Privacy policy

1. General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, so-called personal data, when using our website is important to us.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your telephone number, your email address, but also your IP address.

Data that cannot be linked to your person, such as anonymized data, is not personal data. Processing (e.g. collection, storage, retrieval, consultation, use, transmission, erasure or destruction) in accordance with Art. 4 No. 2 GDPR always requires your consent or another legal basis.

Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any statutory retention obligations to be complied with.

Here you will find information on how we handle your personal data when you visit our website. In order to provide the functions and services of our website, it is necessary for us to collect personal data about you.

Below you will also find information on the type and scope of the respective data processing, the purpose and the corresponding legal basis as well as the respective storage period.

This privacy policy applies only to this website. It does not apply to websites of third parties to which we merely refer via a hyperlink. We cannot accept any responsibility for the confidential handling of your personal data on these third-party websites, as we have no influence on whether they comply with the statutory data protection regulations. For information on how third parties handle your personal data, please refer directly to their websites.

2. Responsible body

Responsible for the processing of personal data on this website is (see imprint):

SMB Cybersecurity GmbH
Freiherr-vom-Stein Str. 7B
57223 Kreuztal
Tel: +49 2732 7652 088

3. Data Protection Officer

You can also contact our data protection officer at any time if you have any questions about data protection:

comdatis it-consulting GmbH & Co KG
Deventer Weg 8
48683 Ahaus-Alstätte
info@comdatis.de

4. Hosting & Content Delivery Networks (CDN)

Our website is hosted by an external service provider. The personal data collected as part of the website is stored on the hoster’s servers. This includes IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data that may be collected when using the website. 

External hosting is provided: 

• To fulfill contractual obligations towards potential and existing customers (Art. 6 para. 1 lit. b GDPR).
• In the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
• On the basis of your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG), if this is required for the storage of cookies or access to end devices. Consent can be withdrawn at any time.

Our hoster processes personal data only to the extent necessary to fulfill its services and in accordance with our instructions. 

Our hoster: netcup GmbH
Daimlerstrasse 25
76185 Karlsruhe, Germany
Phone: +49 721 7540755–0
Fax: +49 721 7540755–9
E‑mail: mail@netcup.de 

We have concluded an order processing contract (AVV) with netcup GmbH. This contract ensures that netcup processes your personal data exclusively in accordance with our instructions and in compliance with the GDPR. 

What is netcup?

Netcup is a German provider of hosting services. We use the services of netcup GmbH to provide a reliable, fast and secure website. Netcup meets our high standards for professional web hosting, including IT and operational security. 

What data does netcup process? 

Netcup stores the following data when you visit our website: 

• Your IP address.
• Referrer URL (previously visited website).
• The website accessed (our website).
• Browser type and version.
• Operating system and device type.
• Date and time of access.

This data is used to improve security, for error analysis and for anonymous statistical evaluation. 

Storage period and deletion of data

The data collected is stored in log files. These are stored on netcup’s servers for 14 days and then automatically deleted if they are no longer required for the original purposes. In exceptional cases, data may be stored for longer, e.g. to defend against or enforce claims. 

Your rights 

You have the right to at any time: 

• - Information about the stored data.
• - Correction, deletion or restriction of the processing of your data.
• - Revocation of your consent to data processing.

Legal basis 

Our use of netcup is based on our legitimate interest in providing a reliable and secure online service (Art. 6 para. 1 lit. f GDPR). Further information on data processing by netcup can be found in the provider’s privacy policy: [netcup privacy policy] https://www.netcup.com/de/kontakt/datenschutzerklaerung

5. Provision and use of the website / server log files

Type and scope of data processing

If you use this website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data in the form of log data (so-called log files), which are automatically transmitted to our server by your terminal device, e.g:

• IP address
• Date and time of the request
• URL of the retrieved subpage
• URL of the page from which you were redirected to our site (so-called referrer URL)
• Access status/HTTP status code
• Type, language and version of the browser software
• Operating system

Purpose and legal basis of data processing

This processing is technically necessary in order to display our website to you. We also use the data to ensure the security and stability of our website.

