Privacy

Name and address of the controller

The controller is the party who, alone or in collaboration with others, makes decisions about the uses and means of the processing of personal data. Within the meaning of the General Data Protection and other national data protection laws of the member states, as well as other data protection legal regulations, the controller is:

WASSERMANN TECHNOLOGIE GMBH
Represented by: Sebastian Wassermann, Eberhard Hahl
Bürgermeister-Ebert-Straße 5
36124 Eichenzell
Tel.: +49 6659 82-0
Email: info@wassermann-technologie.de
Website: www.wassermann-group.com

Name and address of the authorized data protection officer:

You can reach the authorized data protection officer of the controller via the following contact details:

BerIsDa GmbH
attn: DSB Wassermann Technologie GmbH
Rangstraße 9
36037 Fulda
Germany
Tel.: +49 661 29698090
Email: dsb@wassermann-technologie.de
Website: www.berisda.de

I. General information on data processing

1. Scope of the processing of personal data

The controller collects and uses personal data of users (hereinafter also referred to as “data subject” or “visitor(s)”) only to the extent necessary to provide a functional website and to display the contents and services. The collection and processing of the user’s personal data for other purposes is done only with the consent of the user. An exception applies in cases where it is not possible to obtain prior consent for factual reasons, the processing is based on pre-contractual or contractual measures, the processing of the data is permitted by law, and/or the controller has a legitimate interest in the processing.

Your personal data is generally collected directly from you, e.g. when you contact us, consent to services on this website, or use forms on this website. In addition, technical data absolutely necessary for the operation of the website is automatically collected when you enter the site.

2. Legal basis for the processing of personal data

In cases where the controller has obtained consent from the data subject for the processing of personal data, Art. 6 para. 1, sentence 1, point a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. If special categories of data are processed in accordance with Art. 9, para. 1 of the GDPR, Art. 9, para. 2, point a) of the GDPR applies as the legal basis. In the case of transfer of data to a non-secure third country, the processing is carried out on the basis of Art. 49, para. 1, sentence 1, point a) GDPR. If you have consented to the storage of cookies or to access to information in your terminal device, the data processing is also carried out on the basis of § 25 para. 1 of the Telecommunications-Telemedia Data Protection Act (TTDPA).

When processing personal data that is necessary for the performance of a contract in which the contracting party is the data subject, Art. 6, para. 1, sentence 1, point b) of the GDPR will serve as the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary in order to fulfill a legal obligation to which the controller is subject, Art. 6, para. 1, sentence 1, point c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 point d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the above-mentioned legitimate interest of the controller, then Art. 6 para. 1 sentence 1 point f) GDPR serves as the legal basis for the processing.

3. Erasure of data and duration of processing

If no exact storage duration has been specified in this data protection information, the personal data of visitors to our website will remain in our possession until the purpose of the data processing no longer applies. The personal data of the data subject will be erased or blocked as soon as the purpose of the storage ceases to apply or consent given by the data subject is revoked, or the processing is objected to. Data may also be stored if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. Data transfer to a third country or an international organization

The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed. That is, if it is ensured that the provisions of the GDPR are complied with – for example, the existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR, or the introduction of internal data protection regulations approved by a supervisory authority (so-called “appropriate safeguards,” Art. 46 para. 2, 3 GDPR), can count as such assurance. If there is no level of data protection comparable to the requirements of the GDPR, there may be risks associated with processing in a third country.

Risks of transfer to a non-secure third country: Personal data could possibly be passed on by the provider, going beyond the actual purpose of fulfilling the order, to other third parties who might use the data for advertising purposes, for example. In addition, effective enforcement of any rights of the data subject against the provider is probably not possible. There may be a higher probability that incorrect data processing may occur because the technical and organizational measures of the provider for the protection of personal data do not fully meet the requirements of the GDPR, quantitatively or qualitatively. It is also possible that government agencies may access the personal data provided without the data subject being aware of this. In principle this also corresponds to European legal regulations, e.g. for the purpose of averting danger. However, the admissibility threshold for such data processing in the European Union is higher than in the country of the data recipient in such a case. In summary, the level of data protection in non-secure third countries is not comparable with the requirements of the GDPR.

