Data protection declaration
This page contains information relating to data protection in connection with our online content, in particular relating to what personal data is regularly collected when visiting our website or in relation to a concrete enquiry. We will also inform you about the purpose and on what legal basis processing is effected in each case and what rights you have in this respect as a visitor to the website.
We have made every effort to formulate the explanations as comprehensibly as possible and will be happy to answer any queries you may have. You can find the corresponding contact details at the end of this document.
Note: If terms such as "controller", "data subject", "personal data", "processing", etc. occur in the following text, at these points we use the definitions from Article 4 of the European General Data Protection Regulation (EU-GDPR). You can find a copy of the text of the EU GDPR here: https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=CELEX:02016R0679-20160504.
Processing of personal data
With our online content, among other things we want to inform you about our services and products and give you the chance to easily contact us or utilise our services. Insofar as we process personal data within the framework of our online offer, beyond this core purpose this is also effected in accordance with the purposes respectively specified in this data protection declaration.
Access of our online offer
In order to be able to transfer the content of our online offer retrieved by you (e.g. images, text, documents) to your computer, we store the IP address that is assigned to your computer at the time of retrieval. The legal basis of this processing is Article 6 Para. 1 lit. b GDPR. We also use this data to defend against improper use and to pursue associated offences, and in this respect we base our actions on Article 6 Para. 1 lit f (our legitimate interest in this case: to ensure proper data processing and the availability of our online offer).
Within the framework of an enquiry, a booking or an order, insofar as you provide us with personal data (name, addresses, contact details), these will be processed exclusively to deal with this enquiry, to generate an offer on the basis of your enquiry or to develop a resultant contractual relationship. Here, the legal basis of this processing is Article 6 par. 1 lit. b GDPR. It is not possible to process your enquiry, booking or order without the existence and the processing of this data. Nevertheless, insofar as processing of the data concerning you is based on the provision of consent (Article 6 Para. 1 lit a GDPR) in individual cases, you can revoke this consent at any time. However, this does not affect the legality of the processing up to the point of revocation.
Transfer to third parties
Insofar as we, as part of processing, make your personal data available to other persons and companies (order processors or third parties), transfer data to these or grant them access to this data in some other way, this is only effected on the basis of legal permission in all cases. This can be for reasons of contract fulfilment (Article 6 Para. 1 lit b GDPR), consent granted by you (Article 6 Para. 1 lit a GDPR), a legal obligation (Article 6 Para. 1 lit c GDPR) or for our legitimate interests (Article 6 Para. 1 lit f GDPR). This may be, for example, service providers in the field of web hosting, email marketing, software development or service providers in customer service or order processing.
If we commission third parties to process your personal data, this is always on the basis of a corresponding contract for order processing in accordance with Article 28 GDPR. We carefully select service providers and regularly check that data protection is being observed by these partners. When transmitting data, we take precautions to prevent others except from contractually-tied service providers from gaining knowledge of your personal data. In accordance with the contract to provide order processing, the service providers commissioned by us will be obligated to exclusively process your data in accordance with our instructions and the respectively applicable data protection standards. Furthermore, they are prohibited from processing your data for reasons other than the agreed purposes.
We do not sell your data to third parties or market the data in any other way.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union or the European Economic Area) or if this is done in order to utilise third-party services, disclose or transfer data to third parties, then we will ensure that this only takes place within the framework of the aforementioned legal permissions, hence in general in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. We will also ensure that we only process personal details in a third country in special circumstances in accordance with Article 44 ff. GDPR, that is, especially on the basis of special guarantees such as the specification of a data protection level that corresponds to that of the European Union. This also includes the observance of officially acknowledged contractual obligations (standard contract clauses of the European Union).
Security of data processing
We implement technical and organisational safety measures to protect the personal data you make available from accidental or intentional manipulation, loss, destruction or unauthorised access by third parties. We also require these precautions on a contractual basis from our service providers that have, or could gain, contact to personal data. Wherever you can provide us with personal data in our online offer (contact forms or similar), the transmission takes place using strong encryption.
Time limits for the deletion of data
We routinely delete personal data when the periods set by the legislator with respect to storage obligations have expired. Insofar as your personal data are not affected by this, they will be deleted or anonymised when the purposes specified within the framework of this data protection declaration lapse. If this data protection declaration does not contain any other deviating conditions with respect to the storage of data, the data collected by us will be stored for as long as is necessary to fulfil the specified purposes for which it was collected.
