THOST PROJEKTMANAGEMENT DATA PRIVACY NOTICE

Welcome to the website of THOST Projektmanagement GmbH. Data protection and the protection of your personal rights are of great importance to us. On this page we would like to inform you about which data THOST processes and for what purpose. If you have any questions or suggestions regarding our privacy policy, please contact us.

On the one hand, this privacy policy informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations that do not primarily take place online.

• GDPR stands for the European General Data Protection Regulation.
• BDSG is an abbreviation for the Federal Data Protection Act in its current version.
• Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
• The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
• The data subject within the meaning of data protection law is any natural person whose personal data is processed.
• Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (definitions).

THOST Projektmanagement GmbH
Villinger Straße 6
75179 Pforzheim
Tel.: +49 7231 1560-0
Fax: +49 7231 1560-90
E-Mail: info@thost.de

DPO External Data Protection Officer Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Certified Data Protection Officer
Phone: +49(0)176 32744172
Email: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Our website is equipped with a TLS certificate, which is used to encrypt data transmission processes. This happens, for example, when you send us a message via a form. As a precaution, we would like to point out that one hundred percent security in electronic data processing is not possible and that there is always a residual risk.

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Our server automatically records all accesses and therefore also IP addresses (log files). This serves to defend against attacks, analyze access figures and ensure smooth operation.

Cookies help us to provide various services; further information can be found in this data protection declaration.

In addition to the pure server log files, which also provide us with information on page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the flow of behavior and, for example, the country from which access is made. For such services to work, cookies must be set for site visitors or scripts must be executed.

We use plugins and content delivery networks in some cases. Well-known examples are the video service YouTube or the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. This is usually your IP address and other metadata such as the time and date of access. As a rule, this is provided by setting cookies.

Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 (3) UWG in conjunction with Art. 6 (1) (f) GDPR. You can of course object to receiving direct marketing information at any time.

Sharing within the group of companies
Within the THOST Group, we process data on shared systems and for shared purposes. This is done on the basis of joint responsibility within the scope of legitimate interests.

Use of data processors
We use data processors in accordance with the provisions of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting or printing services. They process personal data for us in accordance with our instructions.

Use of non-specialist services
If necessary (e.g. to fulfill a contract), we pass on your data to banks, shipping service providers, tax or law firms, for example.

Legal obligations
In certain cases, we are also obliged to make a report to the competent authorities on the basis of the Money Laundering Act. We are also subject to other legal obligations, such as commercial law or tax law, which require us to pass on certain data to tax authorities, for example.

Investigation of criminal offenses
If necessary for the investigation of a criminal offense, we pass on data to the law enforcement authorities.

We process the data for as long as is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and execution of a contract. In addition, we are obliged to comply with statutory retention obligations. If the data processing is based on your consent, we will delete your data after your revocation.

We endeavor to have all services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and / or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees. In individual cases, we use plugins or tools that are hosted in third countries on the basis of our legitimate interests or your consent. In these cases, we will inform you of this if necessary.

You are free to decide whether you provide personal data on our website for specific purposes. To carry out legal transactions, the provision of personal data is contractually required.

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

The processing of personal data based on a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject.

Every natural person has certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can assert against us:

You can revoke your consent to us at any time without giving reasons with effect for the future.

You have the right at any time to request information about the data you process and the purposes of the processing.

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

You have the right to request the deletion of your personal data stored by us at any time. If complete erasure is not possible, for example because we have to comply with statutory retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data is unlawful, you can request the restriction of processing instead of erasure.
• If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
• If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place if it is technically feasible.

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

This website is hosted externally. Personal data collected on this website is stored on the servers of the hoster(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online offer by professional providers (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.

IONOS SE
Elgendorfer Str. 57
56410 Montabaur

We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Our web server automatically logs all access and therefore also the IP addresses of visitors. This serves to defend against attacks, analyze access figures and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.

• Date and time of retrieval
• Information about the browser type and the version of the browser used
• Information about the operating system used
• Device (client)
• Referrer URL (via which page you landed on our site)
• Hyperlinks accessed

We only process this data for the above-mentioned purposes.

Our website uses cookies for the provision of services and to ensure full functionality. Cookies – small text files that are automatically stored in your browser or device – can have various functions and contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are stored on your end device and transmitted from it to our website. As a user, you have full control over the use of cookies. You can determine whether and which cookies you generally allow in your browser settings. We recommend that you make the setting in your browser so that you are informed when a website wants to set cookies for you. This gives you control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be restricted.

Cookies are divided into non-persistent and persistent cookies. A further distinction is made between first party cookies (which come directly from our web server) and third party cookies (which are set by you via third party providers).

Session cookies
Session cookies are deleted at the latest when you leave our website and close your browser.

Persistent cookies
These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different lifetimes, from one day to several years. These cookies can fulfill various functions, for example, your login data can be stored so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking and marketing purposes.

We use both first-party cookies and third-party cookies. First-party cookies are cookies that originate directly from us. Third-party cookies are cookies that are placed by a third-party provider. We use various third-party cookies for analysis, tracking and marketing purposes.