On our website, we use tools that in some cases are from providers whose headquarters, or the headquarters of the parent company (or its affiliates), are located in a third country from the point of view of data protection. We also transfer data to the USA. Data transfer to the USA is permitted if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has suitable additional guarantees. The DPF is an (individual) agreement between the European Union and the USA which is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. If data is transmitted to a provider that is certified in accordance with the DPF, a separate notice is provided by the relevant service provider.

In addition, on our website we also use tools from other providers from third countries and US providers that are not certified in accordance with the EU-US Data Privacy Framework (DPF). The transfer and processing of personal data of data subjects in connection with these tools takes place under the conditions of Art. 49 para. 1 sent. 1 point a) GDPR, on the basis of consent given by the data subject. If data is transferred on the basis of consent to contracted processors whose processing is done in a non-secure third country, a separate notice is provided by the relevant service provider.

5. Requirement of provision of personal data

The provision of your personal data is not required by law or by contract. There is no obligation to provide it. However, not providing it may have the result that you cannot make use of functions, services, forms, and other processing at our website. We recommend that you provide only the personal data necessary to, for example, process your inquiry, carry out your desired offer, and use the functions we provide. If the provision of your personal data is required by law or by contract, we will inform you of this by means of a separate notice during the processing in this data protection information.

The collection of technical data (and possibly of your IP address as an item of personal data) for the provision of the website, and the storage of the data in log files, is absolutely necessary for the operation of the website and takes place automatically when you enter this website. If you do not agree to this, then you must leave this site.

II. Rights of the data subject

If we process your personal data, you as the data subject have the following rights towards us as the controller:

1. Right of access by the data subject, Art. 15 GDPR

Under the applicable legal regulations, you have the right to obtain information (free of charge) about your collected and stored personal data. This includes, among other things, information about the purposes of the processing, the origin and recipient, the duration of storage, and the existence of various rights.

2. Right to rectification, Art. 16 GDPR

You have the right to obtain from the controller rectification (also in the sense of completion) of your personal data if the processed personal data that affect you is incorrect or incomplete for the purpose of the processing. The controller must make this rectification without undue delay.

3. Right to erasure, Art. 17 GDPR

As per the conditions of Art. 17 GDPR, you can request erasure of your personal data at any time, unless there are circumstances that authorize or obligate the controller to continue processing your personal data (e.g. statutory retention periods).

4. Right to restriction of processing, Art. 18 GDPR

If the legal requirements apply, you can demand restriction of processing of your personal data within the scope of Art. 18 GDPR.

5. Right to be informed, Art. 19 GDPR

If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform them of your requests for rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You can request that the controller inform you about these recipients.

6. Right to data portability, Art. 20 GDPR

If you have provided us with personal data and automated processing is carried out on the basis of your consent or on the basis of a contract, then within the scope of Art. 20 GDPR you have the right to transfer the data provided by you, provided that this does not adversely affect the rights and freedoms of other persons. The provision is made in a standard machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

7. Right to object, Art. 21 GDPR

You have the right to object to the processing of your data at any time, provided that the processing is carried out on the basis of a balancing of interests. This is the case if the controller relies on the public interest or its own legitimate interest for the processing (see Art. 6, para. 1, sentence 1, points e) and f)). The prerequisite here is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller will no longer process the personal data relating to you unless the controller can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Art. 21 para. 2 GDPR contains a special, deviating regulation if the personal data concerning you is used for direct marketing . In this case you have the right to object to the processing of the personal data concerning you at any time without further requirements. The personal data concerning you will no longer be used for the purpose of direct marketing. If profiling is associated with the direct marketing, you can also object to this.

In connection with the use of information society services, you have the option of exercising your right to object using automated procedures that use technical specifications.

8. Automated individual decision-making, Art. 22 GDPR

Pursuant to Art. 22 GDPR, you have the right not to be subject to decisions that are based solely on automated processing – including profiling – and that produce legal effects concerning you or that similarly affect you. There may be exceptions if suitable measures for the protection of your person are guaranteed and there are necessary contractual regulations or a legal provision or you have expressly consented.

You have the right to withdraw your data protection consent at any time. The legitimacy of the processing that was carried out before consent was withdrawn remains unaffected. You can send your withdrawal of consent to the controller by email or mail.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. However, if you are in another German federal state or are not in Germany, you can also contact the data protection authority there.

