Skip to main content

Privacy policy

Version 1.0.0 - 07/2022

The protection of personal data is important to us. Personal data is therefore processed in accordance with the applicable European and national laws.

You can of course withdraw your consent at any time with future effect. To do this, please contact the data controller in accordance with Section 1.

The following Privacy Policy provides an overview of the kind of data that is collected, how it is used and shared, which security measures we take to protect your data, and how you can obtain details about the information provided to us.

Legal basis for processing personal data
 Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (1) (a) of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis. For the processing of personal data necessary for performance of a contract to which the data subject is a party, Art. 6 (1) (1) (b) GDPR shall apply as the legal basis. This also applies to processing that is necessary to implement pre-contractual measures. Insofar as processing personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 (1) (1) (c) GDPR shall apply as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1) (1) (f) GDPR shall apply as the legal basis for processing.

Data deletion and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this is stipulated by European or national legislators in union regulations, laws, or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed, unless further storage of the data is necessary for the fulfilment of a contract.

§ 1 The data controller and the data protection officer

(1) Name and address of the data controller

The data controller, within the meaning of the General Data Protection Regulation and other national data protection laws of the member states and provisions pertaining to data protection, is:

DIA Digital Consulting GmbH
Am Leitz-Park 4
35578 Wetzlar Germany

Phone: +49 (0) 6441 - 384 57 00
Email: info(at)die-interaktiven.de
Website: www.die-interaktiven.de

(2) Name and address of the data protection officer

The data protection officer of the data controller is:

Dieter Grohmann
Datenschutz & privacy
Beethovenstrasse 23
87435 Kempten – Cologne – Berlin – Hamburg

Phone: +49 831 5209-8680
Email: info(at)datenschutzprivacy.de
Website: www.datenschutzprivacy.de

§ 2 Definitions

This Privacy Policy is based on the terms which were used by the European regulator upon the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). This Privacy Policy should be easy to read and understand. To ensure this, important terms are explained below:

 

(a) Personal data is all information which relates to an identified or identifiable natural person (hereinafter referred to as the "data subject"). An identifiable natural person is anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, natural, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(b) The data subject is any identified or identifiable natural person whose personal data is processed by the data controller for processing.

(c) Processing is any operation or series of operations, completed with or without the help of an automated process, which is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available by any other means, comparison or linking, restriction, deletion or destruction.

(d) Profiling refers to any form of automated processing of personal data which entails the use of personal data to evaluate certain personal aspects relating to a natural person, in particular analysing or predicting aspects pertaining to this natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

(e) Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

(f) The data controller or the person responsible for processing is the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data either alone or jointly with others. Where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.

(g) Processor refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. Recipient refers to a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. Public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

(h) A third party is a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons under the direct authority of the data controller or processor who are authorised to process personal data.

(i) Consent is any unambiguous indication given freely in that specific case by the concerned individual in an informed manner in the form of a declaration or other clear affirmative act by which the data subject indicates that they consent to the processing of their personal data.

(j) Consent is any unambiguous indication given freely in that specific case by the concerned individual in an informed manner in the form of a declaration or other clear affirmative act by which the data subject indicates that they consent to the processing of their personal data.

(k) A third party is a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons under the direct authority of the data controller or processor who are authorised to process personal data.

(l) Consent is any unambiguous indication given freely in that specific case by the concerned individual in an informed manner in the form of a declaration or other clear affirmative act by which the data subject indicates that they consent to the processing of their personal data.

§ 3 Provision of the website and creation of log files

(1) When using the website for informational purposes only, that is, if you do not register or otherwise provide us with information, we automatically collect the following data and information each time the website is accessed from the computer system of the computer used to access the website:

 

  • a) Domain
  • b) IP address
  • c) Information about the browser type and version used
  • d) The user’s operating system
  • e) The date and time of access
  • f) Content of access (specific pages)
  • g) The amount of data transferred in each case
  • h) The language and version of the browser software
  • i) Names of downloaded files

The data is also stored in our system's log files. This data is not stored together with any other personal data pertaining to the user.

(2) The legal basis for temporary storage of log files is Art. 6 (1) (f) GDPR.