The legal basis for processing is Art. 6 para. 1 lit. f) GDPR. The processing of the aforementioned data is necessary for the provision of a website and thus serves to safeguard a legitimate interest of our company.

Storage duration

As soon as the aforementioned personal data is no longer required to display the website, it will be deleted. This is the case no later than seven days after visiting our website. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object to this aspect. Further storage may take place in individual cases if this is required by law.

6. Data collection for the implementation of pre-contractual measures and for the fulfillment of a contract concluded with you

Type and scope of data processing

We collect personal data about you in the pre-contractual area and when the contract is concluded. This concerns, for example, first and last name, address, e‑mail address or telephone number.

Purpose and legal basis of data processing

We collect and process this data exclusively for the purpose of implementing a contract concluded with you or to fulfill pre-contractual obligations.

The legal basis for this is Art. 6 para. 1 lit. b) GDPR. If you have also given your consent, the additional legal basis is Art. 6 para. 1 lit. a) GDPR.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose of its processing. In addition, there may be statutory retention obligations of up to 10 years, for example retention obligations under commercial or tax law in accordance with the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention obligations exist, we will block or delete your data when these statutory retention periods expire.

7. Audio and video conferencing

Data processing

We use online conferencing tools, among others, to communicate with our customers. The individual tools we use are listed below. If you communicate with us by video or audio conference via the internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (e‑mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Handling applicant data

We offer you the opportunity to apply to us (e.g. by e‑mail, post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and — if you have given your consent — Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6‑month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving your consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.

8. Contact form

Type and scope of data processing

On our website, we give you the opportunity to contact us using a form provided. As part of the process of sending your inquiry via the contact form, reference is made to this privacy policy to obtain your consent.

If you make use of the contact form, the following personal data may be processed by you:

• First name
• Last name
• The company
• Address
• E‑mail address
• Phone number
• Subject
• Content of the message

When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis

The purpose of providing your contact details is to be able to respond to your request.

The legal basis for the processing is your consent in accordance with Art. 6 (1) (a) GDPR, which you can revoke at any time for the future.

Storage duration

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request).

Mandatory statutory provisions — in particular retention periods under the German Commercial Code (HGB) or the German Fiscal Code (AO) — remain unaffected by this.

9. Contact by e‑mail

Type and scope of data processing

You can contact us by e‑mail. Our data collection is limited to the e‑mail address of the e‑mail account you use to contact us, the metadata (time stamp, other recipients) and any personal data you provide when contacting us.

Please note that e‑mails are always sent unencrypted and therefore it cannot be ruled out that third parties may gain knowledge of them. You can also contact us by post at any time.

Purpose and legal basis

The purpose of data processing is to respond to your request appropriately. The legal basis for this is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in processing the above-mentioned personal data to process your request.

Storage duration

The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted regularly if the purpose of the communication no longer applies and storage is no longer required due to statutory retention obligations. This may result, for example, from the processing of your request.

10. Newsletter

Type and scope of data processing

You can subscribe to a free regular e‑mail newsletter on our website. In order to be able to send you the newsletter regularly, we need your e‑mail address.

Your data will be forwarded to our newsletter service provider in connection with the newsletter dispatch. Your data will not be passed on to third parties beyond this.

We use the so-called double opt-in procedure for sending newsletters. This means that we will only send you an e‑mail newsletter if you have expressly confirmed to us that you agree to receive the newsletter. For this purpose, we will send you a confirmation e‑mail in which you will be asked to confirm that you wish to receive newsletters from us in future by clicking on a corresponding link.

This is to ensure that only you as the owner of the specified e‑mail address can register for the newsletter. Your confirmation must be made promptly after receipt of the confirmation e‑mail, otherwise your newsletter registration will be automatically deleted from our database.

When you subscribe to the newsletter, we collect and store the data you enter in the newsletter form (e.g. surname, first name, e‑mail address).

When you register for the newsletter, we also store your IP address assigned by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e‑mail address at a later date. For the confirmation e‑mail sent for control purposes (double opt-in), we also store the date and time of the click on the confirmation link and the IP address assigned by the Internet service provider (ISP).

