This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within our online offerings and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (collectively referred to as the "online offering"). For definitions of terms used, such as "processing" or "controller," we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Contact data (e.g., email addresses, phone numbers)
Content data (e.g., text entries, photographs, videos)
Usage data (e.g., visited websites, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)
Categories of Affected Persons
Visitors and users of the online offering (hereinafter collectively referred to as "users").
Purpose of Processing
Provision of the online offering, its functions, and content.
Responding to contact inquiries and communication with users.
Security measures.
Reach measurement/marketing.
Definitions of Key Terms
"Personal data" refers to any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified directly or indirectly, especially by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., a cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
"Processing" refers to any operation or set of operations performed on personal data, whether or not by automated means. This term is broad and encompasses almost any handling of data.
"Pseudonymization" refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is stored separately and subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
"Profiling" refers to any type of automated processing of personal data, which involves using personal data to evaluate certain personal aspects related to a natural person, particularly to analyze or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of the person.
"Controller" refers to the natural or legal person, authority, institution, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
"Processor" refers to a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
In accordance with Article 13 of the GDPR, we inform you of the legal bases for our data processing activities. If the legal basis is not stated in this privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR; the legal basis for processing to fulfill our services and perform contractual measures, as well as responding to inquiries, is Article 6(1)(b) of the GDPR; the legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR; and the legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR. If processing is necessary to protect vital interests of the data subject or another natural person, Article 6(1)(d) of the GDPR serves as the legal basis.
Security Measures
We take appropriate technical and organizational measures in accordance with Article 32 of the GDPR, considering the state of the art, the implementation costs, the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data through control of physical access to data, as well as access, input, transmission, securing availability, and separation of data. We have also established procedures that ensure the exercise of data subject rights, the deletion of data, and a response to data threats. Furthermore, we take privacy protection into account during the development or selection of hardware, software, and procedures, in line with the principle of privacy by design and by default (Article 25 of the GDPR).
Collaboration with Processors and Third Parties
If we disclose data to other persons or companies (processors or third parties), transmit data to them, or otherwise grant them access to the data within the scope of our processing, this will only occur on the basis of a legal authorization (e.g., if data is transmitted to third parties, such as payment service providers, according to Art. 6 Para. 1 lit. b GDPR for contract fulfillment), you have consented, a legal obligation requires it, or based on our legitimate interests (e.g., when using contractors, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called "data processing agreement," this is done according to Art. 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs when using third-party services or disclosing or transmitting data to third parties, this will only be done if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we will process or allow the processing of data in a third country only when the special conditions of Articles 44 et seq. GDPR are met. This means that the processing takes place, for example, on the basis of special guarantees, such as the official recognition of an adequate level of data protection (e.g., for the USA through the "Privacy Shield") or the adherence to officially recognized specific contractual obligations (so-called "Standard Contractual Clauses").
Rights of the Data Subject
You have the right to request confirmation as to whether data concerning you is being processed, and to request access to this data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of your data or the rectification of inaccurate data concerning you.
In accordance with Art. 17 GDPR, you have the right to request the immediate deletion of data concerning you, or alternatively, you have the right to request a restriction of data processing according to Art. 18 GDPR.
You have the right to request that the data you have provided to us be handed over to you in accordance with Art. 20 GDPR and to request its transmission to other controllers.
You also have the right to lodge a complaint with the competent supervisory authority according to Art. 77 GDPR.
Right to Withdraw Consent
You have the right to withdraw any consents you have given according to Art. 7 Para. 3 GDPR with effect for the future.
Right to Object
You can object to the future processing of data concerning you at any time according to Art. 21 GDPR. The objection can particularly be made against the processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
"Cookies" are small files that are stored on the user's computer. Within the cookies, different information can be stored. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies," are cookies that are deleted after a user leaves an online offer and closes their browser. For example, the contents of a shopping cart in an online store or a login status can be stored in such a cookie. "Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, a login status can be saved if users visit the site after several days. In such a cookie, user interests can also be stored for reach measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller who operates the online offer (otherwise, if they are only their own cookies, they are called "first-party cookies").
We may use temporary and permanent cookies and provide information about this in our privacy policy.
If users do not want cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to restrictions in the functionality of this online offer.
A general objection to the use of cookies for online marketing purposes can be made to a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the browser settings. Please note that not all features of this online offer may be available in that case.