(3) Temporary IP address storage by the system is necessary to

  • a) enable delivery of the website to the user's computer. To this end, the IP address of the user must be stored for the duration of the session.
  • b) optimise the contents of our website and the advertising of it
  • c) ensure the functionality of our information technology systems and the technology of our website
  • d) provide law enforcement authorities with the information necessary to enforce the law in the event of a cyberattack

Log files are saved to ensure the functionality of the website. The data is also used to optimise the website and ensure the security of our information technology systems. We do not evaluate this data for marketing purposes. These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 (1) (1) (f) GDPR.

(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected – in this case, at the end of the utilisation process. If the data is stored in log files, data will be deleted after seven days at the latest. It may, however, be retained for a longer period. In this case, IP addresses will be deleted or anonymised in such a way that they can no longer be attributed to the accessing client.

(5) Collection of data for the provision of the website and the storage of data in log files is imperative for the operation of the website, so there is no opt-out.

§ 4 Use of cookies

(1) This site uses so-called cookies. Cookies are small text files which, when you visit a website, are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.); these are then stored on your computer and send the user (that being our company) certain information. Cookies are used to make the website more customer-friendly and secure, and collect in particular use-related information such as frequency of use, number of users on the pages and page usage patterns. Cookies do not cause any damage to computers and do not contain any viruses.
Each cookie contains a characteristic string (called a cookie ID), which enables a unique identification of the browser when revisiting the site.

 

(2) We use cookies to make our website more user-friendly. Some elements of our website require that your browser be identifiable as you move on to another page within the site. The following data is stored and transmitted in cookies:

  • Decision whether to hide the modal window
  • Decision whether the cookie info is hidden

The legal basis for the processing of personal data by using cookies is Art. 6 (1) (1) (f) GDPR.

(3) The purpose of using technically necessary cookies is to simplify the use of websites for you. Some features of our website will not be available if the use of cookies is disallowed. This is why it is necessary that your browser remain recognisable as you make your way through our site. We require cookies for the following applications:

  • Hide cookie notice and info box

(4) Cookies remain stored even when the browser session is terminated and can be called up again when the page is visited once more. Cookies are, however, stored on your computer and transmitted to our site. You therefore have full control over how cookies are used. If you do not wish data to be collected via cookies, you can adjust your browser via the "Settings" menu in such a way that you are informed as to when cookies are set, or you can, in general, exclude cookies being set or delete them individually. It should be noted, however, that the functionality of this website may be limited if cookies are deactivated. As far as session cookies are concerned, they will be deleted automatically anyway after leaving the website.

§ 5 Registration for events

(1) We offer you the opportunity to register for our events on our website. This requires a valid email address and your title and name, as well as your company, so that we know who carried out the registration and to be able to process it. Further information can be provided voluntarily. Shortly before the event date, we will remind you of the upcoming event by email. This entered data will not be passed on to third parties unless required to do so by law or for the purpose of criminal or legal prosecution.

 

If necessary, data will be transmitted to partners of our event if we organise the event together with a partner company. Our event partner can then be found on the registration form. With Salesforce events, we will transmit the data entered to Inc. Transmission of the data to Salesforce is necessary so that we can host the event together with Salesforce. You can recognise whether it is a Salesforce event by the Salesforce logo (blue Salesforce cloud). We cannot conclusively clarify the processing of data through Salesforce. In addition, Salesforce's privacy policy applies; it can be found at https://www.salesforce.com/de/company/privacy/.

(2) We process your personal data according to Art. 6 (1) (1) (a) GDPR on the basis of your voluntary consent. We log the registration procedure (IP address and time of registration) on the basis of our legitimate interest according to Art. 6 (1) (1) (f) GDPR. This is necessary in order to provide you with a secure and legally compliant registration system. The transmission of the data to our event partner takes place on the basis of our legitimate interest according to Art. 6 (1) (1) (f) GDPR, since in these cases we can only offer you the organisation of the event in cooperation with our partner.

(3) Data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Insofar as you have also agreed to receive further information in the future, we will delete your data as soon as you withdraw your consent to this. We delete your personal data in the aforementioned cases, unless further processing of the data is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims. We store email addresses which have unsubscribed for up to three years on the basis of our legitimate interests so as to be able to prove previously given consent. In doing so, we ensure that the data is processed only for the purpose of possible defence against claims.

§ 6 Disclosure of personal data to third parties

1. Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence over the content of external links and are therefore not responsible for it; in particular we do not adopt their content as our own. If you are directed to an external site, the privacy policy provided there shall apply. If you notice any illegal activities or content on this page, please let us know. In the event of this we will check the content and respond accordingly (notice and take down procedure).

