Data protection

Data protection and protecting your personal rights are of great importance to us. On this page we would like to inform you about what data we process and for what purposes. If you have any questions or suggestions about the privacy policy, please feel free to contact us.

1. Foreword and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

  • Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  • The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
  • The data subject within the meaning of data protection law is any natural person whose personal data is processed.
  • Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Article 4 of the GDPR (definitions).

2. Responsibility

In the corporate group the We are Family group of companies (hereinafter WAF or WAF Group), personal data is processed within the framework of the shared use of systems, in particular when providing our online presence , within the framework of joint responsibility within the meaning of Art. 26 GDPR.

Joint responsible parties are

WE ARE FAMILY EUROPE LLP (UK)
Holly Bank, Grove Lane, Chalfont St Peter 
Buckinghamshire, SL9 9JD
United Kingdom
Email Address: hellouk@we-are-family.net

WE ARE FAMILY GLOBAL S.A. SUCURSAL EN ESPAÑA 
Calle de Don Ramón de la Cruz 38 
28001 Madrid
Spain 
Email Address: hola@we-are-family.com

WE ARE FAMILY Italy fa parte di IAKI S.R.L.
Via Panzeri, 10 
20123 Milano 
Italy
Email Address: helloit@we-are-family.com

WE ARE FAMILY CANADA part of Kidzsmart Communications Inc.
2855 Arbutus St #102
Vancouver BC V6K 2S2
Canada
Email Address: hello-canada@we-are-family.com

WE ARE FAMILY GMBH & CO. KG (DACH Region) 
Epplestraße 225 
70567 Stuttgart
Germany 
Email Address:info@we-are-family.de

WE ARE FAMILY INTERNATIONAL HEADQUARTER
WE ARE FAMILY GLOBAL S.A. 
1 rue des Capucines 
L-8043 Strassen 
Luxembourg 
Email Address: maja@we-are-family.com

WE ARE FAMILY FRANCE - une marque de MUTT Agency
117 rue Jean Jaurès
92300 Levallois-Perret
France
Email Address: hello-france@we-are-family.com 

Contact us if you have any questions or assert your rights
If you have any questions or would like to assert your rights, please contact the We Are Family company in your region or We Are Family Global Ventures KG.

Data protection inquiries from the WAF Group should be directed to the global data protection officer:
Email address: privacy@we-are-family.com

3. A brief overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security on our website 
Our website is provided with an SSL / TLS certificate, which is used to encrypt data transfer processes. This happens, for example, if you send us a message via a form. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.

Data that you transmit to us 
On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Automatic server log files 
On the other hand, our server automatically records all accesses and thus also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Use of cookies 
Cookies help us to provide various services; further information can be found in this data protection declaration.

Analysis and tracking tools 
In addition to the pure server log files, which also provide us with information about page views, we use analysis and tracking tools. These tools give us detailed insights into the content visited on our site, the flow of behavior and, for example, the country from which access took place. We can also use these services to optimize our advertising measures and measure their success. In order for such services to work, cookies must be set for site visitors or scripts must be executed.

Plugins and content delivery networks 
We sometimes use plugins and content delivery networks; well-known examples of such services would be the YouTube video service or the Google Maps map service. If such services are integrated via a website, access data is transmitted to the services. Typically this is your IP address and other metadata, such as time and date of access. As a rule, this is provided by setting cookies.

Newsletter / direct marketing

  1. Direct marketing to existing customers in the legitimate interest: We reserve the right to send our customers newsletters on the basis of Section 7 Paragraph 3 UWG and Article 6 Paragraph 1 Letter f of the GDPR. You can of course object to receiving direct marketing information at any time.
  2. Direct marketing based on your consent: If you give us your consent, we will send you newsletters until you revoke it. You can revoke your consent to us at any time with future effect.

Other data recipients

  1. In the corporate group: In the corporate group, we pass on data to affiliated companies as part of the sharing of resources. This is done on the basis of our legitimate interests within the framework of shared responsibility.
  2. Use of processors: We use processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting or printing services. They process personal data for us according to our instructions.
  3. Use of non-specialist services: If necessary (for example to execute the contract), we pass on your data to, for example, banks, shipping service providers, our tax advisor or lawyer.
  4. Legal obligations: In certain cases we are obliged to make a report to the responsible authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we must pass on certain data, for example, to tax authorities.
  5. Investigation of crimes: If it is necessary to investigate a crime, we pass on data to the law enforcement authorities.

