Data Protection Policy & Cookie Guidelines

Table of Contents

General Information

Objectives and Responsibility

  1. This Data Privacy Statement is to inform you about the nature, scope and purpose of the processing of personal data related to our online service and the related websites, features and contents (hereinafter collectively referred to as ‘online service’ or ‘website’). Details of these processing activities can be found in section 2.

  2. Details on data processing for the purpose of carrying out our business processes are described in section 3.

  3. The online service is provided by Fairmas GmbH (EUREF-Campus 13, 10829 Berlin, Germany) – hereinafter referred to as ‘we’ or ‘us’ – who is also legally responsible under the data protection law.

  4. Our online service is provided by STRATO AG (Otto-Ostrowski-Straße 7, 10249 Berlin, Germany). The server location is Germany.

  5. Our data protection officer can be contacted via the e-mail address
    datenschutz@fairmas.com
    (data protection officer: IT.DS Beratung).

  6. The term ‘user’ encompasses all customers and visitors of our online service.

Legal Bases

In principle, we collect and process personal data based on the following legal grounds:

  1. Consent in accordance with article 6 paragraph 1 lit. a General Data Protection Regulation (GDPR). Consent meaning any freely given, specific, informed and unambiguous indication of agreement, which could be in the form of a statement or any other unambiguous confirmatory act, given by the data’s subject consenting to the processing of personal data relating to him or her.

  2. Necessity for the performance of a contractor in order to take steps prior to entering into a contract according to article 6 paragraph 1 lit. b GDPR, meaning the data is required in order for us to fulfil our contractual obligations towards you or to prepare the conclusion of a contract with you.

  3. Processing to fulfil a legal obligation in accordance with article 6 paragraph 1 lit. c GDPR, meaning that e.g. the processing of data is required by law or other provisions.

  4. Processing in order to protect legitimate interests in accordance with article 6 paragraph 1 lit. f GDPR, meaning that the processing is necessary to protect legitimate interests pursued by us or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

The specific legal bases for the individual processing operations are specified in the following sections.

Data Subject Rights

You have the following rights with regards to the processing of your data through us:

 

  1. The right to lodge a complaint with a supervisory authority in accordance with article 13 paragraph 2 lit. d GDPR and article 14 paragraph 2 lit. e GDPR.

  2. Right of access in accordance with article 15 GDPR

  3. Right to rectification in accordance with article 16 GDPR

  4. Right to erasure (‘right to be forgotten’) in accordance with article 17 GDPR

  5. Right to restriction of processing in accordance with article 18 GDPR

  6. Right to data portability in accordance with article 20 GDPR

  7. Right to objection in accordance with article 21 GDPR


Notice: Users may object to the processing of their personal data in accordance with legal allowances at any time with effect for the future. The objection may in particular be made against processing for the purposes of direct marketing.

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

Data Erasure and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of the storage is inapplicable. Storage of data beyond that may occur if such storage is required by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or erasure of data also takes place when a retention period mandated by the standards mentioned expires, unless the continued storage of data is required for the conclusion of a contract or the fulfilment of contractual obligations.

Safety of Processing

  1. We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). Thus, the data that is processed by us is protected against accidental or intentional manipulation, loss, destruction and unauthorized access.

  2. These security measures include in particular the encrypted transfer of data between your browser and our server.

Transfer of Data to Third Parties, Subcontractors and Third Party Providers

  1. A transfer of personal data to third parties only occurs within the framework of legal requirements. We only disclose personal data of users to third parties, if this is required e.g. for billing purposes or other purposes, if the disclosure is necessary to ensure the fulfilment of contractual obligations towards the users.

  2. If we engage subcontractors for our online service, we have made appropriate contractual arrangements as well as adequate technical and organizational measures with these companies.

  3. If we use content, tools or other means from other companies (hereinafter collectively referred to as ‘third party providers’) whose registered offices are located in a third country, it is assumed that a transfer of data to the home countries of these third party providers occurs. The transfer of personal data to third countries takes place exclusively only, if an adequate level of data protection, the user’s consent or another legal permission is present.

Processing in the context of our online services

Collection of information on the use of the online offer

  1. When using the online offer, information is automatically transmitted to us by the user’s browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

  2. This information is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR (e.g. optimisation of the online offer) and to ensure the security of processing pursuant to Article 5(1)(f) GDPR (e.g. to defend against and investigate cyberattacks).

