Privacy policy

Introduction

The following privacy statement is intended to clarify which types of your personal data (hereinafter also referred to as "data") is processed by us for what purposes and to what extent. The privacy statement applies to all processing of personal data carried out by us, both in the framework of the provision of our services and in particular on our websites, in mobile applications as well as within external online features, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not gender-specific.

Last updated: November 14, 2022

Rechtstext von Dr. Schwenke - für weitere Informationen bitte anklicken.

Table of Contents

  • Introduction
  • Controller
  • Processing overview
  • Applicable legal bases
  • Security measures
  • Transfer of personal data
  • Data processing in third countries
  • Deletion of data
  • Use of cookies
  • Provision of online services and web hosting
  • Contact and request management
  • Application procedure
  • Newsletters and electronic notifications
  • Advertising communication via email, post, fax or telephone
  • Presence on social networks (social media)
  • Plug-ins and embedded features as well as contents
  • Changes and updates to this privacy statement
  • Rights of data subjects
  • Definition of terms

Applicable legal bases

Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy statement.

  • Consent (Art. 6 (1) (1) a) GDPR) – The data subject has given his or her consent to the processing of personal data concerning him or her for a specific purpose or for several specific purposes.
  • Contract performance and pre-contractual requests (Art. 6 (1) (1) b) GDPR) – The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
  • Legitimate interests (Art. 6 (1) (1) f) GDPR) – The processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
  • Application procedure as a pre-contractual or contractual relationship (Art. 6 (1) b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (for example, health data, such as severe disability, or ethnic origin) are requested from applicants so that the controller or the data subject can exercise his or her rights under labour law and social security and social protection law and meet his or her obligations in this regard, they are processed in accordance with Art. 9 (2) b) of the GDPR, in the case of the protection of the vital interests of applicants or other persons, in accordance with Art. 9 (2) c) of the GDPR or for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 (2) h) of the GDPR. In the case of the transfer of special categories of data based on voluntary consent, their processing shall take place on the basis of Art. 9 (2) a) of the GDPR.

In addition to the data protection regulations of the General Data Protection Regulation, national regulations on data protection in Germany apply. This includes, in particular, the Law on the Protection against the Abuse of Personal Data in the Processing of Data (Federal Data Protection Act – BDSG). In particular, the BDSG contains special rules on the right of access, the right of erasure, the right of appeal, the processing of specific categories of personal data, processing of data for other purposes and transmission and automated decision-making in individual cases, including profiling. It also regulates the processing of data for the purposes of the employment relationship (Paragraph 26 of the BDSG), in particular as regards the creation, performance or termination of employment and the consent of employees. In addition, national laws on data protection can be applied in the individual federal states.

 

Security measures

We shall take appropriate technical and organisational measures, taking into account the state of the art, the cost of implementation and the nature, extent, circumstances and purposes of the processing, the different probabilities of entry and the extent of the threat to the rights and freedoms of natural persons, in accordance with the legal requirements, to ensure a level of protection commensurate with the risk.

Measures shall include, in particular, ensuring the confidentiality, integrity and availability of data through monitoring physical and electronic access to the data, as well as access to the data relating to them, input, transfer, securing availability and separation. We have also put in place procedures to ensure the exercising of rights of data subjects, the erasure of data and the response to data threats. Furthermore, we already take the protection of personal data into account during the development and/or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings.

TLS encryption (https): In order to protect your data transmitted via our online services, we use TLS encryption. You can recognise encrypted connections by the prefix "https://" in the page link in the address line of your browser.

Transfer of personal data

In the course of our processing of personal data, the data may be transferred to or disclosed to other bodies, companies, legally independent organisational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and in particular conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Data Transfer within the Organisation: We may transfer personal data to other entities within our organisation or grant them access to it. Where such disclosure is made for administrative purposes, the transfer of data shall be based on our legitimate corporate and business interests or shall take place insofar as it is necessary for the fulfilment of our contract-related obligations or where the consent of the data subjects or a legal permission exists.

