Privacy Policy
General
We treat your personal data confidentially, taking into account the applicable legal requirements. This privacy policy discusses our handling of your personal and your other usage data that we receive from you.
Data protection information on all other processing operations is available here
GENERAL NOTES
1. Responsible entity
Significant Bit Software AG
Carl-Metz-Str. 4
76275 Ettlingen
Phone: +49 7243 348 854 – 0
Web: https://www.sibitag.com
E-mail [email protected]
2. data protection officer
If you have any concerns about data protection, you can also contact our external data protection officer:
aubex GmbH
1st Industriestrasse 28
68766 Hockenheim
[email protected]
If you have any questions about this data protection notice or about the processing of your personal data by us, or if you wish to exercise your data protection rights, please use the following contact options: Email [email protected]
3. Definitions
a) Personal data
Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person. This includes information such as your name, address, telephone number and date of birth. We collect, process or use your personal data only for the purposes for which these data were provided to us by you. Your personal data provided to us will not be passed on to third parties without your consent. Excluded from this are cases in which we are obliged to hand over the data due to mandatory legal regulations.
b) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
WEBSITE VISIT
1. Usage-related data
Each web server automatically registers web page accesses. When you visit our website, our web server temporarily stores each access in a log file (server log files). The following data is recorded and stored until automated deletion:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Quantity of data transferred
- Message indicating whether the retrieval was successful
- Identification data of the browser and operating system used
- Website from which the access was made
- Name of your Internet access provider
The processing of this data enables the use of the website (connection establishment) and serves the system security, the technical administration of the network infrastructure and the optimization of the Internet offer.
Our web server is configured by default so that the log files are automatically deleted every 14 days. However, we reserve the right to temporarily extend the storage time of the log files (manually) or individual IP addresses (manually or automatically) if this is necessary for legitimate security reasons.
The recipient of the data is our web hosting provider. A transfer of data to a third country does not take place. The basis for the temporary storage of the data and the log files is our legitimate interest pursuant to Art. 6 para. 1 lit. f DS-GVO.
2. web hosting
In order to provide our online offer efficiently, we use the services of web hosting providers. Thus, our online offer can be managed by their servers. This further includes the provision of infrastructure and platform services, computing capacity, storage space as well as necessary security services.
To be able to provide our online offer efficiently, we use the services of web hosting providers.
The data processed in the context of the provision of the hosting offer may include all information relating to the users of our online offer, which is generated in the course of use and communication. This includes:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Transferred amount of data
- Message whether the retrieval was successful
- Identification data of the browser and operating system used
- Website from which the access was made
- Name of your Internet access provider
We collect data on each access to the server (so-called server log files). They are used to analyze attacks on our website and for technical error analysis. The following information is collected:
- the URL you requested
- browser type/browser version
- operating system used
- HTTP response code
- Referrer URL
- host name of the accessing computer
Receivers of the data are web hosting providers contracted by us. A contract for commissioned processing in accordance with Art. 28 DS-GVO has been concluded with the service providers in each case. The applicable legal basis for the use of web hosting providers and the temporary storage of data (log files) is Art. 6 para. 1 lit. f DS-GVO.
Appointed service providers:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Data protection Hetzner: https://www.hetzner.com/de/rechtliches/datenschutz
3. cookies
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. These cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. In the process, usage data (e.g. web pages visited, interest in content, access times) as well as meta/communication data (e.g. device information, IP addresses) are processed.
When calling up our website, the user is informed about the use of cookies for analysis purposes and consent to the processing of personal data used in this context is obtained. In this respect, a reference to this privacy policy is also made. Depending on the cookie type, the processing of cookie data is based on your consent (Art. 6 para. 1 lit. a DS-GVO) or on the basis of our legitimate interest (Art. 6 para. 1 lit. f DS-GVO).
For this purpose, our website uses a cookie consent service from Consent Manager Provider to obtain consent for the storage of certain cookies on end devices and to document this in accordance with data protection law. The provider of this service is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter referred to as “Consent Manager Provider”).
When you enter our website, a connection is established to Consent Manager Provider’s servers to obtain your consents and other declarations regarding cookie use. Subsequently, Consent Manager Provider stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation.
The data collected in this way is stored until you request us to delete it, delete the Consent Manager Provider cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
The use of Consent Manager Provider takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DS-GVO.
By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website in full.
Under the following links you can find out how to manage (including deactivate) cookies in the most important browsers:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Vendor list of cookies used
Cookie info list:
You can change your settings regarding cookies at any time by clicking on the Consent Manager icon, in the lower left corner.
4. SSL CONNECTION
Our website uses SSL encryption when transmitting confidential or personal content from our users. This encryption is activated, for example, when processing payment transactions as well as when you make inquiries to us via our website. Please make sure that SSL encryption is activated by your side during corresponding activities.
The use of encryption is easy to recognize: The display in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information when SSL encryption is activated and contact us in case of doubt.