PRIVACY POLICY – FACEBOOK FAN PAGE

Company operates an online presence on Facebook, a so-called Facebook fan page. The following additional information on data processing applies to visits to our fan page. You can find general information about data protection on Facebook at https://www.facebook.com/about/privacy/.

1. Joint responsibility & contact details:

In accordance with Art. 26 GDPR, we are jointly responsible with Facebook for the operation of our Facebook fan page. For this purpose, we have agreed with Facebook who is to fulfil which obligations with regard to data protection. This agreement can be accessed here. Facebook is therefore primarily responsible for providing the data subject with information about joint processing and enabling them to exercise their data protection rights. Regardless of this, we inform you about your visit to our fan page in this way.

The following are our contact details:

DIA Digital Consulting GmbH
Am Leitz-Park 4
35578 Wetzlar Germany

Phone: +49 (0) 6441 - 384 57 0
Email: info(at)die-interaktiven.de
Website: www.die-interaktiven.de

You can reach Facebook at:
Meta Platforms Ireland Ltd
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

You can reach Facebook online at https://www.facebook.com/help/contact/2061665240770586.

You can reach Facebook's data protection officer at http://www.facebook.com/help/contact/540977946302970.

2. Collection and storage of personal data as well as type and purpose of its use

a) Data collected by Facebook:

If you are a Facebook user, Facebook collects data described in Facebook's Data Policy under "What types of information do we collect?" . If you are not a Facebook user, cookies provided with identifiers, small text files, may still be stored in your browser, which enable so-called tracking of your user behaviour.

As a rule, when visiting Facebook, the user data is also processed by Facebook for market research and advertising purposes. Based on user behaviour (also when visiting our fan page), complex user profiles are created that Facebook can use to display personalised ads to the visitor inside and outside of Facebook. You can also find more information about this in Facebook's Data Policy.

If you do not agree with this, you can object here (opt-out).

b) Data used by us ("Page Insights") and the legal basis:

Facebook provides us with statistics and usage data, on the basis of which we can analyse the use of our fan page (so-called "Page Insights"). This enables us to continuously improve our offer on Facebook. As an operator, we do not make any decisions regarding the processing of Insights data or any other information arising from Art. 13 GDPR, including the storage period of cookies on user devices. Facebook holds primary responsibility under GDPR for the processing of insight data and Facebook meets all its obligations arising from the GDPR with regard to the processing of insight data.

As a page administrator, we have no other option, not even via user tracking, to evaluate the user behaviour on our fan page. It is also not possible for us to identify the visitor to the fan page on the basis of Page Insights. In particular, we have no right under the agreement to request that Facebook disclose individual visitor data. Identification is only possible if we can assign individual profile pictures to "Likes" for the page; however, this is only possible if our fan page has been marked with "Likes" by the corresponding visitor, and the "Likes" are set to "public".

You can find out what information Facebook uses to create Page Insights at https://www.facebook.com/legal/terms/information_about_page_insights_data.

Operation of the Facebook fan page and the use of Page Insights serves our legitimate interest in effectively presenting ourselves externally and efficiently communicating with our customers and interested parties. This interest justifies the operation of the site both towards the legitimate interests of Facebook users and towards visitors to our fan page who do not have a Facebook account. The legal basis is Art. 6 (1) (1) (f) GDPR.

3. Disclosure of data to third parties:

Data collected by Facebook is exchanged and processed throughout the Facebook group. The Facebook group also includes Instagram, WhatsApp and Oculus, for example. For example, information collected via Facebook is used to show the user personalised advertising on Instagram, or information from WhatsApp is used to take action against accounts that send spam via WhatsApp on Facebook. This information can be found in Facebook's Data Policy (https://www.facebook.com/about/privacy/update) under "How do the Facebook companies work together?".

When data is processed by Facebook, user data may be transferred outside the European Economic Area (EEA), in particular to the USA.

4. Right to object:

If your personal data is processed based on legitimate interests in accordance with Art. 6 (1) (1) (f) GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data if this is due to reasons which arise from your particular situation or if the objection is raised against direct advertising. In the latter case, you have a general right to object, which we will implement without you having to specify your particular situation. If you would like to make use of your right of withdrawal or objection, please send an email to:

5. Data subject rights:

You have the right to withdraw your consent vis-à-vis us at any time. As a result we will no longer be allowed to continue processing data based on this consent in the future. In addition, you have the right to information in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR and the right to data portability in accordance with Art. 21 GDPR. In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

In principle, you can assert your data subject rights vis-à-vis both Facebook and us. Since only Facebook has direct access to your user data, you can most effectively assert your data subject rights vis-à-vis Facebook.