  3. The information is automatically deleted at the latest 4 weeks after the end of the connection – i.e. use of the online offer – provided that there are no other retention periods to the contrary.

  4. The collection of the data and the storage of the data in log files is absolutely necessary for the provision of the online offer. The user therefore has no right to erasure, objection or rectification.

Contact Form and Contacting via Email

  1. When contacting us (via online form or e-mail), the data provided by the user will be processed exclusively for processing the inquiry and its handling.

  2. Any other use of the data will only take place based on the given consent from the user.

  3. The user data from the website forms are stored in our content management system or in a comparable Software / Database. The statutory retention periods for business letters apply.

Complianz GDPR/CCPA Cookie Consent

  1. Our website uses the cookie consent technology of ‘Complianz GDPR/CCPA Cookie Consent’ to obtain your consent to the storage of certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter referred to as Complianz).

  2. When you enter our website, a Complianz cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.

  3. The data collected will be stored until you ask us to delete it or delete the Complianz cookie yourself or until the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Complianz can be found at Complianz Privacy Statement.

Information about Google Services

  1. We use various services of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland on our website. For more information on the individual concrete services of Google that we use on this website, please refer to the further privacy policy.

  1. Through the integration of Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google also transmits the information to a server in a third country. The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google in the USA for further use. Google is registered in the data privacy framework. Furthermore, Google has committed to comply with the standard contractual clauses for the transfer of personal data to third countries (Standard Contractual Clauses – SCC). More information about the Standard Contractual Clauses is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_de and at https://policies.google.com/privacy/frameworks?hl=de

  1. We ourselves cannot influence which data Google actually collects and processes. However, Google states that, in principle, the following information (including personal data) may be processed, among others:

  • Log data (in particular the IP address)
  • Location-related information
  • Unique application numbers
  • Cookies and similar technologies

    Information on the types of cookies used by Google can be found at https://policies.google.com/technologies/types.

  1. If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data.

  2. Google states the following about this, among other things:

    “If you are not signed into a Google Account, we store the data we collect with unique identifiers associated with the browser, app, or device you are using. This allows us to ensure, for example, that your language settings are maintained across all browser sessions.

    “If you are logged into a Google account, we also collect data that we store in your Google account and consider to be personal data.” (https://privacy.google.com/take-control.html)

  1. You can prevent this data from being added directly by logging out of your Google account or also by making the appropriate account settings in your Google account. Furthermore, you can change your cookie settings (e.g. delete cookies, block cookies, etc.).

  2. You can find more detailed information in the privacy notices of Google, which you can access here: https://www.google.com/policies/privacy/

  3. You can find notes on Google’s privacy settings at https://privacy.google.com/take-control.html.

Google Analytics

  1. We use “Google Analytics” on our website, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google uses cookies, i.e. small text files that are stored on your terminal device and enable an analysis of your use of our website. The information generated by the cookie about the use of our website is usually transmitted to a Google server and stored there. If anonymisation of the IP address to be transmitted by the cookie is activated on the website (“IP anonymisation”), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server outside the EU and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics will not be merged with other Google data.

  2. We only use Google Analytics with the activated IP anonymisation described above. This means that your IP address is only processed by Google in a shortened form. This excludes the possibility of personal references.

  3. We use Google Analytics to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a) GDPR (consent).

  4. You can also prevent the storage of cookies generated by Google Analytics by making the appropriate settings in your web browser. Please note that in this case you may not be able to use all the functions of our website. If you wish to prevent the collection of the data generated by the cookie and related to your user behaviour (including your IP address) as well as the processing of this data by Google, you can also download and install the web browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

  5. In order to oblige Google to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing agreement with Google.

  6. Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

  7. For further information on the use of data by Google, on setting and objection options and on data protection, please refer to the following Google web pages:

    Terms of use: https://marketingplatform.google.com/about/analytics/terms/en/

    Overview of data protection: https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631


    Privacy policy: https://policies.google.com/privacy?hl=de&gl=en


    Data use by Google when you use websites or apps of our partners: https://policies.google.com/technologies/partner-sites?hl=en


    Data use for advertising purposes: https://policies.google.com/technologies/ads?hl=en


    Settings for personalised advertising by Google: https://adssettings.google.com

  1. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

  2. deletion of user and event level data linked to cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) will take place no later than 50 weeks after collection.