Technically required or necessary cookies
These cookies enable the operation of our website, without technically necessary cookies our site would not be usable or only to a very limited extent. For example, such cookies are used when you log in to our website or place a product in the shopping cart. Some necessary cookies are also used for security purposes.

Analysis and statistics cookies
Analysis cookies collect information about the behavior of site visitors, provide information about the time spent on the site and what information was accessed. Information is also collected about which website visitors come from, how many visitors the websites have and how long the users stay on the websites. The aim of these cookies is to optimize our website based on the information collected.

Tracking and marketing cookies
Tracking and marketing cookies (also remarketing and retargeting cookies) enable an analysis of browsing behavior, they store which content was visited or which products were searched for (tracking in this sense means tracking). Based on these cookies, users can also be identified across websites with the aim of displaying advertisements tailored to their interests.

You have the option of sending us messages via the contact form. We process the data that you enter in the data entry mask. Mandatory fields are marked and must be completed. The purpose of the data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for the processing of the data entered in the contact form is generally based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time in the future without giving us any reasons. In addition, we process your data for the initiation or execution of contracts, for example if you ask us product-related questions (Art. 6 para. 1 lit. b GDPR).

Inquiries from the contact form are saved directly in our CRM Salesforce (see below).

We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.

If you send us an email, we will process your data in accordance with the content and purpose of the message. As a rule, the processing is carried out on the basis of pre-contractual measures or in the context of the execution of a contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f. GDPR. It is in our legitimate interest to process your request quickly and efficiently.

If it is a product or service-related message, we generally process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. b GDPR.

Please note that we store all incoming e-mails in accordance with the principles of proper accounting and the statutory retention periods. Therefore, if you request us to delete the data, we will henceforth restrict your data for processing and only store it for the purpose of complying with retention periods in our legitimate interest.

Even if you contact us by telephone or fax, we process your data either to initiate and execute contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting us by e-mail. We do not record the content of conversations, but we may take notes to process your request. We store these until the purpose of the data processing has been achieved.

If you apply to us, whether for an advertised position or on your own initiative, we process your data to carry out the selection process. It is irrelevant to us whether you apply by post, by e-mail or, if available for the respective position, by online form.

If you apply using the online form, the application process is carried out via the OnlyFy application manager, which is provided by New Work SE, Am Strandkai 1, 20457 Hamburg. After calling up the application manager, you will find additional data protection information.

As a matter of principle, we only process the data that you have sent us yourself as part of an application process. The use of other sources may only be considered after informing and consulting with you. For example, whether we may contact former employers. The legal basis for the implementation of an application procedure is §26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 para. 1 lit. a GDPR.

We delete applicant data a maximum of four months after the end of the application process (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of the data processing is generally no longer given at the end of the selection procedure, but we have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh our interests, you have the option of requesting us to do so. We will then review your request and provide you with feedback.

After the above-mentioned period has expired, your data will be deleted, unless we have to defend ourselves, for example in ongoing proceedings (e.g. due to a complaint under the General Equal Treatment Act). In this case, we will delete your data once the proceedings have been concluded, provided there are no statutory retention periods.

If we are allowed to store your data for a longer period of time on the basis of your consent, we will delete your data if you request us to do so and withdraw your consent. If necessary, we will also delete your data before you withdraw your consent if it is foreseeable that no position will be available.

If we are unable to offer you a position at the present time, we may ask you for your consent to continue to store your data. The purpose of this is to offer you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 para. 1 lit. a GDPR). You can of course withdraw your consent at any time with effect for the future. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.

Personal data that you have provided to us through a contact request or direct business relationship is processed and maintained by us using a customer relationship management system (CRM system).

We use Salesforce Sales Cloud from the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”).

Salesforce Sales Cloud is a CRM system that enables us to manage existing and potential customers and customer contacts and organize sales and communication processes, among other things. Using the CRM system also enables us to analyze our customer-related processes. Customer data is stored on the Salesforce servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Details on the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.

The use of Salesforce Sales Cloud is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in customer management and customer communication being as efficient as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Salesforce has Binding Corporate Rules (BCR) approved by the French data protection authority. These are binding internal company regulations that legitimize the internal transfer of data to third countries outside the EU and the EEA. You can find details here: https://compliance.salesforce.com/en/salesforce-bcrs.

Further details can be found in Salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the company offering this service at the following link: https://www.dataprivacyframework.gov/participant/5959.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We reserve the right to use the data collected as part of a contract for direct advertising by e-mail or post in accordance with Section 7 (3) of the German Act Against Unfair Competition (UWG) if the customer does not object to this use or has not objected to it. Direct advertising only includes offers for similar products or services to those already purchased from us by the user.

We use your data for up to five years after the last legal transaction for direct marketing purposes in the legitimate interest.

We have a legitimate economic interest (Art. 6 para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct advertising at any time. Please address your objection to the controller named above. You will also find information in each newsletter on how you can exercise your objection.

We use the CRM Salesforce (see above) to send newsletters.