Deletion of Data
The data we process will be deleted or restricted in its processing according to Art. 17 and 18 GDPR. Unless explicitly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and there are no legal retention periods preventing deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons.
According to legal requirements in Germany, storage occurs, in particular, for 10 years according to §§ 147 Para. 1 AO, 257 Para. 1 Nos. 1 and 4, Para. 4 HGB (books, records, management reports, booking receipts, commercial books, taxation-relevant documents, etc.) and 6 years according to § 257 Para. 1 Nos. 2 and 3, Para. 4 HGB (commercial correspondence).
According to legal requirements in Austria, storage occurs, in particular, for 7 years according to § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, records, business papers, income and expenditure statements, etc.), for 22 years in connection with real estate, and for 10 years for documents in connection with electronically provided services, telecommunications, broadcasting, and television services provided to non-entrepreneurs in EU member states and for which the Mini One Stop Shop (MOSS) is used.
We process data as part of administrative tasks, as well as the organization of our operations, financial accounting, and compliance with legal obligations such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The legal bases are Art. 6 Para. 1 lit. c GDPR, Art. 6 Para. 1 lit. f GDPR. Affected persons include customers, prospects, business partners, and website visitors. The purpose and our legitimate interest in processing is administration, financial accounting, office organization, and archiving of data, tasks that serve the maintenance of our business activities, the performance of our tasks, and the provision of our services. The deletion of data concerning contractual services and communication will be handled as described in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors, and other fee-collecting entities and payment service providers.
Furthermore, we store information about suppliers, event organizers, and other business partners based on our economic interests, for example, for later contact. These mainly company-related data are generally stored permanently.
Business Analyses and Market Research
In order to operate our business economically, recognize market trends, and understand the needs of contractual partners and users, we analyze the data available to us regarding business transactions, contracts, inquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, and metadata based on Art. 6 Para. 1 lit. f GDPR, whereby the affected persons include contractual partners, prospects, customers, visitors, and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing, and market research. In doing so, we may consider the profiles of registered users with information, for example, about the services they have used. The analyses serve to improve user-friendliness, optimize our offer, and improve business efficiency. The analyses are solely for our own use and are not disclosed externally, unless they are anonymous analyses with summarized values.
In the event that these analyses or profiles are personal data, they will be deleted or anonymized upon the termination of the user’s relationship or, in any case, two years after the conclusion of the contract. Otherwise, overall business analyses and general trend determinations will be anonymized wherever possible.
Privacy Notice in the Application Process
We process applicant data solely for the purpose and within the scope of the application process in accordance with legal requirements. The processing of applicant data takes place to fulfill our (pre)contractual obligations in the course of the application process under Art. 6 Para. 1 lit. b GDPR
Privacy Notice in the Application Process
We process applicant data solely for the purpose and within the framework of the application process in accordance with legal requirements. The processing of applicant data is carried out to fulfill our (pre-)contractual obligations within the application process as per Art. 6 Para. 1 lit. b GDPR, and Art. 6 Para. 1 lit. f GDPR, if, for example, data processing becomes necessary for legal proceedings (in Germany, § 26 BDSG also applies).
The application process requires that applicants provide us with their data. The necessary applicant data are marked, if we offer an online form; otherwise, it can be derived from the job descriptions. In general, these include personal details, postal and contact addresses, and the application documents, such as cover letters, CVs, and certificates. Additionally, applicants may voluntarily provide us with further information.
By submitting the application to us, applicants consent to the processing of their data for the purposes of the application process, as outlined in this privacy statement, including the scope and method of processing.
If, in the course of the application process, applicants voluntarily provide special categories of personal data as defined by Art. 9 Para. 1 GDPR (e.g., health data, such as disability status or ethnic origin), this data will be processed in accordance with Art. 9 Para. 2 lit. b GDPR. If, during the application process, special categories of personal data are requested from applicants (e.g., health data when necessary for the performance of the job), processing will take place additionally in accordance with Art. 9 Para. 2 lit. a GDPR.
If available, applicants can submit their applications through an online form on our website. The data will be transmitted to us securely using current encryption technologies. Additionally, applicants can send their applications via email. However, we note that emails are generally not encrypted, and applicants must ensure encryption themselves. We cannot take responsibility for the transmission path of the application between the sender and its reception on our server and, therefore, recommend using the online form or postal submission. In addition to submitting via the online form or email, applicants still have the option to send their applications via postal mail.