5. Contact, e-mail by click
It is possible to contact us via the e-mail addresses provided by us or via the contact form. In this case, the personal data of the user transmitted with the e-mail or the contact form will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
Legal basis for the processing of personal data transmitted in the course of sending an e-mail or contact request is Art. 6 para. 1 lit. f DS-GVO. If the e-mail contact aims at the conclusion of a contract, the processing is furthermore subject to Art. 6 para. 1 lit. b DS-GVO.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data sent by e-mail or form, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. If you send us inquiries by contacting us, your information, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
We will only use the data for the aforementioned purposes and store it in accordance with the statutory retention period. Any further use of the data from the contact form will only be used in an anonymous manner for statistical purposes (e.g. number of requests, success rate of requests, etc.).
6. newsletter
You have the option to sign up for our newsletter on our website. We send newsletters and emails with promotional information only with the express consent of the recipients or a legal permission. Our newsletters contain information about products, promotions, events and news.
To sign up for the newsletter, your email address is required. Optionally, we ask you to provide your first and last name. This information is only used to personalize the newsletter. In addition, we also process the following information (personal data) from you:
- Email address
- Date and time
- IP address
- Action type
- Action metadata
In order to be able to map the proof of consent and unsubscription in a legally compliant manner, we keep the following data on the events of subscription, modification, confirmation, unsubscription of the newsletter for each user profile that is created with an e-mail address confirmed by double opt-in procedure:
- Date and time
- IP address
- Online identifiers
For the processing of data, your consent is obtained during the online registration process and reference is made to this privacy policy. The online registration for our newsletter is carried out in a double opt-in process, i.e. you will receive a confirmation e-mail after the online registration, in which you will be asked to confirm the registration you have made. This process is necessary so that no one can register with other people’s e-mail addresses.
The newsletter is sent by the service “Mailchimp” of the company Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (hereinafter referred to as Mailchimp).
The email addresses of our recipients, as well as the previously mentioned data, are stored on the servers of the shipping service provider. Mailchimp uses this information to send and evaluate the newsletter as part of an order processing in accordance with Art. 28 DS-GVO.
With the help of the shipping service provider, we analyze the success and reach of our newsletter (campaigns). In doing so, we evaluate, for example, in particular whether you open a newsletter or how you otherwise proceed with the newsletter. For this purpose, the newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from the dispatch service provider’s server when you open the newsletter. As part of this retrieval, technical information about the browser and your system, as well as your IP address and the time of retrieval are collected. The purpose of this collection is the technical improvement of the service. In addition, data is collected to determine whether and when the newsletter was opened and which links were clicked.
The legal basis for the processing of personal data required for the technical provision of the newsletter to you, as well as for the processing of cookie and measurement data is your consent pursuant to Art. 6 (1) lit. a DS-GVO. The legal basis for processing the other personal data is our legitimate interest pursuant to Art. 6 (1) lit. f DS-GVO. We have a legitimate interest in being able to prove the consent you have given.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. For this purpose, you will find a link to unsubscribe from the newsletter at the end of each newsletter.
Notes on third country transmission
We would like to point out that Mailchimp is a service provider from the USA and thus a data transmission to a third country takes place. Here, it cannot be ruled out that third parties, such as government authorities, gain knowledge of this data.
We have concluded a contract with Mailchimp for commissioned data processing in accordance with Art. 28 DS-GVO, which includes the standard contractual clauses. In addition to these, Mailchimp has assured us in the event of a governmental request to proceed as follows:
If Mailchimp receives a mandatory request (whether by subpoena, court order, search warrant or other valid legal process) from a governmental or other authority (including law enforcement authorities) for access to or information about an associated Mailchimp account (including customer data) for a customer whose primary contact information indicates that the customer is located in Europe, Mailchimp undertakes:
(i) notify the Governmental Authority that Mailchimp is a Processor;
(ii) attempt to ask the Agency to request the Data directly from Customer; and
(iii) notify Customer of the request by email to Customer’s primary contact email address so that Customer may seek an appropriate remedy.
As part of these efforts, Mailchimp may provide Customer’s contact and billing contact information to the government agency.
Mailchimp is not obligated to comply with this procedure if it conflicts with any law or if, in the reasonable judgment and good faith belief that urgent access is necessary, there is an imminent risk of serious harm to an individual’s public safety or to Mailchimp’s property, websites or services.
For more information, please contact our processor:
The Rocket Science Group LLC d/b/a Mailchimp
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
https://mailchimp.com/legal/data-processing-addendum/
Tools
1. Google Analytics
On our website, we use the web tracking service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: Google Analytics).
Google Analytics uses cookies as part of web tracking, which are stored on your computer and allow an analysis of the use of our website and your browsing behavior (so-called tracking). We perform this analysis based on the tracking service of Google Analytics in order to constantly optimize our website and make it more available. In the course of using our website, data, in particular your anonymized IP address and your user activities, are transmitted to servers of the company and may be processed and stored outside the European Union, e.g. in the USA. As a precaution, we point out that data transmission to a third country outside the EU may involve risks.
