tools. These tools give us detailed insights into the content visited on our site, the flow of behaviour and, for example, the country from which access took place. In order for such services to function, cookies must be set for the site visitor.
Plugins and Content Delivery Networks
We may use plugins and content delivery networks, well-known examples of such services would be the video service YouTube or the map service Google Maps. If such services are integrated via a website, access data will be transmitted to the services. As a rule, this is your IP address and other metadata, such as the time and date of access. As a rule, the provision takes place by setting cookies.
Newsletter / Direct Marketing
Direct marketing to existing customers in our legitimate interest
We reserve the right tosend our customer e-mail newsletter on the basis of §7 (3) UWG in conjunction with Art. 6 (1) lit. f GDPR. We also reserve the right to send postal advertising to existing customers in our legitimate interest. You can of course object to receiving direct marketing information from us at any time.
Direct marketing based on your consent
If you give us your consent (Art. 6 para. 1lit. a GDPR), we will send you newsletters until you revoke it. You can revoke your consent at any time with effect for the future.
Further data recipients
a) Use of processors
We use processors in accordance with the requirements of Art. 28 GDPR, for example in the area of IT services, web hosting, email hosting or printing services. These process personal data for us in accordance with instructions.
b) Use of external services
If it is necessary (for example, for the execution of contracts), we pass on your data, for example, to banks, other payment service providers, shipping service providers, our tax advisor or lawyer.
c) Legal obligations
In addition, in certain cases we are obliged to make a report to the relevant authorities on the basis of the Money Laundering Act. In addition, we are subject to further legal obligations, such as trade laws or tax law, in this context we must pass on certain data to tax authorities, for example.
d) Investigation of criminal offences
In so far as it should be necessary for the investigation of a criminal offence, we pass on data to the criminal prosecution authorities.
General information on deletion periods for personal data
We process data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.In addition, we are obliged to comply with statutory retention obligations. If the data processing is based on your consent, we will delete your data after your revocation.
Transfer of personal data to a third country
We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for commissioned processing pursuant to Art. 28 GDPR, taking into account appropriate guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In these cases, we point out the circumstance where appropriate.
Obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the necessary personal data, it will not be possible for us to conclude and fulfil a contract with you.
4. Legal Bases for the Processing of Personal Data
The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are shown in particular in Art. 6 GDPR. The legal bases according to which we process personal data are described in the individual processing operations in this privacy policy.
Consent given (Art. 6 para. 1 lit. a GDPR)
Consent is one of these legal bases and requires that the consenting person gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 para. 1 lit. a GDPR can be revoked at any time without giving reasons.
Contract-related data processing (Art. 6 para. 1 lit. b GDPR)
The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 para. 1 lit. b GDPR.
Legal obligation (Art. 6 para. 1 lit. c GDPR)
The exceptional case of data processing due to a legal obligation is found in Art. 6 para. 1 lit. c GDPR, for example, we are obliged to comply with certain retention periods under commercial law and tax law.
Legitimate interests (Art. 6 lit. f GDPR)
The processing of personal data on the basis of a balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR permits processing after careful consideration of financial or legal interests vis-à-vis the interests of the data subject that are worthy of protection.
5. Your Rights under the European Data Protection Regulation
Every natural person is entitled to certain rights, these are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can claim from us.
Right to revoke consent given (cf. Art. 7 GDPR)
You can revoke consent given to us at any time without giving reasons with effect for the future.
Right to information (cf. Art. 15 GDPR)
You have the right to request information about the data processed about you and the purposes of the processing at any time.
Right to rectification (cf. Art. 16 GDPR)
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.
Right to erasure (cf. Art. 17 GDPR)
You have the right to request the erasure of your personal data that we process about you at any time. Insofar as complete deletion is not possible, for example because we have to comply with statutory retention obligations or we can assert legitimate interests for another reason, we will restrict your data until these reasons cease to apply.
Right to restriction of processing / blocking (cf. Art. 18 GDPR)
You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data happened / happens unlawfully, you can demand the restriction of the data processing instead of the deletion.
