Privacy Policy

Privacy Policy

Preamble

With the following data protection declaration we would like to inform you about which types of your personal data (hereinafter also referred to as “data”) we process, for what purposes and to what extent. The data protection declarationapplies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as: B. our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender specific.
 
As of November 18, 2024

Table of contents

• Preamble
• Responsible person
• Overview of processing
• Relevant legal bases
• Security measures
• International data transfers
• General information on data storage and deletion
• Rights of data subjects
• Business benefits
• Business processes and procedures
• Providers and services used in the course of business activities
• Payment procedure
• Provision of the online offering and web hosting
• Use of cookies
• Special notes on applications (apps)
• Registration, login and user account
• Single sign-on login
• Blogs and publication media
• Contact and inquiry management
• Newsletters and electronic notifications
• Advertising communication via email, post, fax or telephone
• Web analysis, monitoring and optimization
• Onlinemarketing
• Offering an affiliate program
• Presence in social networks (Social Media)
• Plug-ins and embedded functions and content
• Processing of data in the context of employment relationships
• Application process
• Change and update
• Definitions of terms

Responsible person

QuickToJobs
Astrid Lindgren- Weg 12
38229 Salzgitter

Authorized representatives: Peter Atanda

E-Mail-Adresse: info@quicktojobs.com

Telefon: 053411888818

Imprint: https://www.quicktojobs.com/marketplace/cms/imprint

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data
• Employee data
• Payment details
• Location data
• Contact details
• Content data
• Contract data
• Usage Data
• Meta, communication and procedural data
• Social data
• Applicant data
• Image and/or video recordings
• Event data (Facebook)
• Log data
• Performance and behavioral data
• Working time data
• Credit data
• Salary data

Special Categories of Data

• Health data
• Religious or ideological beliefs
• Union membership

Categories of data subjects

• Beneficiaries and clients
• Employees
• Interested parties
• Communication partner
• User
• Applicant
• Business and contractual partners
• Third persons
• Customers

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations
• communication
• Security measures
• Direct marketing
• Range measurement
• Tracking
• Office and organizational procedures
• Conversion measurement
• Target group formation
• Affiliate tracking
• Organizational and administrative procedures
• Application process
• Content Delivery Network (CDN)
• Feedback
• Marketing
• Profiles with user-related information
• Registration procedure
• Provision of our online offering and user-friendliness
• Assessment of creditworthiness and creditworthiness
• Establishment and implementation of employment relationships
• Information technology infrastructure
• Financial and payment management
• Public relations
• Sales promotion
• Business processes and business procedures

Relevant legal bases

Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. If more specific legal bases apply in individual cases, we will inform you of these in the data protection declaration.

• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.
• Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or to carry out pre-contractual measures at the request of the data subject take place.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - Processing is necessary to fulfill a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - processing is necessary to safeguard the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject require protection requesting personal data does not predominate.
• Application process as a pre-contractual or contractual relationship (Art. 6 Para. 1 S. 1 lit. b) GDPR) - As far as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR (e.g. health data) are included in the application process , such as severely disabled status or ethnic origin) are requested from applicants so that the person responsible or the person concerned can provide him or her with the rights under labor law and social security law In order to be able to exercise the rights arising from social protection and fulfill his or her obligations in this regard, their processing will take place in accordance with Article 9 Paragraph 2 Letter b. GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Article 9 Paragraph 2 Letter c. GDPR or for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 Paragraph 2 lit. h. GDPR. In the case of communication of special categories of data based on voluntary consent, their processing takes place on the basis of Article 9 Paragraph 2 Letter a. GDPR.
• Processing of special categories of personal data relating to healthcare, occupation and social security (Art. 9 Para. 2 lit. h) GDPR) - The processing is for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical purposes Diagnostics, health or social care or treatment, or for the management of health or social systems and services, on the basis of Union law or the law of a Member State or under a contract with a health professional necessary.

National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Relevant legal bases according to the Swiss Data Protection Act: If you are in Switzerland, we process your data on the basis of the Federal Data Protection Act (abbreviated as “Swiss DPA”). Unlike the GDPR, for example, the Swiss DPA generally does not provide for a legal basis must be named for the processing of personal data and the processing of personal data is carried out in good faith, is lawful and proportionate (Art. 6 Para. 1 and 2 of the Swiss Data Protection Act). In addition, we only use personal data for a specific purpose data subject is procured for a recognizable purpose and only processed in a way that is compatible with this purpose (Art. 6 Para. 3 of the Swiss Data Protection Act).

Note on the validity of the DSGVO and Swiss DSG: This data protection notice serves to provide information in accordance with both the Swiss DSG and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that the terms of the GDPR are used due to their broader spatial application and comprehensibility. In particular, instead of the terms "processing" of "personal data", "overriding interest" and "particularly sensitive personal data" used in the Swiss DSG, the terms "processing" of "personal data" as well as "legitimate interest" and "special categories" used in the GDPR are used of data". However, the legal meaning of the terms will continue to be determined according to the Swiss Data Protection Act within the scope of the Swiss Data Protection Act.

Security measures

We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, ensuring availability and its separation. We have also set up procedures to ensure that the rights of those affected are exercised, data are deleted and responses are made to data threats. We also take the protection of personal data into account when developing or selecting hardware, software and procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Securing online connections using TLS/SSL encryption technology (HTTPS): To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the advanced and more secure version of SSL, ensures that all data transfers meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is signaled by displaying HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

International data transfers

Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of using third-party services or disclosing or transferring data to other persons , positions or companies, this only takes place in accordance with the legal requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Furthermore, data transfers only take place if the level of data protection is otherwise secured, in particular through standard contractual clauses (Art. 46 Para. 2 lit. c) GDPR), express consent or in the case of contractually or legally required transfer (Art. 49 Para. 1 GDPR). . We will also inform you about the basics of third-country transfers for the individual providers from the third country, with the adequacy decisions taking precedence as the basic principles. Information on third country transfers and existing adequacy decisions can be found in the EU Commission's information offering:https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de. As part of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as secure for certain companies from the USA as part of the adequacy decision of July 10, 2023. The list of certified companies as well as further information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We will inform you about the service providers we use as part of the data protection information are certified according to the Data Privacy Framework.

Disclosure of personal data abroad: In accordance with the Swiss Data Protection Act, we only disclose personal data abroad if adequate protection of the persons concerned is guaranteed (Art. 16 Swiss Data Protection Act). If the Federal Council has not determined adequate protection (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we take alternative security measures. These may include international contracts, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the Federal Data Protection and Information Commissioner (FDPIC) or internal company data protection regulations approved in advance by the FDPIC or a competent data protection authority of another country. According to Article 16 of the Swiss Data Protection Act, exceptions for the disclosure of data abroad can be permitted if certain conditions are met, including the consent of the data subject, execution of the contract, public interest, protection of life or physical integrity, data made public or data from a data subject register provided for by law. These announcements are always made in accordance with legal requirements. As part of the so-called "Data Privacy Framework" (DPF), the Swiss recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of June 7, 2024. The list of certified companies and further information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in the data protection information about which service providers we use under the Data Privacy Framework are certified.

General information on data storage and deletion

We delete personal data that we process in accordance with the law as soon as the underlying consent is revoked or
there are no further legal bases for the processing. This applies to cases in which the original purpose of processing
no longer applies or the data is no longer needed.
Exceptions to this rule exist if legal obligations or special interests require longer storage or archiving of the data.

In particular, data that must be stored for commercial or tax reasons or whose storage is necessary for legal prosecution or to protect the rights of other natural or legal persons must be archived accordingly.

Our data protection notice contains additional information on the retention and deletion of data that applies specifically to certain processing processes.

If there is more than one piece of information about the retention period or deletion period for a date, the longest period always applies.

If a deadline does not explicitly start on a specific date and is at least one year, it starts automatically at the end of the calendar year in which the event triggering the deadline occurred. In the case of ongoing contractual relationships in which data is stored, the event triggering the deadline is the time when the termination or other termination of the legal relationship comes into effect.

We process data that is no longer stored for the originally intended purpose but due to legal requirements or other reasons only for the reasons that justify its retention.

Further information on processing processes, procedures and services:

• Retention and deletion of data: The following general deadlines apply to retention and archiving under German law:
  
  • 10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets as well as the work instructions and other organizational documents, accounting documents and invoices required for their understanding (Section 147 Paragraph 3 in conjunction with Paragraph 1 No. 1, 4 and 4a AO, Section 14b Paragraph 1 UStG, Section 257 Paragraph 1 No. 1 u. 4, paragraph 4 HGB).
  • 6 years - Other business documents: commercial or business letters received, copies of the commercial or business letters sent, other documents insofar as they are important for taxation, e.g. B. hourly wage slips, company accounting sheets, calculation documents, price labels, but also payroll documents, provided they are not already accounting documents and cash register slips (§ 147 para. 3 in conjunction with para. 1 no. 2, 3, 5 AO, § 257 para. 1 No. 2 and 3, Paragraph 4 HGB).
  • 3 years - Data necessary to address potential warranty and damages claims or similar contractual claims and rights, as well as to deal with related inquiries, based on previous business experience and standard industry practices, will be retained for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).
• Retention and deletion of data: The following general deadlines apply to retention and archiving under Swiss law:
  
  • 10 years - retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
  • 10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on previous business experience and standard industry practices, will be stored for the period of the statutory limitation period of ten years, unless because a shorter period of five years is decisive, which is relevant in certain cases (Art. 127, 130 OR). At the end of five years, claims for rent, lease and capital interest as well as other periodic services, from the delivery of food, for meals and for landlord debts, as well as from craft work, small sales of goods, medical supplies, professional work by lawyers, legal agents, procurators, expire and notaries and from the employment relationship of employees (Art. 128 OR).

