Welcome to the PeakAvenue GmbH website. Data protection and protecting your personal rights are of great importance to us. On this page we would like to inform you about what data PeakAvenue processes and for what purposes. If you have any questions or suggestions about the privacy policy, please feel free to contact us.

1. Reface and selected terms

On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.

  • GDPR stands for the European General Data Protection Regulation.
  • BDSG is an abbreviation for the Federal Data Protection Act in its current version.
  • Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
  • The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
  • The data subject within the meaning of the GDPR is any natural person whose personal data is processed.
  • Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Art. 4 of the GDPR (definitions).

2. Responsible parties and data protection officer

Joint controllers for data processing

The PeakAvenue GmbH, Maria-Goeppert-Str. 15, 23562 Lübeck, is the Holding Company of

iqs Software GmbH
Erlenstraße 13c
77815 Bühl (Baden)
(PeakAvenue Bühl)
Phone: +49 7223 281480
E-mail: info@peakavenue.com

and

Plato GmbH
Maria-Goeppert-Straße 15
23562 Lübeck
(PeakAvenue Lübeck)
Phone: +49 4519 309860
E-mail: info@peakavenue.com

The PeakAvenue Group processes personal data under joint responsibility (Art. 26 GDPR). Within the group of companies, the joint controllers use common systems based on legitimate interests (Art. 6 Para. 1 lit. f GDPR).

If you have any data protection issues, you are free to choose which of the joint controllers you contact.

Data protection officer

Data protection officer of the PeakAvenue Group

DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Diplom-Betriebswirt (FH)
Zertifizierter Datenschutzbeauftragter
Phone: +49 176 32744172
E-mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de

3. Compact overview

The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.

Security on our website

Our website is provided with a TLS certificate, which is used to encrypt data transfer processes. This happens, for example, if you send us a message via a form. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.

Data that you transmit to us

On this page, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.

Server log files

On the other hand, our server automatically records all accesses and thus also IP addresses (log files); this serves to ward off attacks, analyze access numbers and ensure smooth operation.

Use of cookies

Cookies help us to provide various services; further information can be found in this data protection declaration.

Analysis and tracking tools

In addition to the pure server log files, which also provide us with information about page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the flow of behavior and, for example, the country from which access took place. Such services require cookies or comparable technologies to function.

Plugins and content delivery networks

We use plugins and content delivery networks. If such services are integrated via a website, access data is transmitted to the services. Typically this is your IP address and other metadata, such as time and date of access.

Newsletter/direct marketing

a) Direct marketing to existing customers in the legitimate interest
We reserve the right to send our customers newsletters on the basis of Section 7 Paragraph 3 UWG and Art. 6 Para. 1 lit. f of the GDPR. You can of course object to receiving direct marketing information at any time.

b) Direct marketing based on your consent
If you consent, we will send you newsletters until your revocation. You can revoke your consent at any time with future effect.

Other data recipients

Data Transfer within the corporate group
In the PeakAvenue Group, we process data on common systems and for common purposes. This is done on the basis of shared responsibility within the framework of legitimate interests.

Use of data processores
We have commissioned data processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting or email hosting. These companies process personal data according to our instructions.

Use of specialist services
If necessary, we pass on your data to, for example, banks, shipping service providers, our tax advisor or lawyer.

Legal obligations
We are subject to legal obligations, such as commercial laws or tax laws, in this context we must pass on certain data, for example, to tax authorities.

Investigation of crimes
If necessary to secures our interests, we pass on data to the law enforcement authorities.

General information on deletion periods of personal data

We process the data as long as necessary for the respective purpose. As a rule we process your personal data for the duration of our business relationship, which includes the initiation and processing of a contract; further we are obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.

Transfer of personal data to a third country

We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Art. 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these based on our legitimate interests. In these cases, we will point out the circumstance if necessary.

Obligation to provide personal data

You are free to decide whether you provide personal data on our website for specific purposes. To carry out legal transactions, the provision of personal data is contractually required.

