Privacy Policy

You can contact our data protection officer using this FORM or contact the Data Protection Officer using the contact details above.

Affected persons can contact us at any time with any questions or suggestions regarding Data protection contact us or our data protection officer.

Data protection contact us or our data protection officer.

Art. 6 (1) (a) GDPR (in conjunction with Section 25 (1) TDDDG (formerly TTDSG)) serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which you are a party, as is the case, for example, with processing operations necessary for the supply of goods or the provision of other services or consideration, the processing is based on Art. 6 (1) (b) GDPR.

The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 (1) (c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In this case, the processing would be based on Art. 6 (1) (d) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) (f) GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal grounds if the processing is necessary to protect the legitimate interests of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override them. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this respect, the European legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

1. you have given us your express consent in accordance with 6 (1) (a) GDPR,

2. the transfer is permissible in accordance with Art. 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not transferring your data,
3. in the event that there is a legal obligation to transfer data pursuant to 6 (1) (c) GDPR, and

4. this is legally permissible and is necessary for the processing of contractual relationships with you according to Art. 6 (1) (b) GDPR.

To protect your data and, if necessary, enable us to transfer data to third countries (outside the EU/ EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent may be withdrawn in accordance with Art. 49 (1) (a) GDPR.
GDPR may serve as the legal basis for transfers to third countries. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

As part of the processing operations described in this data protection declaration, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and the EU Commission’s adequacy decision pursuant to Art. 45 GDPR thus applies. We have explicitly mentioned this in the data protection declaration for the service providers concerned. To protect your data in all other cases, we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Art. 49 (1) (a) GDPR can serve as the legal basis for the transfer to third countries. This does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

If you use our website purely for informational purposes, if you do not register or otherwise provide us with information, or if you do not consent to processing requiring your consent, we only collect data that is technically necessary to provide the service. This data is usually transmitted by your browser to our server (“in so-called server log files”). Our website collects a series of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following data may be collected:

1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system reaches our website (so-called referrer),
4. the subpages that are accessed via an accessing system on our website,
5. the date and time of access to the website,
6. a shortened Internet Protocol address (anonymized IP address) and,
7. the Internet service provider of the accessing

When using this general data and information, we do not draw any conclusions about you personally. This information is rather required to

1. to deliver the contents of our website correctly,

2. to optimise the content of our website and the advertising for it,
3. to ensure the long-term functionality of our IT systems and the technology of our website and
4. to provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

This collected data and information is therefore used by us on the one hand statistically and On the other hand, the data is evaluated with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest arises from the purposes for data collection listed above.

We host our website with Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter referred to as Strato).

When you visit our website, your personal data (e.g. IP addresses in log files) are processed on Strato’s servers.

Strato is used on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in the most reliable presentation, provision, and security of our website.

We have concluded a data processing agreement (DPA) with Strato in accordance with Art. 28 GDPR. This is a contract required by data protection law that guarantees that Strato will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Further information on Strato’s data protection policy can be found at: https://www.strato.de/datenschutz/

The data processed by the cookies, which are required for the proper functioning of the website, are therefore necessary to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 (1) (a) GDPR.

We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage website users’ consent to data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. If an end user provides consent, the following data, among others, is automatically logged:

• Cookie duration,
• Cookie version,
• Domain and path of the WordPress site,
• Selection in the cookie banner,
• UID (a randomly generated ID),

The consent status is also stored in the end user’s browser so that the website can automatically read and follow the end user’s consent on all subsequent page requess and future end user sessions for up to 12 months.

The consent data (consent and revocation of consent) will be stored for three years. This retention period corresponds to the regular limitation period according to Section 195 of the German Civil Code (BGB). The data will then be deleted immediately.

The functionality of the website cannot be guaranteed without the processing described.

The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations (Art. 7 (1) and 6 (1) sentence 1 (c) GDPR).

The collected data will neither be forwarded to Borlabs GmbH nor will it have access to it.

Further information can be found at: https://de.borlabs.io/borlabs-cookie/.

We collect and process applicants’ personal data for the purpose of processing the application process. Processing may also take place electronically. This is particularly the case if an applicant submits relevant application documents to us electronically, for example by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If we do not conclude a contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part conflict with deletion. Another legitimate interest in this sense is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of your data is Art. 6 (1) (b), 88 GDPR in conjunction with Section 26 (1) BDSG.

On our website we use the service Microsoft Clarity (“Clarity”), a web analysis service of Microsoft Corp., One Microsoft Way, Redmond, Washington, USA.

In this context, pseudonymized user profiles are created and cookies are placed on your device.

Processed data includes, among others:

• the browser type/version,
• the operating system used,
• the referrer URL (the previously visited page),
• the host name of the accessing computer (IP address),
• ser behavior on the website visited,
• Mouse movements and clicks,

The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website activity and internet usage for the purposes of market
research and the needs-based design of our websites.

These processing operations are carried out exclusively with the granting of express consent in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been obtained, meaning that the transfer of personal data may take place without further safeguards or additional measures.

You can view Microsoft’s privacy policy at: https://privacy.microsoft.com/de- de/privacystatement.

This website uses the WordPress tool “WordPress Stats,” provided by Jetpack, to statistically evaluate visitor access. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA. The operating company uses tracking technology from Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack uses cookies that are stored on your computer and that allow WordPress Stats

to analyze your website usage. The information generated by the cookies about your website usage is stored on servers in the

USA. Your IP address will be anonymized after processing and before storage.

The cookies remain on your device until you delete them.

These processing operations are carried out exclusively with the granting of express consent in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been obtained, meaning that the transfer of personal data may take place without further safeguards or additional measures.

You can view Jetpack’s privacy policy at: https://jetpack.com/support/ privacy/.

We have integrated the Jetpack plugin on our website. The operator of the Jetpack plugin for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operator, in turn, uses tracking technology from Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.

Jetpack sets a cookie on your IT system. Each time you access one of the individual pages of this website on which a Jetpack component has been integrated, the Internet browser on your IT system is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes.

Through this technical process, Automattic receives information that is used to create an overview of website visits. This information is evaluated with the aim of optimizing our website. The data collected via the Jetpack component will not be used to identify you without your prior express consent. Quantcast also uses the data for the same purposes as Automattic.

These processing operations are carried out exclusively with the granting of express consent in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR has been obtained, meaning that the transfer of personal data may take place without further safeguards or additional measures.

Automattic’s applicable privacy policy is available at https://automattic.com/privacy/. Quantcast’s applicable privacy policy is available at https://www.quantcast.com/privacy/.

Our website uses WPML (WordPress Multilingual Plugin), a plugin for multilingual display of our content. The provider is OnTheGoSystems Ltd., 22/F 3 Lockhart Road, Wanchai, Hong Kong.

WPML uses cookies to remember the language selected by the user during their last visit to the website or within a session. These cookies do not contain any personal data and are used solely for the functionality of the website.

We use WPML to ensure our website is user-friendly and accessible in multiple languages. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

WPML does not transmit any personal data to third parties. Data is also not transferred to third countries.

Further information on data processing by WPML can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

We process and store your personal data only for the period necessary to achieve the storage purpose or as required by the legal provisions to which our company is subject.

If the purpose of storage no longer applies or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.

The criterion for the duration of storage of personal data is the respective statutory retention period. After expiration of this period, the corresponding data will be routinely deleted unless it is no longer required for the fulfillment or initiation of a contract.