- If we no longer need your personal data, but you need it to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, such data may only be processed – apart from being stored – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Right to data portability (cf. Art. 20 GDPR)
You have the right to have us transfer your data to another company in a machine-readable format, insofar as this is possible with reasonable effort.
Right to object to certain processing operations and direct marketing (cf. Art. 21 GDPR).
Art. 21(1) – You may exercise your right to object at any time, this is particularly relevant if the processing is based on Art. 6(1)(e) or (f) GDPR. This also includes processing for profiling purposes. If we can demonstrate compelling reasons for the processing that outweigh your interests or the processing serves the enforcement of legal claims, their exercise or defence, we may reject your objection in individual cases.
Art. 21(2) – You may also object at any time to processing for direct marketing purposes, this includes profiling related to direct marketing. We will follow up your objection at any time and no longer process your data for these purposes.
Right to complain to a supervisory authority (cf. Art. 77 DGVO)
You have the right to complain about the processing of your personal data to the supervisory authority for data protection at any time.
6. External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The use of IONOS is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG (German Telecommunications Data Protection Act), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Hosting Provider:
- STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin
- PILZ-IT, Winterbacher Str. 16, 73630 Remshalden
Conclusion of a data processing agreement
We have concluded a contract on order processing (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
7. Server Log File
Our web server automatically logs all accesses and thus also IP addresses of visitors. This serves the defense against attacks, the analysis of access figures and the smooth operation. We have a legitimate interest in this (Art. 6 para. 1 lit. f GDPR).
The server log usually records not only the IP address but also other metadata about the session, this data can be found below.
- Date and time of retrieval
- Information about the type of browser and the version used Browser
- Information on the operating system used
- Device (Client)
- Refferer URL (via which page you have landed with us)
- Invoked hyperlinks
We process this data only for the purposes mentioned above. We delete server log files after six months at the latest.
8. Use of Cookies
Our website uses cookies for the provision of services and to ensure full functionality. Cookies – which are small text files that are automatically stored in your browser or device – can have various functions and contain a characteristic string that allows unique identification of the browser when you return to the website.
Cookies are stored on your terminal device and transmitted from it to our site. As a user, you generally have full control over the use of cookies. You can define whether and which cookies you generally allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies on you. This gives you control over which cookies you want to allow. However, to the extent that you do not allow cookies, the functionality of websites may be limited.
Cookies are basically divided into non-persistent and persistent cookies. A further distinction is made between first party cookies (which come directly from our web server) and third party cookies (which are set by third-party providers).
Cookie types by runtime
Session cookies: Session cookies are deleted at the latest when you leave our website and close your browser.
Persistent cookies: These cookies remain stored even after you leave our website and close your browser of the browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example, your login details may be stored so that you are automatically logged in when you return to our website. Other persistent cookies are used for analysis, tracking and marketing purposes.
Cookie types by origin
We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed via a third-party provider. We use various third-party cookies for analysis, tracking and marketing purposes.
Cookie types by function
Necessary cookies
These cookies are necessary for the website to function properly. Some of the following actions can be performed with these cookies. – Save items in a shopping cart for online purchases – Save your cookie settings for this website – Save language settings – Log in to our portal. We need to verify that you are logged in.
Performance Cookies
These cookies are used to collect statistical information about the use of our website, also called analytics cookies. We use this data to improve performance and optimize the website.
Functional cookies
These cookies enable more functionality for our website visitors. These cookies can be set by our external service providers or our own website. The following functionalities may or may not be enabled if you accept this category. – Live chat services – Watch online videos – Social media sharing buttons – Sign in with social media on our website.
Advertising / Tracking Cookies
These cookies are set by external advertising partners and are used to profile and track data across multiple websites. If you accept these cookies, we may display our advertisements on other websites based on your user profile and preferences. These cookies also store data about how many visitors have seen or clicked on our ads in order to optimize advertising campaigns.