By activating IP anonymization within the Google Analytics tracking code of this website, your IP address will be anonymized by Google Analytics before transmission. This website uses a Google Analytics tracking code that has been extended by the operator “gat._anonymizeIp()” to enable only anonymized collection of IP addresses (so-called IP masking).
Legal basis for the processing of personal data is Art. 6 para. 1 lit. a DS-GVO, their consent.
On our behalf, Google will use this information to anonymously evaluate your visit to this website, compile reports on website activity and provide other services related to website and internet use to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data.
Google will store the data relevant to the provision of web tracking for as long as is necessary to fulfill the booked web service. The data collection and storage is anonymized. If there is a reference to a person, the data will be deleted immediately, provided that it is not subject to any legal obligations to retain data. In any case, the deletion takes place after the expiry of the retention obligation.
You can object to the processing at any time by changing your settings via the Consent Manager icon in the lower left corner.
You can further prevent the collection and forwarding of personal data to Google (in particular your IP address) as well as the processing of this data by Google by disabling the execution of script codes in your browser, installing a script blocker in your browser (this can be found, for example, at www.noscript.net or www.ghostery.com) or activating the “Do Not Track” setting of your browser. You can also prevent the collection of data generated by the Google cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at http://tools.google.com/dlpage/gaoptout?hl=de
The security and privacy policies of Google Analytics can be found at http://www.google.com/intl/de/analytics/learn/privacy.html
2. Google Adwords and Google Conversion Tracking
This website uses the online advertising program “Google AdWords” and as part of it the “Conversion Tracking”. Operator of the services of “Google AdWords” is the Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The storage of “conversion cookies” is based on our legitimate interest pursuant to Art. 6 (1) lit. a DS-GVO, your consent.
“Google AdWords” allows us to place ads in the search engine results of Google as well as in the Google advertising network. For this purpose, certain keywords are defined in advance, by means of which an ad is displayed in Google’s search engine results exclusively when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.
In the process, a cookie is set on your computer by “Google Adwords” if you have reached our website via a Google ad. This cookie loses its validity after 30 days and is not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user has clicked on the ad and was redirected to this page.
The information collected using the conversion cookie is used to create conversion statistics. We learn the total number of users who clicked on our ads and were redirected to a page tagged with a conversion tracking tag. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. Here, a data transfer to the USA takes place, we point out as a precaution that a data transfer to a third country outside the EU may be fraught with risks.
You can object to the processing at any time by revoking your consent in our ConsentManager.
Users who do not wish to participate in tracking can easily disable the Google conversion tracking cookie via their Internet browser under user settings. These users will not be included in the conversion tracking statistics.
You can prevent participation in this tracking process in several ways:
1. For our site, you can revoke your consent at any time by adjusting your settings regarding cookies via the Consent Manager icon in the lower left corner.
2. by adjusting your browser software settings accordingly, in particular, the suppression of third-party cookies will result in you not receiving ads from third parties;
3. by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;
4. by disabling interest-based ads from vendors that are part of the About Ads self-regulatory campaign at the link http://www.aboutads.info/choices, which setting will be deleted when you delete your cookies;
5. By permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin
For more information about Google’s privacy policy, please visit http://www.google.de/intl/de/privacy.html
3. Google Analytics Remarketing
We use the application “Google Remarketing”. The operator of the services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The aggregation of the collected data in your Google account is based solely on your consent pursuant to Article 6 (1) a DS-GVO, which you can give or revoke at Google. If you do not have a Google account or have objected to the aggregation, the collection of data is based on Art. 6 (1) lit. f DS-GVO. Our legitimate interest lies in the anonymized analysis of our website visitors for advertising purposes.
“Google Remarketing” allows you to display our advertisements after visiting our website during your further internet use. This is done by means of cookies stored in your browser, via which your usage behavior is recorded and evaluated by Google when you visit various websites. According to Google, the data collected in the course of remarketing is not merged with your personal data, which may be stored by Google, as a pseudonym is used. Here, a data transfer to the USA takes place, we point out as a precaution that a data transfer to a third country outside the EU may be fraught with risks.
You can permanently object to cross-device remarketing by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/
Further, you can make the disabling of interest-based ads via the following options:
1. For our site, you can revoke your consent at any time by adjusting your settings regarding cookies via the Consent Manager icon in the lower left corner.
2. by adjusting your browser software settings accordingly, in particular, the suppression of third-party cookies will result in you not receiving ads from third parties;
3. by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;
4. by disabling interest-based ads from vendors that are part of the About Ads self-regulatory campaign at the link http://www.aboutads.info/choices, which setting will be deleted when you delete your cookies;
5. By permanently disabling them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin
For more information about Google’s privacy policy, please visit http://www.google.de/intl/de/privacy.html
4. Hotjar
This website uses the web analytics service Hotjar from the provider Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (hereinafter: Hotjar).
We use Hotjar to better understand the needs of our users and to optimize the offer and experience on this website.