Brevo (Sendinblue) is used as the newsletter software. Your data will be transmitted to Sendinblue GmbH. Brevo is prohibited from selling your data and using it for purposes other than sending newsletters. Brevo is a certified provider based in Berlin, which has been selected in accordance with the requirements of the Federal Data Protection Act. You can find further information at: https://www.brevo.com/de/legal/impressum/

Purpose and legal basis

The data collected by us when you register for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter.

The processing of your email address for the newsletter mailing is based on the declaration of consent voluntarily given by you and revocable at any time for the future in accordance with Art. 6 para. 1 lit. a) GDPR and § 7 para. 2 no. 3 UWG. In addition, the processing is based on our legitimate interest in documenting proof of the required consent in accordance with Art. 6 (1) (f) GDPR.

Storage duration

Your e‑mail address will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e‑mail address will be deleted unless you have consented to further use of your data or there is another legal basis for processing.

11. Use of cookies

We use cookies. Cookies are small files that are stored on your computer and saved by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, on the other hand, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our website again and transmit various information to us. We use cookies to facilitate and improve the use of our website. Among other things, cookies enable us to make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. Various types of cookies are used on our website, the nature and function of which we would like to explain below.

Temporary cookies / session cookies

Our website uses so-called temporary cookies or session cookies, which are automatically deleted as soon as you close your browser. With the help of this type of cookie, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your device when you visit the website at a later date. These session cookies expire at the end of the session.

Persistent cookies

So-called persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and can transmit information. The respective storage period differs depending on the cookie. You can delete permanent cookies yourself via your browser settings.

Legal basis and storage period

Due to the purposes described, the legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. GDPR. If you have given us your consent to the use of cookies on the basis of a notice (“cookie banner”) provided by us on the website, the legal basis is Art. 6 para. 1 lit. GDPR.

As soon as the data transmitted to us via the cookies is no longer required for the purposes described above, this information is deleted. Further storage may take place in individual cases if this is required by law.

Configuration of the browser settings

Most web browsers are preset to accept cookies automatically. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use all the functions of our website.

You can also use your browser settings to delete cookies already stored in your browser. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the corresponding configuration options.

Deactivating the use of cookies may require the storage of a permanent cookie on your computer. If you delete this cookie, you will need to set it again for it to take effect again.

Further information on configuring the cookie settings in the respective browsers can be found at:

• Internet Explorer
• Edge
• Safari
• Chrome
• Firefox
• Opera

Cookie categories

We use the following categories of cookies:

1. Necessary cookies

Necessary cookies ensure functions without which our website cannot be used as intended. These strictly necessary cookies are used, for example, to ensure that logged-in users remain logged in at all times when accessing various subpages. These are so-called first-party cookies, which are only set and used by us. These cookies do not require consent. You can deactivate cookies in your browser at any time.

2. Functional cookies

With the help of functional cookies, we can also extend the functionality of our site to show you additional useful information or to optimize the presentation of our site. The data collected using such cookies may vary depending on the purpose of the cookie and is listed directly with the respective tool used.

3. Statistics cookies

Statistics cookies can be used to collect information about the use of a website in order to improve its attractiveness, content and functionality. This concerns, for example, the time spent on the page, the sub-pages accessed and the functions used (click behavior).

4. Marketing cookies

Marketing cookies can be used to display interest-based advertising to website visitors and to measure the effectiveness of advertising campaigns. With the help of these cookies, visitors can be recognized on other websites and shown personalized ads there.

12. Google Analytics

Type and scope of data processing

We use the tracking tool Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E‑Mail: support-deutschland@google.com (“Google”) on our website.

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

On behalf of the operator of this website, Google will use this information to systematically evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

If individual pages of our website are accessed, the following data is stored:

• Three bytes of the IP address of the user’s accessing system (anonymized IP address)
• The website called up
• The website from which the user accessed the page on our website (referral URL)
• The subpages that are accessed from the page accessed
• The time spent on the website
• The frequency of visits to the website

We use Google Analytics with activated IP anonymization. This means that the IP addresses are shortened by the last octet (e.g. 192.168.79.***; so-called IP masking). It is no longer possible to assign the shortened IP address to the calling computer or end device of the user.