III. SSL encryption

This website uses SSL/TLS encryption for security reasons and to protect the transfer of confidential content such as the requests you, as data subject, send to us as the site operator An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol shown in the browser address line. If the SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing device.

The following data is collected:

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The user’s IP address
  5. Date and time of access
  6. Websites from which the user’s system accesses our website
  7. Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of the data and the log files is Art. 6, para. 1, sentence 1, point f) GDPR.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage in log files takes place to ensure the functionality of the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6, para. 1, sentence 1, point f) GDPR.

4. Duration of storage, objection and removal options

The data is erased as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the current session has ended.

In the case of storage of data in log files, this is the case after seven days at the latest. Storage going beyond this is possible. In this case, the IP addresses of the users are erased or alienated so that it is no longer possible to assign them to the accessing device.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. As a result, there is no option for the user to object.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s system. When a user accesses our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use a consent management system on our website that has been programmed specifically for our website. This system is used to manage and store your consents and refusals, and to inform you about the processing on this website. Reference is also made to this data protection information.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser be identifiable even after a page change. In summary, these cookies are technically necessary for the operation of our website. The following data is stored and transmitted in the cookies: Language settings and consent settings.

We also use cookies on our website that enable an analysis of the user’s surfing behavior. When accessing our website, the user is informed about the use of cookies for analysis purposes, and the user’s consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to the present data protection information.

Transfer to a third country: The data collected via the aforementioned cookies for analysis purposes may be transmitted to a service provider based in a third country. Further information can be found in this data protection information from the respective service provider. Further information on the transfer to a third country can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization.“

In principle, you can prevent or block the storage of cookies in your device in your browser settings. To do this, you must access the relevant settings of your browser. You can also erase your stored cookie data in your browser settings.

Our consent management is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 sentence 1 point c) GDPR; the cookie is stored on your device on the basis of § 25 para. 2 no. 2 TTDPA.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 point f) GDPR; the storage of cookies in your device is based on § 25 para. 2 no. 2 TTDPA.

The legal basis for the processing of personal data using cookies for analysis purposes is your consent pursuant to Art. 6 para. 1 sentence 1 point a) GDPR; and for transfer to a third country the basis is additionally Art. 49 para. 1 point a) GDPR. The basis for the storage of cookies in your device is Sec. 25 para. 1 sentence 1 TTDPA.

3. Purpose of data processing

The use of consent management and the associated processing of your personal data serves to comply with the legal requirements of the GDPR and the TTDPA for obtaining and documenting consent.

The purpose of using technically necessary cookies is to simplify the use of the website for you. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary for the browser to be recognized even after a website change. In addition, cookies are required to manage your consents and refusals.

We need cookies for the following applications:

  1. Transfer of language settings
  2. Consent management: Management of consents, refusals, and revocations

These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6, para. 1, sentence 1, point f) GDPR. The user data collected by technically necessary is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used, and as a result we can thus constantly optimize our offerings.

4. Duration of storage, objection, revocation and removal options

Cookies are stored on the user’s computer and are transmitted by it to our website. As user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent.

The data collected via consent management is stored until you ask us to erase it, delete the associated cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal duties of retention remain unaffected by this.

The individual cookies we use are stored for the following durations:pll_language (Language settings) – Storage duration: 365 days
cookiebanner_options (Consent management) – Storage duration: 30 days

Cookies set by our partners:
YSC (YouTube statistics) – Storage duration: End of the session
VISITOR_INFO1_LIVE (YouTube bandwidth measurement) – Storage duration: 180 days
CONSENT (YouTube consent check) – storage duration: 730 days
__cf_bm (Cloudflare Calendly) – Storage duration: 30 minutes
__cfruid (Calendly) – Storage duration: End of the session

As user, you have the right to revoke your declaration under data protection law for technically unnecessary cookies at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can revoke your consent at any time via the data protection page.

Cookie consent settings

VI. Contact by e-mail and/or telephone

1. Description and scope of data processing

Email addresses and telephone numbers are provided on our website and in our signatures, which can be used to contact us electronically and/or by telephone. In this case, the personal data of the data subject transmitted with the email will be stored. If you contact us by telephone, we may also store personal data in order to process your request.

