Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:
Managing Directors: Malte Stöckert, Rolf Eickmann
Haferwende 3 A
Phone: +49 421 43480770
1. General Information on Data Processing
a. Scope of personal data processing
We generally collect and use personal data of our users only to the extent necessary for providing a functioning website and our content and services. The collection and use of personal data of our users is regularly carried out only with the user’s consent. An exception applies in those cases in which prior consent is not possible for factual reasons, and the processing of data is permitted by statutory regulations.
b. Legal basis for the processing of personal data
Where we obtain the consent of the data subject for processing of personal data, Art. 6(1)(a) EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.
c. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage is no longer required. Storage may also occur if provided for by European or national legislatures in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data also takes place when a storage period prescribed by the above-mentioned standards expires unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
2. Provision of the Website and Creation of Log Files
a. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and version
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reaches our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
b. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
c. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes also constitute our legitimate interest in data processing under Art. 6(1)(f) GDPR.
d. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of data collection for providing the website, this is the case when the respective session is completed.
In the case of storing data in log files, this is done after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an assignment of the calling client is no longer possible.
e. Objection and removal option
The collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website. There is, therefore, no possibility of objection on the part of the user.
3. Data Transmission to Third Parties
We use service providers that enable the operation of our website (web hosting – provider) and support related processes (external IT service provider). This is done as part of contract data processing in accordance with Art. 28 GDPR. These service providers are bound to our instructions and are contractually obliged in accordance with Art. 28 GDPR.
a. Description and Scope of Data Processing
The data collected in this way is pseudonymized through technical measures. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal user data.
b. Legal Basis for Data Processing
The legal basis for processing personal data using cookies is Art. 6 Para. 1 lit. f GDPR.
c. Purpose of Data Processing
d. Duration of Storage, Objection, and Removal Options
5. Adobe Fonts
Our website uses Adobe Fonts. When you access a page, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
In doing so, your browser connects to Adobe’s servers, and Adobe gains information that our website was accessed through your IP address. The use of Adobe Fonts allows for a consistent display of our content.
The legal basis is Art. 6 Para. 1 lit. f GDPR; our interest is in being able to display content correctly using Adobe Fonts.
Further information about the provider:
Adobe, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland
6. Google Maps
On our website, we have integrated Google Maps. This allows you to interactively navigate, visually represent locations, and more. This is a legitimate interest on our part within the meaning of Art. 6 Para. 1 lit. f. GDPR because we want our customers to be best informed about our location and the direct way to us.
The operator of the Google Maps service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
You can change your settings directly with Google as permitted by Google’s system. Please note that your data may be transmitted to the United States of America by Google. An adequacy decision by the European Commission is in place for this purpose.
7. Google Analytics
This website uses Google Analytics. It is an analysis service that shows how visitors use websites (web analysis). Data is collected on which subpage of the website is accessed, how long the stay on the respective page is, and which website the user was on before (before visiting our website). The collection and evaluation of this data ultimately serve to improve our website and to determine the extent to which the use of internet advertising makes sense. Google Analytics assists in this because it allows the creation of online reports on the frequency of use of our websites. This helps us provide our services and make our website as attractive as possible. This is a legitimate interest according to Art. 6 Para. 1 lit f. GDPR.
Google Analytics is operated by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
If you do not wish for Google to store a cookie on your computer, you can prevent this by adjusting your browser settings accordingly. However, this may result in not all functions of our website being fully available. Furthermore, you can prevent data collection by Google’s set cookie by downloading and installing the browser plugin available at the following link: Google Analytics Opt-out Browser Add-On.
8. Contact via Email
Contact is possible via the provided email address. In this case, the personal data of the user transmitted with the email is stored.
There is no further sharing of data in this context. The data is used exclusively for processing the conversation.
a. Legal Basis for Data Processing
The legal basis for processing the data, if the user has given consent, is Art. 6 Para. 1 lit. a GDPR.