PRIVACY POLICY – INSTAGRAM FAN PAGE

We look forward to your visit to the Instagram page operated by us and would like to inform you in this Privacy Policy about how personal data is processed in connection with visits to or interactions with our Instagram page or its content. Instagram is an online photo and video sharing service that is owned by Facebook. Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject").

The legal basis for data protection can be found in the General Data Protection Regulation (GDPR).

1. Joint responsibility & contact details:

Responsible person means the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data.

If you submit personal data to us via our Instagram page and we alone decide on the purposes and means of processing,

DIA Digital Consulting GmbH
Am Leitz-Park 4
35578 Wetzlar Germany

Phone: +49 (0) 6441 - 384 57 0
Email: info(at)die-interaktiven.de
Website: www.die-interaktiven.de

is solely responsible for the processing.

Insofar as personal data is processed in connection with our Instagram page and Facebook alone decides on the purposes and means of processing, then

Meta Platforms Ireland Ltd
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

is solely responsible for the processing.

2. Information on data processing by Meta Platforms Ireland Ltd

Instagram's privacy policy (https://help.instagram.com/519522125107875) specifies the categories of personal data processed when using Facebook products (https://www.facebook.com/help/1561485474074139?ref=dp) (see I.), describes in general terms the purposes for which this data is used (see II.) and specifies the categories of recipients to whom this data can be made available (see III., IV.). You can also find information on the legal basis for the processing of this data (see V.) and information on how you can withdraw your consent to the processing of personal data under the link to the data policy provided. Further information on the respective legal basis can be found at www.facebook.com/about/privacy/legal_bases. The data policy provides information on how to exercise your rights to information, rectification, portability and deletion vis-à-vis Meta Platforms Ireland Ltd (see VI.). Under this point you will also find information about your right to object to certain processing of personal data. For more information about your management options, please look at this help article (https://www.facebook.com/help/2069235856423257). The data policy also provides information about the duration for which personal data is stored and information about the criteria for determining this duration and the possibility of blocking or deleting Instagram accounts (see VII.). The data policy refers to the intention of Meta Platforms Ireland Ltd to transmit data to third countries where required on the basis of adequacy decisions adopted by the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

3. Information on the use of cookies by Meta Platforms Ireland Ltd

When you visit our Instagram page and your browser allows the storage of cookies, Meta Platforms Ireland Ltd stores information in the form of small text files in the memory of your browser (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that integrates Facebook technologies. Further information on the purpose of the cookies used, on the integration of these cookies by other websites and on your control options in this regard can be found in the information on Instagram cookies.

We would like to point out that Meta Platforms Ireland Ltd is able to use the cookies used to track your user behaviour (for logged-in users across devices) on other websites, even beyond the Instagram platform. This applies both to persons registered with the Instagram platform and to persons not registered there.

We would also like to point out that we have no influence on data processing carried out by Meta Platforms Ireland Ltd in connection with cookies. You can also visit our Instagram page if you configure your browser in such a way that no cookies are stored from the Facebook platform. You can usually find information about how to adjust the settings for cookies in your browser in the help area of the browser you are using.

If you are registered or logged in to the Instagram or Facebook platform and want to prevent Meta Platforms Ireland Ltd from associating your visit to our Facebook page with your Instagram or Facebook user account, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and quit and restart your browser.

4. Data processing for interactions on our Instagram page

Our Instagram page gives you the opportunity to respond to our posts, comment on them and send us private messages. Please check carefully what personal data you share with us via our Instagram page. If you do not want Facebook to process personal information that you provide to us, please contact us by other means.

In addition to the content you submit, depending on your privacy settings, we can see information about your profile, your likes and your posts. Learn how to change your privacy settings in this help article.

The processing of your data when contact making or interacting with our site or its contents is carried out by us on the basis of Art. 6 (1) (1) (f) GDPR. Our legitimate interest lies in responding to your request. If your contact making is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) (1) (b) GDPR.

We process the data you provide in this context and which may be accessible to us in order to safeguard our legitimate interests in contact with and communication with our interested parties, which are predominant in the context of a balancing of interests. This also includes our legitimate interests in data processing in accordance with Art. 6 (1) (1) (f) GDPR.