4. Legal basis for processing personal data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.

Consent (Art. 6 Para. 1 lit. a GDPR)

Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.

Data processing within contractual purposes (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data to initiate or implement contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.

Legal obligations (Art. 6 Para. 1 lit. c GDPR)

The exception to data processing based on a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example we are obliged to comply with certain retention periods according to commercial law and tax law.

Legitimate interests (Art. 6 Para. 1 lit. f GDPR)

The processing of personal data based on a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful weighing of financial or legal interests against the legitimate interests of the data subject.

5. Data subjects rights under the general data protection regulation

Every natural person is entitled to certain rights, which are defined in particular in Art. 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us.

Right to revoke your consent in accordance with Art. 7 GDPR

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information according to Art. 15 GDPR (restrictions possible according to Section 34 BDSG)

You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification according to Art. 16 GDPR

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion according to Art. 17 GDPR (restrictions possible according to § 35 BDSG)

You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing according to Art. 18 GDPR

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
  • If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
  • If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

Right to data portability according to Art. 20 GDPR

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising in accordance with Art. 21 GDPR

If the data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Objection according to Art. 21 Para. 1 GDPR).

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (Objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR in conjunction with In accordance with Section 19 BDSG

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

6. External hosting

This website is hosted externally. The personal data collected on this website is stored on the server(s) of the host(s). This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR, insofar as the consent requires the storage of cookies or access to information on the user's end device (e.g. B. Device fingerprinting). Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data.

We use the following host:

netcup GmbH
Daimlerstr. 25
76185 Karlsruhe

Data processing agreement

We have concluded a Data Processing Agreements for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Automatic server log files

Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).

In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.

  • Date and time of retrieval
  • Information about the browser type and version browser used
  • Information about the operating system used
  • Device (client)
  • Referrer URL (which page you used to land on our website)
  • Hyperlinks accessed

We only process this data for the purposes mentioned above. We delete server log files after six months at the latest.

8. Use of cookies

Our website uses cookies to provide services and to ensure full functionality. Cookies – these are small text files that are automatically stored in your browser or device – can have various functions and contain a characteristic string that allows the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your device and transmitted from it to our site. As a user, you generally have full control over the use of cookies. You can determine whether and which cookies you generally allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies on you. This gives you control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be limited.

Cookies fundamentally differ between non-persistent and persistent cookies. A distinction is also made between first-party cookies (which come directly from our web server) and third-party cookies (which are set by third-party providers).

Cookie types by term

Session cookies

Session cookies are deleted at the latest when you leave our website and close your browser.

Persistent cookies

These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different durations, from one day to several years. These cookies can perform various functions, for example storing your login details so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking and marketing purposes.

Cookie types by origin

We use both first-party cookies and third-party cookies. First-party cookies are cookies that come directly from us. Third-party cookies are cookies that are placed by a third party. We use various third-party cookies for analysis, tracking and marketing purposes.

Cookie types by function

Technically required or necessary cookies

These cookies enable the operation of our website; without technically necessary cookies, our site would not be usable or would only be usable to a very limited extent. For example, such cookies are used when you log in to our site or add a product to your shopping cart. Some necessary cookies also serve security purposes.

Analysis or statistics cookies

Analysis cookies collect information about the behavior of site visitors, provide information about the length of stay and what information was accessed. Information is also collected about which website visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimize our website based on the information collected.

Tracking and marketing cookies

Tracking and marketing cookies (also remarketing and retargeting cookies) enable an analysis of browser behavior, they store which content was visited or which products the user was looking for (tracking in this sense means tracking). Based on these cookies, a user can also be identified across sites with the aim of displaying advertisements tailored to their interests.

Legal basis and information about setting your preferences

We use technically necessary cookies in the interest of a functional and stable website (Art. 6 Para. 1 lit. f GDPR); we only use other cookies with your consent (Art. 6 Para. 1 lit. a GDPR). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit, and you also have the option to adjust your preferences at any time.