General information on deletion periods of personal data 
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; we are also obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country 
We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for Data Processing Agreement in accordance with Article 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.

Obligation to provide personal data
You are free to decide whether you provide personal data on our website for specific purposes. If you want to make a purchase in our online shop, the legal transaction can only be carried out by providing personal data.
 

4. Legal basis for processing personal data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent given (Art. 6 Para. 1 lit. a GDPR) 
Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

Contract-related data processing (Art. 6 Para. 1 lit. b GDPR) 
The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

Legal obligation (Art. 6 Para. 1 lit. c GDPR) 
The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

Legitimate interests (Art. 6 Para. 1 lit. f GDPR) 
The processing of personal data on the basis of a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject.

5. Your rights under the General Data Protection Regulation

Every natural person is entitled to certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us.

Right to revoke your consent in accordance with Art. 7 GDPR 
You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG) 
You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR 
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG) 
You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
  • If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability according to Art. 20 GDPR 
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR 
If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 Para. 1 GDPR). 
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG 
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External hosting

This website is hosted externally. The personal data collected on this website is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR).

Our host(s) will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following hoster in the corporate group: 
The provider is Amazon Web Services EMEA SARL 
38 Avenue John F. Kennedy 
1855 Luxembourg (hereinafter AWS).

When you visit our website, your personal data will be processed on AWS servers. Personal data may also be transmitted to the parent company of AWS in the USA. Data transfer to the USA is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

Data Processing Agreement
We have concluded a Data Processing Agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Automatic server log files

Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).
In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.

  • Date and time of retrieval
  • Information about the browser type and version browser used
  • Information about the operating system used
  • Device (client)
  • Referrer URL (which page you used to land on our website)
  • Hyperlinks accessed

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.
 

8. Use of cookies

Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies). stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

You can find out which cookies and services are used on this website in this data protection declaration.

Use of Cookiebot Cookie Consent Manager 
Our website uses Cookiebot 's consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “ Cookiebot ”).

Cookiebot 's servers to obtain your consent and other declarations regarding cookie use. Cookiebot then stores a cookie in your browser in order to be able to assign you the consent given or its revocation. The data collected in this way will be stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies . The legal basis for this is Article 6 Paragraph 1 Letter c GDPR.

Data Processing Agreement
We have concluded a Data Processing Agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

9. Data processing in the context of communication and contact

Message via contact form 
You have the option of sending us messages via contact form. We process the data that you entered into the data collection mask. Mandatory fields are marked and must be provided. The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered into the contact form is generally based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time in the future without giving us reasons. In addition, we process your data to initiate or execute contracts, for example if you ask us offer-related questions (Art. 6 Para. 1 lit. b GDPR).

We integrated our forms via Hubspot. Further information can be found on the topic of Hubspot CRM in this data protection declaration.

We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.

Communication by email 
If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Article 6 Paragraph 1 Letter b GDPR and Article 6 Paragraph 1 Letter f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

If it is a product or service-related message, we generally process your data on the basis of our legitimate interests in accordance with Article 6 (1) (b) GDPR.

We store your data until the purpose of processing is achieved. Statutory retention periods remain unaffected.

Communication by telephone or fax 
Even if you contact us by telephone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting us via email. Mail.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of data processing is achieved.

10. Direct Marketing

Direct marketing to existing customers in the legitimate interest 
We reserve the right to use the data collected as part of a purchase contract or service contract for direct advertising by email or post in accordance with Section 7 Paragraph 3 UWG if the customer does not object to this use or contradicted. Direct advertising only includes offers for similar products or services to the products or services the user has already purchased from us.

We use your data for up to three years after the last legal transaction for direct marketing purposes in our legitimate interest.

We have a legitimate, economic interest (Art. 6 Para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct advertising at any time. Direct your objection to the responsible body mentioned above. In each newsletter you will also find information on how you can raise your objection.

Direct marketing based on your consent (newsletter) 
You have the option to give us your consent to receive direct marketing content. If you give your consent (Art. 6 Para. 1 lit. a GDPR), for example to receive our email newsletter, we process your data for the purpose of direct marketing measures via email.

Since we are obliged to check the accuracy of the email address you provided when registering for the newsletter and want to ensure its accuracy, we use procedures that enable us to check the ownership of the email address. As a rule, this check is carried out using the double opt-in procedure. After registering, you will receive an email with a link that you must click to confirm. If the double opt-in procedure is not available due to temporary technical reasons, we will send you an email to which you can reply without text to confirm your identity.