Legal basis and instructions for setting your preferences
We use technically necessary cookies in the interest of a functional and stable website (Art. 6 para. 1 lit. f GDPR), we use other cookies only with your consent (Art. 6 para. 1lit. a GDPR). You can make your preferences regarding the selection of non-essential cookies at the beginning of your visit, furthermore you have the possibility to adjust your preferences at any time.
The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our privacy policy.
You can adjust your preferences at any time. To do this, call up the cookie settings again.
9. Cookie Consent
We offer you the option to select whether and which cookies and services you want to allow. For this purpose, we have implemented a so-called Consent Management, which is automatically displayed the first time you visit our website or after the expiration of the preference cookie. We use the Klaro! Consent Manager, a free open source tool. The project initiator of this technology is KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin.
If you have confirmed your choices regarding cookies and services, a cookie will be placed in your browser to store your preferences. We use da cookie content management in the legitimate interest (Art. 6 para. 1 lit. f GDPR) and to comply with legal requirements (Art. 6 para.1 lit. c GDPR) to obtain your consent to set cookies.
10. Contact and Communication
Message via Contact Form
You have the possibility to send us messages via contact form. We process the data that you have entered in the data entry mask. Mandatory fields are marked and must be filled in.
The purpose of the data processing is to handle your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered in the contact form is always based on your consent (Art. 6 para. 1 lit. a GDRP). You can revoke your consent at any time without giving any reason. In addition, we process your data for the initiation or execution of purchase contracts, insofar as you ask us, for example, product-related questions (Art. 6 para. 1 lit. b GDRP).
We store the transmitted data until you revoke your consent, in which case we delete your data insofar as no legitimate interests speak against deletion. As a legitimate interest, we can refer to compliance with statutory retention periods. The legal retention periods generally result from §257 HGB (German Commercial Code) with a retention period of 6 years for commercial letters, beginning with the following year after the time of the communication. For this period, we restrict the processing of your data after revocation of your consent and process it exclusively for the purpose of compliance with retention periods. Insofar as you do not revoke your consent, we restrict the processing of your data after the purpose has been achieved and retain it until the expiry of the aforementioned retention periods.
Communication via E-Mail
Insofar as you write us an e-mail, we process your data according to the content and purpose of the message. As a rule, processing takes place on the basis of pre-contractual measures or in the context of the implementation of a contractual relationship on the basis of Art. 6 para. 1 lit. b GDRP and Art. 6 para. 1 lit f. GDRP. It is a legitimate interest to process your request quickly and efficiently.
Insofar as it is a product or service-related message, we generally process your data on the basis of our legitimate interests under Art. 6 (1) lit. b GDRP.
Please note that we archive all incoming e-mails in accordance with the principles of proper accounting (GoBD for short) for a period of 10 years, starting on the first day of the following year in which the message was received. Thus, insofar as you request us to delete the data, we will henceforth restrict your data for processing and store it only for the purpose of complying with retention periods in our legitimate interest.
Communication via Phone or Fax
Even if you contact us by phone or fax, we process your data either for the initiation and implementation of contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting you by e-mail.
We do not record the content of conversations, but may make notes for processing your request. We store these until the purpose of the data processing has been achieved and we no longer have any legitimate interests in the processing. If necessary, contents of the conversation are stored anonymously for statistical purposes. Of course, you can request deletion at any time.
Whitepaper Download
By submitting the request form for our offered white papers, you give your consent (Art. 6 para. 1 lit. a DSGVO) to the processing of your data for the following purposes:
- Sending the download link to the requested white paper.
- Sending a follow-up e-mail after about two to three weeks, with the purpose of asking you whether the white paper was helpful to you.
- Possible contact at a later date if relevant technical points of contact arise in the future.
If you give us your consent to receive our newsletter as part of the whitepaper download, we will process your data until you revoke it.
Of course, you can revoke your consent at any time without giving reasons. Please address your revocation to kontakt@uscale.digital.
11. Direct Marketing
Direct marketing to existing customers in a legitimate interest
We reserve the right to use the data collected on the occasion of a purchase contract or service contract, if necessary, for direct advertising by e-mail or postal mail pursuant to Section 7 (3) UWG, if the customer does not object or has not objected to this use.
