Privacy Policy

 

Table of contents

  • Pream­ble
  • Controller
  • Contact Infor­ma­tion of the Data protec­tion officer
  • Overview of Process­ing Operations
  • Legal Bases for the Processing
  • Secu­ri­ty Precautions
  • Trans­mis­sion and Disclo­sure of Person­al Data
  • Use of Cook­ies and Cook­ie Manage­ment Solution
  • Commer­cial Services
  • Provi­sion of Online services and Web hosting
  • Special Notes on Appli­ca­tions (Apps)
  • Contact­ing us
  • Video Confer­ences, Online Meet­ings, Webi­na­rs and Screen-Sharing
  • Job Appli­ca­tion Process
  • Cloud Services
  • Newslet­ter and Elec­tron­ic Communications
  • Commer­cial Commu­ni­ca­tion by E‑Mail, Postal Mail, Fax or Telephone
  • Surveys and Questionnaires
  • Web Analy­sis, Moni­tor­ing and Optimization
  • Online­mar­ket­ing
  • Rating Plat­forms
  • Profiles in Social Networks (Social Media)
  • Plug­ins and embed­ded func­tions and content
  • Plan­ning, Orga­ni­za­tion and Utilities
  • Dele­tion of Data
  • Changes and Updates to the Priva­cy Policy
  • Rights of Data Subjects
  • Termi­nol­o­gy & Definitions

 

Preamble

With the follow­ing data protec­tion decla­ra­tion, we would like to inform you about the types of your person­al data (here­inafter also referred to as “data”) that we process, for what purpos­es and to what extent in the context of provi­sion of our application.

Any terms used here­after are not gender-specific.

As at 1st July 2024

Controller

Valdivia Consult­ing GmbH
Taunu­san­lage 9–10
60313 Frank­furt am Main
Germany

Regis­ter Court: Frank­furt Local Court, HRB 128860
Regis­tered office of the compa­ny: Frank­furt am Main

Autho­rised Repre­sen­ta­tive: Mr. Daniel Bauer
Email address: kontakt@valdivia-consulting.com
Phone: +49 69 348 685 320
Website:  www.valdivia-consulting.com

Data protec­tion enquiries

Should you have any ques­tions regard­ing the collec­tion, process­ing or use of your person­al data, such as infor­ma­tion, correc­tion, block­ing or dele­tion of data or other topics relat­ed to data protec­tion law, please contact our data protec­tion team at the follow­ing e‑mail address: datenschutz@valdivia-consulting.com.

Data protec­tion officer

Should you wish to contact our desig­nat­ed data protec­tion offi­cer in confi­dence, you may reach Mr Patrick Knit­tel (Knit­tel Acad­e­my for Data Protec­tion & Compli­ance) by e‑mail: dsb@knittel-compliance.de.

Overview of processing operations

The follow­ing table summaris­es the types of data processed, the purpos­es for which they are processed and the concerned data subjects.

Cate­gories of Processed Data

  • Inven­to­ry data (e.g. names, address­es, etc.)).
  • Candi­date data (e.g. names, addresses).
  • Appli­cant data (e.g. names, addresses).
  • Job appli­cant details (e.g. person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Content data (e.g. text input, photographs, videos).
  • Contact data (e.g. e‑mail, tele­phone numbers).
  • Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Usage data (e.g. websites visit­ed, inter­est in content, access times).
  • Loca­tion data (Infor­ma­tion on the geograph­i­cal posi­tion of a device or person).
  • Contract data (e.g. contract object, dura­tion, customer category).
  • Payment Data (e.g. bank details, invoic­es, payment history).

 

Cate­gories of Data Subjects

  • Employ­ees (e.g. Employ­ees, job applicants).
  • Job appli­cants and candidates
  • Busi­ness and contrac­tu­al partners.
  • Prospec­tive customers.
  • Commu­ni­ca­tion part­ners (recip­i­ents of e‑mails, letters, etc.).
  • Customers
  • Users (e.g. website visi­tors, users of online services).

 

Purpos­es of Processing

  • Provi­sion of our online services and usability.
  • Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activities).
  • Job Appli­ca­tion Process (Estab­lish­ment and possi­ble later execu­tion as well as possi­ble later termi­na­tion of the employ­ment relationship).
  • Office and organ­i­sa­tion­al procedures.
  • Direct market­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. collect­ing feed­back via online form).
  • Inter­est-based and behav­iour­al marketing.
  • Contact requests and communication.
  • Profil­ing (Creat­ing user profiles).
  • Remar­ket­ing.
  • Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures.
  • Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cookies).
  • Provi­sion of contrac­tu­al services and customer support.
  • Manag­ing and respond­ing to inquiries.

 

Legal Bases for the Processing

In the follow­ing we inform you about the legal basis of the Gener­al Data Protec­tion Regu­la­tion (GDPR), on the basis of which we process person­al data. Please note that, in addi­tion to the regu­la­tions of the GDPR, the nation­al data protec­tion regu­la­tions may apply in your coun­try or in our coun­try of resi­dence or domi­cile. If, in addi­tion, more specif­ic legal bases are applic­a­ble in indi­vid­ual cases, we will inform you of these in the data protec­tion declaration.

  • Consent (Arti­cle 6 (1) (a) GDPR) — The data subject has given consent to the process­ing of his or her person­al data for one or more specif­ic purposes.
  • Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR) — Perfor­mance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to enter­ing into a contract.
  • Compli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR) — Process­ing is neces­sary for compli­ance with a legal oblig­a­tion to which the controller is subject.
  • Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR) — Process­ing is neces­sary for the purpos­es of the legit­i­mate inter­ests pursued by the controller or by a third party, except where such inter­ests are over­rid­den by the inter­ests or funda­men­tal rights and free­doms of the data subject which require protec­tion of person­al data.
  • Job appli­ca­tion process as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR) — If special cate­gories of person­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped status or ethnic origin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion proce­dure, so that the respon­si­ble person or the person concerned can carry out the oblig­a­tions and exer­cis­ing specif­ic rights of the controller or of the data subject in the field of employ­ment and social secu­ri­ty and social protec­tion law, their process­ing shall be carried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the protec­tion of vital inter­ests of appli­cants or other persons on the basis of Arti­cle 9 (2)© GDPR or for the purpos­es of preven­tive health care or occu­pa­tion­al medi­cine, for the assess­ment of the employee’s abil­i­ty to work, for medical diag­nos­tics, care or treat­ment in the health or social sector or for the admin­is­tra­tion of systems and services in the health or social sector in accor­dance with Arti­cle 9 (2)(d) GDPR. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their process­ing is carried out on the basis of Arti­cle 9 (2)(a) GDPR.

 

Nation­al data protec­tion regu­la­tions in Germany: In addi­tion to the data protec­tion regu­la­tions of the Gener­al Data Protec­tion Regu­la­tion, nation­al regu­la­tions apply to data protec­tion in Germany. This includes in partic­u­lar the Law on Protec­tion against Misuse of Person­al Data in Data Process­ing (Feder­al Data Protec­tion Act — BDSG). In partic­u­lar, the BDSG contains special provi­sions on the right to access, the right to erase, the right to object, the process­ing of special cate­gories of person­al data, process­ing for other purpos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-making, includ­ing profil­ing. Further­more, it regu­lates data process­ing for the purpos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in partic­u­lar with regard to the estab­lish­ment, execu­tion or termi­na­tion of employ­ment rela­tion­ships as well as the consent of employ­ees. Further­more, data protec­tion laws of the indi­vid­ual feder­al states may apply.

 

Security Precautions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al measures in accor­dance with the legal require­ments, taking into account the tech­ni­cal status quo, the costs of imple­men­ta­tion and the nature, scope, context and purpos­es of process­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of natur­al persons, in order to ensure a level of secu­ri­ty appro­pri­ate to the risk.