Rights of data subjects

Rights of the data subjects under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:

• Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR; This also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising.
• Right to revoke consent: You have the right to revoke your consent at any time.
• Right to information: You have the right to request confirmation as to whether the data in question is being processed and to receive information about this data as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: In accordance with legal requirements, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
• Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that data concerning you be deleted immediately or, alternatively, to request a restriction of the processing of the data in accordance with the legal requirements.
• Right to data portability: You have the right to receive data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.
• Complaint to a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the member state in which you usually reside, the supervisory authority of your place of work or the place of the alleged violation to lodge a complaint if you believe that the processing of your personal data violates the GDPR.

Rights of the data subjects according to the Swiss Data Protection Act:

As a data subject, you are entitled to the following rights in accordance with the provisions of the Swiss Data Protection Act:

• Right to information: You have the right to request confirmation as to whether personal data concerning you is being processed and to receive the information necessary to enable you to exercise your rights under this law and to ensure transparent data processing.
• Right to data release or transfer: You have the right to request that the personal data you have provided to us be released in a common electronic format.
• Right to rectification: You have the right to request that inaccurate personal data concerning you be corrected.
• Right to objection, deletion and destruction: You have the right to object to the processing of your data and to request that the personal data concerning you be deleted or destroyed.

Business benefits

We process data from our contractual and business partners, e.g. B. Customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships as well as associated measures and with regard to communication with the contractual partners (or pre-contractual), for example to answer inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations and the company organization. In addition, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse and jeopardy of their data, secrets, information and rights (e.g. the involvement of telecommunications companies). , transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, such as for marketing purposes, within the framework of this data protection declaration.

We inform the contractual partners which data is required for the aforementioned purposes before or as part of data collection, e.g. B. in online forms, through special markings (e.g. colors) or symbols (e.g. asterisks, etc.), or in person.

We delete the data after statutory warranty and comparable obligations have expired, i.e. h. generally after four years, unless the data is stored in a customer account, e.g. B. as long as they must be kept for legal archiving reasons (e.g. for tax purposes, usually ten years). We delete data that was disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact information (e.g. postal and email addresses or telephone numbers); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Applicant data (e.g. personal information, postal and contact addresses, the documents associated with the application and the information contained therein, such as cover letter, CV, certificates and other information relating to a specific position or voluntarily provided by applicants about their person or qualifications); Employee data (information about employees and other people in an employment relationship). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).

• Affected persons: service recipients and clients; interested parties; business and contractual partners; Applicant. Employees (e.g. employees, applicants, temporary workers and other employees).

• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; security measures; Communication; office and organizational procedures; organizational and administrative procedures; Business processes and business procedures. Application process (justification and possible subsequent implementation as well as possible later termination of the employment relationship).
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR); Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Online shop, order forms, e-commerce and delivery: We process our customers' data to enable them to select, purchase or order the selected products, goods and related services, as well as their payment and delivery or execution . If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution to our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such as part of the ordering or comparable purchase process and includes the information required for delivery, provision and billing as well as contact information in order to be able to hold any consultations; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).

• Human Resources Services: We process the data of our customers and candidates (collectively referred to as “Customers”) to provide human resources services, including recruitment, workforce development and payroll. The required information is marked as such when placing the order and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. If we receive access to information from end customers, employees or other people, we process it in accordance with legal and contractual requirements.

• Procedures required as part of human resources services include recruiting professionals, developing training and development programs, managing personnel files and payroll, and providing HR advice and support. In addition, they include carrying out application processes and interviews, coordinating requirements between customers and candidates, selecting suitable candidates for open positions and monitoring working hours and performance records; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).

• Agency services: We process our customers’ data as part of our contractual services, which include, for example: This can include, for example, conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).

• Marketing and advertising: We process the data of our customers and clients (hereinafter referred to as “customers”) in order to offer marketing services such as market research, advertising campaigns, content creation and social media management. The required information is marked as such when placing the order and includes the information required for service provision and billing as well as contact information in order to be able to hold any consultations. If we receive access to information from end customers, employees or other people, we process it in accordance with legal and contractual requirements.

• Procedures required as part of marketing and advertising activities include creating marketing strategies and campaigns, designing advertising materials and content, selecting advertising channels and platforms, conducting market analyzes and target group surveys, and measuring and analyzing the success of Marketing measures. In addition, they include the management and maintenance of customer and prospect data, the segmentation of target groups, the sending of newsletters and promotional emails, the tracking of online marketing activities and the collaboration with external service providers in the area of ​​marketing and advertising.
  
  We process the information and contact details provided by the job candidates for the purposes of establishing, implementing and, if necessary, terminating a job placement contract. In addition, we can ask interested parties questions about the success of our placement services at a later date, in accordance with legal requirements.
  
  We process the data of job candidates and employers to fulfill our contractual obligations in order to be able to process the requests we receive to place jobs to the satisfaction of the parties involved.
  
  We can log the brokerage processes in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with the legal accountability requirements (Art. 5 Para. 2 GDPR). This information will be stored for a period of three to four years in case we need to provide evidence of the original request (e.g. to prove the right to contact the job candidates); Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
• We process the information and contact details provided by the job candidates for the purposes of establishing, implementing and, if necessary, terminating a job placement contract. In addition, we can ask interested parties questions about the success of our placement services at a later date, in accordance with legal requirements.
  
  We process the data of job candidates and employers to fulfill our contractual obligations in order to be able to process the requests we receive to place jobs to the satisfaction of the parties involved.
  
  We can log the brokerage processes in order to be able to prove the existence of the contractual relationship and the consent of the interested parties in accordance with the legal accountability requirements (Art. 5 Para. 2 GDPR). This information will be stored for a period of three to four years in case we need to provide evidence of the original request (e.g. to prove the right to contact the job candidates); Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). https://www.arbeitsagentur.de/; Data protection declaration: https://www.arbeitsagentur.de/datenschutz. Basis for third country transfers: Switzerland - adequacy decision (Germany).

Business processes and procedures

Personal data of service recipients and clients - including customers, clients or, in special cases, clients, patients or business partners as well as other third parties - are processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting and project management.

The data collected is used to fulfill contractual obligations and to design operational processes efficiently. This includes processing business transactions, managing customer relationships, optimizing sales strategies and ensuring internal billing and financial processes. In addition, the data supports the protection of the rights of the person responsible and promotes administrative tasks and the organization of the company.

Personal data may be passed on to third parties if this is necessary to fulfill the stated purposes or legal obligations. After statutory retention periods have expired or if the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored for a longer period of time due to tax and legal documentation requirements.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Protocol data (e.g. log files regarding logins or the retrieval of data or access times); Creditworthiness data (e.g. credit score obtained, estimated probability of default, risk classification based on this, historical payment behavior). Employee data (information about employees and other people in an employment relationship).
• Affected persons: service recipients and clients; interested parties; communication partner; business and contractual partners; Customers; third parties; Users (e.g. website visitors, users of online services). Employees (e.g. employees, applicants, temporary workers and other employees).
• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and business procedures; security measures; Provision of our online offering and user-friendliness; Communication; Marketing; sales promotion; public relations; Assessment of creditworthiness and creditworthiness; Financial and payment management. Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR); Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR). Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Further information on processing processes, procedures and services:

• Customer management and customer relationship management (CRM): Procedures that are required as part of customer management and customer relationship management (CRM) (e.g. customer acquisition in compliance with data protection regulations, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with consideration of data protection, data management and analysis to support customer relationships, management of CRM systems, secure account management, customer segmentation and target group formation); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Contact management and contact maintenance: procedures required in the context of organizing, maintaining and securing contact information (e.g. setting up and maintaining a central contact database, regularly updating contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, implementation backups and restores of contact data, training employees in the effective use of contact management software, regular review of communication history and adjustment of contact strategies); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

• Customer account: Customers can create an account within our online offering (e.g. customer or user account, “customer account” for short). If registration of a customer account is required, customers will be informed of this as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. As part of the registration and subsequent logins and use of the customer account, we store the customers' IP addresses along with the access times in order to be able to prove registration and prevent any misuse of the customer account. If the customer account has been terminated, the customer account data will be deleted after the time of termination, unless it is retained for purposes other than provision in the customer account or must be retained for legal reasons (e.g. internal storage of customer data, order processes or invoices). It is the responsibility of customers to secure their data upon termination of the customer account; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Watch list/wish list: Customers can create a product/wish list. In this case, the products will be stored as part of the fulfillment of our contractual obligations until the account is deleted, unless the product list entries are removed by the customer or we expressly inform the customer of different storage periods; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
• General payment transactions: Procedures necessary for carrying out payment transactions, monitoring bank accounts and controlling payment flows (e.g. creating and checking transfers, processing direct debits, checking account statements, monitoring incoming and outgoing payments, return direct debit management , account reconciliation, cash management); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Accounting, accounts payable, accounts receivable: procedures that are necessary for the recording, processing and control of business transactions in the area of ​​accounts payable and accounts receivable (e.g. creation and checking of incoming and outgoing invoices, monitoring and management of open items, implementation of the Payment transactions, processing dunning, account reconciliation in the context of receivables and payables, accounts payable and accounts receivable accounting); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Financial accounting and taxes: Procedures that are necessary for the recording, management and control of financially relevant business transactions as well as for the calculation, reporting and payment of taxes (e.g. account assignment and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions , processing of dunning, account reconciliation, tax advice, preparation and submission of tax returns, processing of taxes); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Purchasing: Procedures involved in the procurement of goods, raw materials or services (e.g. supplier selection and evaluation, price negotiations, order placement and monitoring, verification and control of deliveries, invoice verification, administration of orders, inventory management, creation and maintenance purchasing guidelines); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Sales: Procedures that are necessary in the planning, implementation and control of measures for the marketing and sale of products or services (e.g. customer acquisition, offer creation and tracking, order processing, customer advice and support, sales promotion, product training, sales controlling and -analysis, management of sales channels); Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Marketing, advertising and promotion: Procedures required in the context of marketing, advertising and promotion (e.g. market analysis and target group identification, development of marketing strategies, planning and implementation of advertising campaigns, design and production of advertising materials, online marketing including SEO and Social media campaigns, event marketing and trade fair participation, customer loyalty programs, sales promotion measures, performance measurement and optimization of marketing activities, budget management and cost control); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Economic analyzes and market research: In order to fulfill business purposes and to identify market trends, wishes of contractual partners and users, the available data on business transactions, contracts, inquiries, etc. are analyzed. The group of data subjects may include contractual partners, interested parties, customers, visitors and users of the controller's online offering. The analyzes are carried out for the purposes of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). If available, profiles of registered users are taken into account, including information about the services they have used. The analyzes serve exclusively the person responsible and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e. anonymized, values. In addition, the privacy of the users is taken into account; the data will be pseudonymized as far as possible for analysis purposes and, where feasible, processed anonymously (e.g. as aggregated data); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Public relations: Procedures required in the context of public relations and public relations (e.g. development and implementation of communication strategies, planning and implementation of PR campaigns, creation and distribution of press releases, maintenance of media contacts, monitoring and analysis of media response, organization press conferences and public events, crisis communication, creation of content for social media and company websites, management of corporate branding); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Providers and services used in the course of business activities