As far as we are able, your data will be deleted when we stop operating our Instagram page. If this data is stored further by Meta Platforms Ireland Ltd, this is exclusively based on the provisions of Instagram's privacy policy (https://help.instagram.com/519522125107875) and Instagram's terms of use (https://help.instagram.com/581066165581870).

5. Processing of anonymised data for statistical purposes

We have set up our Instagram page as a business profile and use anonymised site statistics ("Instagram Insights") provided by Meta Platforms Ireland Ltd that provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to deciding on the means and purposes of processing event data used to compile site statistics. The statistics include the following information:

  • Reach, page views, dwell time for video posts
  • Interactions such as adding a "Like" to a post, commenting on or sharing posts
  • Demographic data on age, gender and location

We use this data to identify trends. It is not possible for us to refer back to people who triggered these events.

6. Data subject rights

In the following, we have summarised the rights of data subjects for you. The full legal texts can be found in the mentioned articles. This summary does not give rise to any rights beyond those laid down in the GDPR.
Data subjects have the following rights vis-à-vis the data controller:
Changes to these data protection regulations
We reserve the right to adapt this Privacy Policy so that it always complies with the current legal requirements or to implement changes to our services in the Privacy Policy. Any subsequent website access will then be subject to the terms of the new privacy policy.

  • The right to withdraw consent (Art. 7 (3) GDPR): You can withdraw your consent to the processing of data at any time with effect for the future
  • Right to information (Art. 15 GDPR): You can request information about whether your personal data is processed. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period or criteria for this, the existence of a right to rectification, deletion, restriction of processing, objection or the existence of a right of appeal. Furthermore, you can request information about the origin of data that has not been collected from you. In addition, you can request to be informed whether there is automatic decision-making, whether data is transferred to a third country or to an international organisation and on the basis of which guarantee this is done. You can request a copy of the personal data about you, insofar as this does not affect the rights and freedoms of other persons
  • Right to rectification (Art. 16 GDPR): You can request the immediate rectification of incorrect personal data or, taking into account the purposes of processing, the completion of your stored personal data.
  • Right to deletion (Art. 17 GDPR): You can request the deletion of your stored personal data if the purpose of processing has lapsed due to the lapse of time or other reasons, if you have withdrawn your consent or objected to the processing and there are no overriding reasons for the processing or other legal bases, if the legal basis for the data processing is missing or has lapsed and the processing is not necessary for exercising the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims. If we have made your data public, we are obliged to take appropriate measures to inform each recipient that you have requested the deletion of all links to or copies of the personal data concerned.
  • Right to restriction of processing (Art. 18 GDPR): You have a right to restriction of processing if you dispute the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data; the processing is unlawful and you refuse the deletion of the personal data and instead request the restriction of the use of the personal data; we no longer need the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or if you have objected to the processing in accordance with Art. 21 GDPR and it has not yet been determined whether our legitimate reasons outweigh your reasons.
  • Right to data portability (Art. 20 GDPR): You have a right to receive the personal data transmitted by you on the basis of your consent or a contract concluded with us in a structured, commonly used and machine-readable format or to request the transmission to another data controller, insofar as this does not affect the rights and freedoms of other persons and it is technically feasible.
  • Right to object (Art. 21 GDPR): You have the right, for reasons arising from your particular situation, to object to processing that we carry out to protect our legitimate interests, unless we can prove that there are compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. You have the right to object to processing that we carry out for direct marketing purposes at any time. Your data may then no longer be processed for these purposes.
  • Right to lodge a complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection regulations.

7. Changes to these data protection regulations

We reserve the right to occasionally adapt this Privacy Policy so that it continually meets the current legal requirements or in order to incorporate changes to our services in the Privacy Policy. Any subsequent website access will then be subject to the terms of the new privacy policy.