Detection and pursuit of abuse
We retain information for the detection and pursuit of abuse, in particular your IP address which is recorded when you access information from our online offer, for a maximum of 7 days. The legal basis for this is Article 6 Para. 1 lit. f GDPR. Here, our legitimate interest is for trouble-free operation of our online offer and to combat abuse of, or attacks against, our online offer.
Temporary cookies (session cookies) are generally of fundamental importance to the function of our website. This, for example, is the allocation of anonymous session IDs to bundle several enquiries to a web server or the trouble-free functionality of logins and orders. These temporary cookies are automatically deleted at the end of your visit. Other (persistent) cookies remain stored on the terminal device until you delete them. These cookies allow us to recognise your browser again on your next visit.
Cookies that are required for the provision of specific functions (e.g. shopping basket function) will be stored on the basis of Art. 6 Para. 1 lit. f GDPR. As the provider of these functions, we have a legitimate interest in the storage of these cookies for technically trouble-free and optimum provision of our services. Insofar as other cookies (e.g. cookies for analysing your websurfing behaviour) are stored, we will indicate this separately at another point in this data protection declaration.
If you do not wish for cookies to be stored on your computer, you can deactivate the corresponding option in your browser's system settings. Cookies that are already stored can be deleted in the browser's system settings. Independently of this, you can also declare your objection to the use of direct marketing cookies and any associated tracking on sites such as http://www.aboutads.info/choices/ (USA) or http://www.youronlinechoices.com/.
Your rights with respect to the processing of personal data
Right of access
You have the right to demand information from us as to whether we process your personal data. If this is the case, in accordance with Article 15 Para. 1 GDPR we must provide you with information about
- the processing purposes;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- if the personal data was not collected from you, all available information about the origin of the data;
- the existence of automated decision-making, including profiling, referred to in Article 22 Paragraphs 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you as the data subject.
The information is to be provided by us within one month of receipt of your request. Please not that we may require verification of your identity in order to fulfil your request for information.
Right to rectification of incorrect data
If the personal data concerning you is incorrect, you have a right to demand that this is immediately corrected by us (Article 16 GDPR).
Right to erasure
Under certain circumstances, you have the right to immediate deletion of the personal data concerning you. For example, this is the case if the personal data is no longer needed for the purpose for which it was collected, if you have revoked your consent that is necessary for processing or if a legal basis that is required for processing is not present for other reasons. Insofar as you have objected to processing and no overriding reasons exist for processing the personal data concerning you, the data must also be deleted. In the case of direct marketing, the data must be deleted in all cases if you have objected to its processing. You can find further details in Article 17 of the GDPR.
Right to restriction of processing
Under certain circumstances you have a right to restrict the processing of personal data concerning you (Article 18 GDPR). For example, this is the case if the processing performed by us is not lawful but you refuse the deletion of the data, instead demanding that the data's use be restricted. Processing is also to be restricted while we check, with respect to your objection, as to whether our legitimate reasons for processing outweigh this.
Right to data portability
As per Article 20 of the GDPR, you have the right to receive the personal data concerning you and that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller, for example another service provider. However, this requires that the processing of this data is based on consent or a contract and is effected with the assistance of automated processes.
Right to object
In accordance with Article 21 of the GDPR, you have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you if the data in question is present on the basis of Article 6 Para. 1 lit. e or f GDPR. This also applies for profiling based on these provisions. In this case we will cease processing the data insofar as we cannot show compelling and legitimate grounds for the processing that outweigh your interests, rights and freedoms or if the processing serves for the assertion, exercise or defence of legal claims.
You can assert all aforementioned rights by post or by sending an email to us. You can find the corresponding contact details at the end of this document.
Right to appeal to a supervisory authority
You can appeal to a supervisory authority if you have concerns or specific complaints with regard to the processing of personal data by us. For example, you can contact our regulator:
Landesbeauftragter für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (North Rhine-Westphalia State Officer for data protection and information security)
PO Box 20 04 44
Telephone: +49 (0)211/38424-0
Fax: +49 (0)211/38424-10
Data protection information in the job application process
We only process applicant information for the purpose of and within the framework of the application process and in accordance with the statutory regulations. Processing is effected to fulfil our (pre-)contractual obligations within the framework of the application process in the sense of Art. 6 Para. 1 lit. b. GDPR and Art. 6 Para. 1 lit. f. GDPR, insofar as data processing is necessary for us e.g. within the framework of legal proceedings (in Germany, § 26 BDSG (German Federal Data Protection Act) also applies).