Data processing in third countries

If we process data either in a third country (i.e., a country outside the European Union (EU), the European Economic Area (EEA)) or in the context of using third-party services, or disclose or transmit data to other persons, offices or companies, this shall be carried out only in accordance with the legal requirements.

Subject to express consent or transmission required by contract or law, we process or allow the data to be processed only in third countries with a recognised level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international- dimension-data-protection_de). https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data

The data processed by us will be deleted in accordance with the statutory provisions as soon as their consents permitted for processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not necessary for the purpose). If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data is locked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

As part of our privacy policy, we may provide users with further information on the deletion and retention of data that is specific to each processing operation.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping basket in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for the purposes of functionality, security and convenience of online services and for the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with the legal regulations. Therefore, we obtain prior consent from the users, unless this is not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the users with a telemedia service expressly requested by them (i.e. our online service). The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.

Notes on data protection legal bases: The legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for consent. If the users consent, the legal basis for the processing of their data is the declared consent. Otherwise, the data processed with the aid of cookies will be processed on the basis of our legitimate interests (e.g. in the business management of our online service and improvement of its usability) or, if this is done in the context of the fulfilment of our contractual obligations, if the use of cookies is necessary to fulfil our contractual obligations. We explain the purposes for which we process cookies in the course of this privacy statement or as part of our consent and processing procedures.

Storage duration: The following types of cookies are distinguished in terms of storage duration:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online service and has closed his device (e.g. browser or mobile application).
  • Permanent cookies: These cookies are saved even after the device has been shut down. In this way, for example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used for reach measurement. Unless we provide users with explicit information about the nature and storage period of cookies (e.g. in the context of obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can revoke their consent at any time and also object to the processing in accordance with the legal requirements in Art. 21 GDPR. Users can also declare their objection via the settings of their browser, e.g. by deactivating the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and
 https://www.youronlinechoices.com/ .

Further information on processing operations, procedures and services:

  • Processing of cookie data on the basis of consent: We use a procedure for cookie consent management in which the consent of the users to the use of cookies or the processing and providers mentioned in the context of the cookie consent management process can be obtained and managed and revoked by the users. In this case, the declaration of consent is stored so that it does not have to be requested again and so that the consent can be proven in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the aid of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information on the providers of cookie management services, the following information applies: The duration of the storage of consent can be up to two years. In this case, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and device used.
  • Complianz: Cookie consent management; Service provider: Hosted locally on our server, no data transfer to third parties; Website: https://complianz.io/Privacy statement: https://complianz.io/legal/Further information: An individual user ID, language as well as types of consent and the time of their submission are stored on the server and in a cookie on the user's device.

Provision of online services and web hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.
  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); content data (e.g. entries in online forms).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online service and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).)Security measures.
  • Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR).
Further information on processing operations, procedures and services:
  • Provision of online service on rented storage space: For the provision of our online service, we use storage space, computing capacity and software that we rent or otherwise obtain from a corresponding server provider (also referred to as "web host"); Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR).
  • Collection of access data and log files: Access to our online service is logged in the form of so-called "server log files". The server log files may include the address and name of the websites and files accessed, the date and time of the access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and usually IP addresses and the enquiring provider. The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the servers (in particular in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure the utilization of the servers and their stability; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymised. Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified.
  • E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as further information regarding the e-mail dispatch (e.g. the providers involved) and the contents of the respective e-mails are processed. The above data may also be processed for the purpose of detecting SPAM. Please note that e-mails on the internet are generally not sent in encrypted form. As a rule, although e-mails are encrypted in transit, they are not encrypted on the servers from which they are sent and received (unless the end-to-end encryption method is used). We cannot therefore assume any responsibility for the transmission of e-mails between the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR).
  • Hostinger: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Hostinger International Ltd, 61 Lordou Vironos Str., 6023 Larnaca, Zypern; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR); Website: https://www.hostinger.de
    Privacy Policy:
     https://www.hostinger.de/datenschutz-bestimmungen.
  • WordPress.com: Hosting and software for the creation, provision and operation of websites, blogs and other online services; Service provider: Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR); Website: https://wordpress.com
    Privacy Policy:
     https://automattic.com/de/privacy/
    Order Processing Agreement:
     https://wordpress.com/support/data-processing-agreements/.