The measures include, in partic­u­lar, safe­guard­ing the confi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by control­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sepa­ra­tion of the data. In addi­tion, we have estab­lished proce­dures to ensure that data subjects’ rights are respect­ed, that data is delet­ed, and that we are prepared to respond to data threats rapid­ly. Further­more, we take the protec­tion of person­al data into account as early as the devel­op­ment or selec­tion of hard­ware, soft­ware and service providers, in accor­dance with the prin­ci­ple of priva­cy by design and priva­cy by default.

SSL encryp­tion (https): In order to protect your data trans­mit­ted via our online services in the best possi­ble way, we use SSL encryp­tion. You can recog­nize such encrypt­ed connec­tions by the prefix https:// in the address bar of your browser.

 

Processing and Disclosure of Personal Data

In the context of our process­ing of person­al data, it may happen that the data is trans­ferred to other places, compa­nies or persons or that it is disclosed to them. Recip­i­ents of this data may include, for exam­ple, payment insti­tu­tions with­in the context of payment trans­ac­tions, service providers commis­sioned with IT tasks or providers of services and content that are embed­ded in a website. In such a case, the legal require­ments will be respect­ed and in partic­u­lar corre­spond­ing contracts or agree­ments, which serve the protec­tion of your data, will be conclud­ed with the recip­i­ents of your data.

Data Trans­mis­sion with­in the Group of Compa­nies: We may trans­fer person­al data to other compa­nies with­in our group of compa­nies or other­wise grant them access to this data. Inso­far as this disclo­sure is for admin­is­tra­tive purpos­es, the disclo­sure of the data is based on our legit­i­mate busi­ness and econom­ic inter­ests or other­wise, if it is neces­sary to fulfill our contrac­tu­al oblig­a­tions or if the consent of the data subjects or other­wise a legal permis­sion is present.

 

Use of Cookies and Cookie Management Solution

Cook­ies are text files that contain data from visit­ed websites or domains and are stored by a brows­er on the user’s comput­er. A cook­ie is primar­i­ly used to store infor­ma­tion about a user during or after his visit with­in an online service. The infor­ma­tion stored can include, for exam­ple, the language settings on a website, the login status, a shop­ping basket or the loca­tion where a video was viewed. The term “cook­ies” also includes other tech­nolo­gies that fulfil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as “user IDs”).

The follow­ing types and func­tions of cook­ies are distinguished:

  • Tempo­rary cook­ies (also: session cook­ies): Tempo­rary cook­ies are delet­ed at the latest after a user has left an online service and closed his browser.
  • Perma­nent cook­ies: Perma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login status can be saved or preferred content can be displayed direct­ly when the user visits a website again. The inter­ests of users who are used for range measure­ment or market­ing purpos­es can also be stored in such a cookie.
  • First party cook­ies: First-party-Cook­ies are set by ourselves.
  • Third party cook­ies: Third party cook­ies are main­ly used by adver­tis­ers (so-called third parties) to process user information.
  • Neces­sary (also: essen­tial or vital) cook­ies: Cook­ies can be neces­sary for the oper­a­tion of a website (e.g. to save logins or other user inputs or for secu­ri­ty reasons).
  • Statis­tics, market­ing and person­al­i­sa­tion cook­ies: Cook­ies are also gener­al­ly used to measure a website’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing certain content, using func­tions, etc.) are stored on indi­vid­ual websites in a user profile. Such profiles are used, for exam­ple, to display content to users that corre­sponds to their poten­tial inter­ests. This proce­dure is also referred to as “track­ing”, i.e. track­ing the poten­tial inter­ests of users. If we use cook­ies or “track­ing” tech­nolo­gies, we will inform you sepa­rate­ly in our priva­cy poli­cy or in the context of obtain­ing consent.

 

Infor­ma­tion on legal basis: The legal basis on which we process your person­al data with the help of cook­ies depends on whether we ask you for your consent. If this applies and you consent to the use of cook­ies, the legal basis for process­ing your data is your declared consent. Other­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g. in a busi­ness oper­a­tion of our online service and its improve­ment) or, if the use of cook­ies is neces­sary to fulfill our contrac­tu­al obligations.

Reten­tion peri­od: Unless we provide you with explic­it infor­ma­tion on the reten­tion peri­od of perma­nent cook­ies (e.g. with­in the scope of a so-called cook­ie opt-in), please assume that the reten­tion peri­od can be as long as two years.

Gener­al infor­ma­tion on with­draw­al of consent and objec­tion (Opt-Out): Depend­ing on whether process­ing is based on consent or legal permis­sion, you have the option at any time to object to the process­ing of your data using cook­ie tech­nolo­gies or to revoke consent (collec­tive­ly referred to as “opt-out”). You can initial­ly explain your objec­tion using the settings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online services). An objec­tion to the use of cook­ies for online market­ing purpos­es can be raised for a large number of services, espe­cial­ly in the case of track­ing, via the websites https://www.aboutads.info/choices/ and https://www.youronlinechoices.com. In addi­tion, you can receive further infor­ma­tion on objec­tions in the context of the infor­ma­tion on the used service providers and cookies.

Process­ing Cook­ie Data on the basis of consent: We use — with GDPR Cook­ie Compli­ance Plug­in (https://wordpress.org/plugins/gdpr-cookie-compliance/) — a cook­ie manage­ment solu­tion in which users’ consent to the use of cook­ies, or the proce­dures and providers mentioned in the cook­ie manage­ment solu­tion, can be obtained, managed and revoked by the users. The decla­ra­tion of consent is stored so that it does not have to be retrieved again and the consent can be proven in accor­dance with the legal oblig­a­tion. Stor­age can take place serv­er-sided and/or in a cook­ie (so-called opt-out cook­ie or with the aid of compa­ra­ble tech-nolo­gies) in order to be able to assign the consent to a user or and/or his/her device. Subject to indi­vid­ual details of the providers of cook­ie manage­ment services, the follow­ing infor­ma­tion applies: The dura­tion of the stor­age of the consent can be up to two years. In this case, a pseu­do­ny­mous user iden­ti­fi­er is formed and stored with the date/time of consent, infor­ma­tion on the scope of the consent (e.g. which cate­gories of cook­ies and/or service providers) as well as the brows­er, system and used end device.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Commercial Services

We process data of our contrac­tu­al and busi­ness part­ners, e.g. customers and inter­est­ed parties (collec­tive­ly referred to as “contrac­tu­al part­ners”) with­in the context of contrac­tu­al and compa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and commu­ni­ca­tion with the contrac­tu­al part­ners or pre-contrac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to fulfil our contrac­tu­al oblig­a­tions, safe­guard our rights and for the purpos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the contrac­tu­al part­ners with­in the scope of the applic­a­ble law to third parties inso­far as this is neces­sary for the afore­men­tioned purpos­es or for the fulfil­ment of legal oblig­a­tions or with the consent of data subjects concerned (e.g. telecom­mu­ni­ca­tions, trans­port and other auxil­iary services as well as subcon­trac­tors, banks, tax and legal advi­sors, payment service providers or tax author­i­ties). The contrac­tu­al part­ners will be informed about further process­ing, e.g. for market­ing purpos­es, as part of this priva­cy policy.

We inform the contract­ing part­ners before or in the context of the data collec­tion, e.g. in online forms by special mark­ing (e.g. colors), and/or symbols (e.g. aster­isks or the like), or person­al­ly which data Is neces­sary for the afore­men­tioned purposes,

We delete the data after expiry of statu­to­ry warran­ty and compa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiv­ing (e.g., as a rule 10 years for tax purpos­es). In the case of data disclosed to us by the contrac­tu­al part­ner with­in the context of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gener­al after the end of the assignment.