The job application process requires applicants to provide us with applicant data. Insofar as we provide an online form, the required applicant data is marked. This is also apparent from the job descriptions published by us. In general, this includes details about the person, postal and contact addresses and the documents that are part of the application such as a covering letter, curriculum vitae and references. In addition, applicants can voluntarily provide us with additional information.
By transmitting the application, applicants declare their consent to processing of their data for the purpose of the application process in accordance with the basic principles set out in this data protection declaration.
Insofar as special categories of personal data in the sense of Art. 9 Para. 1 GDPR are provided voluntarily within the framework of the application process, the processing of this data is additionally effected in accordance with Art. 9 Para. 2 lit. a GDPR (e.g. health data such as severely disabled status or ethnic origin). Insofar as special categories of personal data in the sense of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, the processing of this data is additionally effected in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data if this is necessary for professional practice).
Where provided, applicants can transfer their applications to us by means of an online form on our website. The data is transmitted to us using state of the art encryption.
Insofar as applicants send us their applications by email, it is indicated that the receipt of encrypted emails is not possible. For this reason, we cannot accept responsibility for the transmission path between the sender and and receipt on our server and therefore recommend using an online form or delivery by post. The option of sending a postal application exists in every case.
If an application for an advertised position is not successful, the applicant's data is deleted. The applicant's data is also deleted if an application is withdrawn, wherein the applicant is entitled to do this at any time. Subject to justified revocation by the applicant, deletion occurs after expiry of a period of six months, so that we can respond to any follow-up questions and to fulfil our record-keeping obligations from the German Federal Equal Treatment Act (Gleichbehandlungsgesetz). Invoices for any travel reimbursement costs will be archived in accordance with the provisions of tax legislation.
When making contact with us (e.g. via a contact form, email, telephone or via social media), personal data transmitted by you is used to process the contact request and its response in accordance with Art. 6 Para. 1 lit. b GDPR.
This personal data is not transferred to third parties insofar as this is not necessary for processing the enquiry and is therefore covered by the permission in accordance with Article 6 Para. 1 lit. b GDPR.
We delete the enquiries when processing is no longer necessary. We check the necessity every two years; furthermore, the statutory archiving obligations also apply.
We use the hosting services of an external service provider for the provision of this online offer. Here, we or our hosting provider process inventory data, contact data, content data, contract data, utilisation data, meta and communication data of customers, prospective customers and visitors to this online offer on the basis of our legitimate interests to efficiently and securely provide this online offer in accordance with Art. 6 Para. 1 lit. f GDPR.
We have concluded an agreement with the corresponding service provider for order processing in accordance with Art. 28 GDPR and thus guarantee that data protection will also be implemented by them.
Collection of access data and log files
We, or our hosting provider, will compile records and statistics relating to each access of the server on which our online offer is provided. This access data includes the name of the accessed website, file, date and time of the access, transmitted data quantity, report of successful access, browser type and version, the user's operating system, referrer URL (the page visited before), IP address and requesting provider. The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the technically trouble-free provision of this online offer and in the clarification of misuse or punishable acts.
For security reasons (e.g. the clarification of misuse or fraud) the aforementioned information is stored for a maximum of 7 days and is then deleted or completely anonymised. Data that must be stored further for evidence purposes is excluded from deletion until final clarification of the respective incident.
Google AdWords and conversion measurement
On the basis if our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer in the sense of Art. 6 Para. 1 lit. f. GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
Google is certified under the Privacy Shield agreement and thus guarantees to observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the online marketing process Google "AdWords" to place adverts in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so they are shown to users that may have an interest in the adverts. This allows us to display adverts for and within our online offer in a more targeted manner so that users are only presented with adverts that potentially correspond to their interests. If a user is shown e.g. adverts for products in which they have shown an interest in other online offers, this is referred to as "re-marketing". To this end, upon accessing our website and others on which the Google advertising network is active, a Google code is immediately executed by Google and so-called (re-)marketing tags (invisible graphics or code, also known as "Web beacons") are integrated into the website. With their help, an individual cookie (a small file) is stored on the user's device (instead of cookies, comparable technologies can also be used). This file records which websites the user has visited, the contents in which they are interested and what offers the user has clicked upon, also technical information about the browser and operating system, linking websites, visit length and other information relating to use of the online offer.
Furthermore we receive an individual "conversion cookie". The information collected with the help of the cookie helps Google to generate conversion statistics for us. However, we only see the anonymised total number of users who clicked on our advert and were inadvertently redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.