The legal basis for processing data transmitted in connection with sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact aims to conclude a contract, an additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.
b. Purpose of Data Processing
In the case of contact via email, responding to an inquiry represents the necessary legitimate interest in processing the data.
c. Duration of Storage
The data is deleted as soon as it is no longer necessary for achieving the purpose of its collection. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
d. Objection and Removal Options
If a user contacts us via email, they can object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
9. Job Applications
a. Scope of Processing of Personal Data
When you apply to us, we use the personal data provided by you, which are typically transmitted during a job application.
b. Legal Basis for Processing Personal Data
We are allowed to process applicant data if it is necessary for the establishment, implementation, and, if applicable, termination of an employment relationship. § 26 Para. 1 BDSG.
c. Purpose of Data Processing
We store your data solely to decide whether to establish an employment relationship with you or not. If an employment relationship is established with you, we also store your personal data for the purpose of carrying out and, if necessary, terminating the employment relationship.
d. Duration of Storage
If an employment relationship is established, we store your personal data for the duration of the employment relationship and, in some cases, for up to ten years thereafter if required by the tax authorities. If no employment relationship is established with you, we will delete the data within two months after the respective rejection, unless we have a legitimate interest in longer retention. Such a legitimate interest may arise, for example, if a proceeding is initiated against us under the General Equal Treatment Act.
10. Data Security
During your website visit, we use the common SSL (Secure Socket Layer) method in conjunction with the highest encryption level supported by your browser. This is typically a 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
Furthermore, we use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Please note that no transmission over the internet can be guaranteed to be entirely secure. Therefore, sensitive data should be either not transmitted over the internet or transmitted only via a secure connection (SSL), especially by email.
11. Social Media Plug-ins
On the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, we use social plugins from social networks LinkedIn, XING, Facebook, Instagram, and YouTube on our website to make our company more well-known. The underlying promotional purpose is to be considered a legitimate interest within the meaning of the GDPR. The responsibility for the data protection-compliant operation is to be guaranteed by the respective providers.
When using such services, communication data such as time, date, and IP address is exchanged between you and the respective service provider. It is also possible that the providers of these services process the data obtained in this way for their own purposes. We have no influence on this and cannot provide binding information in this regard. For more information about the purpose and scope of the data collection and the collection of your data, please refer to the data protection notices of the services we have integrated. There, you can also find out about the options for objection and how the respective services handle your data.
On our site, we now use the following social media plugins: XING, LinkedIn, Facebook, Instagram, and YouTube.
You can recognize them by the logos on our website. You have the option to communicate directly with the respective provider via the respective button. When you click on this button, the respective provider is informed that you have accessed our website. Since this provider regularly collects data, especially through cookies, we recommend that you delete such cookies via the security settings of your browser.
We would like to clarify that we have no influence on the collection of data, the purposes of data processing, the storage periods. Therefore, we also have no information about the deletion of data collected by the respective providers.
For more information on the purpose and scope of data collection and processing by the plugin provider, please refer to the data protection declarations of these providers communicated below. There you will also find further information on your rights in this regard and options for protecting your privacy. Addresses of the respective plugin providers and URLs with their data protection notices:
12. Rights of the Data Subject
You have the right according to Art. 15 of the GDPR to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to correction, deletion, restriction of processing, or objection, the existence of a right to complain, the origin of your data, if it was not collected from us, and the existence of automated decision-making, including profiling, and possibly meaningful information about its details; according to Art. 16 of the GDPR, you have the right to request the immediate correction of incorrect or completion of your personal data stored by us; according to Art. 17 of the GDPR, you have the right to request the deletion of your personal data stored by us, provided that the processing is not necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims; according to Art. 18 of the GDPR, you have the right to request the restriction of the processing of your personal data, to the extent that the accuracy of the data is contested by you, the processing is unlawful but you reject its deletion, and we no longer need the data, but you need it to assert, exercise, or defend legal claims or you have objected to the processing pursuant to Art. 21 of the GDPR; according to Art. 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission to another data controller; according to Art. 7(3) of the GDPR, you have the right to revoke your consent given to us at any time. As a result, we are not allowed to continue the data processing that was based on this consent in the future, and according to Art. 77 of the GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1) Sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you wish to make use of your right to revoke or object, it is sufficient to send an email to email@example.com.
13. Up-to-dateness and Amendment of this Data Protection Declaration
This data protection declaration is currently valid and is dated July 6, 2021.