With the help of Hotjar’s technology, we get a better understanding of our users’ experience (e.g. how much time users spend on which pages, which links they click, what they like and don’t like, etc.) and this helps us to tailor our offering based on our users’ feedback. Hotjar works with cookies and other technologies to collect data about our users’ behavior and about their devices, in particular
- Device IP address (collected and stored only in anonymized form during your website use),
- Screen size,
- Device type (unique device identifiers),
- Information about the browser used,
- Location (country only),
- preferred language used to view our website,
Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf. The data is processed exclusively within the EU.
We have concluded a contract with HotJar for commissioned processing in accordance with Art. 28 DS-GVO.
The legal basis for the processing is your consent in accordance with Art. 6 (1) lit. a DS-GVO. You can revoke your consent at any time in the settings of our Consent Manager. You can prevent the collection of your data by Hotjar at any time when visiting a Hotjar-based website by going to the Hotjar opt-out page www.hotjar.com/legal/compliance/opt-out and clicking disable Hotjar.
For more information, see the ‘about Hotjar’ section on Hotjar’s help pages: https://help.hotjar.com
Social Media
1. Facebook Corporate Presence
We appreciate your visit to the page we operate at https://www.facebook.com/sibit.ag (hereinafter “Facebook Page”) and inform you in this Privacy Policy about how personal data is processed in connection with your visit to or interactions with our Facebook Page or your content.
a) Controller
A controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data. If two or more controllers jointly determine the purposes of and means for the processing, they are jointly controllers.
- If you submit personal data to us via our Facebook page and we alone decide on the purposes and means of the processing, we are the sole data controller.
- In so far as personal data are processed in connection with our Facebook page and Facebook alone decides on the purposes and means of the processing, Facebook Ireland Limited (hereinafter “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the sole controller of the processing.
- To the extent that personal data is processed by Facebook and us in connection with our Facebook page or with your content, and we contribute to the decision on the purposes and means of such processing, Facebook and we are joint data controllers within the meaning of Article 26 (1) sentence 1 DS-GVO and in accordance with the decision of the European Court of Justice of June 5, 2018.
We assume that the scope of joint responsibility extends exclusively to the processing of so-called “Insights data”. Insights data are thereby personal data that are collected and processed in connection with a visit to or interaction of persons with a page and its content, to the extent that this is done under the influence and control of the person responsible for the page and for the purpose of creating and evaluating “page insights”.
b) Sole responsibility in the context of providing a Facebook page
Our Facebook page offers you the opportunity to respond to our posts, comment on them, create a post yourself and send us private messages. Please carefully consider what personal information you share with us through Facebook. If you would like to avoid that Facebook processes personal data transmitted by you to us, please contact us by other means.
In addition to the content transmitted by you, information about your profile, your likes and your posts are accessible to us depending on your privacy settings.
We process the data provided by you in this context and accessible to us, if applicable, to protect our legitimate interests in communicating with customers and interested parties, which prevail in the context of a balancing of interests. It is in our interest to offer you a platform on which we can display up-to-date information and with the help of which you can address your request to us and we can respond to your request as quickly as possible. This is also our legitimate interests in data processing according to Art. 6 para. 1 p. 1 lit. f DS-GVO.
Your data will be deleted, insofar as it is possible for us, when we cease to operate our Facebook page. If further storage of this data by Facebook takes place, this is governed exclusively by the provisions in their data policy and terms of use.
c) Shared responsibility in the context of page insights
Page insights are statistics that Facebook makes available to us. Insights are various statistics that give us information about the use of our Facebook page. Detailed information on this can also be found at https://www.facebook.com/legal/terms/information_about_page_insights_data
We process the page statistics provided to us and the Insights data collected for their creation under joint responsibility to protect our legitimate interests in improving our information offering, which are overriding in the context of a balancing of interests pursuant to Art. 6 para. 1 p. 1 lit. f DS-GVO. We have a legitimate interest in being able to track user behavior on our Facebook page. In particular, this enables us to record the reach and effectiveness of our campaigns, postings and other activities through processed statistics. This enables us to continuously optimize our website and our offer in line with demand. This also represents the purpose of the processing for us.
Only data of persons who have agreed to the terms of use and the data policy of Facebook in the context of your registration with the Facebook platform are processed for the Insights data processed under joint responsibility. In Facebook’s data policy, reference is made to the intention of this processing under the item “Partners using our analytics services”.
In the following, we provide you with the essential information of the agreement concluded between Facebook and us (https://www.facebook.com/legal/terms/page_controller_addendum) pursuant to Art. 26 DS-GVO.
We and Facebook have agreed in the Page Insights Supplement regarding the controller (hereinafter “Joint Responsibility Agreement”) within the meaning of Art. 26 (1) p. 2 DS-GVO, that Facebook assumes primary responsibility with regard to the processing of Insights data for the fulfillment of all obligations and, in particular, for the exercise of data subject rights pursuant to the DS-GVO.