If we use third-party providers or plat­forms to provide our services, the terms and condi­tions and priva­cy poli­cies of the respec­tive third-party providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Client Portal (Customer Account): Contrac­tu­al part­ners can create an account (Client Portal) with­in our CRM. If regis­tra­tion of a Client Portal is required, Contrac­tu­al Part­ners will be informed of this and of the details required for regis­tra­tion. The Client Portal is not public and cannot be indexed by search engines. With­in the scope of regis­tra­tion and subse­quent logins and use of the Client Portal, we store the IP address­es of the customers togeth­er with the access times in order to be able to prove the regis­tra­tion and to prevent possi­ble misuse of the customer account.

If customers have termi­nat­ed their customer account, the data relat­ing to the customer account will be delet­ed, unless their reten­tion is required for legal reasons. It is the respon­si­bil­i­ty of the customer to back up their data upon success­ful termi­na­tion of the customer account.

Consult­ing: We process the data of our clients, clients as well as inter­est­ed parties and other clients or contrac­tu­al part­ners (uniform­ly referred to as “clients”) in order to provide them with our consult­ing services. The data processed, the type, scope and purpose of the process­ing and the neces­si­ty of its process­ing are deter­mined by the under­ly­ing contrac­tu­al and client relationship.

Inso­far as it is neces­sary for the fulfil­ment of our contract, for the protec­tion of vital inter­ests or by law, or with the consent of the client, we disclose or trans­fer the client’s data to third parties or agents, such as author­i­ties, courts, subcon­trac­tors or in the field of IT, office or compa­ra­ble services, taking into account the profes­sion­al requirements.

Recruit­ing and Consult­ing Services: As part of our services, which include in partic­u­lar the search for, contact­ing and place­ment of poten­tial job candi­dates, we process the data of the job candi­dates and the person­al data of poten­tial employ­ers or their employees.

We process the infor­ma­tion and contact data provid­ed by the job candi­dates for the purpos­es of estab­lish­ing, imple­ment­ing and, if neces­sary, termi­nat­ing a job place­ment contract. In addi­tion, we can ask inter­est­ed parties ques­tions about the success of our recruit­ing services at a later date, in accor­dance with legal requirements.

We process the data of the job candi­dates, as well as of the employ­ers, in order to fulfil our contrac­tu­al oblig­a­tions, in order to process the requests, we receive for the place­ment of jobs to the satis­fac­tion of the parties involved.

We can record the recruit­ing process­es in order to be able to prove the exis­tence of the contrac­tu­al rela­tion­ship and the consent of the inter­est­ed parties in accor­dance with the statu­to­ry account­abil­i­ty oblig­a­tions (Arti­cle 5 (2) GDPR). This infor­ma­tion will be stored for a peri­od of three to four years if we need to prove the orig­i­nal contact request (e.g. to prove eligi­bil­i­ty to contact the job candidates).

Further infor­ma­tion on commer­cial services: We process the data of our customers and clients (here­inafter uniform­ly referred to as “customers”) in order to enable them to select, acquire or commis­sion the select­ed services or works and relat­ed tasks, as well as their payment and deliv­ery, or execu­tion or provision.

The required details are iden­ti­fied as such with­in the frame­work of the conclu­sion of the order, order or compa­ra­ble contract and include the details required for service provi­sion and invoic­ing as well as contact infor­ma­tion in order to be able to hold any consultations.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Payment Data (e.g. bank details, invoic­es, payment histo­ry), Contact data (e.g. e‑mail, tele­phone numbers), Contract data (e.g. contract object, dura­tion, customer cate­go­ry), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Job appli­cant details (e.g. Person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Data subjects: Prospec­tive customers, Busi­ness and contrac­tu­al part­ners, Customers, Job applicants.
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Office and organ­i­sa­tion­al proce­dures, Manag­ing and respond­ing to inquiries, Secu­ri­ty measures.
  • Legal Basis: Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Compli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Provision of online services and web hosting

In order to provide our online services secure­ly and effi­cient­ly, we use the services of one or more web host­ing providers from whose servers (or servers they manage) the online services can be accessed. For these purpos­es, we may use infra­struc­ture and plat­form services, comput­ing capac­i­ty, stor­age space and data­base services, as well as secu­ri­ty and tech­ni­cal main­te­nance services.

The data processed with­in the frame­work of the provi­sion of the host­ing services may include all infor­ma­tion relat­ing to the users of our online services that is collect­ed in the course of use and commu­ni­ca­tion. This regu­lar­ly includes the IP address, which is neces­sary to be able to deliv­er the contents of online services to browsers, and all entries made with­in our online services or from websites.

E‑mail Send­ing and Host­ing: The web host­ing services we use also include send­ing, receiv­ing and stor­ing e‑mails. For these purpos­es, the address­es of the recip­i­ents and senders, as well as other infor­ma­tion relat­ing to the send­ing of e‑mails (e.g. the providers involved) and the contents of the respec­tive e‑mails are processed. The above data may also be processed for SPAM detec­tion purpos­es. Please note that e‑mails on the Inter­net are gener­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed during trans­port, but not on the servers from which they are sent and received (unless a so-called end-to-end encryp­tion method is used). We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of e‑mails between the sender and recep­tion on our server.

Collec­tion of Access Data and Log Files: We, ourselves or our web host­ing provider, collect data on the basis of each access to the serv­er (so-called serv­er log files). Serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes trans­ferred, noti­fi­ca­tion of success­ful access, brows­er type and version, the user’s oper­at­ing system, refer­rer URL (the previ­ous­ly visit­ed page) and, as a gener­al rule, IP address­es and the request­ing provider.

The serv­er log files can be used for secu­ri­ty purpos­es, e.g. to avoid over­load­ing the servers (espe­cial­ly in the case of abusive attacks, so-called DDoS attacks) and to ensure the stabil­i­ty and opti­mal load balanc­ing of the servers.

  • Processed data types: Content data (e.g. text input Into online forms), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Special Notes on Applications (Apps)

We process the data of the users of our appli­ca­tion to the extent neces­sary to provide the users with the appli­ca­tion and its func­tion­al­i­ties, to moni­tor its secu­ri­ty and to devel­op it further. Further­more, we may contact users in compli­ance with the statu­to­ry provi­sions if commu­ni­ca­tion is neces­sary for the purpos­es of admin­is­tra­tion or use of the appli­ca­tion. In addi­tion, we refer to the data protec­tion infor­ma­tion in this priva­cy poli­cy with regard to the process­ing of user data.

Legal basis: The process­ing of data neces­sary for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion serves to fulfil contrac­tu­al oblig­a­tions. This also applies if the provi­sion of the func­tions requires user autho­ri­sa­tion (e.g. release of device func­tions). If the process­ing of data is not neces­sary for the provi­sion of the func­tion­al­i­ties of the appli­ca­tion, but serves the secu­ri­ty of the appli­ca­tion or our busi­ness inter­ests (e.g. collec­tion of data for the purpose of opti­mis­ing the appli­ca­tion or secu­ri­ty purpos­es), it is carried out on the basis of our legit­i­mate inter­ests. If users are express­ly request­ed to give their consent to the process­ing of their data, the data covered by the consent is processed on the basis of the consent.

Commer­cial use: We process the data of the users of our appli­ca­tion, regis­tered and any test users (here­inafter uniform­ly referred to as “users”) in order to provide them with our contrac­tu­al services and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our appli­ca­tion and to devel­op it further. The required details are iden­ti­fied as such with­in the scope of the conclu­sion of a contract for the use of the appli­ca­tion, the conclu­sion of an order, an order or a compa­ra­ble contract and may include the details required for the provi­sion of services and any invoic­ing as well as contact infor­ma­tion in order to be able to hold any consultations.