The users' data is pseudonymically processed within the framework of the Google advertising network. That is, Google does not store and process e.g. the names and email addresses of users, but rather processes the relevant data on the basis of cookies within pseudonymised user profiles. That is, from the perspective of Google, the adverts are not managed and displayed for a concretely identifiable person, but for the cookie owner, independently of who the specific cookie owner is. This is not the case when a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users is transferred to Google and stored on Google's servers in the USA.
You can find further information about data use by Google, options for settings and objections in the data protection declaration of Google (https://policies.google.com/technologies/ads) and also in the settings for the display of advertising inserts by Google (https://adssettings.google.com/authenticated).
Coverage analysis with Matomo
This website uses the open source web analysis service Matomo, via which we implement coverage analyses, in particular. The legal basis for this is our legitimate interest in analysis, optimisation and the commercial operation of our pages (Art. 6 Para. 1 lit f GDPR). When you access pages from our online offer, the following data is processed by Matomo:
- the browser type and browser version used by you,
- the operating system used by you,
- your country of origin,
- the date and time of the server request,
- the number of visits,
- the time you spent on the website and
- the external links that you have clicked on.
Your recorded IP address will be anonymised before it is stored.
You can object to the anonymised data collection by the Matomo program at any time with effect for the future by clicking on the link below. In this case, a so-called opt-out cookie is stored in your browser which means that Matomo will no longer collect any kind of session data. However, if you delete your cookies in the browser, this also deletes the Matomo opt-out cookie. The opt-out must be activated again upon your renewed visit to our site.
Link to opt-out
Online presences in social media
We maintain online presences within social networks and platforms in order to communicate with customers, prospective customers and users that are active there and to be able to inform them of our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.
Where not otherwise specified within the framework of our data protection declaration, we process the user data insofar as they communicate with us within the social networks and platforms, e.g. make contributions to our online presence or send us messages.
Incorporation of services and content from third parties
Within our online offer, we use content or service offers from third-party providers to integrate their content and services, such as videos or fonts. This always requires that the IP address of visitors to our website is transmitted to these third-party providers, since they are not able to transmit content to your browser without the IP address. Hence, the IP address is required for display of this content. The legal basis for this transmission is our legitimate interest in the analysis, optimisation and commercial operation of our online offer in the sense of Art. 6 Para. 1 lit. f. GDPR.
We endeavour to only use such content wherein the respective providers only use the IP address for delivering the content. Depending on the offer, third-party providers can use so-called pixel tags (invisible graphics) for statistical or marketing purposes. As a result of the "pixel tags", utilisation information about our online offer is unavoidably also transmitted to the third-party provider. The pseudonymised information can also be stored in cookies on the device that you use. Among other things, these cookies can contain technical information about the browser and operating system, linking websites, visit length and other information about the use of our online offer, and the cookies can be connected to information from other sources by third-party providers.
We occasionally embed videos via the "YouTube" platform of the provider YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you access a page within our online offer which a YouTube video embedded into it in this way, a connection to the YouTube servers is established. In doing this, the YouTube server is also notified of your IP address and is informed as to which of our pages you have visited. If you are logged into your YouTube account during this process, YouTube will attribute this access to your personal profile. You can prevent this by logging out of your YouTube account before accessing our pages.
We use YouTube in the interest of presenting our content in an appealing way and providing visitors with information. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
You can find further information on the handling of user data here: Data protection declaration from YouTube at: https://www.google.de/intl/de/policies/privacy. Opt-out option for Google-Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or Google settings for the use of data for marketing purposes (https://adssettings.google.com/).
For the uniform representation of fonts, we embed what are known as web fonts, namely fonts from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google Fonts"). When you access a page, your browser loads the required web fonts from Google's servers into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google's servers and thereby transmits your IP address to Google. The use of Google Web Fonts takes place on the basis of our legitimate interest in a uniform and attractive presentation of our online offers in the sense of Art. 6 Para. 1 lit. f GDPR. If your browser does not support web fonts, a default font is used by your computer.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google's data protection declaration: https://www.google.com/policies/privacy/. Option to opt out: https://adssettings.google.com/authenticated.
We embed maps from the "Google Maps" service from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to save your IP address. This information is generally transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
We use Google Maps in the interest of presenting our online content in an appealing way and enabling the easy location of places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. For further information we refer to the Google data protection declaration: https://www.google.com/policies/privacy as well as the option to opt out: https://adssettings.google.com/authenticated.
This data protection information is valid as of 25th May 2018.