This means in particular:
- Facebook assumes the necessary information obligations (e.g. Art. 13 DS-GVO)
- Data subject rights can be asserted against Facebook (e.g. right to information or deletion, objection to data processing or a revocation of any consent given
- Safeguarding the technical and organizational measures of data processing
Facebook provides comprehensive information with regard to data processing at www.facebook.com (Art. 13 DS-GVO). In order to provide you with an overview of the essential information, we also refer to the content provided by Facebook within the scope of this privacy notice.
Notwithstanding Facebook’s agreed primary responsibility, you can of course also assert your rights under the GDPR directly against us. We will immediately forward this request to Facebook via a form provided for this purpose.
The agreement regarding the responsible party supplements the guidelines for pages, groups and events and the terms of use to which we have agreed as part of the operation of our Facebook page. We implicitly agree to the agreement regarding the responsible party by operating our Facebook page.
d) Types or categories of data concerned:
Facebook may process the following data in particular:
- User interaction (click behavior, postings, likes, viewing videos, page views, etc.)
- Cookies
- Demographic characteristics (age, gender, state, etc.)
- IP address
- System and device information (e.g. browser type, operating system, etc.)
The exact processing of your data when visiting our Facebook page depends on whether you have a Facebook account or not. Provided that you have an account with Facebook, Facebook can permanently assign the data to your account in order to learn more about you in this way.
Even if you do not have an account with Facebook, Facebook can store your data. This can happen through the use of cookies. These are mostly small text files that are stored on your respective device. Various information is written to this text file, which can be read out again at a later time. This makes it possible for Facebook to store and process information about you even without you having a Facebook account. You can find more detailed information about Facebook’s cookies at https://de-de.facebook.com/policies/cookies/
As part of Insights usage, we only receive anonymized statistics from Facebook about the use of our fan page. For us, it is only recognizable how many users have carried out certain interactions, but not which user has carried out a certain action. The statistics of the Insights data does not allow us to draw any conclusions about a person.
e) Your rights
You basically have the following rights:
- Right of access (Art. 15 DS-GVO)
- Right of rectification (Art. 16 DS-GVO)
- Right of opposition (Art. 21 DS-GVO)
- Right to erasure (Art. 17 DS-GVO)
- Right to restriction of processing (Art. 18f. DS-GVO)
- Right to data portability (Art. 20 DS-GVO)
You have the right to revoke consent once given at any time with effect for the future, without affecting the lawfulness of the processing carried out on the basis of the consent up to the revocation.
You can assert these rights directly against Facebook or against us (see section “II. Responsibility with regard to the processing of Insights data”). If you wish to assert your rights against us, please contact us at the e-mail address [email protected]
For questions regarding data protection law, our data protection officer is also available at [email protected]
Regarding the processing by cookies, you have a right of objection. In your browser settings, you can restrict or completely prevent the setting of cookies. You can also arrange for the automatic deletion of cookies when closing the browser window.
Under https://de-de.facebook.com/policies/cookies/ you can also adjust your settings for the use of cookies. Here you will find under the sections “If you have a Facebook account” (Facebook account available) and “Public” (no Facebook account available), you will find information on how to object to the processing vis-à-vis Facebook.
You can determine the storage period of the cookies via your browser by displaying the cookies (usually by clicking on the “i” next to the address bar, e.g. in Firefox or Google Chrome).
We would also like to point out that we have no influence on the data processing carried out by Facebook in connection with cookies. Visiting our Facebook page is also possible if you configure your browser so that no cookies are stored by the Facebook platform.
2. Instagram Corporate Presence
If you visit us on our online presence within Instagram, your data will be processed outside the European Union. As the operator of our Instagram page, we are jointly responsible with the operator of the social network Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) within the meaning of Article 4 No. 7 of the GDPR.
When you visit our Instagram page, personal data is processed by the responsible parties. The data processing is based on our legitimate interest in an optimized company presentation in accordance with Art. 6 (1) lit. f DS-GVO.
The processing of the information serves market research and advertising purposes. From the usage behavior, usage profiles of the visitors can be created. For this purpose, cookies are stored on the computers of the users, which facilitate the creation of user profiles. User profiles enable individualized advertising measures to be carried out and targeted advertisements to be placed.
The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union. As a precaution, we point out that a data transfer to a third country outside the EU may be subject to risks. You can find out what information Instagram receives and how it is used in general form in Instagram’s data usage guidelines. There you will also find information on how to contact Instagram as well as on the settings options for advertisements. The Data Use Policy is available at the following link:
http://instagram.com/about/legal/privacy/
3. YouTube CHANNEL
We use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We would like to point out that you use our YouTube channel and its functions on your own responsibility. This applies in particular to the use of the “Discussion” function.
a) Data processing by Google
Information on what data is processed by Google and for what purposes can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de&gl=en#infocollect
We have no influence on the nature and extent of the data processed by Google, the manner of processing and use or the disclosure of such data to third parties. Nor does it have any effective means of control in this respect.
With the use of Google, your personal data is collected, transferred, stored, disclosed and used by Google and, in the process, transferred to the United States, Ireland and any other country in which Google does business, and stored and used there, regardless of your place of residence. There is a transfer to Google-affiliated companies and other trusted companies or persons who process them on behalf of Google.