Contact and request management

When contacting us (e.g., via contact form, email, phone or via social media) as well as in the context of existing user and business relationships, the details of the requesting person are processed to the extent that this is necessary to answer the contact request and any requested measures.

  • Types of data processed: Contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact inquiries and communication; administration and response to requests; feedback (e.g. collecting feedback via online form); provision of our online service and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6 (1) (1) a) of the GDPR), contract fulfilment and pre-contractual enquiries (Art. 6 (1) (1) b) GDPR.

Further information on processing operations, procedures and services:

  • Contact form: If users contact us via our contact form, e-mail or other means of communication, we process the data communicated to us in this context for the purpose of processing the communicated request; Legal bases: fulfilment of the contract and pre-contractual inquiries (Art. 6 (1) (1) b) of the GDPR), legitimate interests (Art. 6 (1) (1) f) GDPR).

Application procedure

The application procedure requires that applicants provide us with the data required for them to be assessed and selected. The information required can be obtained from the job description or, in the case of online forms, from the information provided there.

In principle, the information required includes personal information such as name, address, contact details and evidence of the qualifications required for a position. Upon request, we will also be happy to provide you with information as to what is required.

If available, applicants can send us their applications using an online form. The data are encrypted and transmitted to us according to the technical state of the art. Applicants can also send us their applications via email. Please note, however, that emails are not encrypted on the internet. Typically, while emails are encrypted by transport, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot take responsibility for the transmission of emails between the sender and their being received on our server.

For the purpose of applicant searches, submission of applications and selection of applicants, we can make use of applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements.

Applicants are welcome to contact us regarding the method of submission of the application or to send us the application by post.

Processing of special categories of data: Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (for example, health data, such as severe disability, or ethnic origin) are requested from applicants so that the controller or the data subject can exercise his or her rights under labour law and social security and social protection law and meet his or her obligations in this regard, they are processed in accordance with Art. 9 (2) b) of the GDPR, in the case of the protection of the vital interests of applicants or other persons, in accordance with Art. 9 (2) c) of the GDPR or for the purposes of health care or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Art. 9 (2) h) of the GDPR. In the case of communication of special categories of data based on voluntary consent, their processing shall take place on the basis of Art. 9 (2) a) of the GDPR.

Deletion of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time. The deletion shall take place, subject to a justified revocation by the applicants, at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and fulfil our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses shall be archived in accordance with tax regulations.

Admission to a pool of applicants: Admission to a pool of applicants, if offered, is based on consent. Applicants shall be informed that their consent to being admitted to a talent pool is voluntary, has no influence on the ongoing application process and that they can revoke their consent at any time for the future.

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); applicant data (e.g. personal details, postal and contact addresses, the documents pertaining to the application and the information contained therein, such as cover letter, CV, certificates as well as other information on the person or qualification with regard to a specific position or voluntarily provided by applicants).
  • Data subjects: Applicants.
  • Purposes of processing: Application process (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship).
  • Legal bases: Application procedure as pre-contractual or contractual relationship (Art. 6 (1) b) of the GDPR).

Newsletters and electronic notifications

We send newsletters, emails and other electronic notifications (hereinafter referred to as "newsletters") only with the express consent of recipients or with legal permission. If, during registration for the newsletter, its content is described specifically, this will form the basis on which users consent to receiving newsletters. In addition, our newsletters contain information about our services and us.

To subscribe to our newsletters, it is generally sufficient to enter your e-mail address. However, we may ask you to provide a name for a personal address in the newsletter, or other details if these are necessary for the purposes of the newsletter.