Device autho­riza­tions for access to func­tions and data: The use of certain func­tions of our appli­ca­tion may require access to the camera and the stored record­ings of the users. By default, these autho­riza­tions must be grant­ed by the user and can be revoked at any time in the settings of the respec­tive devices. The exact proce­dure for control­ling app permis­sions may depend on the user’s device and soft­ware. Users can contact us if they require further expla­na­tion. We would like to point out that the refusal or revo­ca­tion of the respec­tive autho­riza­tions can affect the func­tion­al­i­ty of our application.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Payment Data (e.g. bank details, invoic­es, payment histo­ry), Contract data (e.g. contract object, dura­tion, customer category).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Contacting us

When contact­ing us (e.g. by contact form, e‑mail, tele­phone or via social media), the data of the inquir­ing persons are processed inso­far as this is neces­sary to answer the contact enquiries and any request­ed activities.

The response to contact enquiries with­in the frame­work of contrac­tu­al or pre-contrac­tu­al rela­tion­ships is made in order to fulfil our contrac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and other­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Contact requests and communication.
  • Legal Basis: Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Video Conferences, Online Meetings, Webinars and Screen-Sharing

We use third-party plat­forms and appli­ca­tions (here­inafter referred to as “third party providers”) for the purpos­es of conduct­ing video and audio confer­ences, webi­na­rs and other types of video and audio meet­ings. When select­ing third-party providers and their services, we observe the legal requirements.

In this context, data of the commu­ni­ca­tion partic­i­pants will be processed and stored on the servers of third parties, as far as these are part of commu­ni­ca­tion process­es with us. This data may include, but is not limit­ed to, regis­tra­tion and contact details, visu­al and voice contri­bu­tions, chat entries and shared screen content.

If users are referred to the third-party providers or their soft­ware or plat­forms in the context of commu­ni­ca­tion, busi­ness or other rela­tion­ships with us, the third-party provider process­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty purpos­es, service opti­mi­sa­tion or market­ing purpos­es. We there­fore ask you to observe the data protec­tion infor­ma­tion of the respec­tive third party providers.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third party providers or certain func­tions (e.g. permis­sion to record conver­sa­tions), the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­est in effi­cient and secure commu­ni­ca­tion with our commu­ni­ca­tion part­ners. In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Office and organ­i­sa­tion­al proce­dures, Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Job Application Process of candidates and applicants

The appli­ca­tion process requires appli­cants to provide us with the data neces­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion contained therein.

In prin­ci­ple, the required infor­ma­tion includes person­al infor­ma­tion such as name, address, a contact option and proof of the qual­i­fi­ca­tions required for a partic­u­lar employ­ment. Upon request, we will be happy to provide you with addi­tion­al information.

a) Job appli­ca­tion process for candidates
If made avail­able, appli­cants can submit their appli­ca­tions via an online contact form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail.

Please note, howev­er, that e‑mails on the Inter­net are gener­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed during trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our server.

For the purpos­es of search­ing for candi­dates, submit­ting appli­ca­tions and select­ing candi­dates, we may make use of the appli­cant manage­ment and recruit­ment soft­ware, plat­forms and services of third-party providers in compli­ance with legal requirements.

Candi­dates are welcome to contact us about how to submit their appli­ca­tion or send it to us by regu­lar mail.

Process­ing of special cate­gories of data: If special cate­gories of person­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped status or ethnic origin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion proce­dure, so that the respon­si­ble person or the person concerned can exer­cise his/her rights aris­ing from labour law and social secu­ri­ty and social protec­tion law and fulfil his/her duties in this regard, their process­ing shall be carried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the protec­tion of vital inter­ests of appli­cants or other persons pursuant to Arti­cle 9 (1)© GDPR or for the purpos­es of preven­tive health care or occu­pa­tion­al medi­cine, for the assess­ment of the employee’s abil­i­ty to work, for medical diag­nos­tics, care or treat­ment in the health or social sector or for the admin­is­tra­tion of systems and services in the health or social sector in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a commu­ni­ca­tion of special cate­gories of data based on volun­tary consent, their process­ing is carried out on the basis of Arti­cle 9 (1)(a) GDPR.

Dele­tion of Data:
In the event of a success­ful appli­ca­tion, the data provid­ed by the appli­cants may be further processed by us for the purpos­es of the employ­ment relationship.

Admis­sion to a talent pool: Admis­sion to a talent pool, if offered, is based on consent. Appli­cants are informed that their consent to be includ­ed in the talent pool is volun­tary, has no influ­ence on the current appli­ca­tion process and that they can revoke their consent at any time for the future.

Having regis­tered with us as a candi­date, suit­able job offers will be coor­di­nat­ed with the candi­date after prior autho­ri­sa­tion to do so and submit­ted by e‑mail.

If the candi­date is inter­est­ed, the respec­tive appli­ca­tion will be present­ed to a poten­tial employ­er for review and assessment.

Should an appli­ca­tion for a job offer not be success­ful and the candi­date does not wish to be contact­ed further, the candidate’s data will be deleted.

Howev­er, in the event that the candi­date wish­es a contin­u­a­tion of our candi­date services and/ or be approached In rela­tion to other poten­tial employ­ers, further offers will be made to the candi­date depend­ing on profile and inter­est — if available.

If the first place­ment or, if applic­a­ble, a further place­ment is not success­ful, the candidate’s data will remain in the candi­date database.

The candidate’s data will be delet­ed from the candi­date data­base auto­mat­i­cal­ly after a peri­od of two years, unless the candi­date supplies a renew­al of his/her consent to the stor­age and process­ing of his/her data.

Candi­date data will also be delet­ed if an appli­ca­tion is with­drawn, which candi­dates are enti­tled to do at any time.

  • Processed data types: Job appli­cant details (e.g. Person­al data, postal and contact address­es and the docu­ments pertain­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letter, curricu­lum vitae, certifi­cates, etc., as well as other infor­ma­tion on the person or qual­i­fi­ca­tions of appli­cants provid­ed with regard to a specif­ic job or volun­tar­i­ly by applicants).
  • Data subjects: Candidates
  • Purpos­es of Process­ing: Job Appli­ca­tion Process (Reason for process­ing purpos­es and possi­ble later perfor­mance as well as possi­ble later termi­na­tion of the employ­ment relationship).
  • Legal Basis: Job appli­ca­tion process as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR).

 

Services and service providers being used:

 

b) Job appli­ca­tion with Valdivia for an inter­nal vacancy
The appli­ca­tion proce­dure requires that appli­cants provide us with the data required for their assess­ment and selec­tion by e‑mail. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the details provid­ed there.

In prin­ci­ple, the required infor­ma­tion includes person­al infor­ma­tion such as name, address, contact details and proof of the qual­i­fi­ca­tions required for a posi­tion. Upon request, addi­tion­al infor­ma­tion as to which details are required can be provided.

In case an online form Is provid­ed,  appli­cants may express and submit their inter­est by way of the afore­men­tioned form. The data will be trans­mit­ted to us in encrypt­ed form in accor­dance with the current tech­ni­cal means applied. Appli­cants can also submit their appli­ca­tions by e‑mail. Please note, howev­er, that e‑mails sent via the Inter­net are gener­al­ly not encrypt­ed. As a rule, e‑mails are encrypt­ed in tran­sit, but not on the servers from which they are sent and received. There­fore, Valdivia cannot assume any respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the receipt on our server.

For the purpos­es of appli­cant search, submis­sion of appli­ca­tions and selec­tion of appli­cants, third party appli­cant manage­ment or recruit­ment soft­ware and plat­forms and services may be used in accor­dance with current legislation,

Appli­cants are welcome to contact Valdivia regard­ing the method of appli­ca­tion submission.