The individual legal bases for the use of various tools that use cookies can be found in the respective passages in our data protection declaration.

9. Cookie consent management

We offer you the opportunity to choose whether and which cookies and services you want to allow. For this purpose, we have implemented so-called consent management, which is automatically displayed the first time our website is accessed or after the preference cookie has expired. Once you have confirmed your choices regarding cookies and services, a cookie will be stored in your browser to store your preferences. Further information about this cookie can be found in our cookie list.

cookie consent management on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) to obtain the legally required consent (Art. 6 Para. 1 lit. c GDPR) for the use of technically unnecessary cookies and cookie-like cookies technologies

10. Data processing in the context of communication and contact

Message via contact form (integrated via ZOHO CRM)

You have the option of sending us messages using the contact form. We process the data that you entered in the data collection mask. Mandatory fields are marked and must be provided. The purpose of data processing is to process your request and, if necessary, to contact you afterwards. The legal basis for processing the data entered into the contact form is generally based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent at any time in the future without giving us reasons. In addition, we process your data to initiate or carry out sales contracts, for example if you ask us product-related questions (Art. 6 Para. 1 lit. b GDPR).

Inquiries from the contact form are saved directly in our CRM ZOHO (see below).

We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.

Communication via email

If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out based on pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. f GDPR. It is in our legitimate interest to process your request quickly and efficiently.

If it is a product or service-related message, we generally process your data based on our legitimate interests in accordance with Art. 6 (1) (b) GDPR.

Please note that we store all incoming emails in accordance with proper accounting principles for a period of ten years, starting from the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.

Communication by telephone or fax

Even if you contact us by telephone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) and/or in our legitimate interest, analogous to contacting you by email.

We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of data processing is achieved.

11. Information for applicants

Data protection regulations within job applications

If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the respective position, using an online form.

Use of the OnlyFy platform

If you apply using the online form, the application process is carried out via the OnlyFy application manager, the provider is New Work SE, Am Strandkai 1, 20457 Hamburg. We have concluded a contract with Onlyfy to process personal data based on our instructions. After accessing the application manager, you will find additional data protection information.

Scope of processing

In principle, as part of an application process, we only process the data that you have provided to us yourself. The use of additional sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.

The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Art. 6 Para. 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this will be done on the legal basis of cGDPR.

Deletion periods for applicant data

We delete applicant data a maximum of 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing no longer exists at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you have the impression that your interests in immediate deletion outweigh your interests, you have the option of requesting us to do so. We will then examine your request and give you feedback.
After the above-mentioned period has expired, your data will be deleted unless we have to defend ourselves, for example in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, unless there are no statutory retention periods.

If we are allowed to store your data for a longer term based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is clear that no position will be available.

Inclusion in our applicant pool

If we are currently unable to offer you a job, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position in the future. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Para. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.

12. CRM system Zoho

Personal data that you have provided to us through a contact request or direct business relationships is processed and maintained by us using a customer relationship management system (CRM system for short).

The provider is ZOHO Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. The data is stored on the servers of ZOHO Corporation BV (ZOHO Netherlands) stored in the Netherlands. If necessary, it is possible for ZOHO to fulfill the service Netherlands data processing processes by ZOHO Corporation PVT. LTD., Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (ZOHO India). In these cases, data transfer and processing also takes place in accordance with the requirements of the data protection standards applicable in Germany/the EU. In order to fulfill the service, we and companies affiliated with us (according to Section 15 AktG) have a contract for data processing with ZOHO Netherlands and ZOHO India closed.

ZOHO's privacy policy can be found at https://www.ZOHO.eu/privacy.html.

The CRM system is cloud-based. For some time now, ZOHO.eu has also been offering servers in Europe (Netherlands and Ireland) to comply with EU data protection guidelines.

