- Collection and processing of personal data
- Categories of processed data
- The legal basis and purposes of the processing
- Place of processing
- Origin of data
- Passing on your data to third parties
- Cookies and similar technologies
- Web analytics services
- Social networks
- Google maps
- Storage duration
- Contact details and your rights as a data subject
- Existence of automated decision-making
Data Controller is:
(hereinafter “we”), also available via email through firstname.lastname@example.org. Further information can be found in our imprint.
2. Collection and processing of personal data
3. Categories of processed data
- Information about the browser type and version used
- Operating system of the user
- Mobile Device ID
- Date and time of access
- Web analysis data / pseudonymous user profiles (cookie ID, ad ID etc.)
- Websites from which the user accesses our website
- Websites that the user accesses via our website
- Personal master data (name, address, date of birth)
- Communication data (telephone number, e-mail address)
- Comments, contributions, etc.
- Employee data (name, address and communication data, contract master and accounting data, date of birth, marital status, nationality, religion, area of activity, social benefits, income tax data, social data, bank account data, data for personnel administration and control, access and access control data)
- Applicant data (name, address and communication data, application-relevant data)
4. The legal basis and purposes of the processing
We process your data exclusively on the basis of one or more of the possible legal bases.
According to the GDPR, personal data may be processed in particular on the basis of a contract or for the implementation of pre-contractual measures, in the case of consent, on the basis of a legitimate interest or law, or for the protection of vital or public interests.
On the Internet, every device needs a unique address, the so-called IP address, to transmit data. The at least temporary storage of the IP address is technically necessary to enable the website to be delivered to the user’s computer. We shorten the IP addresses before any processing and only process them anonymously. No storage or further processing of the unabridged IP addresses takes place. This also allows us to display content with a regional reference on all of our websites that are accessed from a specific region. This so-called geolocalization, i.e. the assignment of a website call to the location of the call, is based exclusively on the anonymized IP address and only up to the geographical level of the federal states / regions. Under no circumstances can the geographical information obtained in this way be used to draw conclusions about the specific location of a user. Our servers also store your IP address for 14 days for our own security purposes.
In the case of processing operations which are not covered by any or more of the above-mentioned legal bases, the processing takes place if it is necessary to safeguard a legitimate interest and does not outweigh your interests, fundamental rights and fundamental freedoms due to a comprehensive balancing of interests (Art. 6 para. 1 lit. f GDPR). In particular, it is in our legitimate interest to conduct our business for the well-being of all our employees and our shareholders.
Our legitimate interest in informing you about our company and advertised positions and in constantly improving our website and thereby also increasing our turnover is the legal basis for processing for direct marketing (own advertising and third-party advertising) and web/app analysis. For details of web analytics services, see paragraph 9.
Another legitimate interest is the functionality of company processes, which are used for internal administrative purposes. You can object to the processing on the basis of a legitimate interest at any time (see Section 13.).
In the event that the data are processed for a purpose other than that stated in the data collection, a compatibility check shall be carried out in accordance with Art. 6 para. 4 GDPR. Further processing is only permitted if the original purpose is compatible with the new purpose or is permitted on the basis of a separate legal basis. Recognised compatible purposes include, but are not limited to, the assertion, exercise or defence of civil law claims unless the data subject has an overriding interest. In this case we will inform you about the change of purpose. If the new purpose is not compatible with the purpose stated in the survey, a new survey will be carried out on the basis of a new legal basis. Here, too, we will inform you of the change of purpose.
5. Place of processing
We do not transfer your personal data to countries outside the European Economic Area (“EEA”), except where permitted by the GDPR. Whether third parties with whom you have your own contractual relationship (e.g. with Google if you have a Google account) transfer data to countries outside the European Economic Area is beyond our knowledge and influence.
Some of our Partners process data in countries outside the EEA. In order to guarantee the protection of your personal rights also within the scope of these data transfers, we make use of the standard contractual clauses of the EU Commission pursuant to Art. 46 para. 2 lit. c GDPR when drafting contractual relationships with recipients in third countries. These are available at
https://ec.europa.eu/info/system/files/1_en_annexe_acte_autonome_cp_part1_v5_0.pdf at any time, alternatively you can also request these documents from us using the contact options provided.
6. Origin of data
In certain cases we also receive data because you have consented to the transmission to us.
7. Passing on your data to third parties
We only transfer your personal data to third parties if the transfer is necessary in order to fulfil our contractual obligations towards you and it is evident to you that a third party at or together with another provider (e.g. in the case of cooperations), we are legally entitled or obliged to transfer it in any other way, or you have given us a corresponding consent.