Noti­fi­ca­tion of the special cate­gories of data and their process­ing as regu­lat­ed by Art. 9 para. 2 lit. a. GDPR.

Dele­tion of data: In the event of a success­ful appli­ca­tion, the data provid­ed by the appli­cants may be further processed by us for the purpos­es of the employ­ment relationship.

Regis­tra­tion in applicant/talent pool: Prior consent is a prereq­ui­site for regis­tra­tion in an appli­cant pool, if offered. Appli­cants are informed that their consent to inclu­sion in the applicant/talent pool is volun­tary, has no influ­ence on the current appli­ca­tion proce­dure and that they can revoke their consent at any time for the future.

  • Types of data processed: Appli­cant data (e.g. person­al details, postal and contact address­es, the docu­ments relat­ing to the appli­ca­tion and the infor­ma­tion contained there­in, such as cover letters, CVs, certifi­cates and other infor­ma­tion provid­ed by appli­cants volun­tar­i­ly or with regard to a specif­ic position).
  • Data subjects: Applicant
  • Purpos­es of process­ing: Appli­ca­tion proce­dure (estab­lish­ment and possi­ble subse­quent imple­men­ta­tion as well as possi­ble subse­quent termi­na­tion of the employ­ment relationship).
  • Legal basis: Appli­ca­tion proce­dure as a pre-contrac­tu­al or contrac­tu­al rela­tion­ship (Art. 9(2)(b) GDPR).

 

Services and service providers being used:

 

Cloud Services

We use Inter­net-acces­si­ble soft­ware services (so-called “cloud services”, also referred to as “Soft­ware as a Service”) provid­ed on the servers of its providers for the follow­ing purpos­es: docu­ment stor­age and admin­is­tra­tion, calen­dar manage­ment, e‑mail deliv­ery, spread­sheets and presen­ta­tions, exchange of docu­ments, content and infor­ma­tion with specif­ic recip­i­ents or publi­ca­tion of websites, forms or other content and infor­ma­tion, as well as chats and partic­i­pa­tion in audio and video conferences.

With­in this frame­work, person­al data may be processed and stored on the provider’s servers inso­far as this data is part of commu­ni­ca­tion process­es with us or is other­wise processed by us in accor­dance with this priva­cy poli­cy. This data may include in partic­u­lar master data and contact data of data subjects, data on process­es, contracts, other proceed­ings and their contents. Cloud service providers also process usage data and meta­da­ta that they use for secu­ri­ty and service opti­miza­tion purposes.

If we use cloud services to provide docu­ments and content to other users or publicly acces­si­ble websites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user settings (e.g. in the case of media control).

Infor­ma­tion on legal basis — If we ask for permis­sion to use cloud services, the legal basis for process­ing data is consent. Further­more, their use can be a compo­nent of our (pre)contractual services, provid­ed that the use of cloud services has been agreed in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and collab­o­ra­tion processes).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Customers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive customers, Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Office and organ­i­sa­tion­al procedures.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Newsletter and Electronic Communications

We send newslet­ters, e‑mails and other elec­tron­ic commu­ni­ca­tions (here­inafter referred to as “newslet­ters”) only with the consent of the recip­i­ent or a legal permis­sion. Inso­far as the contents of the newslet­ter are specif­i­cal­ly described with­in the frame­work of regis­tra­tion, they are deci­sive for the consent of the user. Other­wise, our newslet­ters contain infor­ma­tion about our services and us.

In order to subscribe to our newslet­ters, it is gener­al­ly suffi­cient to enter your e‑mail address. We may, howev­er, ask you to provide a name for the purpose of contact­ing you person­al­ly in the newslet­ter or to provide further infor­ma­tion if this is required for the purpos­es of the newsletter.

Double opt-in proce­dure: The regis­tra­tion to our newslet­ter takes place in gener­al in a so-called Double-Opt-In proce­dure. This means that you will receive an e‑mail after regis­tra­tion asking you to confirm your regis­tra­tion. This confir­ma­tion is neces­sary so that no one can regis­ter with exter­nal e‑mail addresses.

The regis­tra­tions for the newslet­ter are logged in order to be able to prove the regis­tra­tion process accord­ing to the legal require­ments. This includes stor­ing the login and confir­ma­tion times as well as the IP address. Like­wise the changes of your data stored with the dispatch service provider are logged.

Dele­tion and restric­tion of process­ing: We may store the unsub­scribed email address­es for up to three years based on our legit­i­mate inter­ests before delet­ing them to provide evidence of prior consent. The process­ing of these data is limit­ed to the purpose of a possi­ble defense against claims. An indi­vid­ual dele­tion request is possi­ble at any time, provid­ed that the former exis­tence of a consent is confirmed at the same time. In the case of an oblig­a­tion to perma­nent­ly observe an objec­tion, we reserve the right to store the e‑mail address sole­ly for this purpose in a blocklist.

Infor­ma­tion on legal bases: The send­ing of the newslet­ter is based on the consent of the recip­i­ents or, if consent is not required, on the basis of our legit­i­mate inter­ests in direct market­ing. Inso­far as we engage a service provider for send­ing e‑mails, this is done on the basis of our legit­i­mate inter­ests. The regis­tra­tion proce­dure is record­ed on the basis of our legit­i­mate inter­ests for the purpose of demon­strat­ing that it has been conduct­ed in accor­dance with the law.

Contents: Infor­ma­tion about us, our services, promo­tions and offers.

Analy­sis and perfor­mance measure­ment: The newslet­ters contain a so-called “web-beacon”, i.e. a pixel-sized file, which is retrieved from our serv­er when the newslet­ter is opened or, if we use a mail­ing service provider, from its serv­er. With­in the scope of this retrieval, tech­ni­cal infor­ma­tion such as infor­ma­tion about the brows­er and your system, as well as your IP address and time of retrieval are first collected.

This infor­ma­tion is used for the tech­ni­cal improve­ment of our newslet­ter on the basis of tech­ni­cal data or target groups and their read­ing behav­iour on the basis of their retrieval points (which can be deter­mined with the help of the IP address) or access times. This analy­sis also includes deter­min­ing whether newslet­ters are opened, when they are opened and which links are clicked. For tech­ni­cal reasons, this infor­ma­tion can be assigned to the indi­vid­ual newslet­ter recip­i­ents. It is, howev­er, neither our endeav­our nor, if used, that of the ship­ping service provider to observe indi­vid­ual users. The eval­u­a­tions serve us much more to recog­nize the read­ing habits of our users and to adapt our content to them or to send differ­ent content accord­ing to the inter­ests of our users.

The eval­u­a­tion of the newslet­ter and the measure­ment of success is carried out, subject to the express consent of the user, on the basis of our legit­i­mate inter­ests for the purpos­es of using a user-friend­ly and secure newslet­ter system which serves both our busi­ness inter­ests and the expec­ta­tions of the user.

A sepa­rate objec­tion to the perfor­mance measure­ment is unfor­tu­nate­ly not possi­ble, in this case the entire newslet­ter subscrip­tion must be cancelled or object­ed to.

Send­ing via text messages: The elec­tron­ic commu­ni­ca­tions can also be sent via text messages (or are sent exclu­sive­ly via text messages, if the send­ing autho­riza­tion, e.g., consent, only includes send­ing via SMS).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Usage data (e.g. websites visit­ed, inter­est in content, access times).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).
  • Opt-Out: You can cancel the receipt of our newslet­ter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newslet­ter either at the end of each newslet­ter or you can other­wise use one of the contact options list­ed above, prefer­ably e‑mail.

 

Commercial Communication by E‑Mail, Postal Mail, Fax or Telephone

We process person­al data for the purpos­es of promo­tion­al commu­ni­ca­tion, which may be carried out via vari­ous chan­nels, such as e‑mail, tele­phone, post or fax, in accor­dance with the legal requirements.