ZOHO CRM allows us, among other things, to manage existing and potential customers as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze and optimize our customer-related processes. Customer data is stored on ZOHO CRM 's servers.

The data transmitted to ZOHO is only used for the purpose of contacting you and will only be used for this purpose. This must be agreed to separately. After the first contact, we offer our visitors the opportunity to choose how much or how little they would like to share with us. This data will not be passed on or distributed to third parties.

The use of ZOHO CRM is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in customer administration and customer communication being as efficient as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Paragraph 1 TTDSG, insofar as the consent requires the storage of cookies or access to information on the user's end device (e.g. B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to third countries outside the European Union is based on the EU Commission's standard contractual clauses. For details, see ZOHO CRM's privacy policy: https://www.ZOHO.com/privacy.html and https://www.ZOHO.com/gdpr.html.

Data processing agreement

A Data Processing Agreement has been concluded with the provider ZOHO. This is a contract required by the GDPR and guarantees that the personal data will only be processed in accordance with our instructions.

13. Direct marketing

Direct marketing to existing customers in legitimate interests

We reserve the right to use the data collected as part of a purchase contract or service contract for direct advertising by email or post in accordance with Section 7 Paragraph 3 UWG if the customer does not object or has objected to this use. Direct advertising only includes offers for similar products or services to the products or services the user has already purchased from us.

We use your data for up to three years after the last legal transaction for direct marketing purposes in our legitimate interest.

We have a legitimate, economic interest (Art. 6 Para. 1 lit. f GDPR) in informing our customers about new products and improving our services. Of course, you can object to receiving direct advertising at any time. Direct your objection to the responsible body mentioned above. In each newsletter you will also find information on how you can raise your objection.

Direct marketing based on your consent (Newsletter)

You have the option to give us your consent to receive direct marketing content. If you give your consent (Art. 6 Para. 1 lit. a GDPR), for example to receive our email newsletter, we process your data for the purpose of direct marketing measures via email.

Since we are obliged to check the accuracy of the email address you provided when registering for the newsletter and want to ensure its accuracy, we use procedures that enable us to check the ownership of the email address. As a rule, this check is carried out using the double opt-in procedure. After registering, you will receive an email with a link that you must click to confirm. If the double opt-in procedure is not available due to temporary technical reasons, we will send you an email to which you can reply without text to confirm your identity.

You can revoke your consent at any time with future effect; you will find an “unsubscribe” link in every newsletter. Alternatively, you can send us an email with the subject “Unsubscribe from the newsletter”. We will process your data until you revoke your consent. Statutory retention periods remain unaffected.

After you have been unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

Use of ZOHO CRM

We use ZOHO CRM (see above) to send newsletters.

Our newsletters sent with ZOHO CRM enable us to analyze the behavior of newsletter recipients. Among other things, it can be analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not want analysis by ZOHO CRM, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected.

After you have been unsubscribed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interests.

Data processing agreement

A Data Processing Agreement has been concluded with the provider ZOHO. This is a contract required by the GDPR and guarantees that the personal data will only be processed in accordance with our instructions.

14. Audio and video conferencing with MS Teams

We use the Microsoft Teams tool for communication. Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams data protection declaration: https://privacy.microsoft.com/de-de/privacystatement.

Microsoft Teams processes all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that is necessary to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it will also be stored on the tool provider's servers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the Service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options depend largely on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis

We use Microsoft Teams to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If consent has been requested, the relevant tools will be used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage period

The data we collect directly via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Data processing agreement

We have concluded a Data Processing Agreement with Microsoft. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

15. Webinare via GoToWebinar

GoToWebinar service to hold webinars. The provider is LogMeIn, Inc., 320 Summer Street Boston, MA 02210, USA. Details on data processing can be found in GoToWebinar 's privacy policy: https://www.logmeininc.com/de/legal/privacy. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

When using GoToWebinar, various data is processed. The scope of the data also depends on what data a participant provides before and during participation in a webinar.