Purpose and legal basis of data processing

The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a) GDPR.

Storage duration

We delete the stored data as soon as it is no longer required for our recording purposes. In our case, the maximum storage period is 14 months.

Right of objection

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Further information on the terms of use of Google Analytics: www.google.com/analytics/terms/de.html

Further information on data protection by Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de

You can also change your consent at any time in the cookie settings [Change your consent].

Google Analytics deactivation link

If you click on the deactivation link (https://support.google.com/analytics/answer/181881?hl=de), you can prevent Google from recording further visits to this website. Please note: Deleting cookies, using the incognito/private mode of your browser or using a different browser will result in data being collected again.

13. Google Tag Manager

The Google Tag Manager from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is integrated on our website. 

What is the Google Tag Manager?

Google Tag Manager is a management tool that allows you to manage various website tags centrally and via a user interface. Tags are small sections of code that track your activities on our website, for example. These tags can come from Google services such as Google Ads or Google Analytics, but also from other providers. 

These tags can be used to implement various functions, such as 

• Collection of browser data,
• Support for marketing tools,
• Integration of buttons,
• Setting of cookies,
• Tracking user activity across multiple websites.

Why do we use Google Tag Manager?

In order to make our website as user-friendly and informative as possible for you, we use various tracking tools, including Google Analytics. The data collected helps us to find out: 

• which content our users are particularly interested in,
• how we can improve our offering,
• which target groups we should address.

The Google Tag Manager makes it easier for us to manage the necessary JavaScript codes.

Storage and processing of data 

The Google Tag Manager itself does not set any cookies and does not store any personal data. It only serves as a management tool for the implemented tags. The data is collected and processed by the respective tags of the tracking tools, which are managed via the Tag Manager. 

Storage and deletion of data 

The Google Tag Manager itself does not store any personal data, but only manages the tags used. Detailed information on the storage and deletion of data can be found in the privacy policies of the individual tracking tools, which we have listed separately in our website privacy policy.

Where and for how long is the data stored? 

Data collected by the integrated tracking tools is stored on the servers of the respective services. A list of Google server locations can be found at: [Google data centers] (https://www.google.com/about/datacenters/inside/locations/?hl=de). 

Data transmission and data protection 

Google is a participant in the **EU‑U.S. Data Privacy Framework**, which guarantees secure and legally compliant data transfer. Further information on this data protection agreement can be found on the official website: [EU‑U.S. Data Privacy Framework](https://www.dataprivacyframework.gov/). 

14. Lead Forensics

Type and scope of data processing

We use Lead Forensics, a lead generation software, on our website. The service provider is the British company Lead Forensics 4 Old Park Lane, Mayfair, London, United Kingdom. You can find out more about the data processed through the use of Lead Forensics in the privacy policy at https://www.leadforensics.com/cookie-policy/

Purpose and legal basis

For marketing and optimization purposes, this website uses products and services from LeadForensics (Communication House, 26 York Street, London, W1U 6PZ, United Kingdom). Lead Forensics determines the actual history of your visit to this website, including all the pages you have visited and viewed and how long you have spent on this page.

If IP addresses are collected, they are anonymized immediately after collection. On behalf of the operator of this website, Lead Forensics will use the information collected to evaluate your visit to the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. Further information on data protection can be found at https://www.leadforensics.com/privacy-andcookies/.

Insofar as we process personal data in this context, we do so on the basis of our legitimate interests in improving the design of our website. The legal basis is the protection of legitimate interests in accordance with Art. 6 (1) (f) GDPR. You can object to data processing at any time with effect for the future by clicking on the following link: https://optout.leadforensics.com/?clientID=791715.

We ourselves do not store any of this information, which is necessary for contacting the persons concerned in a business environment.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

15. System fonts 

This site uses so-called system fonts, such as Helvetica, Arial, etc., for the uniform display of fonts.