DATA PROTECTION REGULATIONS ON THE USE AND APPLICATION OF XING

The date controller has integrated components from Xing into this website. Xing is an Internet-based social network that enables users to connect to existing business contacts and make new business contacts. Individual users can create a personal profile of themselves at Xing. For example, companies can create company profiles or publish job offers on Xing.
The operating company of XING IS XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany.
For each visit to one of the individual pages of this website, which is operated by the data controller and on which a Xing component (Xing plug-in) has been integrated, the Xing component in question causes the internet browser on the data subject's information technology system to download a representation of the corresponding Xing component from Xing. More information about the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical procedure, Xing receives information about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to Xing at the same time, on each visit to our website by the data subject and during the entire duration of the respective stay on our website, Xing recognises which specific sub-page of our website the data subject visited. This information is collected by the Xing component and assigned by Xing to the data subject's respective Xing account. If the data subject presses one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.
Xing always receives information from the Xing component that the data subject has visited our website if the data subject is simultaneously logged in to Xing at the time of accessing our website; this happens regardless of whether or not the affected person clicks on the Xing component. If such transfer of this information to Xing is not desired by the date subject, they can prevent the transfer by logging out of their Xing account before entering our website.
The data protection regulations published by Xing, which are available at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published privacy notices at https://www.xing.com/app/share?op=data_protection for the XING share button.

Our website uses features provided by the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or user behaviour evaluated.
Further information on data protection and the Xing Share button can be found in Xing's privacy policy at https://www.xing.com/app/share?op=data_protection

DATA PROTECTION REGULATIONS ON THE USE AND APPLICATION OF LINKEDIN

The data processor has integrated components of LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect to existing business contacts and make new business contacts. More than 400 million registered users in over 200 countries use LinkedIn. LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.
Each time our website is accessed and equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser the data subject is using to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives information about which specific sub-page of our website is visited by the data subject.
If the data subject is logged in to LinkedIn at the same time, on each visit to our website by the data subject and during the entire duration of the respective stay on our website, LinkedIn recognises which specific sub-page of our website the data subject visited. This information is collected by the LinkedIn component and assigned by LinkedIn to the data subject's respective LinkedIn account. If the data subject presses one of the LinkedIn buttons integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.
LinkedIn always receives information from the LinkedIn component that the data subject has visited our website if the data subject is simultaneously logged in to LinkedIn at the time of accessing our website; this happens regardless of whether or not the affected person clicks on the LinkedIn component. If such transmission of this information to LinkedIn is not desired by the data subject, the data subject can prevent the transmission by logging out of their LinkedIn account before accessing our website.
LinkedIn offers the option of unsubscribing from email messages, SMS messages and targeted advertisements as well as managing ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who can set cookies. Those cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn's current privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

KUNUNU

We have a profile on kununu (belongs to XING). The provider is New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany.
The XING plugins and kununu links can be recognised by the XING logo and kununu links on our website. When visiting our site, the kununu plug-in will establish a direct connection between your browser and the XING server. This enables XING to receive information that you have visited our site from your IP address. If you click the kununu logo while you are logged into your XING account, you can link the content of our pages to your XING profile. This allows XING to attribute visits to our website to your user account. Please note that, as the provider of this site, we have no knowledge of the content of the data transmitted to XING or of how XING uses this data. A direct connection between your browser and the kununu server (belonging to XING) is established via the kununu links. kununu receives the information that you have visited our site with your IP address. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by kununu.

If you do not wish kununu to link your visit to our web pages to your kununu user account, please log out from the latter. For more information about data protection and the kununu Share button, please see Xing's/kununu's privacy policy at: https://www.xing.com/app/share?op=data_protection

For details on how they handle your personal information, see XING's/kununu's privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung

§ 7 Contact form and email contact

(1) There is a contact form on our website which can be used for electronic contact. If a user accepts this option, the data entered in the input screen will be sent to us and stored.

This data is:

  • First name, surname
  • Phone number
  • Preferred appointment date
  • Email
  • Country

The following data is also stored at the time the message was sent:

  • The user's IP address
  • Date and time of registration

During the dispatch process, your consent is obtained for the processing of data and reference is made to this Privacy Policy.

Alternatively, you can contact us via the provided email address. In this case, your personal data that is transmitted along with the email will be stored.

If this includes information about communication channels (e.g. email address, telephone number), you also agree that we may contact you via this communication channel in order to respond to your request.

No data will be disclosed to third parties in this context. This data will be used exclusively to respond to your enquiry.

(2) The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6(1) (1) (a) GDPR. The legal basis for processing the data transferred in the course of sending an email is Art. 6(1) (1) (f). If the ultimate purpose of sending the email is entering into contract with us, the additional legal basis for the data processing is Art. 6(1) (1) (b) GDPR.

(3) We only process personal data provided in input forms to process the contact request. The data from your email enquiries will of course only be used for the purpose for which you made it available to us when contacting us. If you contact us by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

(4) Data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation is considered to have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved. Personal data that was additionally collected during the transmission procedure will be deleted within seven days at the latest.