We use the Microsoft Teams tool for communication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Teams processes all data that you provide / use to use the tools (e-mail address and / or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is necessary to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool provider. Such content includes, in particular, cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have full control over the data processing procedures of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the tools used, which we have listed below this text.

Purpose and legal basis
We use Microsoft Teams to communicate with prospective or existing contractual parties or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage duration
The data collected directly by us via the video and conference tools is deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Data processing agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we can use to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated through it. However, the Google Tag Manager records your IP address, which can also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Wir setzen Funktionen des Webanalysedienstes Google Analytics auf dieser Webseite ein. Anbieter ist die Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Irland.

Google Analytics ermöglicht uns, das Verhalten unserer Websitebesuchenden zu analysieren. In diesem Kontext erheben wir mit Google Analytics verschiedene Nutzungsdaten, wie insbesondere

• Seitenaufrufe
• Geklickte Links und durchgeführte Aktionen
• Verweildauer
• Heruntergeladene Dateien
• Verwendete Betriebssysteme und Browsertypen
• Auflösung des verwendeten Endgeräts
• Geographische Herkunft der Seitenbesuchende
• Herkunft der Nutzenden (Referrer URL)

Diese Daten werden in einer User-ID zusammengefasst und dem jeweiligen Endgerät des Websitebesuchenden zugeordnet. Des Weiteren können wir mit Google Analytics u. a. Ihre Maus- und Scrollbewegungen und Klicks aufzeichnen. Ferner verwendet Google Analytics verschiedene Modellierungsansätze, um die erfassten Datensätze zu ergänzen und setzt Machine-Learning-Technologien bei der Datenanalyse ein.

Google Analytics verwendet Technologien, die die Wiedererkennung des Nutzenden zum Zwecke der Analyse des Nutzerverhaltens ermöglichen (z. B. Cookies oder Device-Fingerprinting). Die von Google erfassten Informationen über die Benutzung dieser Website werden in der Regel an einen Server von Google in den USA übertragen und dort gespeichert.

Die Nutzung dieses Dienstes erfolgt auf Grundlage Ihrer Einwilligung nach Art. 6 Abs. 1 lit. a DSGVO und § 25 Abs. 1 TDDDG. Die Einwilligung ist jederzeit widerrufbar.

Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details finden Sie hier: https://privacy.google.com/businesses/controllerterms/mccs/.

Auftragsverarbeitung
Wir haben mit Google einen Vertrag zur Auftragsverarbeitung abgeschlossen und setzen die strengen Vorgaben der deutschen Datenschutzbehörden bei der Nutzung von Google Analytics vollständig um.

This website integrates videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

If necessary, further data processing operations may be triggered after starting a YouTube video, over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and §25 Para.1 TDDDG. Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their data protection declaration at: https://policies.google.com/privacy?hl=de.

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive, automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

We have integrated content from the provider OnlyFy on our website; the provider is New Work SE, Am Strandkai 1, 20457 Hamburg (privacy policy https://onlyfy.com/de/datenschutz). The purpose is the presentation of job offers and the integration of the OnlyFy applicant platform.

OnlyFy uses cookies; you can find out more about cookies in this data protection declaration. OnlyFy content will only be displayed once you have given your consent. You can grant this, for example, via the cookie settings or revoke it after granting it.

The integration of the OnlyFy Application Platform is based a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of the GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit. a of the GDPR; consent can be revoked at any time.

Further information on the processing of personal data as part of the application process can be found in this data privacy notice.

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis
Our social media presences are intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible body and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage duration
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. Anbieter dieses Dienstes ist die Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

XING
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

We process the personal data of our service providers and partners that we receive directly as part of our business relationship. If we have received data from you, we only process it for the purposes for which we received or collected it. We generally process the following categories of data from you

• Surname, first name
• Address and/or company address
• Telecommunications data
• E-mail address
• Company
• Professional function and / or position
• Bank details/other payment details
• Data on the history of the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by our employees, further personal data is generated, e.g. information about the contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Art. 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Art. 13 Paragraph 3 GDPR and Art. 14 Paragraph 4 GDPR.

Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as statutory retention obligations exist, the relevant personal data is stored for the duration of the retention obligation. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. After the retention period has expired, a check is carried out to determine whether there is any further need for processing. If it is no longer necessary, the data will be deleted.

Emails and business letters
If you send us an email, your data and the entire email content will be stored in accordance with the principles of proper accounting. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual e-mail in this respect is not in proportion to the benefit and the interests of the sender that are worthy of protection. However, you can of course ask us to delete it at any time and we will carry out a case-by-case review and inform you of the result. This may lead to deletion or restriction of processing, depending on the content of the correspondence.

Withdrawal of your consent
If we process your data on the basis of your consent (Art. 6 para. 1 lit. a GDPR), we will delete it after you withdraw your consent. Unless there are legitimate interests against complete erasure. For example, we generally retain declarations of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 para. 1 lit. f GDPR). We only retain the consent with restriction of processing in order to be able to defend ourselves in the event of a dispute.

The provision of personal data is regularly required for the initiation, conclusion, processing and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, considering suitable guarantees or other suitable guarantees.