Google processes on the one hand your voluntarily entered data such as name and username, email address, phone number. Also, Google processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location based on GPS data, wireless network information, or your IP address in order to send you advertising or other content. For analysis, Google may use analytics tools such as Google Analytics. We have no influence on the use of such tools by Google. If tools of this type are used by Google for our company’s YouTube channel, we have neither commissioned this nor supported it in any other way.
Nor are the data obtained during the analysis made available to us. Only the subscribers’ profiles can be viewed via the account. Moreover, we have no way to prevent or disable the use of such tools on our YouTube channel.
Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information.
Options to restrict the processing of your data are available in the general settings of your Google account. In addition to these tools, Google also offers privacy settings specific to YouTube. You can learn more about this in Google’s guide to privacy in Google products: https://policies.google.com/technologies/product-privacy?hl=de&gl=en
You can find more information about these points in Google’s privacy policy under the term “Privacy settings”: https://policies.google.com/privacy?hl=de&gl=en#infochoices
b) Data processing by us
We also process your data when you communicate with us via YouTube. Within the YouTube platform, you have the option to mark our videos with a “I like” or “I don’t like”. You also have the option to leave comments. Please check carefully which personal data you transmit to us via YouTube. If you would like to avoid that Google processes personal data transmitted by you to us, please contact us by other means.
We process data that you provide in this context and that are accessible to us to protect our legitimate interests in communicating with customers and interested parties, which outweigh our interests in the context of a balancing of interests. Our interest lies in offering you a platform on which we can display current information and with the help of which you have the opportunity to provide feedback on our products and services. This is also our legitimate interests in data processing according to Art. 6 para. 1 p. 1 lit. f DS-GVO.
Please note that in addition to the data and content actively submitted by you, we may also have access to further information about your user profile, your posts and, for example, “Like” comments. Access to this information depends on the privacy settings you have made in your YouTube user account.
Google explains how to review and change your privacy and data protection settings here:
https://support.google.com/youtube/answer/9315727?hl=de&ref_topic=9386940, https://support.google.com/policies/answer/9581826?p=privpol_privts&hl=en&visit_id=637217551183067910-377434558&rd=1
To the extent we are able to do so, and to the extent we have also processed the data outside of YouTube (e.g. e.g. by sending you an email), the data you have actively communicated will be deleted by us when the purpose for processing ceases to apply, i.e. specifically after the contact with you has finally ended. This does not apply to data stored by Google’s system as part of our communication; we have no influence on the deletion of this data. Mandatory legal retention periods remain unaffected by this.
4. XING
We offer a company profile via XING and use the technical platform and services of XING SE, Dammtorstraße 30, 20354 Hamburg for this purpose. We would like to point out that you use this XING site and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access parts of the information offered via this page on our website.
During your visit, XING collects, among other things, your IP address and other information in the form of cookies on your PC. This information is used to provide us, as the operator of the XING pages, with statistical information about the use of the XING site.
XING provides more detailed information on this under the following link: https://www.xing.com/terms
Please check carefully what personal data you share with us via XING. As long as you are logged into your XING account and visit our XING profile, XING can associate this with your XING profile.
We expressly point out that XING stores the data of its users (e.g. personal information, IP address, etc.) and may also use this for business purposes.
For more information on data processing by XING, please refer to XING’s privacy policy at https://privacy.xing.com/en/privacy-policy
We have no influence on the data collection and further processing by XING. Furthermore, it is not apparent to us to what extent, where and for how long the data is stored, to what extent XING complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you would like to avoid XING processing personal data that you have transmitted to us, please contact us by other means.
The data collected about you in this context will be processed by XING Ltd. and, if necessary, transferred to countries outside the European Union. XING describes in general terms what information XING receives and how it is used in its data usage guidelines. There you will also find information on how to contact XING and on the setting options for advertisements.
The way in which XING uses the data from visits to XING pages for its own purposes, the extent to which activities on the XING page are assigned to individual users, how long XING stores this data and whether data from a visit to the XING page is passed on to third parties is not conclusively and clearly stated by XING and is not known to us.
We are the data controller insofar as we ourselves exclusively process the data you send us via XING. To the extent that the data you provide to us via XING is also or exclusively processed by XING, XING Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also the data controller in addition to us.
You can contact XING’s data protection officer via the contact form provided by XING at https://privacy.xing.com/de/ihre-ansprechpartner
When accessing a XING page, the IP address assigned to your end device is transmitted to XING. According to XING, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. XING also stores information about its users’ end devices (e.g. as part of the “login notification” function); this may enable XING to assign IP addresses to individual users.
If you are currently logged in to XING as a user, a cookie with your XING ID is stored on your end device. This enables XING to track that you have visited this page and how you have used it. This also applies to all other XING pages. XING buttons embedded in websites enable XING to record your visits to these website pages and assign them to your XING profile. Based on this data, content or advertising can be offered tailored to you.