As part of our business activities, we use additional services, platforms, interfaces or plug-ins from third-party providers (“services” for short) in compliance with legal requirements. Their use is based on our interests in the proper, legal and economic management of our business operations and our internal organization.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation). Contract data (e.g. subject matter of the contract, term, customer category).
• Affected persons: service recipients and clients; interested parties; Business and contractual partners. Employees (e.g. employees, applicants, temporary workers and other employees).
• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; Office and organizational procedures. Business processes and business procedures.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• DATEV: Software for accounting, communication with tax advisors and authorities and with document storage; Service provider: DATEV eG, Paumgartnerstr. 6 - 14, 90429 Nuremberg, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.datev.de/web/de/mydatev/datev-cloud-anwendungen/; Data protection declaration: https://www.datev.de/web/de/m/ueber-datev/datenschutz/; Data processing agreement: Provided by the service provider. Basis for third country transfers: Switzerland - adequacy decision (Germany).

Payment procedure

As part of contractual and other legal relationships, due to legal obligations or otherwise based on our legitimate interests, we offer the data subjects efficient and secure payment options and use other service providers in addition to banks and credit institutions (collectively "payment service providers").

The data processed by the payment service providers includes inventory data, such as: B. the name and address, bank details, such as. B. Account numbers or credit card numbers, passwords, TANs and checksums as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transmitted by the payment service provider to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. For this purpose, we refer to the general terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection notices of the respective payment service providers apply to payment transactions, which can be accessed on the respective websites or transaction applications. We also refer to these for further information and to assert cancellation, information and other rights of those affected.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
• Affected persons: service recipients and clients; Business and contractual partners. interested parties.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and business procedures.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Giropay: payment services (technical connection of online payment methods); Service provider: giropay GmbH, An der Welle 4, 60322 Frankfurt, Germany; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR); Website:https://www.giropay.de; Data protection declaration: https://www.giropay.de/rechtliches/datenschutzerklaerung/. Basis for third country transfers: Switzerland - adequacy decision (Germany).
• Klarna: Payment services (technical connection of online payment methods); Service provider: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR); Website: https://www.klarna.com/de; 
• Data protection declaration: https://www.klarna.com/de/datenschutz. Basis for third country transfers: Switzerland - adequacy decision (Sweden).
• Mastercard: payment services (technical connection of online payment methods); Service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgien; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR); Website: https://www.mastercard.de/de-de.html; Data protection declaration: https://www.mastercard.de/de-de/datenschutz.html. Basis for third country transfers: Switzerland - adequacy decision (Belgium).
• PayPal: Payment services (technical connection of online payment methods) (z. B. PayPal, PayPal Plus, Braintree); Service provider:PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxemburg; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR); Website: https://www.paypal.com/de; Datenschutzerklärung: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. Basis for third country transfers: Switzerland - adequacy decision (Luxembourg).
• Stripe: Payment services (technical connection of online payment methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal basis: fulfillment of contract and pre-contractual inquiries(Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://stripe.com; Data protection declaration: https://stripe.com/de/privacy. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Data Privacy Framework (DPF).
• Visa: Payment services (technical connection of online payment methods); Service Provider: Visa Europe Services Inc., Branch London, 1 Sheldon Square, London W2 6TT, GB; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Website: https://www.visa.de; Data protection declaration: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html. Basis for third country transfers:EU/EWR - Adequacy Decision (GB), Switzerland - Adequacy Decision (GB).

Provision of the online offering and web hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

• Types of data processed: Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Protocol data (e.g. log files regarding logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offering and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.); Security measures. Content Delivery Network (CDN).
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Further information on processing processes, procedures and services:

• Provision of online offerings on rented storage space: To provide our online offerings, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also called a “web host”); Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files include the address and name of the websites and files accessed, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand to ensure the utilization of the servers and their stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
• Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of the recipients and senders as well as other information regarding the sending of emails (e.g. the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for SPAM detection purposes. We ask you to note that emails on the Internet are generally not sent encrypted. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Content delivery network: We use a “content delivery network” (CDN). A CDN is a service that can be used to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Host Europe: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.hosteurope.de; Data protection declaration: http://www.hosteurope.de/AGB/Datenschutzerklaerung/; Order processing contract: https://www.hosteurope.de/Dokumente/. Basis for third country transfers: Switzerland - adequacy decision (Germany).
• STRATO: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: STRATO AG, Pascalstraße 10,10587 Berlin, Deutschland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.strato.de; Data protection declaration: https://www.strato.de/datenschutz/; Data processing agreement: Provided by the service provider. Basis for third country transfers: Switzerland - adequacy decision (Germany).
• GoDaddy: Domain registration and web hosting services; Service provider: Go Daddy Operating Company, LLC, 14455 N. Hayden Road, Scottsdale, Arizona 85254, USA; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.godaddy.com/de-de; 
• Data protection declaration: https://www.godaddy.com/de-de/legal/agreements/privacy-policy. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Data Privacy Framework (DPF).
• Cloudflare: Content-Delivery-Network (CDN) - Service with which the content of an online offering, in particular large media files, such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.cloudflare.com; Data protection declaration: https://www.cloudflare.com/privacypolicy/; Order processing contract: https://www.cloudflare.com/cloudflare-customer-dpa/. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Data Privacy Framework (DPF).
• Plesk: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Plesk International GmbH, Vordergasse 59, 8200 Schaffhausen, Schweiz; 
• Data protection declaration: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.parallels.com/; 
• Data protection declaration: https://www.plesk.com/legal/#privacy-policy; Order processing contract: Provided by the service provider. Basis for third country transfers: EU/EEA - Adequacy Decision (Switzerland).
• Amazon CloudFront: Content-Delivery-Network (CDN) - Service with which the content of an online offering, in particular large media files, such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxemburg; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://aws.amazon.com/de/cloudfront/; Data protection declaration: https://aws.amazon.com/privacy/; Order processing contract: https://aws.amazon.com/de/compliance/gdpr-center/. Basis for third country transfers: EU/EEA - Standard Contractual Clauses (Provided by the service provider), Switzerland - Adequacy Decision (Luxembourg).
• Google Cloud CDN: Content-Delivery-Network (CDN) - Service with which the content of an online offering, in particular large media files, such as graphics or program scripts, can be delivered more quickly and securely using regionally distributed servers connected via the Internet; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://cloud.google.com/cdn; Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://cloud.google.com/terms/data-processing-addendum. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
• W3 Total Cache: Caching and loading optimization - functions that are used to store certain content of web pages so that they can load faster with repeated accesses. This reduces loading times and improves user experience; Service provider: Execution on servers and/or computers under their own data protection responsibility; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Website: https://www.boldgrid.com/w3-total-cache/.

Use of cookies

The term “cookies” refers to functions that store information on users’ devices and read them from them. Cookies can also be used for various purposes, such as the functionality, security and convenience of online offerings and the creation of analysis of visitor flows. We use cookies in accordance with legal regulations. If necessary, we obtain consent in advance. If consent is not necessary, we rely on our legitimate interests is essential in order to be able to provide expressly requested content and functions. This includes, for example, storing settings and ensuring the functionality and security of our online offering. We provide clear information about the scope and which cookies are used.

Notes on data protection legal bases: Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the relevant services and procedures.

Storage period: With regard to the storage period, a distinction is made between the following types of cookies:

• Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the device is closed. For example, the log-in status can be saved and preferred content can be displayed directly when the user visits a website again. The user data collected using cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), they should assume that they are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke the consent they have given at any time and can also declare an objection to the processing in accordance with the legal requirements, including using the privacy settings of their browser.

• Types of data processed: meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, people involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

• Processing of cookie data based on consent: We use a consent management solution in which users' consent to the use of cookies or to the procedures and providers mentioned as part of the consent management solution is obtained. This procedure is used to obtain, record, manage and revoke consent, particularly with regard to the use of cookies and similar technologies that are used to store, read and process information on users' end devices. As part of this procedure, users' consents are obtained for the use of cookies and the related processing of information, including the specific processing and providers mentioned in the consent management procedure. Users also have the option to manage and revoke their consent. The declarations of consent are stored in order to avoid repeated queries and to be able to provide proof of consent in accordance with legal requirements. The storage takes place on the server side and/or in a cookie (so-called opt-in cookie) or using comparable technologies in order to be able to assign the consent to a specific user or their device. If there is no specific information about the providers of consent management services, the following general information applies: The duration of the storage of consent is up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) and information about the browser, the system and the device used becomes; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Special notes on applications (apps)

We process the data of the users of our application to the extent necessary to be able to provide the application and its functionalities to users, monitor its security and further develop it. We can also contact users in compliance with legal requirements if the communication is necessary for the purposes of administration or use of the application. Furthermore, with regard to the processing of user data, we refer to the data protection information in this data protection declaration.