The recip­i­ents have the right to with­draw their consent at any time or to object to the adver­tis­ing commu­ni­ca­tion at any time.

After with­draw­al or objec­tion, we may store the data required to prove consent for up to three years on the basis of our legit­i­mate inter­ests before we delete them. The process­ing of these data is limit­ed to the purpose of a possi­ble defense against claims. An indi­vid­ual dele­tion request is possi­ble at any time, provid­ed that the former exis­tence of a consent is affirmed.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Direct market­ing (e.g. by e‑mail or postal).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Surveys and Questionnaires

The surveys and ques­tion­naires (“surveys”) carried out by us are eval­u­at­ed anony­mous­ly. Person­al data is only processed inso­far as this is neces­sary for the provi­sion and tech­ni­cal execu­tion of the survey (e.g. process­ing the IP address to display the survey in the user’s brows­er or to enable a resump­tion of the survey with the aid of a tempo­rary cook­ie (session cook­ie)) or partic­i­pants have consented.

Infor­ma­tion on legal basis: If we ask the partic­i­pants for their consent to the process­ing of their data, this is the legal basis for the process­ing, other­wise the process­ing of the partic­i­pants’ data is based on our legit­i­mate inter­ests in conduct­ing an objec­tive survey.

  • Processed data types: Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and commu­ni­ca­tion, Direct market­ing (e.g. by e‑mail or postal), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Feed­back (e.g. collect­ing feed­back via online form).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Web Analysis, Monitoring and Optimization

Web analy­sis is used to eval­u­ate the visi­tor traf­fic on our website and may include the behav­iour, inter­ests or demo­graph­ic infor­ma­tion of users, such as age or gender, as pseu­do­ny­mous values. With the help of web analy­sis we can e.g. recog­nize, at which time our online services or their func­tions or contents are most frequent­ly used or request­ed for repeat­ed­ly, as well as which areas require optimization.

In addi­tion to web analy­sis, we can also use test proce­dures, e.g. to test and opti­mize differ­ent versions of our online services or their components.

For these purpos­es, so-called user profiles can be creat­ed and stored in a file (so-called “cook­ie”) or simi­lar proce­dures in which the rele­vant user infor­ma­tion for the afore­men­tioned analy­ses is stored. This infor­ma­tion may include, for exam­ple, content viewed, web pages visit­ed and elements and tech­ni­cal data used there, such as the brows­er used, comput­er system used and infor­ma­tion on times of use. If users have consent­ed to the collec­tion of their loca­tion data, these may also be processed, depend­ing on the provider.

The IP address­es of the users are also stored. Howev­er, we use any exist­ing IP mask­ing proce­dure (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to protect the user. In gener­al, with­in the frame­work of web analy­sis, A/B test­ing and opti­mi­sa­tion, no user data (such as e‑mail address­es or names) is stored, but pseu­do­nyms. This means that we, as well as the providers of the soft­ware used, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their profiles for the purpos­es of the respec­tive processes.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third party providers, the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, econom­ic and recip­i­ent friend­ly services). In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visi­tors), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activ­i­ties), Profil­ing (Creat­ing user profiles).
  • Secu­ri­ty measures: IP Mask­ing (Pseu­do­nymiza­tion of the IP address).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Onlinemarketing

We process person­al data for the purpos­es of online market­ing, which may include in partic­u­lar the market­ing of adver­tis­ing space or the display of adver­tis­ing and other content (collec­tive­ly referred to as “Content”) based on the poten­tial inter­ests of users and the measure­ment of their effectiveness.

For these purpos­es, so-called user profiles are creat­ed and stored in a file (so-called “cook­ie”) or simi­lar proce­dure in which the rele­vant user infor­ma­tion for the display of the afore­men­tioned content is stored. This infor­ma­tion may include, for exam­ple, content viewed, websites visit­ed, online networks used, commu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, comput­er system used and infor­ma­tion on usage times. If users have consent­ed to the collec­tion of their side­line data, these can also be processed.

The IP address­es of the users are also stored. Howev­er, we use provid­ed IP mask­ing proce­dures (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to ensure the protec­tion of the user’s by using a pseu­do­nym. In gener­al, with­in the frame­work of the online market­ing process, no clear user data (such as e‑mail address­es or names) is secured, but pseu­do­nyms. This means that we, as well as the providers of online market­ing proce­dures, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their profiles.

The infor­ma­tion in the profiles is usual­ly stored in the cook­ies or simi­lar memo­riz­ing proce­dures. These cook­ies can later, gener­al­ly also on other websites that use the same online market­ing tech­nol­o­gy, be read and analyzed for purpos­es of content display, as well as supple­ment­ed with other data and stored on the serv­er of the online market­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the profiles. This is the case, for exam­ple, if the users are members of a social network whose online market­ing tech­nol­o­gy we use and the network links the profiles of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social network providers or other service providers, e.g. by consent­ing as part of a regis­tra­tion process.

As a matter of prin­ci­ple, we only gain access to summarised infor­ma­tion about the perfor­mance of our adver­tise­ments. Howev­er, with­in the frame­work of so-called conver­sion measure­ment, we can check which of our online market­ing process­es have led to a so-called conver­sion, i.e. to the conclu­sion of a contract with us. The conver­sion measure­ment is used alone for the perfor­mance analy­sis of our market­ing activities.

Unless other­wise stat­ed, we kind­ly ask you to consid­er that cook­ies used will be stored for a peri­od of two years.

Infor­ma­tion on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cook­ie banner consent”), the legal basis for process­ing data for online market­ing purpos­es is this consent. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and econom­ic oper­a­tion of our online services. In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services), Prospec­tive customers.
  • Purpos­es of Process­ing: Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Conver­sion track­ing (Measure­ment of the effec­tive­ness of market­ing activ­i­ties), Inter­est-based and behav­ioral market­ing, Profil­ing (Creat­ing user profiles), Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures: IP Mask­ing (Pseu­do­nymi­sa­tion of the IP address).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).We refer to the priva­cy poli­cies of the respec­tive service providers and the possi­bil­i­ties for objec­tion (so-called “opt-out”). If no explic­it opt-out option has been spec­i­fied, it is possi­ble to deac­ti­vate cook­ies in the settings of your brows­er. Howev­er, this may restrict the func­tions of our online offer. We there­fore recom­mend the follow­ing addi­tion­al opt-out options, which are offered collec­tive­ly for each area:a) Europe: https://www.youronlinechoices.eu. b) Cana­da: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region­al: https://optout.aboutads.info.

 

Services and service providers being used:

    • Online market­ing and web analyt­ics; Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website:

https://marketingplatform.google.com/intl/en/about/analytics/

    • ; Priva­cy Policy:

https://policies.google.com/privacy

    • ; Opt-Out: Opt-Out-Plugin:

https://tools.google.com/dlpage/gaoptout?hl=en

    • , Settings for the Display of Advertisements:

https://adssettings.google.com/authenticated

 

Rating Platforms

We partic­i­pate in rating proce­dures to eval­u­ate, opti­mise and adver­tise our perfor­mance. If users rate us via the partic­i­pat­ing rating plat­forms or meth­ods or other­wise provide feed­back, the Gener­al Terms and Condi­tions of Busi­ness or Use and the data protec­tion infor­ma­tion of the providers also apply. As a rule, the rating also requires regis­tra­tion with the respec­tive provider.

In order to ensure that the eval­u­a­tors have actu­al­ly made use of our services, we trans­mit, with the consent of the customer, the neces­sary data relat­ing to the customer and the service or prod­ucts used to the respec­tive rating plat­form (this includes the name, e‑mail address, order number or arti­cle number). This data is used sole­ly to veri­fy the authen­tic­i­ty of the user.