No data will be passed on to third parties in this context. The data will only be used to contact you and to conduct the conversation.

The legal basis for the processing of data transmitted in the course of sending an email or during a telephone call is Art. 6 para. 1 sentence 1 point f) GDPR. If the contact is for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 point b) GDPR.

3. Purpose of data processing

The processing of personal data is used by us solely to process the contact. This also grounds our necessary legitimate interest in the processing of the data.

4. Duration of storage, objection and removal options

The data is erased as soon as it is no longer required for the purpose for which it was collected. For personal data sent by email or communicated by telephone, this is the case when the conversation with the data subject has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the contact, the corresponding (legal) obligations and regulations pertaining to retention apply.

If a data subject contacts us by e-mail or telephone, the data subject can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us is erased in this case.

VII. Contact form

1. Description and scope of data processing

Various contact forms are available on our website which you can use to contact us electronically. If a user makes use of this option, the data entered is sent to us and stored.

a) Standard contact forms (sidebar, tool change systems, ‘request now’ for product examples):

This data can/must be entered in our support form:

  1. First name (required field)
  2. Name (required field)
  3. Company
  4. Email address (required field)
  5. Area
  6. Message (as well as further personal data that you send us via the message field in the contact form)
  7. Consent for email newsletters

You can also subscribe to our newsletter using the contact form. If you want to do this, you can give us your consent for this at the end of the contact form. Further information about our newsletter can be found under “XIV. Newsletter: Subscribing and sending” in this data protection information.

b) Support contact form:

This data can/must be entered in our support form:

  1. First name (required field)
  2. Last name (required field)
  3. Subject
  4. Phone
  5. Email address (required field)
  6. Company name
  7. Message (as well as further personal data that you communicate to us via the message field in the contact form)(required field)
  8. Product number
  9. Product name
  10. File upload
  11. Consent for email newsletters

You can also subscribe to our newsletter using the contact form. If you want to do this, you can give us your consent for this at the end of the contact form. Further information about our newsletter can be found under “XIV. Newsletter: Subscribing and sending” in this data protection information.

c) Contact form: Send individual configuration request with the product examples

This data is in our standard contact forms:

  1. Settings within the selection parameters in the configuration
  2. Message field for requests within the configuration (as well as other personal data that you send us via the message field in the contact form)
  3. File upload
  4. First name (required field)
  5. Last name (required field)
  6. Company
  7. Email address (required field)
  8. Message (as well as further personal data that you send us via the message field in the contact form)
  9. Consent for email newsletters

You can also subscribe to our newsletter using the contact form. If you want to do this, you can give us your consent for this at the end of the contact form. Further information about our newsletter can be found under “XIV. Newsletter: Subscribing and sending” in this data protection information.

The following data is also stored at the time of sending the message:

  1. The user’s IP address
  2. Date and time of the registration

For the processing of the data, reference is made to this data privacy policy as part of the sending process. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 sentence 1 point f) GDPR. If the contact is for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 point b) GDPR.

The legal basis for the processing of all other personal data processed during the sending process that is transmitted via the contact form is Art. 6 para. 1 sentence 1 point f) GDPR.

3. Purpose of data processing

The processing of the personal data from the input field is used by us solely to process the contact. The other personal data processed during the sending is used to prevent misuse of the contact form and to ensure the security of our information technology systems. We also have a legitimate interest in these purposes.

4. Duration of storage, objection and removal options

The data is erased as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input field of the contact form, this is the case when the conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The personal data additionally collected during the sending process is anonymized and is thus stored without enabling any inference of the identity of the data subject.

If a user contacts us via the form, the user can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us is erased in this case.

VIII. Download options (success stories, productivity calculator)

1. Description and scope of data processing

On our website you have the option of downloading or receiving various information, such as success stories or your results from the productivity calculator. The following data is required: 

  • Download success story: First name, last name, email address, consent
  • Download result from the productivity calculator: Email address, consent

In addition, the following data is collected when you enter your data:

  • Date and time of the registration
  • IP address of the computer making the registration

As part of the download process, reference is made to this data privacy policy and your consent is obtained. The data are used to deliver the requested information and for a one-time marketing initiative by Wassermann Technologie GmbH. After delivery of the document, our sales team will contact you once by email about our products and services.