Selected personal data within our company may be communicated to certain departments in order to provide our services. These include employees from the accounting, product management, marketing and IT departments.
In certain cases we also use external service providers or affiliated companies who are commissioned by us to process data for us in accordance with our instructions. Such service providers are contractually bound by us as contract processors according to the strict requirements of the GDPR and may not use your data for any other purposes. Contractors employed by us provide the following services in particular: Web/App Analysis. In addition, the following services are also provided by external service providers: Personio GmbH, Buttermelcherstraße 16, DE-80469 Munich (further information can be found at www.personio.de) provides personnel administration and application management for us. The data protection declaration of Personio GmbH can be downloaded here: https://www.personio.de/datenschutzerklaerung/
Data is passed on to contractors on the basis of Art. 28 para. 1 GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialised contractors, Art. 6 para. 1 lit. f GDPR.
If we are legally obliged to do so or if this is permitted under data protection law, we transmit personal data to authorities, for example the police or public prosecutor’s office (art. 6 par. 1 lit. c GDPR). The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal offences and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not outweigh our interests, Art. 6 para. 1 lit. f GDPR.
8. Cookies and similar technologies
We use two types of cookies. On the one hand, technically necessary cookies, without which the functionality of our website would be restricted, and optional cookies to make our website more user-friendly. The user data collected by technically necessary cookies are not used to create user profiles. The analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer. Further information on the individual analysis services can be found in section 9. of this data protection information.
You can prevent the setting of cookies by us at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies.
Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
9. Web analytics services
In order to continuously improve and adapt our content to the interests of our users and to display usage-based online advertising, we use several analysis services that collect and evaluate data on our website. These service providers process pseudonymised user data on the basis of an order processing agreement in accordance with instructions. The data will not be stored together with other personal data of the users. You can deactivate the individual analysis services at any time in the future. Below you can find out more about the analysis services we use:
We have integrated Google Analytics (with anonymisation function). Google Analytics is a web analytics service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising.
The Google Analytics component is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
We use the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, Google shortens and anonymizes the IP address of the Internet connection of the data subject when accessing our websites from a member state of the European Union or from another state party to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information collected to evaluate the use of our website, among other things, to compile online reports for us that show the activities on our websites and to provide other services in connection with the use of our website.
Google Analytics places a cookie on the device of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time you visit one of the individual pages of this website, which is operated by us and on which a Google Analytics component has been integrated, the Internet browser on the device of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which serves Google, among other things, to trace the origin of visitors and clicks and subsequently enable commission statements.
Cookies are used to store personal information, such as access time, the location from which access came and the frequency of visits to our website by the data subject. Every time you visit our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
The data subject can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the device of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.
http://www.google.com/analytics/terms/de.html Google Analytics will be explained in more detail under this link https://www.google.com/intl/de_en/analytics/.
10. Social networks
We are also represented in social networks of other companies, such as LinkedIn, Xing, Facebook, Instagram, Pinterest or Twitter. We have also integrated individual functions of these networks into our online services. Please note that the terms and conditions of use and data protection of this company apply to the use of the respective social network, over which we have no influence. We have already referred to the functions integrated by us in the context of this data protection declaration, otherwise we process your data when you contact us via the social networks.
11. Google maps
12. Storage duration
We only store personal data as long as we are entitled to do so and the processing purpose has not ceased. The respective legal retention period applies for the duration of the storage of personal data. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.
13. Contact details and your rights as a data subject
You may request information from us (Art. 15 GDPR), correction (Art.16 GDPR), deletion (Art. 17 GDPR) and restrictions on the processing (Art. 18 et seqq. GDPR) of personal data concerning you. You are also entitled to receive the data you have provided us (Art. 20 GDPR). You may also object to our processing of your data at any time in the future (Art. 21 GDPR).
Please send your requests by e-mail to email@example.com or by post to:
You can withdraw your consent at any time with effect for the future at the above contact address. Furthermore, for reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is carried out on the basis of a legitimate or public interest. This also applies to profiling based on these provisions. We will no longer process personal data in the event of an objection, unless we can prove compelling grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising at the above contact address. This also applies to profiling insofar as it is connected with such direct advertising. You also have the right, for reasons beyond your control.
Finally, you have the right to complain to a data protection supervisory authority about our processing of your personal data.
14. Existence of automated decision-making
We refrain from automatic decision-making including profiling according to Art. 22 GDPR.