User information

  • First name
  • Last name
  • E-mail address
  • personal participation link

To enter the “virtual webinar room”, you must at least provide your name. In addition to your registration details, we will also receive information about the duration of participation, interest in the webinar and questions or answers asked.

User information

  • Theme
  • description (optional)
  • Subscriber IP addresses
  • Device/Hardware Information
  • Webinar date
  • Time of participation


Processing of text, audio and video data You may have the opportunity

To use the chat, question or survey functions in a webinar. In this respect, the text entries you make will be processed in order to display them in the webinar and, if necessary, to record them. If necessary, the organizer of the webinars will give you the opportunity to “share” your screen so that your screen content is also displayed to the other webinar participants and the organizer as well as any moderators/speakers. In order to enable this as well as the display of video and the playback of audio, the data from the microphone of your device and any video camera on the device as well as the video data displayed on your screen are processed for the duration of the meeting. If necessary, you can switch off or mute the camera, microphone and screen sharing at any time using the “GoToWebinar” applications.

Recording webinars

We use “GoToWebinar” to run webinars. Recording webinars is technically possible and is usually done for archiving purposes. If we want to record the webinar in which you are participating, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed to you in the “GoToWebinar” application. If necessary for the purposes of logging and post-processing the results of a webinar, we will log the chat content and questions asked. Participants are prohibited from making any kind of recordings of the webinar. Sound, image or text data may not be recorded, copied or saved. By entering the virtual webinar room you confirm this.

More information

If you access the “GoToWebinar” website, its provider “LogMeIn” is responsible for data processing. You can find this provider's data protection information on its website. A visit to the “GoToWebinar” website is required to use “GoToWebinar” for two purposes:

  • to download the software for using “GoToWebinar”.
  • to register for a webinar.

You can also use “GoToWebinar” if you use the “GoToWebinar” app and enter the access data for the webinar there.

If you do not want to or cannot use the “GoToWebinar” app, the functions can also be used via a browser version, which you can also find on the “GoToWebinar” website.

Legal basis for data processing

If personal data of employees is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “GoToWebinar”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary part of the use of “GoToWebinar”, then Art. 6 Para. 1 lit. f GDPR is Legal basis for data processing. In these cases, our interest is in the effective implementation of webinars.

Furthermore, the legal basis for data processing when conducting webinars is Art. 6 Para. 1 lit. b GDPR, insofar as the webinars are carried out within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 (1) (f) GDPR. Here, too, we are interested in the effective implementation of webinars. If we ask you for your consent for one or more purposes, Art. 6 Para. 1 lit. a GDPR is the legal basis. Consent can be revoked at any time without giving reasons.

Other recipients of personal data

"GoToWebinar” platform, LogMeIn, Inc., necessarily receives knowledge of the above-mentioned data, insofar as this is provided for within the scope of our order processing agreement with “GoToWebinar”. This provider also uses sub-processors. The company provides a current list of these sub-processors on its website.

Data processing agreement

We have concluded a Data Processing Agreement with LogMeIn. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

16. Trainings via reteach

For digital training we use the reteach solution from Susell GmbH (Rosenthaler Straße 38, 10178 Berlin). For the associated use of data, we refer to the data protection information of the provider Susell GmbH, which is exclusively responsible for the corresponding data processing. Susell GmbH 's data protection information can be found at https://www.reteach.com/datenschutz.

Participation in training takes place by sending a personally generated link to the email address you provided.

When using a training platform, the following personal data is processed by us and reteach :

  • First and last name
  • company
  • e-mail address
  • Participation date
  • Name of the training
  • IP address
  • Metadata
  • if necessary image data
  • if necessary, sound data

Legal basis for the processing of personal data in the context of training videos is Art. 6 Para. 1 lit. b GDPR. In addition, we use reteach on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR.