Google Tag Manager

  1. We use the Google Tag Manager on our website. The Google Tag Manager is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

  2. Through the Google Tag Manager, we can integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or “triggers” the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it. In doing so, it cannot be ruled out that Google also transmits the information to a server in a third country.

  3. Information on the standard contractual clauses and the transfer to the USA from us to Google and other relevant data on data processing by Google in the context of the use of Google services can be found in this data protection declaration under section 4 ‘Information about Google Services’.

  4. In particular, the following personal data is processed by the Google Tag Manager:

  • Online identifiers (including cookie identifiers).
  • IP address

  1. In addition, you can find more detailed information about the Google Tag Manager on the websites https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

    as well as at

    https://www.google.com/intl/de/policies/privacy/index.html (section “Data we receive based on your use of our services”).

  1. Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager (Art. 28 GDPR). Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google.

  2. If you have deactivated individual tracking services (e.g. by setting an opt-out cookie), the deactivation remains for all affected
    tracking tags that are integrated by the Google Tag Manager.

  3. By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. In addition, the integration of the Google Tag Manager optimizes the loading times of the various services.

  4. The legal basis for the processing of personal data described here as part of the measurement process is consent expressly granted by you in accordance with Art. 6 Para. 1 lit. a GDPR.

  5. The legal basis for the processing of those data that are processed in the context of obtaining consent is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We have a legitimate interest in being able to prove that you have given your consent to the measurement procedure (Art. 7 (1) GDPR).

DoubleClick

  1. DoubleClick by Google is a service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
  2. Doubleclick by Google uses cookies to present you with adverts that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser in order to check which adverts have been displayed in your browser and which adverts have been viewed. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to display adverts based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for analysis and stored there. Under no circumstances will Google combine your data with other data collected by Google.
  3. By using our websites, you consent to the processing of the data collected about you by Google and the manner of data processing described above as well as the stated purpose.
  4. You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the websites and from processing this data by Google by downloading and installing the browser plug-in available under the following link under the item ‘Extension for DoubleClick deactivation’.
  5. You can find more information about DoubleClick by Google and data protection here: https://policies.google.com/technologies/ads?hl=en.

Outgoing Links to Social Networks

  1. Our websites contain outgoing links to social networks.

  2. If you actively click on such a link and log in to the corresponding social network at the same time, it cannot be ruled out that the operator of the social network will access the user’s data.

  3. Outgoing links to the websites of the following networks are currently displayed: LinkedIn, Facebook, Xing and Vimeo

Vimeo

  1. We use the provider Vimeo for the integration of videos. Vimeo is operated by Vimeo.com Inc (headquarters: 555 West 18th Street, New York, New York 10011; USA).

  2. We use plugins from the provider Vimeo on some of our websites. When you play a Vimeo video, e.g. by clicking on the start button of a video (consent in accordance with Article 6 (1) a GDPR), a connection is established to the Vimeo servers. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.

  3. Vimeo acts as an independent controller; i.e. Vimeo is neither a processor according to Art. 28 GDPR nor a joint controller according to Art. 26 GDPR. A data transfer to Vimeo only takes place on the basis of your consent in connection with the EU standard contractual clauses (Controller To Controller).

  4. Further information on data processing and information on data protection by Vimeo can be found at https://vimeo.com/privacy.

  5. You can find Vimeo’s cookie policy here: https://vimeo.com/cookie_policy

Live Chat - Brevo (formerly Brevo)

  1. We use the chat plugin Brevo on our website. The provider is brevo.com, s.r.o. (7 Rue de Madrid, 75008 Paris, France). You can use Brevo to start a direct communication with our employees.

  2. Brevo records data (browser information, page content visited and conversation) anonymously when the website is visited and when information is exchanged between the visitor and our employee. The information about your use and related live chat data is stored on servers in the European Union. For the purpose of responding to your enquiry, data that you voluntarily provide to us by using Brevo, such as your name, email address and the content of the message, will be processed.

  3. Brevo uses cookies to enable a personal conversation with you in the form of a real-time chat on the website. These are ‘session’ cookies that are deleted after your visit to the website.