The direct advertising exclusively comprises offers for similar products or services as the products or services already purchased by the user from us. We have a legitimate, economic interest (Art. 6 para. 1 lit. f GDRP) in informing our customers about new products and improving our services. We use your data for up to five years after the last legal transaction for direct marketing purposes in the legitimate interest.
Of course, you can object to receiving direct marketing by e-mail at any time. Address your objection to the above-mentioned responsible party.
Direct marketing based on your consent (newsletter)
You have the option of giving us your consent to receive direct marketing content. If you give your consent (Art. 6 para. 1 lit. a GDRP), for example, to receive our e-mail newsletter, we will process your data for direct marketing measures by e-mail for a specific purpose.
Our newsletter service is supported by the service provider PILZ IT, Jana Pilz, Winterbacher Str. 16, 73630 Remshalden. We have concluded an order processing agreement with PILZ IT.[FH2]
Double Opt In Procedure
Since we are obliged to verify the correctness of your e-mail address provided as part of the newsletter registration and want to ensure the correctness, we use procedures that allow the verification of the ownership of the e-mail address. As a rule, this verification is carried out by the double opt-in procedure, you will receive an email after registration with a link that you must click to confirm. If, due to temporary technical causes, the double opt-in procedure is not available, we will send you an email to which you can reply without text to confirm your identity.
Revocation of your and consent Storage period
Of course, you can revoke your consent at any time without giving reasons. Please address your revocation to kontakt@uscale.digital.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in a blacklist, if necessary, to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
12. Information for Applicants
Data protection provisions Application procedure
If you apply to us, whether for an advertised position or on your own initiative, we will process your data in order to carry out the selection process. It is irrelevant to us whether you apply by mail, by e-mail or, if available for the respective position, by online form.
As a matter of principle, we only process the data that you yourself have provided to us as part of the application process. The use of other sources may be considered after informing you and consulting with you. For example, whether we may contact a former employer.
The legal basis for conducting an application procedure is §26 BDSG in conjunction with Art. 6 Para. 1 lit. b GDRP (initiation of employment contract). If you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 para. 1 lit. a GDRP.
Stroage duration for applicant data
We delete applicant data a maximum of 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). In principle, the purpose of data processing ceases to exist at the end of the selection process, but we have a legitimate interest (Art. 6 para. 1 lit. f GDRP) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh this, you have the option of requesting us to do so. We will then review your request and provide you with feedback.
After the expiration of the above-mentioned period, your data will be deleted unless we have to defend ourselves, for example, in ongoing proceedings, such as a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the proceedings have been concluded, subject to there being no statutory retention periods.
If we are allowed to store your data for a longer period of time based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is foreseeable that no position will be available.
Inclusion in our applicant pool
Insofar as we are unable to offer you a position at the current time, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for processing your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a GDRP). Of course, you can revoke your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool no later than then.
13. Analysis Tools
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region they come.
We also collect various log files:
- IP address (will be anonymized)
- Referrer
- browsers and operating systems used
- date and time
In addition, we can measure whether our website visitors perform certain actions.
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its web offering and its advertising. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting). The consent can be revoked at any time.
14. Plugins und Content Delivery Networks
YouTube
This website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
If you visit a page on this website into which a YouTube has been embedded, a connection with YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited.
Furthermore, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.
If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6para. 1 lit. f GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
15. Social Media Appearances
Data processing by social media networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below. Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.
In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal Basis
Our social media presences are intended to ensure the most comprehensive presence possible on the Internet and to enable effective user information and communication with users. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDRP. The analysis processes initiated by the social networks may be based on different legal grounds, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDRP).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
Storage Duration
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Social Networks in detail
We maintain profiles on the following social networks:
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, see the Twitter Privacy Policy: https://twitter.com/privacy.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/en/privacy-policy.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. For details on their handling of your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
16. Additional Information for Business Partners
Categories of data and purposes of processing
We process personal data of our service providers and partners that we receive directly in the course of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you:
In the course of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts, initiated by you or by one of our employees, further personal data is created, e.g. information on the contact channel, date, occasion and result; (electronic) copies of correspondence as well as information on participation in direct marketing measures.