If you wish to avoid this, you should log out of XING or deactivate the “stay logged in” function, delete the cookies present on your device, and exit and restart your browser. This deletes XING information that can be used to identify you directly.
This allows you to use our XING site without revealing your XING identifier. When you access interactive features of the site (like, comment, share, news, etc.), a XING login screen will appear. After any login, you are again recognizable to XING as a specific user.
We ourselves collect personal data when you contact us via contact form or Messenger, for example. You can see which data we collect when you contact us via contact form from the relevant contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f DS-GVO.
If your contact via XING is intended as the basis for a contract for the provision of services with us, we will additionally process the data you provide to us in this context pursuant to Art. 6 (1) lit. b DS-GVO in the event that a contract is concluded.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail or form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. If you send us inquiries by contacting us, your information, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
We will only use the data for the aforementioned purposes and store it in accordance with the statutory retention period.
In addition, XING collects personal data on its own responsibility. You can find out how XING processes data in XING’s privacy policy at https://privacy.xing.com/de/datenschutzerklaerung
5. LinkedIN
We offer a company profile via LinkedIN and access the technical platform and services of LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA; hereafter: LinkedIn) back.
You have the opportunity to contact us via this platform if you yourself have a profile there. We point out that you use this site and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When visiting this platform, LinkedIn collects, among other things, your IP address and other information that is present in the form of cookies on your PC. This information is used to provide us, as the operator of this site, with statistical information about the use of this site.
The data collected about you in this context will be processed by LinkedIn and, if necessary, transferred to countries outside the European Union. What information LinkedIn receives and how it is used is described in general terms by LinkedIn in its data usage guidelines and privacy policy. There you will also find information on how to contact LinkedIn. The data use policy and full data policy are available at the following link: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
In what way LinkedIn uses data from visits to LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties, is not known to us.
When accessing a LinkedIn page, the IP address assigned to your end device is transmitted to LinkedIn. LinkedIn also stores information about the end devices of its users (e.g., as part of the “login notification” function); if necessary, LinkedIn is thus able to assign IP addresses to individual users.
If you are currently logged in to LinkedIn as a user, a cookie with your LinkedIn identifier is located on your end device. This enables LinkedIn to track that you have visited this page and how you have used it. This also applies to all other LinkedIn pages. Via LinkedIn buttons embedded in websites, it is possible for LinkedIn to record your visits to these website pages and assign them to your LinkedIn profile. Based on this data, content or advertising can be offered tailored to you.
If you want to avoid this, you should log out of LinkedIn or deactivate the “stay logged in” function, delete the cookies present on your device and exit and restart your browser. In this way, LinkedIn information through which you can be directly identified will be deleted. This allows you to use our LinkedIn page without revealing your LinkedIn identifier. When you access interactive features of the site (like, comment, share, news, etc.), a LinkedIn login screen will appear. After any login, you are again recognizable to LinkedIn as a specific user.
There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation. The legal basis for the processing of personal data transmitted in the course of sending an inquiry is Art. 6 para. 1 lit. f DS-GVO. If the contact is aimed at the conclusion of a contract, such as in the case of a request for coaching, the processing is further governed by Art. 6 (1) lit. b DS-GVO.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For personal data sent by e-mail or form, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. If you send us inquiries by contacting us, your information, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
We will only use the data for the aforementioned purposes and store it in accordance with the statutory retention period.
Other
1. participation of competitions
We process the personal data of participants to carry out the sweepstakes, including to determine whether you are eligible to participate and to determine and notify the winners by e-mail. If you do not provide us with the necessary data, it will not be possible for you to participate in the competition or to contact us regarding notification of a win. To enable you to participate in the competition, we collect personal data (title, surname, first name, e-mail address, street, house number, zip code, city, telephone, cell phone number, date of birth).
In accordance with Art. 6 para. 1 a.-c. DS-GVO we are entitled to collect, store and transmit personal data if the data subject has consented to the data processing or a contract or legal obligation is to be fulfilled. Your data will only be used for the implementation of the competition and not for other purposes, unless you have opted in to receive a newsletter or have given us your consent for advertising measures and have expressly agreed to this purpose of use. Your data will only be transmitted to third parties if this is necessary for the implementation of the competition (e.g. web agencies, transport service providers, etc.). Your data will not be transferred to any other third parties.
Furthermore, your data will be transferred to internal departments that are involved in the execution of the respective business processes. As soon as the business purpose of carrying out the competition has been fulfilled and you have not been determined as the winner, we will delete your data within one month after the end of the competition. Insofar as processors within the meaning of Art. 28 DS-GVO are used for this purpose, they have been carefully selected and support us strictly in accordance with instructions and only receive access to your data to the extent and for the period required for the provision of the services or to the extent to which you have consented to the data processing and use.
If you have been determined as a winner, there are retention periods under tax and commercial law. These are 10 years for accounting documents in accordance with Section 147 (1) of the German Fiscal Code (AO) and 6 years for business documents in accordance with Section 257 (1) of the German Commercial Code (HGB).