  4. The legal basis for the processing of the data is your consent in accordance with Art. 6 para. 1 lit. a GDPR by using the chat. As well as our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

  5. The storage of chat history (including personal user data) on Brevo’s servers is limited to three months.

  6. You can prevent the collection of your data by Brevo by not using the chat function of this website. In addition, you can install an add-in in your browser that blocks this plug-in.

  7. Brevo also provides us with some statistical functions, such as movement profiles on our website. However, this information does not allow us to draw any conclusions about your person.

  8. Further information on data protection at Brevo: https://www.brevo.com/legal/privacypolicy/.

  9. The service sends requests to the following domains:

  • cloudfront.net (Amazon Cloudfront)
  • sendinblue.com
  • brevo.com

WordPress Static Files

  1. This website uses WordPress Static Files to quickly display graphic elements (e.g. flags). These elements are retrieved from the domain w.org. The provider is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110-4929, USA.

  2. Legal basis is the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR.

Plausible Analytics

  1. We use the web analysis service ‘Plausible Analytics’ to continuously optimise our offer, both technically and in terms of content. Plausible is a trademark of Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, registration number 14709274, hereinafter referred to as ‘Plausible’.
  2. Plausible pursues a particularly data protection-friendly approach to analysing your visit. For this purpose, Plausible collects the following information, among other things Date and time of your visit, title and URL of the pages visited, incoming links, the country you are in and the user agent of your browser software. Plausible does not use or store ‘cookies’ on your end device. All personal data (e.g. your IP address) is stored completely anonymised in the form of a so-called hash. A hash is an encryption of data that cannot be reversed, i.e. cannot be ‘decrypted’. In this way, we can analyse your visit without storing personal data in a form that could be read by us, Plausible or third parties.
  3. You can find more information on the technical implementation here: https://plausible.io/privacy-focused-web-analytics.
  4. Further information on data protection at Plausible can be found at https://plausible.io/data-policy.
  5. The legal basis for the processing is the balancing of interests pursuant to Art. 6 para. 1 lit. f GDPR.

Content Delivery Network

  1. We use the content delivery network ‘Nitropack CDN’. The provider of this service is Nitropack LLC (801 Garden Street 3 А, Prof. Georgi Bradistilov Str.1700 Sofia, Bulgaria) – hereinafter referred to as Nitropack.

  2. A CDN is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet. The use of this service leads to a more efficient provision and improvement of the stability and functionality of our website.

  3. It is necessary to process the following data in particular in order to provide the service: IP addresses, device information and referrer URL. This data is only processed temporarily at Nitropack.

  4. The legal basis for the processing is the balancing of interests pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimising the loading time of our website.

  5. By using the service, a connection to nitroscripts.com is established. Furthermore, cookies and similar technologies required for the provision of the service are used.

  6. Details on data protection at Nitropack can be found at: https://nitropack.io/page/privacy.

Google Ads Conversion-Tracking

  1. We use “Google Ads” (formerly Google AdWords Conversion) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertisements are delivered by Google via so-called “AdServers”. We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as display of the ads or clicks by the users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognise that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will obtain and store your IP address.

  2. We use Google Ads for marketing and optimisation purposes, in particular to serve relevant and interesting ads to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.

  3. You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. It is also possible to prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.

  4. Information of the third party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.

  5. Further information on data use by Google, on setting and objection options and on data protection can be found on the following Google web pages:

    Privacy policy: https://policies.google.com/privacy?hl=de&gl=en

    Google website statistics: https://services.google.com/sitestats/en.html

Google Adsense

  1. This website uses Google Adsense, a web advertising service of Google Inc, USA (”Google”).

  2. Google Adsense uses so-called ”cookies” (text files), which are stored on your computer and enable your use of the website to be analysed.

  3. Google Adsense also uses so-called ”web beacons” (small invisible graphics) to collect information. By using the web beacon, simple actions such as visitor traffic on the website can be recorded and collected.

  4. The information generated by the cookie and/or web beacon about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

  5. Google will use this information to analyse your use of the website with regard to the advertisements, to compile reports on the website activities and advertisements for the website operators and to provide further services associated with the use of the website and the Internet.

  6. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

ALAN Captcha

  1. We use the ‘ALAN Captcha’ service on our website. The provider is scrinus web&co GmbH (Marxergasse 5/24, 1030 Vienna, Austria) – hereinafter referred to as ‘web&co’. Hosting is provided by one of the largest web hosts and data centre operators in Europe. Data processing takes place within the EU.

