THOST Projektmanagement Data Privacy Notice

Welcome to the website of THOST Projektmanagement GmbH. Data protection and the protection of your personal rights are of great importance to us. On this page we would like to inform you about which data THOST processes and for what purposes. If you have any questions or suggestions regarding our privacy policy, please do not hesitate to contact us.

1. Preface and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

  • GDPR stands for the European General Data Protection Regulation.
  • BDSG is an abbreviation for the Federal Data Protection Act in its current version.
  • Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  • The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
  • The data subject within the meaning of data protection law is any natural person whose personal data is processed.
  • Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (definitions).

2. Responsible and Data Protection Officer

Responsible for Data Processing

THOST Projektmanagement GmbH
Villinger Straße 6
75179 Pforzheim
Phone: +49 7231 1560-0
Fax: +49 7231 1560-90
E-mail: info@thost.de

Data Protection Officer

DPO External Data Protection Officer Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Certified Data Protection Officer
Phone: +49(0)176 32744172
Email: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

3. Compact overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security on our Website

Our website is equipped with a TLS certificate, which is used to encrypt data transmission processes. This happens, for example, when you send us a message via a form. However, as a precaution, we would like to point out that 100% security in electronic data processing is not possible and that there is always a residual risk.

Data that you transmit to us

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Server Log Files

On the other hand, our server automatically records all accesses and thus also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Use of Cookies

Cookies help us to provide various services; further information can be found in this data protection declaration.

Analysis and Tracking Tools

In addition to the pure server log files, which also provide us with information about page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the flow of behavior and, for example, the country from which access took place. Such services require cookies or comparable technologies to function.

Plugins and content delivery networks

We use plugins and content delivery networks. If such services are integrated via a website, access data is transmitted to the services. Typically this is your IP address and other metadata, such as time and date of access.

Newsletter / direct marketing

Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 Paragraph 3 UWG and Art. 6 Para. 1 lit. f of the GDPR. You can of course object to receiving direct marketing information at any time.

Other data recipients

Data Transfer within the Corporate Group
In the THOST Group, we process data on common systems and for common purposes. This is done on the basis of shared responsibility within the framework of legitimate interests.

Use of Data Processores
We have commissioned data processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting or email hosting. These companies process personal data according to our instructions.

Use of Specialist Services
If necessary, we pass on your data to, for example, banks, shipping service providers, our tax advisor or lawyer.

Legal Obligations
We are subject to legal obligations, such as commercial laws or tax laws, in this context we must pass on certain data, for example, to tax authorities.

Investigation of Crimes
If necessary to secure our interests, we pass on data to the law enforcement authorities.

General Information on Deletion Periods of Personal Data

We process the data as long as necessary for the respective purpose. As a rule we process your personal data for the duration of our business relationship, which includes the initiation and processing of a contract; further we are obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of Personal Data to a Third Country

Where possible, we try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and / or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees. In individual cases, we use plugins or tools that are hosted in third countries on the basis of our legitimate interests or your consent. In these cases, we will point this out where applicable.

Obligation to provide personal data

You are free to decide whether you provide personal data on our website for specific purposes. To carry out legal transactions, the provision of personal data is contractually required.

5. Data Subjects Rights under the General Data Protection Regulation

Every natural person has certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights that you can assert against us.

Right to revoke your consent in accordance with Art. 7 GDPR

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG)

You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG)

You have the right to request the erasure of your personal data that we process at any time. If complete erasure is not possible, for example because we have to comply with statutory retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data – apart from its storage – may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability pursuant to Art. 20 GDPR

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External Hosting

This website is hosted externally. The personal data collected on this website is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR, insofar as the consent requires the storage of cookies or access to information on the user’s end device (e.g . B. Device fingerprinting). Consent can be revoked at any time.

We use the following hoster

IONOS SE
Elgendorfer Str. 57
56410 Montabaur

Data Processing Agreement

We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Automatic server log files

Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.

  • Date and time of retrieval
  • Information about the browser type and version browser used
  • Information about the operating system used
  • Device (client)
  • Referrer URL (via which page you landed on our site)
  • Hyperlinks accessed

 

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

8. Use of cookies

Our website uses cookies for the provision of services and to ensure full functionality. Cookies – small text files that are automatically stored in your browser or device – can have various functions and contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Cookies are stored on your end device and transmitted from it to our website. As a user, you have full control over the use of cookies. You can specify whether and which cookies you allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies for you. This gives you control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be restricted.

Cookies are divided into non-persistent and persistent cookies. A further distinction is made between first party cookies (which come directly from our web server) and third party cookies (which are set by you via third party providers).

Cookie types by term

Session cookies
Session cookies are deleted at the latest when you leave our website and close your browser.

Persistent cookies
These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example storing your login details so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking and marketing purposes.

Cookie types by origin

We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed by a third party. We use various third-party cookies for analysis, tracking and marketing purposes.