You can revoke your consent at any time with future effect; you will find an “unsubscribe” link in every newsletter. Alternatively, you can send us an email with the subject “Unsubscribe from the newsletter”. We process your data until you revoke your consent. Statutory retention periods remain unaffected.

After you have been unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

Newsletter management with Hubsppot 
We use Hubspot to send newsletters. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA.

Data analysis by Hubspot 
With the help of Hubspot we are able to analyze our newsletter campaigns. So we can e.g. For example, you can see whether a newsletter message has been opened and which links, if any, have been clicked. In this way, we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). We can, for example, B. recognize whether you made a purchase after clicking on the newsletter.

11. Hubspot CRM

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).

Hubspot CRM allows us, among other things, to manage existing and potential customers as well as customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with potential customers or for marketing measures (e.g. newsletter mailings). With Hubspot CRM we are also able to record and analyze the user behavior of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in customer administration and customer communication being as efficient as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. B (e.g. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Hubspot 's privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000TN8pAAG&status=Active

Data Processing Agreement
We have concluded a Data Processing Agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

12. Audio and video conferencing

We use video conferencing tools to communicate with our customers.

Scope of processing of personal data
If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and Microsoft.

The conference tools collect all the data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is necessary to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it will also be stored on the tool provider's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis
Microsoft Teams is used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools will be used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage period
The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the providers listed below directly.

Services used

1. Microsoft Teams
We use Microsoft Teams. Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown , Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

Data Processing Agreement
We have concluded a Data Processing Agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

2. Zoom Communications
We use Zoom. Provider is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: https://explore.zoom.us/de/privacy/. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://explore.zoom.us/de/privacy/.

Data Processing Agreement
We have concluded a Data Processing Agreement for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
 

13. Webinars with ClickMeeting

We use the provider ClickMeeting for webinars. The provider is ClickMeeting Spółka z ograniczoną odpowiedzialnością with its registered office at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland, company no. (KRS): 0000604194, VAT ID no. (NIP): 5842747535. Details on data processing can be found in ClickMeeting 's privacy policy: clickmeeting.com/de/legal. We use ClickMeeting in our legitimate interest within the meaning of Art. 6 Para. 1lit. f GDPR, our interest lies in using a reliable webinar service within the European Union.

We have concluded a Data Processing Agreement with ClickMeeting. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Registration for webinars
You can register to participate in our webinars via our website. Registration takes place using a module from the provider ClickMeeting.
The mandatory fields required for registration are marked; in particular, you must provide a valid email address and a user name. After registering, you will receive email messages about the desired webinar. In this you will find, among other things, the link to the webinar.
The legal basis for registering for a webinar is Art. 6 Para. 1lit. b GDPR and, if obtained in individual cases, your consent within the meaning of Article 6 Paragraph 1 Letter a GDPR.

Data processing when participating in a webinar
Please note that your specified user name may be visible to other webinar participants. If you activate your camera or microphone, you can also be heard or seen by other webinar participants.

If you participate in a webinar, various personal data will be stored on the platform ClickMeeting processes. In addition to the data provided during registration, data for participation in a webinar is processed. In particular, the duration of the webinars, start and end (time) of participation in a webinar, the number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, ClickMeeting processes all technical data that is required to process online communication. In particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

If content is exchanged, uploaded or made available in any other way within ClickMeeting, it will also be stored on ClickMeeting 's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Webinar recordings
If we want to record a webinar, we will inform the participants of this fact in advance. The legal basis for recording webinars is generally your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. If we want to record a free webinar and if you do not agree to this, we ask you not to attend the webinar. Alternatively, you can register with a pseudonymous username and participate as a silent participant so that no personal data about you is recorded.

Storage period
The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

14. Webinars with Zoom

We use the Zoom service for webinars. Provider is Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Details on data processing can be found in Zoom's privacy policy: explore.zoom.us/de/privacy/. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://explore.zoom.us/de/privacy/.

We use Zoom in our legitimate interest within the meaning of Art. 6 Para. 1lit. f GDPR, our interest lies in using a reliable webinar service.
We have concluded a Data Processing Agreement with Zoom. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Registration for webinars 
You can register to participate in our webinars via our website. Registration takes place using a module from the provider Zoom.

The mandatory fields required for registration are marked; in particular, you must provide a valid email address and a user name. After registering, you will receive email messages about the desired webinar. In this you will find, among other things, the link to the webinar.