16. Social Media

We link to our presence in social networks on this website. For this purpose, we have linked a graphic of the respective network.

No data is transferred to the operators of the social networks when you load our website, but only when you actively follow the link to our profile on the respective social network.

When you visit our profile page on a social network, the operator of the social network may place cookies on your device, regardless of whether you have an account with the network or are logged in to it. Cookies are data packets that mark the user’s end device with a specific identifier. Cookies are primarily used to display personalized advertising to visitors to social networks, including our profile pages.

This is done, for example, by displaying advertisements from advertising partners of the social network whose websites the user has previously visited on the pages of the social network. Cookies also enable us to compile statistics on the use of our profile page (e.g. number of page views, user categories). If we receive such statistical analyses from the operator of the social network, the data is anonymized by the operator beforehand, i.e. it is not possible for us to assign usage data to an individual user. However, if you are logged in to the social network, the operator of the social network may be able to assign the visit to our profile on the social network to your existing account there.

At least the following data is processed by the respective social network:

• IP address
• Date, time
• Visited page in the social network

Depending on the operator, other categories of data may also be processed, e.g:

• Referral URL (page from which the user has reached a subpage of the social network)
• URL of the internal and external pages accessed from the social network
• End device of the user (desktop, smartphone, tablet)
• Language settings of the user
• Region of the user

If you are logged into your user account of the respective network during this time, the network operator may be able to assign the information collected from the specific visit to your personal account.

If you interact via a “Share” button of the respective network, this information can also be stored in the user’s personal user account and published if necessary. If you want to prevent the information collected from being directly assigned to your user account, you must log out of the respective social network before clicking on the graphic.

You can also configure the respective user account accordingly.

We have no influence on which data is collected and transmitted by the operator of the social network, to which third party recipients the data is transmitted by the operator of the social network and how long the data is stored by the operator of the social network. Please refer to the privacy policy of the respective social network.

The purpose of processing your data on our profile page on the respective social network is to provide information about our offers and services and to respond to any inquiries on our profile page. The legal basis for the processing is Art. 6 para. 1 f) GDPR. In this respect, public relations work is covered by our legitimate interests within the meaning of the provision. The legal basis for the use of social plugins such as “Share” buttons is your consent in accordance with Art. 6 (1) a) GDPR.

You are not obliged to provide us with your data on our profile pages on social networks. If you do not want the operators of the social networks to collect data from you on our profile pages, you can prevent this by not visiting our profile pages. We delete private messages that you send us via social networks within one year of the last communication with you. We will always keep your public posts published permanently until you expressly request their deletion.

Data may be collected in the context of competitions in order to process them. Details on this, such as which data is collected and for what purpose, can be found in the data protection information and conditions of participation for the respective competition.

We reserve the right to delete illegal content published by users on our profile page on the respective social network, e.g. copyright infringements or statements relevant under criminal law. In addition, we store usernames and comments that are deleted due to a breach of netiquette. These are only retained for the purpose of providing any necessary evidence in the event of legal disputes within the limitation period.

According to the case law of the European Court of Justice, we are jointly responsible with the operator of the respective social network for the operation of our profile page with regard to compliance with data protection regulations. In this context, the operator of the social network provides the associated IT infrastructure and the website of the social network and is generally the primary point of contact when it comes to the processing of your data on the pages of the social network (e.g. information or deletion). With regard to data processing on social networks, we therefore recommend that you contact the respective social network directly with requests for information or other questions about user rights, such as a deletion request, as only the operators of the social networks have full access to your user data. If you no longer wish the data processing described here to take place in future, you can remove the link between your user profile and our site by using the “I no longer like this page” and/or “No longer subscribe to this page” functions. However, you can also assert your legal rights against us.

Further information on data protection can be found in our privacy policy.