Legal basis: The processing of data that is necessary to provide the functionality of the application serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. approval of device functions). If the processing of data is not necessary to provide the functionality of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is carried out on the basis of our legitimate interests interests. If users are expressly asked to consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved); Image and/or video recordings (e.g. photographs or video recordings of a person). Location data (information about the geographical position of a device or person).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; Security measures. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Device permissions for access to functions and data: The use of our application or its functionalities may require users to have permissions to access certain functions of the devices used or to the data stored on the devices or accessible using the devices. By default, these permissions must be granted by users and can be revoked at any time in the settings of the respective devices. The exact method for controlling app permissions may depend on the user's device and software. If you need clarification, users can contact us. We would like to point out that the denial or revocation of the respective authorizations can affect the functionality of our application.
• Access to the camera and saved recordings: As part of the use of our application, image and/or video recordings (which also include audio recordings) of the user (and of other people captured by the recordings) are accessed through access to the camera functions or to saved recordings Recordings processed. Access to the camera functions or saved recordings requires authorization by the user, which can be revoked at any time. The processing of the image and/or video recordings only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality.
• Processing of location data: When using our application, the location data collected by the device used or otherwise entered by the user is processed. The use of location data requires user authorization, which can be revoked at any time. The use of location data only serves to provide the respective functionality of our application, in accordance with its description to the users, or its typical and expected functionality.

Registration, login and user account

Users can create a user account. As part of registration, users are provided with the required mandatory information and processed for the purpose of providing the user account on the basis of contractual fulfillment. The data processed includes, in particular, login information (username, password and an email address).

As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protecting against misuse and other unauthorized use. In principle, this data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users can access processes that are relevant to their user account, such as: B. technical changes, will be informed by email.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Protocol data (e.g. log files regarding logins or the retrieval of data or access times).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; security measures; Organizational and administrative procedures. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section. Deletion after termination.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Registration with real name: Due to the nature of our community, we ask users to only use our offer using real names. i.e. the use of pseudonyms is not permitted; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
• User profiles are not public: User profiles are not publicly visible or accessible.
• Setting the visibility of profiles: Users can use settings to determine the extent to which their profiles are visible or accessible to the public or only to certain groups of people; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
• Deletion of data after termination: If users have terminated their user account, their data with regard to the user account will be deleted, subject to a legal permission, obligation or consent of the user; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).
• No obligation to retain data: It is the users' responsibility to secure their data before the end of the contract if the contract is terminated. We are entitled to irretrievably delete all user data stored during the term of the contract; Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR).

Single sign-on login

“Single sign-on” or “single sign-on registration or “authentication” are procedures that allow users to use a user account to log in to a provider of single sign-on procedures (e.g . B. a social network), also with our online offer, the prerequisite for single sign-on authentication is that the users are registered with the respective single sign-on provider and provide the required access data in the online form provided or are already registered with the single sign-on provider and confirm the single sign-on registration using the button.

Authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we cannot use for other purposes (so-called "user handle "). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the data releases selected as part of the authentication and also on what data users provide in the privacy or other settings of the user account during single sign-on. On providers have released. Depending on the single sign-on provider and the user's choice, there can be different data, usually the email address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are asked to note that the information we store can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually done. Change e.g. B. the users' email addresses, they must change them manually in their user account with us.

If agreed with the users, we can use the single sign-on registration as part of or before the fulfillment of the contract, if the users have been asked to do so, process it as part of their consent and otherwise use it on the basis of our legitimate interests and the Users' interests in an effective and secure registration system.

Should users decide that they no longer want to use the link to their user account with the single sign-on provider for the single sign-on procedure, they must delete this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved). Event data (Facebook) ("Event data" is information that is sent, for example, via meta pixels (be it via apps or other channels) to the provider Meta and relates to people or their actions. This data includes, for example Details on website visits, interactions with content and functions, app installations and product purchases. The event data is processed with the aim of creating target groups for content and advertising messages (custom audiences). Event data does not include any actual content such as written comments, no login information and no contact information such as names, email addresses or telephone numbers. “Event data” will be deleted by Meta after a maximum of two years and the target groups formed from it will disappear the deletion of our meta user accounts.).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: provision of contractual services and fulfillment of contractual obligations; security measures; Registration procedure. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section. Deletion after termination.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Auth0: Authentication services for user logins, providing single sign-on capabilities, managing identity information and application integrations; Service provider: Auth0, Inc, 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://auth0.com/; Data protection declaration:https://www.okta.com/privacy-policy/. Basis for third country transfers:EU/EWR - Data Privacy Framework (DPF), Schweiz - Data Privacy Framework (DPF).
• Facebook Single-Sign-On: Platform authentication serviceFacebook; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland;  Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.facebook.com; Datenschutzerklärung: https://www.facebook.com/privacy/policy/; Order processing contract: https://www.facebook.com/legal/terms/dataprocessing. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Angemessenheitsbeschluss (Irland).
• Google Single-Sign-On: authentication services for user logins, providing single sign-on functionality, identity information management and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.google.de; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Adequacy Decision (Ireland). Option to object (opt-out): Settings for the display of advertising:https://myadcenter.google.com/.
• X Single-Sign-On: authentication services for user logins, providing single sign-on functionality, identity information management and application integrations; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://x.com; Data protection declaration: https://x.com/privacy, (Settings: https://x.com/personalization); Order processing contract: https://privacy.x.com/en/for-our-partners/global-dpa. Basis for third country transfers: EU/EEA - Standard Contractual Clauses(https://privacy.x.com/en/for-our-partners/global-dpa), Schweiz - Adequacy decision (Irland).

Blogs and publication media

We use blogs or comparable means of online communication and publication (hereinafter “publication medium”). Readers' data will only be processed for the purposes of the publication medium to the extent necessary for its presentation and communication between authors and readers or for security reasons. Furthermore, we refer to the information on the processing of visitors to our publication medium within the scope of this data protection notice.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Contact and inquiry management

When you contact us (e.g. by post, contact form, e-mail, telephone or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring person is processed to the extent that this is necessary to answer the contact inquiries and any enquiries measures are required.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
• Betroffene Personen: Kommunikationspartner.
• Purposes of processing: communication; organizational and administrative procedures; Feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Further information on processing processes, procedures and services:

• Contact form: When you contact us via our contact form, by email or other communication channels, we process the personal data transmitted to us to answer and process the respective request. This usually includes information such as name, contact information and, if necessary, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Newsletters and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter “newsletter”) exclusively with the consent of the recipient or on the basis of a legal basis. If the content is mentioned when registering for the newsletter, this content is decisive for the consent of the user To register for our newsletter, it is usually sufficient to provide your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name for a personal address in the newsletter or for further information are necessary for the purpose of the newsletter.

Deletion and restriction of processing: We can store the unsubscribed email addresses for up to three years based on our legitimate interests before we delete them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the event of obligations to permanently observe contradictions, we reserve the right to store the email address in a blacklist (so-called “blocklist”) solely for this purpose.

The registration process is recorded on the basis of our legitimate interests for the purpose of providing evidence of its proper execution. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure shipping system.

Contents:

Information about us, our services, promotions and offers.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved). Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions).
• Affected persons: communication partners.
• Purposes of processing: Direct marketing (e.g. by email or post).
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).
• Option to object (opt-out): You can cancel your receipt of our newsletter at any time, i.e. .h. Revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options listed above, preferably email.

Further information on processing processes, procedures and services:

• Mailchimp:Email marketing, automation of marketing processes, survey. Storing and managing contact details, measuring campaign performance, recording and analyzing recipients' interaction with content, personalizing content; Service provider:Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://mailchimp.com; Data protection declaration: https://mailchimp.com/legal/; Order processing contract: https://mailchimp.com/legal/; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Data Privacy Framework (DPF). Further information: Special safety measures: https://mailchimp.com/de/help/mailchimp-european-data-transfers/.

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication via various channels, such as: B. E-mail, telephone, post or fax, can be carried out in accordance with the legal requirements.

The recipients have the right to revoke their consent at any time or to object to the advertising communication at any time.

After revocation or objection, we store the data required to prove previous authorization to contact or send you for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of possible defense against claims. Based on the legitimate interest in permanently observing the user's revocation or objection, we also store the data necessary to avoid renewed contact (e.g., depending on the communication channel, the email address, telephone number, name).

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Affected persons: communication partners.
• Purposes of processing: direct marketing (e.g. via email or post); Marketing. Sales promotion.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Web analysis, monitoring and optimization

Web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and can include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, recognize which time our online offering or its functions or content are used most frequently or invite reuse. It is also possible for us to understand which areas require optimization.

In addition to web analysis, we can also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized into a usage process, can be created for these purposes and information can be stored in a browser or in a device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information, such as the browser used, the computer system used and information about times of use. If users have agreed to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

In addition, the users' IP addresses are stored. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of web analysis, A/B testing and optimization, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Affected persons: communication partners.
• Purposes of processing: direct marketing (e.g. via email or post); Marketing. Sales promotion.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers.
  Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides coarse geographic location data by deriving the following metadata from IP addresses: city (and the city's derived latitude and longitude), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. They are not logged, are not accessible and are not used for any other purposes. When Google Analytics collects metrics, all IP queries are performed on EU-based servers before passing traffic to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR);Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Data protection declaration: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Angemessenheitsbeschluss (Irland); Option to object (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (Types of processing and data processed).
  Google Tag Manager: We use Google Tag Manager, software from Google that allows us to manage so-called website tags centrally via a user interface. Tags are small pieces of code on our website that are used to record and analyze visitor activity. This technology helps us to improve our website and the content offered on it. The Google Tag Manager itself does not create user profiles, does not store cookies with user profiles and does not carry out any independent analyses. Its function is limited to simplifying and making more efficient the integration and management of tools and services that we use on our website. Nevertheless, when using the Google Tag Manager, the user's IP address is transmitted to Google, which is necessary for technical reasons in order to implement the services we use. Cookies can also be set. However, this data processing only takes place if services are integrated via the Tag Manager. For more detailed information about these services and their data processing, we refer to the further sections of this data protection declaration; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; 
  Order processing contract: https://business.safety.google/adsprocessorterms. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Adequacy decision (Irland).

Onlinemarketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on users' potential interests and measuring their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called “cookie”) or similar processes are used, by means of which the user information relevant to the display of the aforementioned content is stored. For example, content viewed, websites visited, used Online networks, but also communication partners and technical information, such as the browser used, the computer system used and information about times of use and functions used, can also be processed.

The users’ IP addresses are also stored. However, we use available IP masking procedures (i.e. pseudonymization by shortening the IP address) to protect users. In general, as part of the online marketing process, no clear user data (such as email addresses or names) is stored, but rather pseudonyms. This means that we as well as the providers of online marketing processes do not know the actual user identity, but only the information stored in their profiles.

The statements in the profiles are usually stored in cookies or using similar methods. These cookies can later generally be read on other websites that use the same online marketing process and analyzed for the purpose of displaying content, as well as supplemented with further data and stored on the server of the online marketing process provider.

In exceptional cases, it is possible to assign clear data to the profiles, especially if the users are, for example, members of a social network whose online marketing processes we use and the network connects the user profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, for example by giving consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, as part of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e. h. for example, to conclude a contract with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the users' data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). . In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

Information on revocation and objection:

We refer to the data protection information of the respective providers and the objection options specified for the providers (so-called “opt-out”). If no explicit opt-out option has been provided, you have the option of turning off cookies in your browser settings. However, this may restrict the functions of our online offering. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:

a) Europe: https://www.youronlinechoices.eu.

b) Canada: https://www.youradchoices.ca/choices.

c) USA: https://www.aboutads.info/choices.

d) Cross-territorial: https://optout.aboutads.info.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Affected persons: communication partners.
• Purposes of processing: direct marketing (e.g. via email or post); Marketing. Sales promotion.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Google Ads and conversion measurement: Online marketing process for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a suspected Are interested in the advertisements. In addition, we measure the conversion of the ads, i.e. h. whether users took them as an opportunity to interact with the ads and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO), Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Angemessenheitsbeschluss (Irland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions between controllers and standard contractual clauses for third country transfers of data:https://business.safety.google/adscontrollerterms.
• Google Adsense with personalized ads: We integrate the Google Adsense service, which makes it possible to place personalized ads within our online offering. Google Adsense analyzes user behavior and uses this data to deliver targeted advertising that is tailored to the interests of our visitors. We receive financial compensation for each advertisement placement or other type of use of these advertisements; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Consent(Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://marketingplatform.google.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Adequacy Decision (Ireland); Further information: Types of processing and data processed: https://business.safety.google/adsservices/. Data processing conditions for Google advertising products: Information about the services Data processing conditions between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

Offering an affiliate program

We offer an affiliate program, i.e. i.e., commissions or other benefits (collectively referred to as “commission”) for users (referred to as “affiliates”) who refer to our offers and services. The reference is made using a link assigned to the respective affiliate or other methods (e.g. discount codes) that allow us to recognize that the use of our services was based on the reference (collectively referred to as “affiliate links”).

In order to be able to track whether users have accessed our services based on the affiliate links used by affiliates, it is necessary for us to know that the users have followed an affiliate link. The assignment of the affiliate links to the respective business transactions or to other use of our services serves the sole purpose of commission billing and will be canceled as soon as it is no longer necessary for the purpose.

For the purposes of the aforementioned assignment of the affiliate links, the affiliate links can be supplemented with certain values ​​that are part of the link or otherwise, e.g. B. can be stored in a cookie. The values ​​may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user.

Notes on legal bases: Our partners’ data is processed to provide our (pre-)contractual services. Users' data is processed based on their consent.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Affected persons: communication partners.
• Purposes of processing: direct marketing (e.g. via email or post); Marketing. Sales promotion.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Presence in social networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with active users there or to offer information about us.

We would like to point out that user data can be processed outside the European Union. This can result in risks for users because, for example, it could make it more difficult to enforce user rights.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. For example, usage profiles can be created based on usage behavior and the resulting interests of users. The latter may in turn be used to place advertisements inside and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are usually stored on the users' computers in which the usage behavior and interests of the users are stored. In addition, data can also be stored in the usage profiles regardless of the devices used by the users (especially if they are members of the respective platforms and logged in there).

For a detailed description of the respective forms of processing and the options for objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of the rights of those affected, we would also like to point out that these can most effectively be asserted with the providers. Only the latter have access to user data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

• Types of data processed: Contact details (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions); Inventory data (e.g. full name, home address, contact information, customer number, etc.). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: communication; Feedback (e.g. collecting feedback via online form); public relations; Marketing. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR). Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR).

Further information on processing processes, procedures and services:

• Instagram: Social network, allows you to share photos and videos, comment and favorite posts, send messages, subscribe to profiles and pages; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);Website: https://www.instagram.com; Data protection declaration: https://privacycenter.instagram.com/policy/. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Adequacy decision (Irland).
• Facebook-Seiten: Profiles within the social network Facebook - Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Facebook data policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services called "Page Insights" to site operators to help them understand how people engage with their Pages and interact with the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which Security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority). ), are not restricted by the agreements with Facebook. Further information can be found in the “Information on Page Insights”. (https://www.facebook.com/legal/terms/information_about_page_insights_data). The joint responsibility is limited to the collection by and transfer of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EEA - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
• Facebook-Gruppen: We use the “Groups” function of the Facebook platform to create interest groups within which Facebook users can contact each other or with us and exchange information. We process personal data of the users of our groups to the extent that this is necessary for the purpose of group use and its moderation. Our guidelines within the groups may contain further guidelines and information about the use of the respective group. This data includes information on first and last names, as well as published or privately communicated content, as well as values ​​on the status of group membership or group-related activities, such as. B. entry or exit as well as the times for the aforementioned dates. We also refer to the processing of user data by Facebook itself. This data includes information about the types of content that users view or interact with, or the actions they take (see under “Those taken by you and others and things provided" in the Facebook data policy: https://www.facebook.com/privacy/policy/), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, Cookie data; see below "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services called "insights" to group operators to provide them with insights into how people interact with their groups and with interact with the content associated with them: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland; Legal basis: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.facebook.com; Data protection declaration: https://www.facebook.com/privacy/policy/. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy decision (Irland).
• LinkedIn: Social network - We, together with LinkedIn Ireland Unlimited Company, are responsible for the collection (but not further processing) of visitor data, which is used to create the "page insights" (statistics) of our LinkedIn profiles. This data includes Information about the types of content users view or interact with and the actions they take are also collected, including details about the devices they use, such as IP addresses, operating system, browser type, language settings, and more Cookie data, as well as information from the user profiles, such as job function, country, industry, hierarchy level, company size and employment status, can be found in LinkedIn's data protection information: https://www.linkedin.com/legal/privacy-policy.
  We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum", https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill the rights of those affected (i.e. users can, for example, address requests for information or deletion directly to LinkedIn). The rights of users (in particular the right to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection and transmission of the data to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, in particular with regard to the transmission of the data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: legitimate interests(Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.linkedin.com; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Basis for third country transfers:EU/EWR - Data Privacy Framework (DPF), Schweiz - Angemessenheitsbeschluss (Irland). Option to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• Pinterest: Social network, allows you to share photos, comment, favorite and curate posts, send messages, subscribe to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.pinterest.com; Data protection declaration: https://policy.pinterest.com/de/privacy-policy. Basis for third country transfers: Schweiz - Adequacy decision (Irland).
• TikTok Business: Social network, allows you to share photos and videos, comment and favorite posts, send messages, subscribe to accounts - We and TikTok are jointly responsible for the collection and transmission of event data as well as the measurement and creation of insights reports (statistics) for profile owners. This event data includes information about the types of content users view or interact with or the actions they take, as well as information about the devices users use (e.g. IP addresses, operating system, browser type, language settings). , cookie data) and information from the user's profile, such as country or location. Data protection information on the processing of user data by TikTok can be found in TikTok's data protection information: https://www.tiktok.com/legal/page/eea/privacy-policy/de. We have concluded a special agreement on shared responsibility with TikTok, which regulates in particular which security measures TikTok must observe and in which TikTok has agreed to fulfill the rights of those affected (i.e. users can, for example, send information or deletion requests directly to TikTok direct). The rights of users (in particular to information, deletion, objection and complaint to the responsible supervisory authority) are not restricted by the agreements with TikTok. The shared responsibility agreement can be found in TikTok's "Jurisdiction Specific Terms": https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.; Service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland und TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; Legal basis: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://www.tiktok.com; Data protection declaration: https://www.tiktok.com/legal/page/eea/privacy-policy/de. Basis for third country transfers: EU/EEA - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms),Switzerland - Standard Contractual Clauses (https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms).
• X: Social network; Service Provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://x.com; Data protection declaration: https://x.com/de/privacy. Basis for third country transfers: Switzerland - Adequacy decision (Ireland).
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Data protection declaration:https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Option to object (opt-out): https://myadcenter.google.com/personalizationoff.
• Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.xing.com/; Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung. Basis for third country transfers: Switzerland - adequacy decision (Germany).

Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be, for example, graphics, videos or city maps (hereinafter referred to as “content”) ).