(5) You have the option of withdrawing your consent to the processing of personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. If you exercise this right, it will not be possible to continue our conversation. Regarding the withdrawal of the consent/objection of storage, we ask you to contact the data controller or the data protection officer according to Section 1 via email or post. In such cases, all personal data that was stored when contact was made with us will be deleted.

 

§ 8 Web analysis by Google Analytics (with pseudonymisation)

On our website, we use the service of Google LLC (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the surfing behaviour of our users. The software places a cookie on your computer (for cookies, see Section 4). If individual pages of our website are accessed, the following data is stored:

 

  • Two bytes of the IP address of the user's accessing system
  • The called up web page
  • Entry pages, exit pages
  • The time spent on the website and the abort rate
  • The frequency with which the website is accessed
  • Country of origin and regional origin, language, browser, operating system, screen resolution, use of Flash or Java
  • Search engines and keywords used

The information generated by the cookie about the use of this website by the user is generally transmitted to and stored in a Google server in the USA.

The legal basis for processing personal data is your consent under Art. 6(1) (1) (a) GDPR.

On our behalf Google will use this information to evaluate your use of the website and to compile reports on website activity. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and its user-friendliness.

The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this is the case after 18 months.

The set cookies are stored on your device and transmitted to our site. If you do not agree with the collection and evaluation of usage data, you can prevent this by setting your browser software accordingly by deactivating or restricting the use of cookies. Cookies which have already been saved may be deleted at any time. However, in this case you may not be able to use all functions of this website in full. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) and the processing of the data by Google by downloading and installing the browser plugin available under the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de. You have the possibility to withdraw your consent to the processing of your personal data at any time. If you contact us by email, you can object to the storage of your personal data at any time. Regarding the withdrawal of the consent/objection of storage, we ask you to contact the data controller according to Section 1 via email or post.

The data controller is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information can be found in the terms of use at www.google.com/analytics/terms/de.html, in the overview on data protection at www.google.com/intl/de/analytics/learn/privacy.html as well as the privacy policy at www.google.de/intl/de/policies/privacy. 

§ 9 SSL encryption

This site uses SSL encryption for security reasons and for the protection of the transmission of confidential content, such as the queries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser's address line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

 

§ 10 Rights of the data subject

Should your personal data be processed, you are a data subject within the meaning of the GDPR. As a consequence, you have the following rights vis-à-vis the data controller:

 

  1. Right to information
  2. Right to correction
  3. Right to restriction of processing
  4. Right to deletion
  5. Right to information
  6. Right to data portability
  7. Right to object to processing
  8. Right to withdraw data protection consent
  9. Right not to apply an automated decision
  10. Right to file a legal complaint with a supervisory authority

1. Right to information

(1) You may request confirmation from the data controller as to whether we are processing or have processed personal data concerning you. If processing has taken place, you can request information from the data controller at any time free of charge as to the personal data stored about you, and about the following information:

  • a)
  • The purposes for which the personal data is being processed;
  • b) The categories of personal data being processed;
  • c) The recipients or categories of recipients to whom the personal data relating to you either has been or continues to be disclosed;
  • d) The intended period for which the personal data relating to you will be stored or, where specific information pertaining to this is not available, criteria for determining the storage duration;
  • e) The existence of a right to rectification or deletion of personal data relating to you, a right to restriction of processing by the data controller, or a right to object to such processing;
  • f) Your right to appeal to a supervisory authority;
  • g) All available information on the source of the data if the personal data is not collected from the data subject directly;
  • h) The existence of automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

(2) You have the right to be informed as to whether your personal data will be transmitted to a third country or an international organisation. In this regard, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR in relation to the transmission.

2. Right to rectification

You have the right to prompt rectification and/or completion by the data controller if the personal data processed concerning you is either incorrect or incomplete.

3. Right to restrict processing

(1) Under the following conditions, you may request from the data controller that the processing of your personal data be restricted:

  • a) Should you dispute the accuracy of the personal data concerning you for a period of time which allows the data controller to verify the accuracy of the personal data;
  • b) The processing is unlawful and you reject the deletion of the personal data and instead request the restriction of the use of your personal data;
  • c) The data controller no longer requires the personal data for processing purposes, but you require it to assert, exercise, or defend legal claims, or
  • d) You have objected to processing in accordance with Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the data controller to process your data outweigh your reasons.