The data provided by applicants may be further processed for the purpose of employment if the application is successful. Otherwise, if the application is unsuccessful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
The deletion will occur, subject to a legitimate objection by the applicants, after a period of six months, so that we can answer any follow-up questions regarding the application and fulfill our obligations under the Equal Treatment Act. Any invoices for travel expense reimbursements will be archived according to tax regulations.
Comments and Contributions
If users leave comments or other contributions, their IP addresses may be stored for 7 days based on our legitimate interests under Art. 6 Para. 1 lit. f GDPR. This is done for our security in case someone leaves unlawful content in comments or contributions (e.g., insults, forbidden political propaganda, etc.). In this case, we may be held liable for the comment or contribution and, therefore, are interested in the identity of the author.
Furthermore, we reserve the right to process user information for spam detection based on our legitimate interests under Art. 6 Para. 1 lit. f GDPR.
On the same legal basis, we reserve the right to store users' IP addresses and use cookies in case of surveys to prevent multiple votes.
The data provided in comments and contributions will be stored permanently by us until the users object.
Contacting Us
When contacting us (e.g., via contact form, email, phone, or social media), the user's details will be processed for the purpose of processing and responding to the contact request in accordance with Art. 6 Para. 1 lit. b GDPR (in the context of contractual/pre-contractual relationships), Art. 6 Para. 1 lit. f GDPR (other inquiries). The user's details may be stored in a Customer Relationship Management system ("CRM system") or similar inquiry organization.
We delete inquiries as soon as they are no longer required. We review the necessity every two years. Furthermore, the legal retention obligations apply.
Online Presence on Social Media
We maintain online presences on social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services.
We point out that user data may be processed outside the European Union. This can lead to risks for users, as the enforcement of user rights might be more difficult. Regarding US providers that are Privacy Shield certified, we point out that they are committed to complying with EU data protection standards.
Furthermore, user data is typically processed for market research and advertising purposes. For example, usage behavior and resulting interests can be used to create user profiles. These profiles can then be used to display ads within and outside the platforms that likely match the users' interests. To achieve these purposes, cookies are usually stored on users' devices to store usage behavior and interests. In some cases, data in the user profiles may also be stored regardless of the devices used by the users (especially if the users are members of the respective platforms and logged in).
The processing of personal data of users is based on our legitimate interest in effective information and communication with users under Art. 6 Para. 1 lit. f GDPR. If users are asked for consent to data processing by the respective providers (i.e., their consent is expressed by ticking a checkbox or confirming a button), the legal basis for processing is Art. 6 Para. 1 lit. a, Art. 7 GDPR.
For detailed information on the respective processing and opt-out options, we refer to the following links to the providers' privacy statements.
Within our online offering, we use third-party content or services based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering in accordance with Art. 6 Para. 1 lit. f GDPR) to integrate content and services such as videos or fonts (hereafter collectively referred to as "content").
This always requires that the third-party providers of this content perceive the user's IP address, as they could not send the content to the user's browser without the IP address. Therefore, the IP address is necessary for the display of this content. We make sure to only use content where the respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' devices, including technical information about the browser and operating system, referring websites, visit times, and other data regarding the use of our online offering, and may be connected with such information from other sources.
We embed maps from the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include IP addresses and location data of the users, but these are only collected with their consent (usually through the settings of their mobile devices). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
Meinungsmeister
The controller of data processing has integrated the Meinungsmeister widget on this website. The Meinungsmeister widget provides visitors with information regarding the reputation of the operator of the website. Through the Meinungsmeister widget, visitors can click through to a reputation page at www.meinungsmeister.de, where further details can be accessed.
The operator of the Meinungsmeister widget is GoLocal GmbH & Co. KG, Landsberger Str 94, 80339 Munich, Germany.
GoLocal places a session cookie on the visitor’s information technology system. As explained earlier, cookies are used. The session cookie disappears once the website is left. Each time one of the individual pages of this website, operated by the controller, on which the Meinungsmeister widget is integrated, is accessed, the web browser on the affected user's information technology system is automatically prompted for technical reasons to transmit the IP address and the date of the request. This data is deleted after 7 days. The applicable privacy policy of Meinungsmeister can be found at: https://www.meinungsmeister.de/datenschutz/.
Diese Website verwendet Cookies und personenbezogene Daten können verarbeitet werden. Weitere Informationen über die Verwendung Ihrer Daten finden Sie in unserer Datenschutzerklärung.OK