The integration always requires that the third party providers of this content process the users' IP address, as without an IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, but also linked to such information from other sources become.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, the user data will be processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this data protection declaration.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact details (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation).
• Affected persons: communication partners.
• Purposes of processing: direct marketing (e.g. via email or post); Marketing. Sales promotion.
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Consent (Art. 6 Para. 1 Sentence 1 Letter a) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• Google Fonts (obtained from Google server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform presentation and consideration of possible licensing restrictions. The font provider is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA - When you visit our online offering, the users' browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent describing the browser and operating system versions of website visitors, as well as the referring URL (i.e. the web page on which the Google font is displayed should be). IP addresses are neither logged nor stored on Google servers and are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent and referral URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent needs to customize the font that is generated for each browser type. The user agent is primarily logged for debugging and used to generate aggregated usage statistics that measure the popularity of font families. These aggregate usage statistics are published on the Google Fonts Analytics page. Finally, the referral URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated Google says it does not use any of the information collected by Google Fonts to create profiles of end users or to serve targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://fonts.google.com/; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
• Google Maps: We integrate the maps from the “Google Maps” service provided by Google. The data processed may include, in particular, IP addresses and location data of the users; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal basis: consent (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://mapsplatform.google.com/; Data protection declaration: https://policies.google.com/privacy. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
• Google Maps APIs und SDKs: Interfaces to Google's map and location services, e.g. B. allow the addition of address entries, location determinations, distance calculations or the provision of additional information about locations and other locations; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Irland; Legal basis: Consent(Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://mapsplatform.google.com/; Data protection declaration: https://policies.google.com/privacy. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Schweiz - Angemessenheitsbeschluss (Irland).
• reCAPTCHA: We include the “reCAPTCHA” function in order to be able to recognize whether entries (e.g. in online forms) are made by people and not by automatically acting machines (so-called “bots”). The data processed may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on websites, previously visited websites, interactions with ReCaptcha on other websites, possibly cookies and results of manual recognition processes ( e.g. answering questions or selecting objects in pictures). Data processing is based on our legitimate interest in protecting our online offering from abusive automated crawling and spam; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.google.com/recaptcha/; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Option to object (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.
• YouTube-Videos: Video content; Service provider:Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO); Website: https://www.youtube.com; Data protection declaration: https://policies.google.com/privacy; Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland). Option to object (opt-out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for displaying advertisements: https://myadcenter.google.com/personalizationoff.
• Font Awesome (Obtained from the provider's server): Obtaining fonts (and symbols) for the purpose of technically secure, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform presentation and consideration of possible licensing restrictions. The font provider is informed of the user's IP address so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for the provision of the fonts depending on the devices used and the technical environment; Service provider: Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://fontawesome.com/. Data protection declaration: https://fontawesome.com/privacy.
• Google Hosted Libraries: Google Hosted Libraries is a globally available content delivery network (CDN) for the most popular open source JavaScript libraries. These are designed to provide web libraries to optimize website load times, reduce bandwidth usage and improve performance by leveraging shared, public resources; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://developers.google.com/speed/libraries/; Data protection declaration: https://policies.google.com/privacy. Basis for third country transfers: Switzerland - adequacy decision (Ireland).

Processing of data in the context of employment relationships

As part of employment relationships, personal data is processed with the aim of effectively establishing, implementing and terminating such relationships. This data processing supports various operational and administrative functions necessary for the management of employee relations.

Data processing includes various aspects, ranging from the initiation of the contract to the termination of the contract. This includes the organization and management of daily working hours, the management of access rights and authorizations as well as the handling of personnel development measures and employee discussions. The processing also serves the billing and administration of wage and salary payments, which represent critical aspects of the execution of the contract.

In addition, data processing takes into account the legitimate interests of the responsible employer, such as ensuring safety in the workplace or collecting performance data to evaluate and optimize operational processes. Data processing also includes the disclosure of employee data as part of external communication and publication processes, where this is necessary for operational or legal purposes.

This data is always processed in compliance with the applicable legal framework, with the aim always being to create and maintain a fair and efficient working environment. This also includes taking into account the data protection of the affected employees, the anonymization or deletion of data after the processing purpose has been fulfilled or in accordance with legal retention periods.

• Types of data processed: Employee data (information on employees and other persons in an employment relationship); Payment data (e.g. bank details, invoices, payment history); Contract data (e.g. subject matter of the contract, term, customer category); Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts and the information relating to them, such as information on authorship or time of creation); Social data (data that is subject to social secrecy and is processed, for example, by social insurance providers, social assistance providers or pension authorities.); Protocol data (e.g. log files regarding logins or the retrieval of data or access times.); Performance and behavioral data (e.g. performance and behavioral aspects such as performance ratings, feedback from supervisors, training participation, compliance with company policies, self-evaluations and behavioral ratings.); Working time data (e.g. start of working hours, end of working hours, actual working hours, target working hours, break times, overtime, vacation days, special vacation days, sick days, absences, home office days, business trips); Salary data (e.g. basic salary, bonus payments, bonuses, tax class information, surcharges for night work/overtime, tax deductions, social security contributions, net payout amount); Image and/or video recordings (e.g. photographs or video recordings of a person); Usage data (e.g. page views and length of stay, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, people involved).
• Special Categories of Personal Data: Health Data; Religious or ideological beliefs. Union membership.
• Persons affected: Employees (e.g. employees, applicants, temporary workers and other employees).
• Purposes of processing: Establishment and implementation of employment relationships (processing of employee data in the context of the establishment and implementation of employment relationships); business processes and business procedures; Provision of contractual services and fulfillment of contractual obligations; public relations; Security measures. Office and organizational procedures.
• Legal basis: fulfillment of contract and pre-contractual inquiries (Art. 6 Abs. 1 S. 1 lit. b) DSGVO); Legal obligation (Art. 6 Abs. 1 S. 1 lit. c) DSGVO); Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).Processing of special categories of personal data relating to healthcare, employment and social security (Art. 9 Abs. 2 lit. h) DSGVO).

Further information on processing processes, procedures and services:

• Working time recording: Methods for recording employees' working hours include both manual and automated methods, such as the use of time clocks, time recording software or mobile apps. Activities such as entering arrival and departure times, break times, overtime and absences are carried out. Checking and validating the recorded working times includes comparing them with deployment or shift plans, checking absences and approving overtime by superiors. Reports and analyzes are created based on recorded working hours to provide timesheets, overtime reports and absence statistics for management and human resources; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Authorization management: procedures involved in defining, managing and controlling access rights and user roles within a system or organization (e.g. creation of authorization profiles, role and access-based control, review and approval of access requests, periodic review of access rights, Tracking and auditing user activity, establishing security policies and procedures); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Special categories of personal data: Special categories of personal data are processed as part of the employment relationship or to fulfill legal obligations. The special categories of personal data processed include data relating to the health, trade union membership or religious affiliation of employees. This data can be passed on to health insurance companies or processed to assess the ability of employees to work or for company health management or to provide information to the tax office; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Sources of processed data: Personal data received as part of the employee's application and/or employment relationship is processed. In addition, if required by law, personal data is collected from other sources. These can be tax authorities for tax-relevant information, the respective health insurance company for information about incapacity to work, third parties such as employment agencies or publicly accessible sources such as professional social networks as part of the application process; Legal basis: Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Purposes of data processing: Employees' personal data is primarily processed to establish, implement and terminate the employment relationship. In addition, the processing of this data is necessary to fulfill legal obligations in the area of ​​tax and social security law. In addition to these primary purposes, employee data is also used to meet regulatory and supervisory requirements, to optimize electronic data processing processes and to compile internal or cross-company data, possibly including statistical data. Furthermore, employees' data can be processed to assert legal claims and to defend themselves in legal disputes; Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Transfer of employee data: Employee data is only processed internally by those departments that need it to fulfill operational, contractual and legal obligations.
  Data will only be passed on to external recipients if this is required by law or if the affected employees have given their consent. Possible scenarios for this could be requests for information from authorities or if there are capital accumulation services. Furthermore, the person responsible can forward personal data to other recipients to the extent that this is necessary to fulfill his contractual and legal obligations as an employer. These recipients can include: a) banks b) health insurance companies, pension insurance providers, pension providers and other social insurance providers c) authorities, courts (e.g. tax authorities, labor courts, other supervisory authorities in the context of fulfilling reporting and information obligations) d) tax and legal advisors e) Third-party debtors in the event of garnishment of wages and salaries f) Other bodies to whom legally binding declarations must be made.
  In addition, data may be passed on to third parties if this is necessary for communication with business partners, suppliers or other service providers. Examples of this include information in the sender area of ​​emails or letterhead as well as creating profiles on external platforms; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Transfer of employee data to third countries: The transfer of employee data to third countries, i.e. countries outside the European Union (EU) and the European Economic Area (EEA), only takes place if this is necessary for the fulfillment of the employment relationship, is required by law or if employees do so have given their consent. Employees will be informed separately about the details, if required by law; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
• Business trips and travel expense accounting: Procedures that are necessary when planning, carrying out and accounting for business trips (e.g. booking trips, organizing accommodation and means of transport, managing travel expense advances, submitting and checking travel expense reports, checking and recording the costs incurred, Compliance with travel guidelines, handling travel expense management); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Payroll and payroll accounting: Procedures required for the calculation, payment and documentation of wages, salaries and other remuneration of employees (e.g. recording of working hours, calculation of deductions and surcharges, payment of taxes and social security contributions, preparation of wage reports and payroll accounting, management of payroll accounts, reporting to the tax office and social security institutions); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR).
• Deletion of employee data: Employee data will be deleted according to German law if it is not necessary for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or due to the interests of the employer. The following retention and archiving obligations are observed:
  