Data processing agreement

We have concluded a Data Processing Agreement with the Susell GmbH. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

17. Jira ticket system

We use the project management tool Jira for ours. The provider is Atlassian, lnc., 1098 Harrison Street, San Francisco, California 94103, USA (data protection information https://www.atlassian.com/legal/privacy-policy).

Jira serves as a tool for our customers to open tickets. In this context, the personal data and content provided in the ticket are processed. Each ticket is assigned a time stamp and a status, which updates as processing progresses.

The personal data processed in tickets will be stored until the purpose of the processing has been achieved and we have to fulfill our obligations to provide proof as part of the customer relationship.

The legal basis for the processing is Art. 6 Para. 1 lit. b GDPR; the use of the ticket system takes place within the scope of the contractual services. We also have a legitimate interest within the meaning of Art. 6 Para. 1lit. f GDPR on the use of an established provider who regularly provides evidence of their compliance obligations. We have concluded a data processing agreement with Atlassian based on the EU standard contractual clauses. The data centers used are located in the European Union.

Data processing agreement

We have concluded a Data Processing Agreement with Atlassian. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

18. Analytics tools and advertising

Google tag manager

We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on his website. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 Paragraph 1 TTDSG, insofar as the consent requires the storage of cookies or access to information on the user's end device (e.g. B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Google analytics

We use the functions of the web analysis service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as: E.g. page views, length of stay, operating systems used and origin of the user. This data is assigned to the user’s respective device. There is no assignment to a user ID.

Furthermore, we can use Google Analytics to record, among other things, your mouse and scrolling movements and clicks. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Data processing agreement

We have concluded a Data Processing Agreement with Google. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available on Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively, for example by analyzing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google ads remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing we can assign people who interact with our online offering to specific target groups in order to then display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you on one device (e.g. cell phone) depending on your previous usage and surfing behavior can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising using the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

Further information and the data protection regulations can be found in Google's data protection declaration at: https://policies.google.com/technologies/ads?hl=de.

Google ads conversion tracking

This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's data protection regulations: https://policies.google.com/privacy?hl=de.

LinkedIn insight day

This website uses the LinkedIn Insight tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing through LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better align our site with the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or other action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function with which we can display targeted advertising outside of the website to visitors to our website, although, according to LinkedIn, the advertising addressee is not identified.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct IDs of LinkedIn members are deleted from LinkedIn after seven days. The remaining pseudonymized data will then be deleted within 180 days.

As the website operator, we cannot assign the data collected by LinkedIn to specific individuals. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use them as part of its own advertising measures. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

If consent has been obtained, the above - mentioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and Section 25 TTDSG. Consent can be revoked at any time. If consent has not been obtained, the use of this service is based on Art. 6 (1) (f) GDPR; The website operator has a legitimate interest in effective advertising measures, including social media.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag Object

To the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. In order to prevent data collected on our website from being linked by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before you visit our website.

Data processing agreement
We have concluded a Data Processing Agreement with LinkedIn. This is a contract required by data protection law, which ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

ZOHO SalesIQ

We use the ZOHO service SalesIQ on our website. The provider is ZOHO Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. The data is stored on the servers of ZOHO Corporation BV (ZOHO Netherlands) stored in the Netherlands. For more details about ZOHO, see the ZOHO CRM passage.

With ZOHO At SalesIQ we collect anonymous usage statistics; IP addresses are stored in abbreviated form. SalesIQ analyzes behavioral data, in particular which pages were viewed and which links were clicked. This allows us to analyze our website visitors and recognize them using cookies and cookie-like technologies. You can find out more about cookies in this data protection declaration.

We also provide a chat function via ZOHO Sales IQ. ZOHO SalesIQ uses cookies and cookie-like technologies for this purpose. The chat can generally be used without providing personal data. It is optional to provide personal data such as name and email address. Chat logs are saved in ZOHO CRM. We only store business-relevant contacts and chat logs. We delete this data when the purpose of processing has been achieved.