The legal basis for registering for a webinar is Art. 6 Para. 1lit. b GDPR and, if obtained in individual cases, your consent within the meaning of Article 6 Paragraph 1 Letter a GDPR.

Data processing when participating in a webinar 
Please note that your specified user name may be visible to other webinar participants. If you activate your camera or microphone, you can also be heard or seen by other webinar participants.

If you take part in a webinar, various personal data will be processed on the Zoom platform. In addition to the data provided during registration, data for participation in a webinar is processed. In particular, the duration of the webinars, start and end (time) of participation in a webinar, the number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, Zoom processes all technical data required to process online communication. In particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

If content is exchanged, uploaded or made available in any other way within Zoom, it will also be stored on Zoom's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Making webinar recordings
If we want to record a webinar, we will inform the participants of this fact in advance. The legal basis for recording webinars is generally your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. If we want to record a free webinar and if you do not agree to this, we ask you not to attend the webinar. Alternatively, you can register with a pseudonymous username and participate as a silent participant so that no personal data about you is recorded.

Storage period
The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

15. White paper download

We offer you various content free of charge, especially white papers. In order to gain access to a white paper, you must provide personal data; mandatory fields are marked accordingly. By requesting content, you give us your consent to contact you in the future for marketing purposes.

After entering your details and submitting the form, you will receive an email message to confirm your identity to prevent misuse. You will then receive access to the requested content.

The legal basis for the collection and processing of your data is your consent within the meaning of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to us at any time without giving reasons with future effect. Furthermore, Art. 6 Paragraph 1lit. b GDPR provides a legal basis for the processing of your data; you take advantage of a free service.

We store your data until you revoke your consent or the purpose of processing no longer applies.

16. Analytics Tools and Advertising

Google Tag Manager 
We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on his website. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit B. Device fingerprinting). Consent can be revoked at any time.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Analytics 
This website uses functions of the web analysis service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as: E.g. page views, length of stay, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the website visitor's respective device.

Furthermore, we can use Google Analytics to record, among other things, your mouse and scrolling movements and clicks. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

You can find more information about how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals: We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, Google Signal's visitor data will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Data Processing Agreement: We have concluded a Data Processing Agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads 
The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Ads Remarketing 
This website uses the functions of Google Ads Remarketing . The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you on one device (e.g. cell phone) depending on your previous usage and surfing behavior can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising using the following link: https://www.google.com/settings/ads/onweb/.
The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=de.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Google Conversion Tracking
This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

Meta pixel (formerly Facebook pixel) 
This website uses visitor action pixels from Facebook/ Meta to measure conversions . The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected will also be transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook uses the data for its own advertising purposes in accordance with the Facebook data usage guidelines (https://de-de.facebook.com/about/privacy/). can. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. As the site operator, we cannot influence this use of data.

The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Article 26 GDPR). The joint responsibility is limited exclusively to collecting the data and passing it on to Facebook. The processing carried out by Facebook after the forwarding is not part of the shared responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly on Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's data protection information: de-de.facebook.com/ about /privacy/. Deactivate the “Custom Audiences ” remarketing function in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

TikTok Tracking 
We use TikTok Pixel, a conversion tracking tool to measure the success of our advertisements. The provider is the Chinese company TikTok. TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) is responsible for Europe .

TikTok Pixel is a code that we have implemented on our site. When you visit our website, a connection is established with the TikTok servers in order to track the behavior of our visitors on our website. Personal data such as IP addresses and other information such as device ID, device type and operating system can also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account.

TikTok uses collected information to show its users targeted and personalized advertising and to create interest-based user profiles. The data collected is anonymous and cannot be viewed by us and can only be used by us as part of measuring the effectiveness of advertising placements.

The use of this service is based on your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TTDSG. Consent can be revoked at any time.

Data transfer to third countries is based on the EU Commission's standard contractual clauses. You can find out more about the standard contractual clauses and the data processed through the use of TikTok Pixel in the Privacy Policy at https://www.tiktok.com/legpage/eea/privacy-policy/de-DE or at https ://ads.tiktok.com/i18n/official/policy/controller-to-controller.
 

17. Our social media presence

Data processing through social networks

We maintain publicly accessible profiles on social networks. You can find the social networks we use in detail below.

Social networks such as Facebook, Google+ etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot understand all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.