  • General personnel documents - General personnel documents (such as employment contracts, job references, additional agreements) are stored for up to three years after the termination of the employment relationship (§ 195 BGB).
    Tax-relevant documents - Tax-relevant documents in the personnel file are stored for six years (§ 147 AO, § 257 HGB).
    Information about wages and working hours - Information about wages and working hours for (accident) insured persons with proof of wages is stored for five years (§ 165 I 1, IV 2 SGB VII).
  • Payroll lists including lists for special payments - Payroll lists including lists for special payments, provided there is a booking voucher, are kept for ten years (§ 147 AO, § 257 HGB).
  • Payrolls for interim, final and special payments - Payrolls for interim, final and special payments are kept for six years (§ 147 AO, § 257 HGB).
  • Employee insurance documents - Employee insurance documents, provided booking documents are available, are retained for ten years (§ 147 AO, § 257 HGB).
  • Contribution statements to social insurance institutions - Contribution statements to social insurance institutions are kept for ten years (§ 165 SGB VII).
    Wage accounts - Wage accounts are kept for six years (§ 41 I 9 EStG).
  • Applicant data - Will be stored for a maximum of six months from receipt of the rejection.
  • Working time records (if more than 8 hours on weekdays) - are retained for two years (Section 16 II of the Working Hours Act (ArbZG)).
  • Application documents (according to the online job advertisement) - Will be retained for three to a maximum of six months after receipt of the rejection (§ 26
  • Federal Data Protection Act (BDSG) n.F., Section 15 IV General Equal Treatment Act (AGG)).
  • Certificates of incapacity for work (AU) - are kept for up to five years (Section 6 I of the Expense Equalization Act (AAG)).
  • Documents relating to company pension schemes - are retained for 30 years (Section 18a of the Act to Improve Company Pension Schemes (BetrAVG)).
  • Employee illness data - Retained for twelve months after the onset of illness if absences do not exceed six weeks in a year.
  • Maternity protection documents - Will be kept for two years (Section 27 Para. 5 MuSchG).
  Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR), processing of special categories of personal data in relation to healthcare, employment and social security (Art. 9 Para. 2 lit. h) GDPR).
• Deletion of employee data: According to Austrian law, employee data will be deleted if it is not necessary for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or due to the interests of the employer. The following retention and archiving obligations are observed:
  
  • Data regarding wage tax and duty obligations in accordance with Section 132 Paragraph 1 BAO - 7 years. Start of deadline - From the end of the calendar year relevant to the data.
  • Limitation of the obligation to pay social security contributions in accordance with Section 68 ASVG (limitation of determination) - 3 or 5 years. Beginning of the deadline - In principle, on the day the contributions are due, or if the report is not reported, from the day of the report.
  • Retention periods in social insurance - 7 years according to UGB.
  • Entitlement to vacation according to Section 4 Paragraph 5 UrlG - 2 years from the end of the vacation year in which the vacation arose. Start of the period - 2 years after the end of the vacation year in which the vacation arose.
  • Entitlement to vacation compensation according to § 1486 Z 5 ABGB - 3 years. Start of deadline - From the time the final billing claims are due, as the last working day.
  • Records and reports on work accidents in accordance with Section 16 ASchG - at least 5 years. Start of the period - from the day of the accident at work.
  • Record of hiring out workers in accordance with Section 13 Paragraph 3 AÜG - 5 years. Start of deadline - The day on which the last remuneration claim of the hired worker is due.
  • Directory of young people according to Section 26 Paragraph 2 KJBG - 2 years. Start of deadline - when creating a new directory, two years after the last entry.
  • Claims for compensation due to discriminatory termination of the employment relationship according to Sections 15 Paragraph 1a and 29 Paragraph 1a GlBG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 3 BEinstG - 6 months. Start of deadline - From the time of receipt of the termination.
  • Claims for compensation by the employer or employee from premature termination of the employment relationship in accordance with Section 34 AngG or Section 1162d ABGB - 6 months. Start of deadline - From the time the claims are due, usually from the day the declaration of dissolution is received.
  • Entitlement to the issuance of a certificate of service in accordance with Section 1478 ABGB - 30 years. Start of deadline - At the end of the employment relationship.
  • Claims for compensation due to discriminatory rejection of an application according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG - 6 months. Start of deadline - from the day on which the rejection was received or 7 months from receipt of the application.
  • Claims for reimbursement of any performance costs in accordance with Section 1486 Z 5 ABGB - 3 years. Deadline Start - The day on which the costs were incurred.
  • Liability for severance pay claims and company pensions after the transfer of the business in accordance with Section 6 Paragraph 2 AVRAG - 5 years. Start of period - time of transfer of business.
  • Claims for compensation due to discriminatory refusal of transport according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG - 6 months. Start of the period - from the day on which the rejection of transport was received.
  • Claims for compensation due to discriminatory disadvantage in terms of pay, voluntary social benefits, training and further education measures or other working conditions in accordance with Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 5 BEinstG - 3 years. Start of deadline - The point in time at which the right could first have been exercised and the objective opportunity to sue is given.
  • Claims for compensation due to discriminatory harassment according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 4 BEinstG - 1 year. Start of deadline - From the time of knowledge of the discrimination.
  • Claims for compensation due to discriminatory rejection of an application according to Sections 15 Paragraph 1 and 29 Paragraph 1 GlbG as well as Section 7k Paragraph 1 in conjunction with Paragraph 2 Z 1 BEinstG - 6 months. Start of deadline - from the day on which the rejection was received or 7 months from receipt of the application.
  • Claims for compensation for sexual harassment according to Section 15 Paragraph 1 GlbG - 3 years. Start of deadline - From the time of knowledge of the discrimination.
  • Claims for reimbursement of any performance costs in accordance with Section 1486 Z 5 ABGB - 3 years. Deadline Start - The day on which the costs were incurred.Claims of the employee for remuneration or reimbursement of expenses as well as of the employer for advances granted in accordance with Section 1486 Z 5 ABGB - 3 years. Start of deadline - from the due date of the respective claims.
    Limitation of action for prosecution due to underpayment according to Section 31 Paragraph 1 VStG in conjunction with Section 29 Paragraph 4 LSD-BG - 3 years. Start of the period - from the due date of the fee.
  • Claims for damages by the employer against the employee arising from employee liability in the event of slight negligence in accordance with Section 6 DHG - 6 months. Start of deadline - from the day on which they can be claimed.
  • Claims for damages by the employer against the employee arising from employee liability in the event of gross negligence or intent as well as other claims for damages by the employer in accordance with Section 1489 ABGB - 3 years or 30 years. Start of deadline - In the case of a short period of time from knowledge of the damage and the person causing the damage, in the case of a long period of time from the occurrence of the damage.
• Deletion of employee data: Employee data in Switzerland will be deleted when it is no longer necessary for the purpose for which it was collected, unless it must be retained or archived due to legal obligations or the interests of the employer. The following retention and archiving obligations are observed:
  
  • 10 years - retention period for books and records, annual financial statements, inventories, business reports, opening balance sheets, accounting documents and invoices as well as all necessary work instructions and other organizational documents (Art. 958f of the Swiss Code of Obligations (OR)).
  • 10 years - Data necessary to consider potential claims for damages or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and usual industry practices, will be stored for the statutory limitation period of ten years, unless: a shorter period of five years is applicable, which is relevant in certain cases (Articles 127, 130 OR). Claims expire after five years for rent, lease and capital interest payments as well as other periodic services, for the delivery of food, for catering and restaurant debts as well as for craft services, retail sales of goods, medical care, professional work of lawyers, legal agents, lawyers and notaries and from the employment relationship of employees (Article 128 OR).
• Personnel record keeping: Procedures necessary for organizing, updating and managing employee data and documents (e.g. recording personnel master data, storing employment contracts, references and certificates, updating data in the event of changes, compiling documents for employee interviews, archiving personnel files, compliance with data protection regulations); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR), processing of special categories of personal data in relation to healthcare, employment and social security (Art. 9 Para. 2 lit. h) GDPR).
• Personnel development, performance evaluation and employee appraisals: Procedures that are necessary in the area of ​​promoting and developing employees as well as in the assessment of their performance and in the context of employee appraisals (e.g. needs analysis for further training, planning and implementation of training measures, preparation of performance appraisals, implementation of target agreement and feedback discussions, career planning and talent management, succession planning); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR), processing of special categories of personal data in relation to healthcare, employment and social security (Art. 9 Para. 2 lit. h) GDPR).
• Obligation to provide data: The person responsible informs employees that it is necessary to provide their data. This is generally the case if the data is necessary for the establishment and implementation of the employment relationship or if its collection is required by law. Providing data may also be necessary if employees assert claims or if employees are entitled to claims. The implementation of these measures or the fulfillment of services depends on the provision of this data (for example the provision of data for the purpose of receiving wages); Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR), Legitimate interests (Art. 6 Para. 1 p. 1 lit. f) GDPR).
• Publication and disclosure of employee data: Employee data will only be published or disclosed to third parties if this is necessary to carry out work tasks in accordance with the employment contract. This applies, for example, if employees are named as contact persons in correspondence, on the website or in public registers after consultation or agreed job description, or if the field of responsibility contains representative functions. This can also be the case if, as part of the performance of the task, a representation or communication with the public takes place, such as images taken as part of public relations work. Otherwise, employees' data will only be published with their consent or based on the legitimate interests of the employer, for example in the case of stage or group photos as part of a public event; Legal basis: Fulfillment of the contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

Application process

The application process requires that applicants provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information provided there.

Basically, the required information includes personal information such as name, address, contact details and evidence of the qualifications required for a position. Upon request, we will also be happy to provide information about what information is required.

If available, applicants are welcome to submit their applications using our online form, which is encrypted using the latest technology. Alternatively, it is also possible to send applications to us by email. However, we would like to point out that emails on the Internet are generally not sent encrypted. Although email is typically encrypted in transit, it is not encrypted on the servers from which it is sent and received. Therefore, we cannot assume any responsibility for the security of the application during its transmission between the sender and our server.

For the purposes of finding applicants, submitting applications and selecting applicants, we can use applicant management and/or recruitment software and platforms and services from third-party providers, taking into account the legal requirements.

For the purposes of finding applicants, submitting applications and selecting applicants, we can use applicant management and/or recruitment software and platforms and services from third-party providers, taking into account the legal requirements.