On the other hand, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. commercial and association registers, press, media, Internet) and are permitted to process.
Data processing for other purposes can only be considered if the necessary legal requirements pursuant to Art. 6 para. 4 GDPR exist. In this case, we will of course comply with any information obligations pursuant to Art. 13 para. 3 GDPR and Art. 14 para. 4 GDPR.
Legal bases according to which we process your data
Based on your consent (Art. 6 para. 1 lit. a GDPR)
We process personal data for one or more specific purposes if you have given us consent to do so. If personal data is processed on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.
Data processing for the performance of contracts (Art. 6 para. 1 lit. b GDPR)
We process personal data for the performance of contracts. The performance of contracts includes, for example, the conclusion, execution and reversal of a contract. In addition, we process personal data that is necessary for the implementation of pre-contractual measures, such as the initiation of a contract, and which is carried out at your request.
Data processing due to a legal obligation (Art. 6 para. 1 lit. c GDPR).
Like any business, we have to comply with retention obligations and other documentation requirements, this may include documents containing personal information. To the extent that we process data for these purposes, the processing is based on a legal obligation.
Data processing on the basis of a balance of interests (Art. 6 para. 1 lit. f GDPR)
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the requirements of Art. 21 GDPR. As far as the specific purpose allows, we process your data pseudonymously or anonymously.
Other recipients of your data
Disclosure to order processors within the scope of Art. 28 GDPR
Data processors engaged by us (Art. 28 GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with instructions. If we commission service providers to perform our tasks, we always comply with the provisions of data protection law; in particular, data is only passed on after the conclusion of contracts for order processing.
Data transfer or the execution of a contractual relationship
If it is necessary for the execution of the contract with you, we pass on your data, for example, to banks or shipping service providers.
Data transfer due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of a criminal prosecution).
Other bodies, insofar as you have given us your consent
If you have given us explicit consent, we will also pass on your data to other bodies. However, this is done within the limits of your verifiable consent.
General information on deletion periods for personal data
Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. As far as necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract.
In addition, like any company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as statutory retention obligations exist, the personal data concerned will be stored for the duration of the retention obligation. The storage period also depends on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually three years, but in certain cases can be up to thirty years. After expiry of the retention obligation, it is checked whether there is a further necessity for the processing. If there is no longer a need, the data is deleted.
Concrete example
If you provide us with your contact details, for example by e-mail, telephone or by handing over your business card, we store this data on the basis of Art. 6 para. 1 lit. b GDPR on the basis of pre-contractual measures and in the legitimate interest (Art. 6 para. 1 lit. f GDPR) of smooth and targeted communication. If no legal transaction is concluded, we delete your data when you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 para. 1 lit b GDPR), we store your data for ten years until the expiry of the requirements under commercial and tax law. After this period, we will check whether we can delete the data and, if necessary, we will lead it to deletion.
E-mails and business letters
We archive all our e-mail traffic for ten years. If you send us an e-mail, your data and the entire e-mail content are stored accordingly for 10 years. Most e-mails count as business letters; in addition, e-mails may contain information relevant to tax law. In our opinion, the effort to check each individual e-mail is not in proportion to the benefit and the legitimate interests of the sender. However, you can of course ask us to delete your e-mails at any time and we will carry out a case-by-case check and inform you of the result. This may lead to deletion or restriction of processing, depending on the content of the correspondence.
Revocation of your consent
If we process your data on the basis of your consent (Art. 6 para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against a complete deletion. For example, we generally retain declarations of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 (1) (f) GDPR). We only retain consent under restriction of processing in order to be able to defend ourselves in the event of a dispute.
Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the necessary personal data, it will not be possible for us to conclude and fulfil a contract with you.
Transfer to a third country
As a matter of principle, your personal data will be processed by us in data centres in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for commissioned processing in accordance with Art. 28 GDPR, taking into account appropriate guarantees or other suitable safeguards.