If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time. If consent has not been obtained, the use of this service is based on Art. 6 Para. 1 lit. f GDPR; We have a legitimate interest in analyzing user behavior in order to optimize the website.

Zoho PageSense

We use the ZOHO service PageSense on our website. The provider is ZOHO Corporation BV, Beneluxlaan 4B, 3527 HT Utrecht, Netherlands. The data is stored on the servers of ZOHO Corporation BV (ZOHO Netherlands) stored in the Netherlands. For more details about ZOHO, see the ZOHO CRM passage.

When you visit our website, anonymized usage data is collected using the ZOHO PageSense service; the service uses cookies for this purpose. PageSense is used to create heatmaps, A/B tests and funnel analyses. The IP addresses of visitors are anonymized.

If consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time. If consent has not been obtained, the use of this service is based on Art. 6 Para. 1 lit. f GDPR; We have a legitimate interest in analyzing user behavior in order to optimize the website.

19. Plugins and tools on our website

YouTube

This website embeds videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube can store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience and prevent fraud attempts.

If necessary, further data processing operations may be triggered after starting a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of the GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit. a of the GDPR; consent can be revoked at any time.

Further information about data protection at YouTube can be found in their data protection declaration at: https://policies.google.com/privacy?hl=de.

Integration of the applicant platform OnlyFy

On our website we have integrated content from the provider OnlyFy, the provider is New Work SE, Am Strandkai 1, 20457 Hamburg (data protection regulations https://onlyfy.com/de/datenschutz). The purpose is to display job offers and the integration of the applicant platform OnlyFy .

OnlyFy uses cookies; you can find out more about cookies in this data protection declaration. OnlyFy content will only be displayed once you have given your consent. You can grant this, for example, via the cookie settings or revoke it after granting it.

The integration of the OnlyFy Application Platform is based a legitimate interest within the meaning of Art. 6 Para. 1 lit. f of the GDPR. If appropriate consent has been requested, processing is carried out exclusively based on Art. 6 Para. 1 lit. a of the GDPR; consent can be revoked at any time.

Further information on the processing of personal data as part of the application process can be found in this data protection declaration.

20. Our social media presence

Data processing through social networks

We maintain publicly accessible social network profiles. You can find the social networks we use in detail below.

Social networks such as Facebook, Google+ etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot understand all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection regulations of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are responsible, together with the operator of the social media platform, for the data processing operations triggered by this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) both. us as well as against the operator of the respective social media portal.

Please note that despite our shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.

Storage period

The data we collect directly via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).

Social networks in detail

Google/Youtube

We have a profile on Google+. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://adssettings.google.com/authenticated. Details can be found in Google's privacy policy: https://policies.google.com/privacy.

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Details on how they handle your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

21. Additional data protection information for our business partners

Data categories and purposes of processing

We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we generally only process it for the purposes for which we received or collected it. As a rule, we process the following categories of data from you

  • First and last name
  • Address and/or company address
  • Telecommunications data
  • E-mail address
  • company
  • professional function and/or position
  • Bank details/other payment details
  • Data on the history of the business relationship

As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. B. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.

On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).

Data processing for other purposes is only possible if the necessary legal requirements in accordance with Art. 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Art. 13 Paragraph 3 GDPR and Art. 14 Paragraph 4 GDPR.

Legal basis on which we process your data

Based on your consent (Art. 6 Para. 1 lit. a GDPR)
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed based on your consent, you have the right to revoke your consent to us at any time with future effect.

Data processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and is carried out at your request.

Data processing is based on a legal obligation (Art. 6 Para. 1 lit. c GDPR).
Like every company, we have retention obligations and fulfill other documentation requirements, this may also apply to documents containing personal information. To the extent that we process data for these purposes, the processing takes place on the basis of a legal obligation.