(2) If the processing of personal data concerning you has been restricted, then – apart from its storage – this data may only be processed with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State. If processing has been restricted in accordance with the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

(1) You can request that the data controller delete the personal data concerning you immediately, provided that one of the following reasons applies:

  • a)
  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • b) You withdraw your consent, upon which the processing was based in accordance with Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for its continued processing.
  • c) You object against processing in accordance with Art. 21 (1) GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Art. 21 (2) GDPR.
  • d) Your personal data has been unlawfully processed.
  • e) Your personal data must be deleted in order to comply with a legal obligation under Union or Member State law to which the data controller is subject.
  • f) The personal data concerning you has been collected in relation to services offered by information services in accordance with Art. 8 (1) GDPR.

(2) If the data controller has made your personal data public and is required to delete it in accordance with Art. 17 (1) GDPR, the data controller will take appropriate measures, including those of a technical nature, while taking into account available technology and implementation costs, to inform the data controllers who are processing the personal data that you as the data subject have requested that they delete all links to this personal data, or copies or replications of this personal data.

(3) The right to deletion does not exist if processing is necessary

  • a) to exercise the right to freedom of expression and information;
  • b) to fulfil a legal obligation which requires the processing in accordance with the law of the Union and Member States to which the data controller is subject, or to perform a task which falls within the public interest or occurs in the exercise of public authority which was transferred to the data controller;
  • c) for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i), as well as Art. 9 (3) GDPR;
  • d) for the purposes of archiving, the purposes of scientific or historical research, or statistical purposes which fall within the public interest in accordance with Art. 89 (1) GDPR, to the extent that the right referred to in Section a) is likely to render impossible or seriously inhibit the achievement of the purposes of such processing; or
  • e) to assert, exercise or defend legal claims.

5. Right to information

If you have asserted the right to rectification, deletion or restriction of processing against the data controller, the data controller is obliged to communicate this rectification/deletion/restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort. You have the right to be informed as to these recipients by the data controller.

6. Right to data portability

(1) You have the right to obtain a copy of the personal data you have supplied to the data controller concerning you in a structured, commonly used, machine-readable format. You also have the right to transmit this data to another data controller without hindrance from the data controller to which the personal data were made available insofar as

  • a) the processing is based on a consent in accordance with Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on the basis of a contract in accordance with Art. 6 1 (b) GDPR and
  • (b) the processing is carried out using automated methods.

(2) In exercising this right, you also have the right to have the data controller transfer your personal data directly to another data controller if this is technically feasible. This action must not affect the freedoms and rights of other persons.

(3) The right to data portability does not apply to personal data processing that is required for the performance of a task that falls within the public interest or that occurs in the exercise of public authority that has been transferred to the data controller.

(4) In order to exercise the right to data portability, the data subject may at any time contact the data controller.

7. Right to object

(1) You have the right, for reasons arising from your specific situation, to object to the processing of personal data concerning you at any time and which is carried out in accordance with Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.

(2) The data controller will no longer process the personal data relating to you unless they can prove a compelling, legitimate reason for this which outweighs your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.

(3) If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to such processing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, personal data relating to you shall no longer be processed for these purposes.

(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object using an automated process involving the use of technical specifications.

(5) In order to exercise the right to object, the data subject may contact the data controller directly.

8. Right to withdraw the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the legality of processing carried out based on consent before its withdrawal. You can contact the data controller to this end.

9. Automated decisions in individual cases, including profiling

(1) You have the right to not be subjected to a decision based solely on automated processing – including profiling – which has legal bearing on you or that significantly affects you in a similar manner. This shall not apply if the decision

  • a) is necessary for either the conclusion or performance of a contract between you and a data controller;
  • b) is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • c) is based on your explicit consent.

(2) However, these decisions may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR apply and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.

(3) In the cases referred to in Sections (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller to state their own position and challenge the decision.

(4) If the data subject wishes to exercise their rights concerning automated individual decision-making, they may, at any time, contact the data controller.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State containing your residence, place of work, or the location of the supposed violation, if you believe that the processing of your personal data violates the GDPR. The supervisory authority to which the appeal is submitted will inform you about the status and results of the appeal, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

§ 11 Changes to the Privacy Policy

We reserve the right to change our data protection practices and this Policy to adapt it to any changes in relevant laws and/or regulations or to better meet your needs. We will notify you of possible changes to our data protection practices here. Please note the current version date of this Privacy Policy.