Cookie types by function

Technically required or necessary cookies
These cookies enable the operation of our website; without technically necessary cookies, our site would not be usable or would only be usable to a very limited extent. For example, such cookies are used when you log in to our site or add a product to your shopping cart. Some necessary cookies also serve security purposes.

Analysis and statistics cookies
Analysis cookies collect information about the behavior of site visitors, provide information about the length of stay and what information was accessed. Information is also collected about which website visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimize our website based on the information collected.

Tracking and marketing cookies
Tracking and marketing cookies (also remarketing and retargeting cookies) enable an analysis of browser behavior, they store which content was visited or which products the user was looking for (tracking in this sense means tracking). Based on these cookies, a user can also be identified across sites with the aim of displaying advertisements tailored to their interests.

Legal Basis and Information about setting your Preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 Para. 1 lit. f GDPR); we only use other cookies with your consent (Art. 6 Para. 1 lit. a GDPR). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit, and you also have the option to adjust your preferences at any time.

The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our data protection declaration.

10. Data Processing in the Context of Communication and Contact

Message via contact form (integrated via Salesforce CRM)

You have the option of sending us messages via the contact form. We process the data that you enter in the data entry mask. Mandatory fields are marked and must be completed. The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for the processing of the data entered in the contact form is generally based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time in the future without giving us any reasons. In addition, we process your data for the initiation or execution of contracts, for example if you ask us product-related questions (Art. 6 para. 1 lit. b GDPR).

Inquiries from the contact form are saved directly in our CRM Salesforce (see below).

We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.

Communication via email

If you send us an email, we will process your data in accordance with the content and purpose of the message. As a rule, the processing is carried out on the basis of pre-contractual measures or in the context of the execution of a contractual relationship on the basis of Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f. GDPR. It is in our legitimate interest to process your request quickly and efficiently.

If it is a product or service-related message, we generally process your data on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. b GDPR.

Please note that we store all incoming e-mails in accordance with the principles of proper accounting and the statutory retention periods. Therefore, if you request us to delete the data, we will henceforth restrict your data for processing and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax

Even if you contact us by telephone or fax, we process your data either to initiate and execute contractual relationships (if the content is product- or service-related) and/or in our legitimate interest, analogous to contacting us by e-mail. We do not record the content of conversations, but we may take notes to process your request. We store these until the purpose of the data processing has been achieved.

11. Information for Applicants

Data Protection Regulations within Job Applications

If you apply to us, whether for an advertised position or on your own initiative, we process your data to carry out the selection process. It is irrelevant to us whether you apply by post, by e-mail or, if available for the respective position, by online form.

Use of the OnlyFy Platform

If you apply using the online form, the application process is carried out via the OnlyFy application manager, which is provided by New Work SE, Am Strandkai 1, 20457 Hamburg. After calling up the application manager, you will find additional data protection information.

Scope of Processing

As a matter of principle, we only process the data that you yourself have transmitted to us as part of an application procedure. Other sources may be consulted after informing and consulting with you. For example, whether we may contact a former employer. The legal basis for the implementation of an application procedure is §26 BDSG in conjunction with Art. 6 para. 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 para. 1 lit. a GDPR.

Deletion periods for applicant data

We delete applicant data a maximum of months after the end of the application process (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of the data processing is generally no longer given with the end of the selection process, but we have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to defend ourselves against any claims by rejected applicants. If you have the impression that your interests in immediate deletion outweigh our interests, you have the option of requesting us to do so. We will then review your request and provide you with feedback.

Your data will be deleted after the above-mentioned period has expired, unless we have to defend ourselves in ongoing proceedings, for example due to a complaint under the General Equal Treatment Act. In this case, we will delete your data once the proceedings have been concluded, provided that there are no statutory retention periods.
If we are permitted to store your data for a longer period of time on the basis of your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before you withdraw your consent if it is foreseeable that no position will be available.

Inclusion in our applicant pool

If we are currently unable to offer you a job, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position in the future. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Para. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.

12. CRM System Salesforce

Personal data that you have provided to us through a contact request or direct business relationship is processed and maintained by us using a customer relationship management system (CRM system).

We use Salesforce Sales Cloud from the provider salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (hereinafter “Salesforce”).

Salesforce Sales Cloud is a CRM system and enables us, among other things, to manage existing and potential customers and customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer-related processes. The customer data is stored on Salesforce’s servers. Personal data may also be transmitted to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Details on the functions of Salesforce Sales Cloud can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/.

The use of Salesforce Sales Cloud is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in customer management and customer communication being as efficient as possible. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Salesforce has Binding Corporate Rules (BCR) approved by the French data protection authority. These are binding internal company regulations that legitimize the internal transfer of data to third countries outside the EU and the EEA. You can find details here: https://compliance.salesforce.com/en/salesforce-bcrs.