Rating the productivity calculator

You have the option of anonymously rating the productivity calculator independently of the download form. This rating is used to improve our calculator. When you carry out the rating, no personal data will be collected from you.

The processing takes place after you have given your consent on the basis of Art. 6 para. 1 sent. 1 point a) GDPR. If the contact is for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 point b) GDPR, as well as Art. 6 para. 1 sentence 1 point f) GDPR for direct marketing purposes.

Storage for verification purposes and defense against liability claims (storage of your revocation or inclusion in an advertising blocking file) takes place on the basis of Art. 6 para. 1 sentence 1 point f) GDPR.

The legal basis for the processing of all other personal data processed during the sending process and transmitted via the forms is Art. 6 para. 1 sentence 1 point f) GDPR.

3. Purpose of data processing

The collection of the data is necessary for the download or delivery of the requested information.  Your data will also be processed to carry out one-time marketing initiatives for the delivery of emails and product information that we believe will be of interest to you.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or of the email address used.

4. Duration of storage, objection, revocation and removal options

The data is erased as soon as it is no longer required for the purpose for which it was collected. The user’s data is therefore stored for a period of 60 days and then erased if no further activity takes place. The other personal data collected during the registration process is generally erased after a period of seven days.

In addition to sending you the requested information (download), we use your email address to inform you by email about similar products and services.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can send your revocation to the controller either by post or by email.

We may also store your personal data for up to three years on the basis of our legitimate interest in order to be able to prove that consent was previously given, even after it has been withdrawn.

You can object to the processing of your personal data for direct marketing purposes at any time:

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for those purposes. (Objection pursuant to Art. 21 para. 2 GDPR)

Please use the contact details provided in the legal notice. You will not incur any costs other than the transmission costs according to the basic rates.

In the event of a permanent objection, we reserve the right to store your e-mail address in an advertising blocking file solely for this purpose. Storage in the advertising blocking file does not have a time limit. You can object to the storage if your interests outweigh our legitimate interest.

IX. YouTube with enhanced data protection

1. Description and scope of data processing

This website integrates videos from the YouTube platform. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC, based in the USA.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before such visitors watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced privacy mode. YouTube establishes a connection to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our websites you have visited.

If you are logged in to your YouTube account, you enable YouTube to link your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video YouTube may store various cookies on your device, or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used to, among other things, record video statistics, improve user-friendliness, and prevent fraud attempts. After the start of a YouTube video, further data processing operations may be initiated over which we have no influence.

Upstream user action

If you have not consented to the processing of your data by YouTube within Consent Management, the videos integrated on our site will not be played directly. You can also give your consent directly for the video afterwards, by means of an upstream action.

The parent company Google LLC is certified in accordance with the EU-US Data Privacy Framework (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4.” Data transfer to a third country or an international organization.“ Further information on the provider’s DPF can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 sent. 1 point a) GDPR – as well as § 25 para. 1 TTDPA insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDPA.

3. Purpose of data processing

We use YouTube in the interest of making an appealing and clear presentation of our online offers, products, and services.

4. Duration of storage, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of any processing carried out based on consent before such withdrawal. You can revoke the consent you have given via Consent Management.

You can find more information about data protection at YouTube in their data privacy policy at: https://policies.google.com/privacy?hl=de.

II. Social media wall: Taggbox

1. Description and scope of data processing

This website integrates the social media pages (Instagram and Facebook) of the controller via the Taggbox service. Taggbox is a service of Social Scape Tech LLP, B-138 Main Queens Road, Rajasthan 302021, India. Taggbox is a social media aggregation tool that makes it possible to collect posts from multiple social media sites and integrate them on the website.

Taggbox is integrated as a plug-in on the website. As soon as this is activated by your consent, a connection is established between your browser and the Taggbox servers and the servers of the social networks whose content has been integrated (here: Instagram and Facebook). We have no influence at all on the type and scope of the data transmitted. There is a possibility that your IP address will be transmitted. If you are logged into your account with the respective social network while visiting our site, the information from your visit to our site may be linked to your account. If you interact with our posts (“like,” share, or comment), this will also be linked to your account. In addition, Taggbox can store various cookies on your device. In this way, Taggbox and partners can obtain information about visitors to this website. After the activation of the social media wall, further data processing operations may be initiated over which we have no influence.