  • Processed data types: Contract data (e.g. contract object, dura­tion, customer cate­go­ry), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Customers, Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Feed­back (e.g. collect­ing feed­back via online form).
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Profiles in Social Networks (Social Media)

We main­tain online pres­ences with­in social networks and process user data in this context in order to commu­ni­cate with the users active there or to offer infor­ma­tion about us.
We would like to point out that user data may be processed outside the Euro­pean Union. This may entail risks for users, e.g. by making it more diffi­cult to enforce users’ rights.

In addi­tion, user data is usual­ly processed with­in social networks for market research and adver­tis­ing purpos­es. For exam­ple, user profiles can be creat­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user profiles can then be used, for exam­ple, to place adver­tise­ments with­in and outside the networks which are presumed to corre­spond to the inter­ests of the users. For these purpos­es, cook­ies are usual­ly stored on the user’s comput­er, in which the user’s usage behav­iour and inter­ests are stored. Further­more, data can be stored in the user profiles inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are members of the respec­tive networs or will become members later on).

For a detailed descrip­tion of the respec­tive process­ing oper­a­tions and the opt-out options, please refer to the respec­tive data protec­tion decla­ra­tions and infor­ma­tion provid­ed by the providers of the respec­tive networks.

Also, in the case of requests for infor­ma­tion and the exer­cise of rights of data subjects, we point out that these can be most effec­tive­ly pursued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate measures and provide infor­ma­tion. If you still need help, please do not hesi­tate to contact us.

Face­book: We are joint­ly respon­si­ble (so called “joint controller”) with Face­book Ireland Ltd. for the collec­tion (but not the further process­ing) of data of visi­tors to our Face­book page. This data includes infor­ma­tion about the types of content users view or inter­act with, or the actions they take (see “Things that you and others do and provide” in the Face­book Data Poli­cy: https://www.facebook.com/policy), and infor­ma­tion about the devices used by users (e.g., IP address­es, oper­at­ing system, brows­er type, language settings, cook­ie infor­ma­tion; see “Device Infor­ma­tion” in the Face­book Data Poli­cy: https://www.facebook.com/policy). As explained in the Face­book Data Poli­cy under “How we use this infor­ma­tion?” Face­book also collects and uses infor­ma­tion to provide analyt­ics services, known as “page insights,” to site oper­a­tors to help them under­stand how people inter­act with their pages and with content asso­ci­at­ed with them. We have conclud­ed a special agree­ment with Face­book (“Infor­ma­tion about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which regu­lates in partic­u­lar the secu­ri­ty measures that Face­book must observe and in which Face­book has agreed to fulfill the rights of the persons concerned (i.e. users can send infor­ma­tion access or dele­tion requests direct­ly to Face­book). The rights of users (in partic­u­lar to access to infor­ma­tion, erasure, objec­tion and complaint to the compe­tent super­vi­so­ry author­i­ty) are not restrict­ed by the agree­ments with Face­book. Further infor­ma­tion can be found in the “Infor­ma­tion about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and commu­ni­ca­tion, Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Analyt­ics (e.g. access statis­tics, recog­ni­tion of return­ing visitors).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Plugins and embedded functions and content

With­in our online services, we inte­grate func­tion­al and content elements that are obtained from the servers of their respec­tive providers (here­inafter referred to as “third-party providers”). These may, for exam­ple, be graph­ics, videos or social media buttons as well as contri­bu­tions (here­inafter uniform­ly referred to as “Content”).

The inte­gra­tion always presup­pos­es that the third-party providers of this content process the IP address of the user, since they could not send the content to their brows­er with­out the IP address. The IP address is there­fore required for the presen­ta­tion of these contents or func­tions. We strive to use only those contents, whose respec­tive offer­ers use the IP address only for the distri­b­u­tion of the contents. Third parties may also use so-called pixel tags (invis­i­ble graph­ics, also known as “web beacons”) for statis­ti­cal or market­ing purpos­es. The “pixel tags” can be used to eval­u­ate infor­ma­tion such as visi­tor traf­fic on the pages of this website. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing system, refer­ring websites, visit times and other infor­ma­tion about the use of our website, as well as may be linked to such infor­ma­tion from other sources.

Infor­ma­tion on legal basis: If we ask users for their consent (e.g. in the context of a so-called “cook­ie banner consent”), the legal basis for process­ing is this consent. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and econom­ic oper­a­tion of our online services. We refer you to the note on the use of cook­ies in this priva­cy policy.

  • Processed data types: Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Infor­ma­tion on the geograph­i­cal posi­tion of a device or person), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos).
  • Data subjects: Users (e.g. website visi­tors, users of online services), Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.).
  • Purpos­es of Process­ing: Provi­sion of our online services and usabil­i­ty, Provi­sion of contrac­tu­al services and customer support, Contact requests and commu­ni­ca­tion, Direct market­ing (e.g. by e‑mail or postal), Target­ing (e.g. profil­ing based on inter­ests and behav­iour, use of cook­ies), Inter­est-based and behav­ioral market­ing, Profil­ing (Creat­ing user profiles).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Consent (Arti­cle 6 (1) (a) GDPR).

 

Services and service providers being used:

  • Google Fonts: We inte­grate the fonts (“Google Fonts”) of the provider Google, where­by the data of the users are used sole­ly for purpos­es of the repre­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uniform presen­ta­tion and consid­er­a­tion of possi­ble licens­ing restric­tions for their inte­gra­tion. Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website: https://fonts.google.com/; Priva­cy Poli­cy: https://policies.google.com/privacy.
  • Google Maps: We inte­grate the maps of the service “Google Maps” from the provider Google. The data processed may include, in partic­u­lar, IP address­es and loca­tion data of users, which are not collect­ed with­out their consent (usual­ly with­in the frame­work of the settings of their mobile devices); Service provider: Google Ireland Limit­ed, Gordon House, Barrow Street, Dublin 4, Ireland, parent compa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website: https://cloud.google.com/maps-platform; Priva­cy Poli­cy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plug­in: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the Display of Adver­tise­ments: https://adssettings.google.com/authenticated.
  • LinkedIn plug­ins and contents: LinkedIn plug­ins and contents — This can include content such as images, videos or text and buttons with which users can share content from this online service with­in LinkedIn. Service provider: LinkedIn Ireland Unlim­it­ed Compa­ny, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Priva­cy Poli­cy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Planning, Organization and Utilities

We use services, plat­forms and soft­ware from other providers (here­inafter referred to as ” third-party providers”) for the purpos­es of orga­niz­ing, admin­is­ter­ing, plan­ning and provid­ing our services. When select­ing third-party providers and their services, we comply with the legal requirements.

With­in this context, person­al data may be processed and stored on the servers of third-party providers. This may include vari­ous data that we process in accor­dance with this priva­cy poli­cy. This data may include in partic­u­lar master data and contact data of users, data on process­es, contracts, other process­es and their contents.

If users are referred to the third-party providers or their soft­ware or plat­forms in the context of commu­ni­ca­tion, busi­ness or other rela­tion­ships with us, the third-party provider process­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty purpos­es, service opti­mi­sa­tion or market­ing purpos­es. We there­fore ask you to read the data protec­tion notices of the respec­tive third-party providers.