You can find us in (various) social media with our own presence. We would like to provide you with a wide range of multimedia content and exchange information with you on topics that are important to you. We link to the following social networks on our website:

LinkedIn
On our LinkedIn page, we inform you about career opportunities with us and you can contact us directly. Personal user data is processed by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

We use the analytics functions provided by LinkedIn to optimize the performance of our LinkedIn page. LinkedIn provides us with a statically prepared — i.e. anonymized — compilation of certain data. This includes the following data categories, among others Conversions (achievement of certain targets such as registrations for events, leads), user actions (e.g. clicks, views of certain ads) and target groups (e.g. professional position, industry). It is not possible for us to draw conclusions about individual users or access individual user profiles.

You can find more information about LinkedIn’s analytics functions at:

https://business.linkedin.com/de-de/marketing-solutions/reporting-analytics

We can also search for suitable candidates for vacant positions based on certain characteristics (e.g. current position, skills, professional experience, salary expectations). In this way, we can be shown specific LinkedIn profiles that we can contact directly.

You can find LinkedIn’s privacy policy at:

https://www.linkedin.com/legal/privacy-policy

17. Plugins & Tools

TranslatePress

Functions of the translation service TranslatePress are integrated on this website. The provider is TranslatePres, SC Reflection Media SRL, Romania, Timis County, Timisoara City, Str. Armoniei, nr 23A, Ap. 46. VAT: RO24728894, J35/3982/2008. TranslatePress is loaded when you access the website so that you can change the language to a language other than German using the language icon at the bottom of the website. This allows a direct connection to be established between your browser and the TranslatePress server when you visit this website. TranslatePress then receives the information that you have visited this website with your IP address. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. A corresponding consent is requested via the cookie and data protection settings of the website. The processing is then carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time via the data protection settings at the bottom of each subpage. Further information on this can be found in the TranslatePress privacy policy: https://translatepress.com/privacy-policy/

18. Data transmission

We only pass on your personal data to third parties if:

• you have given your express consent for this in individual cases in accordance with Art. 6 para. 1 lit. a) GDPR;
• this is legally permissible and required under Art. 6 para. 1 lit. b) GDPR for the fulfillment of a contractual relationship with you or the implementation of pre-contractual measures (e.g. to payment, shipping, delivery or collection service providers);
• there is a legal obligation to pass on data in accordance with Art. 6 para. 1 lit. c) GDPR (e.g. to authorities, social security institutions, health insurance funds, supervisory authorities and law enforcement authorities);
• the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is necessary to safeguard legitimate company interests, as well as for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data (e.g. to debt collection service providers);
• we use external service providers (so-called processors) for processing in accordance with Art. 28 GDPR, who process data in accordance with our instructions and are obliged to handle your data carefully (e.g. in the areas of IT or marketing).

When transferring data to external bodies in third countries, i.e. outside the European Union (EU) or the contracting states of the Agreement on the European Economic Area (EEA), we ensure that these bodies treat your personal data with the same care as within the EU or the EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees.

Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. To this end, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technological progress.

This includes the use of recognized encryption methods (SSL or TLS). However, data disclosed in unencrypted form, for example by unencrypted e‑mail, may be read by third parties. We have no influence over this. It is the responsibility of the user to protect the data provided by them against misuse by means of encryption or in any other way.

19. Changes to the privacy policy

We reserve the right to update this declaration at any time if necessary.

20. Your legal rights

Below you will find your legal rights in relation to your personal data. Details can be found in Articles 7, 15–22 and 77 GDPR. You can also contact us as the controller (section 2) or our data protection officer (section 3) in this regard.

Right to withdraw your consent under data protection law in accordance with Art. 7 para. 3 sentence 1 GDPR

You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the legality of the processing carried out up to the time of revocation.

Right to information in accordance with Art. 15 GDPR

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

Right to rectification and completion in accordance with Art. 16 GDPR

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR

You have the right to erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.

Right to restriction of processing pursuant to Art. 18 GDPR

You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.

Right to data portability pursuant to Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.

Right to object pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you.

In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Automated decision-making in individual cases including profiling in accordance with Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, except in the exceptional circumstances mentioned in Art. 22 GDPR. A decision based solely on automated processing — including profiling — does not take place.

Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you are of the opinion that the data processing does not comply with data protection regulations.