Upstream user action

If you have not consented to the processing of your data by Social Scape Tech LLP within Consent Management, the social media wall integrated on our site will not be displayed directly. You can also give your consent afterwards directly on the social media wall by means of an upstream action.

Personal data is thus also processed in a non-secure third country. In India, the level of data protection is not comparable with the requirements of the GDPR. Your personal data could possibly be passed on by the provider, going beyond the actual purpose of fulfilling the order, to other third parties who might use the data for advertising purposes, for example. Further information on the transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization.“

The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 sent. 1 point a) and Art. 49 para. 1 sent. 1 point a) GDPR – as well as § 25 para. 1 TTDPA insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDPA.

3. Purpose of data processing

We use Taggbox in the interest of making an appealing and clear presentation of our company and to simplify the presentation of our contributions.

4. Duration of storage, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can revoke the consent you have given with effect for the future via the data protection page.

Further information about data protection at TAGGBOX can be found in their data privacy policy at: https://taggbox.com/privacy-policy/

XI. Google Tag Manager

1. Description and scope of data processing

This website uses Google Tag Manager. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC, based in the USA.

Google Tag Manager is a tool that we can use to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create any user profile, does not store any cookies, and does not carry out any independent analyses. It is used only to manage and display the tools integrated via it. Google Tag Manager does, however, records your IP address, which may also be transmitted to servers in the USA.

The provider is certified in accordance with the EU-US Data Privacy Framework (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4.” Data transfer to a third country or an international organization.“ Further information on the provider’s DPF can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 sent. 1 point a) GDPR – as well as § 25 para. 1 sent. 1 TTDPA insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDPA.

3. Purpose of data processing

Google Tag Manager is used to manage website tags through an interface. It enables us to manage the exact integration of services on our website. This enables us to flexibly integrate additional services for evaluating our users’ access to our website.

4. Duration of storage, objection and removal options

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can revoke the consent you have given via the data protection page.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

IV. Use of Calendly (appointment booking)

1. Description and scope of data processing

You can make appointments with us on our website. We use the tool “Calendly” to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly“).

To book an appointment, enter the requested data and the desired appointment date in the form provided. The data entered will be used to plan, carry out, and, if appropriate, follow up the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/de/pages/privacy.

The provider is certified in accordance with the EU-US Data Privacy Framework (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4.” Data transfer to a third country or an international organization.“ Further information on the provider’s DPF can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2z3d0000002GVgAAM&status=Active

The legal basis for the data processing is Art. 6, para. 1, sentence 1, point f) GDPR. The website operator has a legitimate interest in enabling the making of appointments with interested parties and customers in a manner that is as uncomplicated as possible. If the appointment booking is for the purpose of concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 point b) GDPR.

For technical use on the page, corresponding consent is requested via Consent Management; this processing takes place exclusively on the basis of Art. 6 para. 1 sent. 1 point a) and § 25 para. 1 sent. 1 TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDPA.

3. Purpose of data processing

The data are processed for the purposes of planning and managing appointment bookings from our customers and interested parties.

4. Duration of storage, objection and removal options

The data you enter will remain with us until you ask us to erase it, you revoke your consent to storage, or the purpose for the data storage no longer applies. Mandatory statutory provisions, in particular retention periods, remain unaffected.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can send your revocation to the controller either by post or by email.

XIII. Online application

1. Description and scope of data processing

We collect and process your personal data in order to offer advertised positions and to be able to carry out the selection process. The processing may also be carried out electronically. This is the case in particular if you send us your application via our application forms.

In the course of your online application, we will collect and process the personal application listed below from you within the application form:

Required fields: Gender, first name, last name, email, telephone, file upload (CV), data protection checkbox.

Optional fields: Street, postal (zip) code, city, country, salary expectation (gross), file upload (complete documents, cover letter, photo, references, certificates).

In addition to the above-mentioned data, we may process further personal data if you send it to us with your application. Your personal data is collected directly from you as part of the recruitment process. Your data will be forwarded only to the internal offices and specialist departments responsible for the specific application process.