In the case of participants who have won a prize in the competition, your personal data will be deleted or destroyed no later than 30 days after the prize has been handed over or sent. An exception applies to winners of prizes that must be redeemed by a certain date (e.g. vouchers). In this case, the data will be deleted at the latest after the redemption date. For participants who have not won a prize in the competition, the personal data will be deleted or destroyed no later than 30 days or after the drawing of the winners. We retain the personal data for this period, as in individual cases subsequent draws may be necessary (e.g., if a winner has provided an incorrect contact number and therefore cannot be reached).
2. Photographs
We process photo and film recordings and, if applicable, names and first names at open events, e.g. campaigns, festivals, competitions, etc. The photos are taken as part of the events, usually by our employees. In some cases, we also hire external photographers, whom we involve in accordance with data protection law and whom we prohibit from further use of the recordings for their own purposes.
We use the photo and film recordings to report on our events. The pictures of the open events will be published if necessary:
- on our website
- flyers
- in the annual report
- in internal presentations
- on social networks (e.g. Instagram, Facebook)
Legal basis for the production of overview and group pictures of events, which do not specifically depict individual persons in the portrait shot or children, is our legitimate interest in the reporting of our activities in accordance with Art. 6 para 1 lit f DS-GVO.
Legal basis for the publication of the photo and film recordings, is our legitimate interest in accordance with Art. 6 para 1 lit f DS-GVO in conjunction with § § 22 and 23 KunstUrhG. We will only publish photographs and film recordings of you without your consent if this is in our overriding legitimate interest in documenting and reporting on our activities, which is the case with recordings in which individuals are only “accessories” or we publish overview or group pictures of the events in which you participated.
Your data will be viewed internally by the relevant departments for the aforementioned purposes. If we have used the services of external photographers, we receive the photo files from them.
Our data processing takes place in Germany and in the EU, a transfer of data to a third country or an international organization does not take place.
The photo and, if necessary. Film data and personal data are stored indefinitely, because only in this way we can achieve a permanent documentation of our activities, also in the historical interest.
There is no obligation to provide your data, ie you do not have to be photographed and / or filmed by us in principle and tell us your first and last name. If you do not want to be photographed, please inform the photographer immediately if necessary.
3. application procedure
You have the option to apply via our website. In doing so, your submitted application documents will be collected and processed electronically by us for the purpose of handling the application process. The applicable legal basis for this processing is Art. 6 para. 1 lit. a DS-GVO in combination with Art. 6 para. 1 lit. b DS-GVO for the decision on the establishment of an employment relationship.
The data required to complete the application process includes your personal data with contact information as well as a description of your education, work experience and skills. In addition, you have the option of providing us with documents such as references or cover letters.
If an employment contract is concluded after the application process, we will store the data you provided during the application in your personnel file for the purpose of the employment relationship. The legal basis for this processing is also Art. 6 (1) lit. b DS-GVO.
If we no longer consider your application in the further procedure, we will delete the data provided to us after the application procedure has been completed. Exceptions may be legal provisions, such as the General Equal Treatment Act (AGG), which require a longer storage of up to six months or until the conclusion of legal proceedings. In this case, the legal basis is Art. 6 (1) lit. f DS-GVO. Our legitimate interest lies in the legal defense.
If you expressly consent to a longer storage of your data, for example for your inclusion in an applicant or prospect database, the data will be processed based on your consent and stored for a period of 12 months.
Legal basis is then Art. 6 para. 1 lit. a DS-GVO. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) DS-GVO by making a declaration to us with effect for the future.
We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data submitted by you to us, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, memberships in a trade union or political party. If you provide us with such information in your online application, you expressly agree when sending that we may collect, process and use this data, for the purpose of processing the application.
4. your rights
You have the right to request confirmation from the controller as to whether personal data relating to you is being processed. If this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 DS-GVO.
You have the right to obtain from the controller without undue delay the correction of inaccurate personal data relating to you and, where applicable. the completion of incomplete personal data (Art. 16 DS-GVO).
You have the right to demand from the responsible person that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in detail in Art. 17 DS-GVO applies, e. g. if the data are no longer needed for the purposes pursued (right to erasure).
You also have the right to request the controller to restrict processing if one of the conditions listed in Art. 18 DS-GVO applies, e.g. if you have objected to the processing, for the duration of the review by the controller.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) or (f) DS-GVO, objection The controller will then no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (Art. 21 DS-GVO).
If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Without prejudice to any other administrative or judicial remedy, each data subject shall have the right to complain to a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the GDPR (Art. 77 GDPR). The data subject may assert this right before a supervisory authority in the Member State of his or her residence, place of work or the place of the alleged infringement. The competent supervisory authority in Baden-Württemberg is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart
Phone: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
[email protected]
https://www.baden-wuerttemberg.datenschutz.de/
For this purpose, as well as for further questions regarding data protection, you can contact us at any time at the address given in the imprint. Alternatively, our data protection coordinator is available to help you protect your rights at e-mail [email protected]
Translated by https://www.deepl.com/translator