Processing of special categories of data: If special categories of personal data (Art. 9 Para. 1 GDPR, e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants or communicated by them as part of the application process, their processing takes place so that the person responsible or the data subject can exercise their rights under labor law and social security and social protection law and fulfill their obligations in this regard may, in the case of protecting the vital interests of applicants or other persons or for health care or occupational medicine purposes, for assessing the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the administration of Systems and services in the health or social sector.

Deletion of data: If the application is successful, the data provided by the applicants can be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion will take place, subject to a justified revocation by the applicant, at the latest after a period of six months has elapsed, so that we can answer any follow-up questions about the application and fulfill our obligations to provide proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Admission to an applicant pool: Admission to an applicant pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the ongoing application process and that they can revoke their consent at any time in the future.

• Types of data processed: Inventory data (e.g. full name, home address, contact information, customer number, etc.); Contact information (e.g. postal and email addresses or telephone numbers); Content data (e.g. textual or visual messages and posts as well as the information relating to them, such as information on authorship or time of creation). Applicant data (e.g. personal information, postal and contact addresses, the documents associated with the application and the information contained therein, such as cover letter, CV, certificates and other information relating to a specific position or voluntarily provided by applicants about their person or qualifications).
• Affected persons: Applicants.
• Purposes of processing: Application process (justification and possible subsequent implementation as well as possible later termination of the employment relationship).
• Retention and deletion: Deletion as specified in the “General information on data storage and deletion” section.
• Legal basis: Application process as a pre-contractual or contractual relationship (Art. 6 Para. 1 Sentence 1 Letter b) GDPR). Legitimate interests (Art. 6 Para. 1 Sentence 1 Letter f) GDPR).

Further information on processing processes, procedures and services:

• LinkedIn Recruiter: Job search and application-related services within the LinkedIn platform; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);Website: https://www.linkedin.com; AGB: https://legal.linkedin.com/dpa; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Order processing contract: https://legal.linkedin.com/dpa. Basis for third country transfers: EU/EWR - Data Privacy Framework (DPF), Switzerland - Adequacy Decision (Ireland).
• Monster: Services related to employee acquisition/recruitment (search for employees, communication, application process, contract negotiations); Service provider: Monster Worldwide Deutschland GmbH, Ludwig-Erhard-Straße 14, 65760 Eschborn, Deutschland; Legal basis:Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.monster.de; Data protection declaration: https://www.monster.de/datenschutz/datenschutz/home.aspx. Basis for third country transfers: Switzerland - adequacy decision (Germany).
• Stepstone: Services related to employee acquisition/recruitment (search for employees, communication, application process, contract negotiations); Service provider: StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Deutschland; Legal basis: Legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.stepstone.de; Data protection declaration: https://www.stepstone.de/Ueber-StepStone/Rechtliche-Hinweise/datenschutzerklaerung/. Basis for third country transfers: Switzerland - adequacy decision (Germany).
• Xing: Job search and application-related services within the Xing platform; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland; Legal basis: legitimate interests (Art. 6 Abs. 1 S. 1 lit. f) DSGVO); Website: https://www.xing.com; Data Protection declaration: https://privacy.xing.com/de/datenschutzerklaerung. Basis for third country transfers: Switzerland - adequacy decision (Germany).

Change and update

We ask you to regularly inform yourself about the content of our data protection declaration. We will adapt the data protection declaration as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information for companies and organizations in this data protection declaration, please note that the addresses may change over time and ask you to check the information before contacting us.

Definitions of terms

In diesem Abschnitt erhalten Sie eine Übersicht über die in dieser Datenschutzerklärung verwendeten Begrifflichkeiten. Soweit die Begrifflichkeiten gesetzlich definiert sind, gelten deren gesetzliche Definitionen. Die nachfolgenden Erläuterungen sollen dagegen vor allem dem Verständnis dienen.

• Affiliate tracking: As part of affiliate tracking, links with which the linking websites refer users to websites with product or other offers are logged. The operators of the linked websites may receive a commission if users follow these so-called affiliate links and then take advantage of the offers (e.g. buy goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. Therefore, for affiliate links to work, it is necessary that they are supplemented with certain values ​​that become part of the link or otherwise, e.g. B. stored in a cookie. The values ​​include in particular the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user and tracking-specific values , like, e.g. B. Advertising material ID, partner ID and categorizations
• Employees: Employees are people who are employed, be it as employees, employees or in similar positions. An employment relationship is a legal relationship between an employer and an employee established by an employment contract or agreement. It involves the employer's obligation to pay remuneration to the employee while the employee performs his or her work. The employment relationship includes various phases, including the justification in which the employment contract is concluded, the implementation in which the employee carries out his work activity and the termination, when the employment relationship ends, whether by notice, termination agreement or otherwise. Employee data is all information that relates to these people and is in the context of their employment. This includes aspects such as personal identification information, identification numbers, salary and banking information, working hours, vacation entitlements, health information and performance reviews.
• Inventory data: Inventory data includes essential information that is necessary for the identification and management of contractual partners, user accounts, profiles and similar assignments. This information may include, but is not limited to, personal and demographic information such as names, contact information (addresses, phone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between people and services, facilities or systems by enabling clear attribution and communication.
• Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that can be used to deliver the content of an online offering, particularly large media files such as graphics or program scripts, more quickly and securely using regionally distributed servers connected via the Internet.
• Content data: Content data includes information that is generated in the course of creating, editing and publishing all types of content. This category of data may include text, images, videos, audio files and other multimedia content published on various platforms and media. Content data is not only limited to the actual content, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates
• Contact details: Contact details are essential information that enables communication with people or organizations. They include, among other things, telephone numbers, postal addresses and email addresses, as well as means of communication such as social media handles and instant messaging identifiers.
• Conversion measurement: Conversion measurement (also known as “visit action evaluation”) is a procedure that can be used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then accessed again on the target website. For example, we can understand whether the advertisements we placed on other websites were successful.
• Performance and behavioral data: Performance and behavioral data refers to information related to how people perform tasks or behave in a particular context, such as an educational, work, or social environment. This data may include metrics such as productivity, efficiency, quality of work, attendance, and compliance with policies or procedures. Behavioral data could include interactions with colleagues, communication styles, decision-making processes and reactions to different situations. These types of data are often used for performance evaluations, training and development, and decision-making within organizations.
• Meta, communication and procedural data: Meta, communication and procedural data are categories that contain information about the way data is processed, transmitted and managed. Metadata, also known as data about data, includes information that describes the context, provenance, and structure of other data. They can include information about file size, creation date, author of a document and change histories. Communication data records the exchange of information between users across various channels, such as email traffic, call logs, social network messages and chat histories, including the people involved, timestamps and transmission routes. Procedural data describes the processes and operations within systems or organizations, including workflow documentation, logs of transactions and activities, and audit logs used to track and review operations.
• Usage Data: Usage data refers to information that captures how users interact with digital products, services or platforms. This data includes a wide range of information that shows how users use applications, what features they prefer, how long they spend on certain pages, and the paths they take to navigate through an application. Usage data may also include frequency of use, timestamps of activities, IP addresses, device information and location data. They are particularly valuable for analyzing user behavior, optimizing user experiences, personalizing content, and improving products or services. In addition, usage data plays a crucial role in identifying trends, preferences and potential problem areas within digital offerings
• Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if he or she identifies directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any type of automated processing of personal data, which consists in the use of these personal data to identify certain personal aspects relating to a natural person (depending on the type of profile creation, different information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.) can be analyzed, evaluated or predicted (e.g. B. interests in certain content or products, click behavior on a website or whereabouts). Cookies and web beacons are often used for profiling purposes.
• Log Data: Log data is information about events or activities logged on a system or network. This data typically includes information such as timestamps, IP addresses, user actions, error messages and other details about the use or operation of a system. Log data is often used to analyze system problems, monitor security, or generate performance reports.
• Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offer and can determine the behavior or interests of visitors in certain information, such as: B. content of websites. With the help of reach analysis, operators of online offers can e.g. B. recognize at what time users visit your websites and what content they are interested in. This allows you, for example, B. adapt the content of the websites better to the needs of your visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyzes of the use of an online offering.
• Location data: Location data is created when a mobile device (or another device with the technical requirements for location determination) connects to a radio cell, a WLAN or similar technical means and functions for location determination. Location data is used to indicate at which geographically determinable position on earth the respective device is located. Location data can e.g. B. can be used to display map functions or other information dependent on a location.
• Tracking: “Tracking” is when the behavior of users can be tracked across multiple online offerings. As a rule, behavioral and interest information is stored in cookies or on the servers of the tracking technology providers with regard to the online offers used (so-called profiling). This information can then be used e.g. B. can be used to show users advertisements that are likely to match their interests.
• Controller: The “controller” is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
• Processing: “Processing” means any operation or series of operations carried out on personal data, whether or not by automated means. The term is wide-ranging and includes practically every handling of data, be it collecting, evaluating, storing, transmitting or deleting.
• Contract Data: Contract data is specific information related to the formalization of an agreement between two or more parties. They document the conditions under which services or products are provided, exchanged or sold. This category of data is essential for the management and fulfillment of contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may include start and end dates of the contract, the type of services or products agreed, price agreements, payment terms, termination rights, extension options and special terms or clauses. They serve as the legal basis for the relationship between the parties and are crucial for clarifying rights and obligations, enforcing claims and resolving disputes.
• Payment data: Payment data includes all information required to process payment transactions between buyers and sellers. This data is crucial for electronic commerce, online banking and any other form of financial transaction. They include details such as credit card numbers, bank details, payment amounts, transaction details, verification numbers and billing information. Payment data may also include information about payment status, chargebacks, authorizations and fees.
• Target group formation: We speak of target group formation (“Custom Audiences”) when target groups are used for advertising purposes, e.g. B. Display of advertisements can be determined. So can e.g. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online shop in which he viewed the products. “Lookalike audiences” (or similar target groups) are when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were created. Cookies and web beacons are usually used for the purpose of forming custom audiences and lookalike audiences.