Infor­ma­tion on legal basis: If we ask the users for their consent to the use of third-party providers, the legal basis of the process­ing is consent. Further­more, the process­ing can be a compo­nent of our (pre)contractual services, provid­ed that the use of the third party was agreed with­in this context. Other­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, econom­ic and recip­i­ent friend­ly services). In this context, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this priva­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Contact data (e.g. e‑mail, tele­phone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visit­ed, inter­est in content, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data subjects: Commu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, letters, etc.), Users (e.g. website visi­tors, users of online services).
  • Purpos­es of Process­ing: Contact requests and communication.
  • Legal Basis: Consent (Arti­cle 6 (1) (a) GDPR), Perfor­mance of a contract and prior requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Services and service providers being used:

 

Deletion of data

The data processed by us will be delet­ed in accor­dance with the statu­to­ry provi­sions as soon as their process­ing is revoked or other permis­sions no longer apply (e.g. if the purpose of process­ing this data no longer applies or they are not required for the purpose).

If the data is not delet­ed because they are required for other and legal­ly permis­si­ble purpos­es, their process­ing is limit­ed to these purpos­es. This means that the data will be restrict­ed and not processed for other purpos­es. This applies, for exam­ple, to data that must be stored for commer­cial or tax reasons or for which stor­age is neces­sary to assert, exer­cise or defend legal claims or to protect the rights of anoth­er natur­al or legal person.

Further infor­ma­tion on the erasure of person­al data can also be found in the indi­vid­ual data protec­tion notices of this priva­cy policy.

Changes and Updates to the Priva­cy Policy
We kind­ly ask you to inform your­self regu­lar­ly about the contents of our data protec­tion decla­ra­tion. We will adjust the priva­cy poli­cy as changes in our data process­ing prac­tices make this neces­sary. We will inform you as soon as the changes require your coop­er­a­tion (e.g. consent) or other indi­vid­ual notification.

If we provide address­es and contact infor­ma­tion of compa­nies and orga­ni­za­tions in this priva­cy poli­cy, we ask you to note that address­es may change over time and to veri­fy the infor­ma­tion before contact­ing us.

Rights of Data Subjects
As data subject, you are enti­tled to vari­ous rights under the GDPR, which arise in partic­u­lar from Arti­cles 15 to 21 of the GDPR:

  • Right to Object: You have the right, on grounds aris­ing from your partic­u­lar situ­a­tion, to object at any time to the process­ing of your person­al data which is based on letter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing profil­ing based on those provi­sions. Where person­al data are processed for direct market­ing purpos­es, you have the right to object at any time to the process­ing of the person­al data concern­ing you for the purpose of such market­ing, which includes profil­ing to the extent that it is relat­ed to such direct marketing.
  • Right of with­draw­al for consents: You have the right to revoke consents at any time.
  • Right of access: You have the right to request confir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive further infor­ma­tion and a copy of the data in accor­dance with the provi­sions of the law.
  • Right to recti­fi­ca­tion: You have the right, in accor­dance with the law, to request the comple­tion of the data concern­ing you or the recti­fi­ca­tion of the incor­rect data concern­ing you.
  • Right to Erasure and Right to Restric­tion of Process­ing: In accor­dance with the statu­to­ry provi­sions, you have the right to demand that the rele­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the process­ing of the data be restrict­ed in accor­dance with the statu­to­ry provisions.
  • Right to data porta­bil­i­ty: You have the right to receive data concern­ing you which you have provid­ed to us in a struc­tured, common and machine-read­able format in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er controller.
  • Complaint to the super­vi­so­ry author­i­ty: You also have the right, under the condi­tions laid down by law, to lodge a complaint with a super­vi­so­ry author­i­ty, in partic­u­lar in the Member State of your habit­u­al resi­dence, place of work or place of the alleged infringe­ment if you consid­er that the process­ing of person­al data relat­ing to you infringes the GDPR.

 

Terminology and Definitions

This section provides an overview of the terms used in this priva­cy poli­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal defi­n­i­tions are bind­ing. The follow­ing expla­na­tions, on the other hand, are intend­ed above all for the purpose of compre­hen­sion. The terms are sort­ed alphabetically.

  • Controller: “Controller” means the natur­al or legal person, public author­i­ty, agency or other body which, alone or joint­ly with others, deter­mines the purpos­es and means of the process­ing of person­al data.
  • Conver­sion track­ing: Conver­sion track­ing is a method used to eval­u­ate the effec­tive­ness of market­ing measures. For this purpose, a cook­ie is usual­ly stored on the devices of the users with­in the websites on which the market­ing measures take place and then called up again on the target website (e.g. we can thus trace whether the adver­tise­ments placed by us on other websites were successful).
  • IP Mask­ing: IP mask­ing is a method by which the last octet, i.e. the last two numbers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a person. IP mask­ing is there­fore a means of pseu­do­nymis­ing process­ing meth­ods, partic­u­lar­ly in online marketing.
  • Inter­est-based and behav­iour­al market­ing: Inter­est-relat­ed and/or behav­iour-relat­ed market­ing is the term used when poten­tial user inter­est in adver­tise­ments and other content is predict­ed if possi­ble. This is done on the basis of infor­ma­tion on the previ­ous behav­iour of users (e.g. visit­ing and stay­ing on certain websites, purchas­ing behav­iour or inter­ac­tion with other users), which is stored in a so-called profile. For these purpose, cook­ies are usual­ly used.
  • Loca­tion data: Loca­tion data is creat­ed when a mobile device (or anoth­er device with the tech­ni­cal require­ments for a loca­tion deter­mi­na­tion) connects to a radio cell, a WLAN or simi­lar tech­ni­cal means and func­tions of loca­tion deter­mi­na­tion. Loca­tion data serve to indi­cate the geograph­i­cal­ly deter­minable posi­tion of the earth at which the respec­tive device is locat­ed. Loca­tion data can be used, for exam­ple, to display map func­tions or other infor­ma­tion depen­dent on a location.
  • Person­al Data: “Person­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able natur­al person (“data subject”); an iden­ti­fi­able natur­al person is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in partic­u­lar by refer­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion number, loca­tion data, an online iden­ti­fi­er or to one or more factors specif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, mental, econom­ic, cultur­al or social iden­ti­ty of that natur­al person.
  • Process­ing: The term “process­ing” covers a wide range and prac­ti­cal­ly every handling of data, be it collec­tion, eval­u­a­tion, stor­age, trans­mis­sion or erasure.
  • Profil­ing: “Profil­ing” means any auto­mat­ed process­ing of person­al data consist­ing in the use of such person­al data to analyse, eval­u­ate or predict certain person­al aspects relat­ing to a natur­al person (depend­ing on the type of profil­ing, this includes infor­ma­tion regard­ing age, gender, loca­tion and move­ment data, inter­ac­tion with websites and their contents, shop­ping behav­iour, social inter­ac­tions with other people) (e.g. inter­ests in certain contents or prod­ucts, click behav­iour on a website or the loca­tion). Cook­ies and web beacons are often used for profil­ing purposes.
  • Remar­ket­ing: Remar­ket­ing” or “retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing purpos­es which prod­ucts a user is inter­est­ed in on a website in order to remind the user of these prod­ucts on other websites, e.g. in advertisements.
  • Target­ing: Track­ing” is the term used when the behav­iour of users can be traced across sever­al websites. As a rule, behav­iour and inter­est infor­ma­tion with regard to the websites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called profil­ing). This infor­ma­tion can then be used, for exam­ple, to display adver­tise­ments to users presum­ably corre­spond­ing to their interests.
  • Web Analyt­ics: Web Analyt­ics serves the eval­u­a­tion of visi­tor traf­fic of online services and can deter­mine their behav­iour or inter­ests in certain infor­ma­tion, such as content of websites. With the help of web analyt­ics, website owners, for exam­ple, can recog­nize at what time visi­tors visit their website and what content they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the content of the website to better meet the needs of their visi­tors. For purpos­es of web analyt­ics, pseu­do­ny­mous cook­ies and web beacons are frequent­ly used in order to recog­nise return­ing visi­tors and thus obtain more precise analy­ses of the use of an online service.

 

 

Cookie Settings

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.