Data processing based on a balancing of interests (Art. 6 Para. 1 lit. f GDPR)

If we process data on the basis of a balancing of interests, you as the data subject have the right to the processing of personal data, taking into account the provisions of Art. 21 GDPR to contradict. To the extent that the specific purpose permits, we process your data pseudonymously or anonymously.

Other recipients of your data

Transfer to processors within the scope of Art. 28 GDPR
Processors we use (Art. 28 GDPR), particularly in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. When we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contracts for order processing have been concluded. We would be happy to let you know which processors we use.

To carry out a contractual relationship
If it is necessary to carry out the contract with you, we pass on your data, for example, to our bank to process payments or shipping service providers such as German Post, DHL, UPS, GSL, DPD or other event-related providers.

Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).

Other places, insofar as you have given us your consent.
If you have given your explicit consent, we will also pass on your data to other places. However, this occurs within the limits provided you have verifiable consent.

Information on deletion periods for personal data

Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.

In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), can usually be three years, but in certain cases can also be up to thirty years. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.

As a rule, such retention periods in the context of legal transactions (according to §147 AO / §257 HGB / §14b UstG) are 10 years, starting with the year following the legal transaction.

Specific example
If you provide us with your contact details, for example by email, telephone, or by handing over your business card, we will store this data on the basis of pre-contractual measures and in accordance with Art. 6 Para. 1 lit. b of the GDPR Interest (Art. 6 Para. 1 lit. f GDPR) in smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for ten years until the commercial and tax requirements expire. After this period, we check whether we can delete the data and, if necessary, delete it.

E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an email, your data and the entire email content will be stored for 10 years. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual email is not proportionate to the benefit and legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual case check and inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.

Revocation of your consent
If we process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation. Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only retain the consent subject to restriction of processing to be able to defend ourselves in the event of a dispute.

Legal or contractual obligation to provide personal data

The provision of personal data is regularly necessary for the initiation, conclusion, processing, and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.

Transfer to a third country

We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, considering suitable guarantees or other suitable guarantees.

22. Cookie overview

Funktionale cookies

Functional cookies assist in performing certain functions, such as sharing the content of the website on social media platforms, collecting feedback and other third-party functions.

_zcsr_tmp     accounts.zoho.eu     session

Zoho sets this cookie for the login function on the website.

lidc     .linkedin.com     1 day

LinkedIn sets the lidc cookie to facilitate the selection of the data center.

UserMatchHistory .linkedin.com

LinkedIn sets this cookie for synchronization with the LinkedIn ad ID.

li_gc .linkedin.com     1 month

Linkedin sets this cookie to store the visitor's consent to the use of cookies for non-essential purposes.

Analyse cookies

Analysis cookies are used to understand how visitors interact with the website. These cookies are used to make statements about the number of visitors, bounce rate, origin of visitors, etc.

iamcsr      accounts.zoho.eu   session

Zoho account sets this cookie to track visitors.

AnalyticsSyncHistory     .linkedin.com     1 month

Linkedin sets this cookie to store information about the time of a synchronization with the lms_analytics cookie.

Advertising cookies

Advertising cookies are used to deliver tailored advertising to visitors based on the pages they have previously visited and to analyze the effectiveness of advertising campaigns.

li_sugr      .linkedin.com     3 month

LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.

bcookie      .linkedin.com     1 year

LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.

bscookie      .www.linkedin.com     1 year

LinkedIn sets this cookie to store actions performed on the website.

Not categorized cookies

Other uncategorized cookies are those that are analyzed and have not yet been categorized.

d18efd344f      forms.zohopublic.eu     session

No description available.

d4bcc0a499 accounts.zoho.eu     session

No description available.

Cookie settings

We use cookies to offer you an optimal website experience. These include cookies that are necessary for the operation of the site and for the control of our commercial business objectives, as well as those that are only used for anonymous statistical purposes, for comfort settings or to display personalized content. You can decide for yourself which categories you wish to allow. Please note that based on your settings, not all functionalities of the site may be available.

Optimize cookie settings

x