For details, see Salesforce’s privacy policy: https://www.salesforce.com/de/company/privacy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5959.

Data Processing Agreement

We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

13. Direct Marketing

Direct Marketing to existing Customers in Legitimate Interests

We reserve the right to use the data collected as part of a contract for direct advertising by e-mail or post in accordance with Section 7 (3) of the German Act Against Unfair Competition (UWG) if the customer does not object to this use or has not objected to it. Direct advertising only includes offers for similar products or services to those already purchased from us by the user.

We use your data for up to five years after the last legal transaction for direct marketing purposes in the legitimate interest.

We have a legitimate economic interest (Art. 6 para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct advertising at any time. Please address your objection to the controller named above. You will also find information in each newsletter on how you can assert your objection.

We use the CRM Salesforce (see above) to send newsletters.

14. Audio and Video Conferencing with MS Teams

We use the Microsoft Teams tool for communication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Teams processes all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is necessary to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it will also be stored on the tool provider’s servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis

We use Microsoft Teams to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools will be used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage duration

The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Data Processing Agreement

We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

15. Analytics Tools and Advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we can use to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated through it. However, the Google Tag Manager records your IP address, which can also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in the quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing will be carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and §25 Para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Google Analytics

We use functions of the web analysis service Google Analytics on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyze the behavior of our website visitors. In this context, we use Google Analytics to collect various usage data, such as in particular

  • Page views
  • Links clicked and actions performed
  • Length of stay
  • Files downloaded
  • Operating systems and browser types used
  • Resolution of the device used
  • Geographical origin of the site visitor
  • Origin of the user (referrer URL)

 

This data is summarized in a user ID and assigned to the respective device of the website visitor. Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the data sets collected and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG. The consent can be revoked at any time.

Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Data Processing Agreement

We have concluded a Data Processing Agreement with Google. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

16. Plugins and Tools on our Website

YouTube

This website integrates videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube can store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience and prevent fraud attempts.

If necessary, further data processing operations may be triggered after starting a YouTube video, over which we have no influence.

YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and §25 Para.1 TDDDG. Consent can be revoked at any time.

Further information about data protection at YouTube can be found in their data protection declaration at: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of this service, we can integrate map material on our website.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Integration of the applicant platform OnlyFy

We have integrated content from the provider OnlyFy on our website; the provider is New Work SE, Am Strandkai 1, 20457 Hamburg (privacy policy https://onlyfy.com/de/datenschutz). The purpose is the presentation of job offers and the integration of the OnlyFy applicant platform.

OnlyFy uses cookies; you can find out more about cookies in this data protection declaration. OnlyFy content will only be displayed once you have given your consent. You can grant this, for example, via the cookie settings or revoke it after granting it.

The integration of the OnlyFy Application Platform is based a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of the GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit. a of the GDPR; consent can be revoked at any time.

Further information on the processing of personal data as part of the application process can be found in this data privacy notice.

17 Our social media presence

Data Processing through Social Networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.

Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Further details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

Wir verfügen über ein Profil bei Instagram. Anbieter dieses Dienstes ist die Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum

https://help.instagram.com/519522125107875

https://de-de.facebook.com/help/566994660333381.

Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Die Datenübertragung in die USA wird auf die Standardvertragsklauseln der EU-Kommission gestützt. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.

18. Additional Data Protection Information for our Business Partners

Data Categories and Purposes of Processing

We process the personal data of our service providers and partners that we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it.
We generally process the following categories of data from you:

  • Surname, first name
  • Address and/or company address
  • Telecommunications data
  • E-mail address
  • Company
  • Professional function and/or position
  • Bank details/other payment details
  • Data on the history of the business relationship

 

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. B. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Art. 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Art. 13 Paragraph 3 GDPR and Art. 14 Paragraph 4 GDPR.

Information on Deletion Periods for Personal Data

Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), can usually be three years, but in certain cases can also be up to thirty years. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

Emails and business letters
If you send us an email, your data and the entire email content will be stored in accordance with the principles of proper accounting. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking every single e-mail in this respect is not in proportion to the benefit and the sender’s legitimate interests. However, you can of course ask us to delete them at any time and we will carry out a case-by-case review and inform you of the result. This may lead to erasure or restriction of processing, depending on the content of the correspondence.

Withdrawal of your consent
If we process your data on the basis of your consent (Art. 6 para. 1 lit. a GDPR), we will delete it after you withdraw your consent. Unless there are legitimate interests against complete erasure. For example, we generally retain declarations of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 para. 1 lit. f GDPR). We only retain the consent with restriction of processing in order to be able to defend ourselves in the event of a dispute.

Legal or contractual Obligation to provide Personal Data

The provision of personal data is regularly necessary for the initiation, conclusion, processing, and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transfer to a Third Country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, considering suitable guarantees or other suitable guarantees.