Further information on the description and scope of the data processing can be found in our Data privacy information for applicants.

The legal basis for the processing of applicants’ data is Art. 6 para. 1 sent. 1 point b) GDPR in conjunction with § 26 para. 1 BDSG [Federal Data Protection Act] for the establishment of an employment relationship.

The legal basis for the processing of all other personal data processed during the sending process and transmitted via the forms is Art. 6 para. 1 sentence 1 point f) GDPR.

3. Purpose of data processing

Your personal application data is collected and processed exclusively for the purpose of filling vacant positions within our company. The primary purpose of data processing is therefore to establish an employment relationship with the controller.

Your data will be forwarded only to the internal offices and specialist departments responsible for the specific application process.

The other personal data processed during the sending is used to prevent misuse of the application form and to ensure the security of our information technology systems. We also have a legitimate interest in these purposes.

4. Duration of storage, objection and removal options

In the event of a rejection, your application documents will be deleted no later than six months after completion of the application process, unless you have given us your consent to store them for a longer period (applicant pool).

If you start employment with us, we transfer your application documents to your HR file. After your employment ends, we will continue to store the personal data that we have to retain due to legal requirements. This is typically due to legal verification and retention requirements that are set out in the German Commercial Code and Tax Levy Regulations, among other things. The data protection information for employees, where you can find more detailed information, will be sent to you when you accept the employment.

The personal data additionally collected during the sending process is anonymized and is thus stored without enabling any inference of the identity of the data subject.

VI. Newsletter: Registration and sending

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input form is transmitted to us.

The following mandatory data is collected: Name, email address, granting of consent (checkbox)

In addition, the following data is collected when you register:

  1. IP address of the computer making the registration
  2. Date and time of the registration

For the processing of the data, as part of the registration process your consent is obtained and reference is made to this data privacy policy. The data is used exclusively to send the newsletter.

The purpose of our newsletter is to send you product information that we believe will be of interest to you, to contact you in order to inform you about our products, services, and latest developments and to provide you with helpful information, and to invite you to events of interest, such as webinars or trade fairs. The newsletter is sent regularly.

Double opt-in procedure

Registration for our newsletter is carried out using a double opt-in procedure. After registering on our website, you will receive an e-mail asking you to confirm your subscription to our newsletter. This confirmation serves as proof that you have registered for our newsletter with your email address.

Storage of your revocation

We may also store email addresses that have been deregistered on the basis of our legitimate interest, in order to be able to prove that consent was previously given, even after unsubscribing from our newsletter.

The legal basis for the processing of data when registering for our newsletter is the existence of the user’s consent (with double opt-in) in accordance with Art. 6 para. 1 sent. 1 point a) GDPR. The legal basis for the implementation of the double opt-in procedure is Art. 6 para. 1 sent. 1 point f) GDPR for proof and verification of your consent. For storage for verification purposes and defense against liability claims (storage of revocation): Art. 6 para. 1 sent. 1 point f).

The legal basis for the processing of all other personal data processed during the registration process and transmitted during the subscription to our newsletter is Art. 6 para. 1 sentence 1 point f) GDPR.

3. Purpose of data processing

The purpose of collecting the user’s email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or of the email address used.

The execution of the double opt-in procedure serves as proof and verification of your consent. The storage of your revocation is done in order to be able to prove previously given consents even after revocation, and thus to ward off any liability claims.

The other personal data processed during the sending is used to prevent misuse of the newsletter registration and to ensure the security of our information technology systems. We also have a legitimate interest in these purposes.

4. Duration of storage, objection, revocation and removal options

The data is erased as soon as it is no longer required for the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is generally erased after a period of three months.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing that has taken place based on consent up to the withdrawal. You can send your revocation to the controller either by post or by email.

We may also store deregistered email addresses for up to three years on the basis of our legitimate interest in order to be able to prove that consent was previously given, even after deregistration.

The subscription to the newsletter can be canceled by the user concerned at any time. There is a corresponding link for this in each newsletter. This also makes it possible to revoke consent to the storage of personal data collected during the registration process.

It is not possible to cancel the newsletter tracking separately – in this case, the entire subscription must be canceled.