Legal basis 
Our social media presence is intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Responsible person and assertion of rights 
If you visit one of our social media sites (e.g. Facebook), we are responsible, together with the operator of the social media platform, for the data processing operations triggered by this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) both. us as well as against the operator of the respective social media portal (e.g. Facebook).

Please note that despite our shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Storage period 
The data we collect directly via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Social Networks in Detail

Google / YouTube
We have a profile on Google+. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated. Details can be found in Google's privacy policy: https://policies.google.com/privacy.

Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta ). According to Meta, the collected data will also be transferred to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Meta . This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: www.facebook.com/settings . Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/519522125107875.

Vimeo
We have a profile on Vimeo. The provider is Vimeo, Inc., 555 West 18th Street, New York 10011, USA. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy. Details on how they handle your personal data can be found in Vimeo's privacy policy: https://vimeo.com/privacy.

TikTok
We have a profile on TikTok. The provider of TikTok is TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn , London, WC2B 6NH. Data transfer to third countries is based on the EU Commission's standard contractual clauses. You can find out more about the standard contractual clauses and the data processed through the use of TikTok Pixel in the Privacy Policy at https://www.tiktok.com/legpage/eea/privacy-policy/de-DE or at https://ads.tiktok.com/i18n/official/policy/controller-to-controller. TikTok 's privacy policy can be found here: https://www.tiktok.com/legal/new-privacy-policy?lang=de-DE.

18. Information for applicants

Data protection regulations Application process
If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the respective position, using an online form.

In principle, as part of an application process, we only process the data that you have provided to us yourself. The use of additional sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.

Legal basis for carrying out an application process is Art. 6 Paragraph 1 Letter b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this will be done on the legal basis of Article 6 (1) (a) GDPR.

Deletion periods for applicant data
We delete applicant data a maximum of 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing no longer exists at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you have the impression that your interests in immediate deletion outweigh your interests, you have the option of requesting us to do so. We will then examine your request and give you feedback.

After the above-mentioned period has expired, your data will be deleted unless we have to defend ourselves, for example in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, unless there are no statutory retention periods.

If we are allowed to store your data for a longer term based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is clear that no position will be available.

Inclusion in our applicant pool 
If we are currently unable to offer you a position, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.

19. Additional data protection information for our business partners

Data categories and purposes of processing 
We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we will generally only process it for the purposes for which we received or collected it. 
As a rule, we process the following categories of data from you:

  • Name, first Name
  • Address and/or company address
  • Telecommunications data
  • E-mail address
  • Company
  • Professional function and/or position
  • Bank details/other payment details
  • Data on the history of the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. B. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Article 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Article 13 Paragraph 3 GDPR and Article 14 Paragraph 4 GDPR.

Legal basis on which we process your data

Based on your consent (Art. 6 Para. 1 lit. a) GDPR) 
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed based on your consent, you have the right to revoke your consent to us at any time with future effect.

Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR) 
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and which are carried out at your request.

Data processing based on a legal obligation (Art. 6 Para. 1 lit. c GDPR) 
Like every company, we must fulfill retention obligations and other documentation obligations; this can also affect documents with personal information. To the extent that we process data for these purposes, the processing takes place on the basis of a legal obligation.

Data processing based on a balancing of interests (Art. 6 Para. 1 lit. f GDPR) 
If we process data on the basis of a balancing of interests, you as the data subject have the right to allow the processing of personal data, taking into account the provisions of Article 21 GDPR contradict. To the extent that the specific purpose permits, we process your data pseudonymously or anonymously.

Other recipients of your data

Transfer to processors within the scope of Art. 28 GDPR 
Processors we use (Art. 28 GDPR), particularly in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. When we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after Data Processing Agreement have been concluded. We would be happy to let you know which processors we use.

To carry out a contractual relationship
If it is necessary to carry out the contract with you, we pass on your data, for example, to our bank to process payments or shipping service providers.

Disclosure due to a legal obligation 
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other places, insofar as you have given us your consent. 
If you have given your explicit consent, we will also pass on your data to other places. However, this occurs within the limits provided you have verifiable consent.

Information on deletion periods for personal data
Principle of purpose limitation and compliance with statutory retention periods. We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the respective national statutory limitation periods. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

Revocation of your consent
If we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only retain the consent subject to restriction of processing in order to be able to defend ourselves in the event of a dispute.

Legal or contractual obligation to provide personal data 
The provision of personal data is regularly necessary for the initiation, conclusion, processing and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transfer to a third country
We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for Data Processing Agreementin accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.