  2. The service is intended to prevent automated and abusive requests by so-called ‘bots’. As part of this process, your IP address is recorded by ALAN Captcha in order to send a cryptographic task to your end device. This task is solved in the background and as soon as it is solved, a confirmation is sent by ALAN Captcha to the server that the proof-of-work has been provided and that the form request has environmental parameters as known from a normal visit to a website by natural persons and not from automated scripts.

  3. ALAN Captcha processes and stores the following data in the above-mentioned process:
    • Anonymised IP address of the requesting computer
    • Information about the browser and operating system used
    • Anonymised counter per IP address to control the cryptographic tasks
    • Website from which the access took place (so-called referrer URL)
    The data is used exclusively for protection against bots.

  4. Legal basis for the processing is the balancing of interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is to prevent abusive access or spam attacks by bots.

  5. If personal or personal-related data is processed when using ALAN Captcha, it will be deleted after 30 days at the latest.

  6. Further information on ALAN Captcha and web&co is available at https://alancaptcha.com/ and https://webundco.com/ueber-uns/datenschutz.

Processing for the purpose of carrying out our business processes

Personnel Applications / Job Posts

For reasons of better readability, the simultaneous use of male and female and diverse language forms is dispensed with in the following explanations. All personal designations apply to all genders: m/f/d.

Direct applications

  1. We offer you the opportunity to apply to us (e.g. online, by e-mail or by post). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

  2. Scope and purpose of data collection:

    If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

  1. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

  2. Retention period of the data:


    If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

    Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Entry in the applicant pool

  1. If we do not make you a job offer, you may have the option of being included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

  2. Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal reasons for storage.

  3. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

Online appointment booking

  1. Our website optionally uses the following external services for online appointments:
  • ‘Microsoft Bookings’ – office365.com (part of Microsoft Office 365) from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: ‘Microsoft’). Information on data protection at Microsoft can be found at  https://www.microsoft.com/en-us/privacy/privacystatement.
  • ‘Calendly’ is an offer from Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, United States. Information on data protection at Calendly can be found at https://calendly.com/privacy.
  1. The connection to the respective external service is only established if you call up the online booking function via a button on our website.
  2. We would like to point out that you are not obliged to use one of these external services to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.
  3. The legal basis for data transmission, storage and processing is your consent in accordance with Article 6(1)(a) GDPR.
  4. Please note that when using the service you leave our area of responsibility and that different data protection regulations apply to the respective external service. This includes in particular the use of cookies.

Cookies

General Information

  1. Cookies are information transmitted by our web server or third-party web servers to the users’ devices where they are stored for later retrieval. Cookies can be in the form of small files or any other types of information storage.

  2. In the case that users do not want that cookies are stored on their device, they will be asked to disable the corresponding option in their browser’s system settings. Saved cookies may be deleted in the system settings of the browser. The exclusion of cookies can lead to functional impairments of this online service.

Cookie overview, objection

  1. You can find an up-to-date overview of the cookies and services used on this website in the “Contao” consent management platform (see section 3 ‚Complianz GDPR/CCPA Cookie Consent‘).

  2. You can also manage your individual consents and preferences there.

Additional information

Further information on cookies can be found at the following addresses http://www.allaboutcookies.org and http://www.youronlinechoices.com

Types of cookies

We divide cookies into the following four categories depending on their function and purpose:

(1) Mandatory required cookies

(2) Performance Cookies

(3) Functional cookies and

(4) Marketing Cookies

Cookie settings

When opening our site for the first time, you can decide whether to accept or reject the use of cookies by simply clicking on the corresponding button. With the exception of the cookies that are mandatory for technical reasons for the smooth use of our site, the cookies are disabled. By clicking “Accept”, you consent to the use of ALL cookies.

Changes to the Data Privacy Policy

  1. We reserve the right to change this Data Privacy Policy with regards to the data processing, in order to adapt it to changed legal situations, to changes of the online service or of the data processing.

  2. If users’ consents are required or if elements of the Data Privacy Policy contain provisions in regards to the contractual relationship with the users, the changes will only be made with the consent of the users.

  3. Users are requested to keep themselves informed about the content of this Data Privacy Policy on a regular basis.

Version: January 2025