Double opt-in procedure: Subscribing to our newsletter is basically a so-called double opt-in procedure. This means that upon registration, you will receive an email requesting confirmation of the subscription. The confirmation is required to ensure that no one can subscribe using another person's email address. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the login and confirmation time as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of these data is limited to the purpose of possible defence against claims. An individual request for deletion can be submitted at any time provided that the existence of prior consent is confirmed at the same time. In the case of obligations to permanently comply with objections, we reserve the right to store the e-mail address solely for this purpose in a blocked list (so-called "block list").

Logging of the notification procedure is based on our legitimate interests for the purpose of demonstrating that it is properly conducted. If we hire a service provider to send e-mails, we do so on the basis of our legitimate interests in an efficient and secure delivery system.

Contents:

Information about us, our services, promotions and offers.

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers); meta/communication data (e.g. device information, IP addresses); usage data (e.g. websites visited, interest in content, access times).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by e-mail or post).
  • Legal bases: Consent (Art. 6 (1) (1) a) GDPR).
  • Option to object (Opt-out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can use one of the contact options given above, preferably e-mail, for this purpose.

Further information on processing operations, procedures and services:

  • Measurement of opening and click-through rates: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server or, if we use a delivery service provider, from their server when the newsletter is opened. During the download, technical information such as your browser and operating system, as well as your IP address and the time of the download, are collected. This information is used for the technical improvement of our newsletter on the basis of technical data or target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or access times. This analysis also includes determining whether newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until these are deleted. This data analysis is used to recognise patterns in the reading behaviour of our users, and to adapt contents accordingly or send different content according to the interests of our users. The measurement of the opening rates and the click-through rates as well as the storage of the measurement results in the profiles of the users as well as their further processing are carried out on the basis of the consent of the users. A separate revocation of performance measurement is unfortunately not possible; in this case, the entire newsletter subscription must be cancelled or must be objected to. In this case, the stored profile information will be deleted; Legal bases: Consent (Art. 6 (1) (1) a) GDPR).

Advertising communication via email, post, fax or telephone

We process personal data for the purposes of advertising communication, which can be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.

The recipients have the right to revoke their consent at any time or to object to the advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorisation for contacting or sending for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of these data is limited to the purpose of possible defence against claims. Based on the legitimate interest in permanently complying with the user's revocation or objection, we also store the data required to avoid contacting the user again (e.g. depending on the communication channel, the e-mail address, telephone number, name).

  • Types of data processed: Inventory data (e.g. names, addresses); contact data (e.g. e-mail, telephone numbers).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by e-mail or post).
  • Legal bases: Consent (Art. 6 (1) (1) a) of the GDPR), legitimate interests (Art. 6 (1) (1) f) GDPR).

Presence on social networks (social media)

We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that this may lead to user data being processed outside the European Union. This could result in risks for users because it could, for example, make the enforcement of users' rights more difficult.

User data are also generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the user interests taken therefrom. The usage profiles can in turn be used, for example, to display advertisements which presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the users' computers, in which the users' usage behaviour and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in).

For a detailed description of the respective forms of processing and the options for objection (opt- out), we refer you to the privacy statements and information of the respective network operators.

We would like to point out that requests for information and the assertion of user rights are also directed most effectively to the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.

  • Types of data processed: Contact data (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.
  • Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR).

Further information on processing operations, procedures and services:

  • Instagram: Social Network; Service provider: Meta Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR); 
    Website:
     https://www.instagram.com;
    Privacy Policy:
    https://instagram.com/about/legal/privacy.
  • Facebook-Seiten: Profiles within the social network Facebook – Together with Meta Platforms Ireland Limited, we are responsible for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook data policy under "How do we use this information?", Facebook collects and uses information to provide analysis services, so-called "page insights", for website operators so that they can obtain information about how people interact with their pages and with the contents associated with them. We have concluded a special agreement with Facebook („Information on page insights"), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of the data subject (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the relevant supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the „Information on page insights ); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland; Legal bases: Legitimate interests (Art. 6 (1) (1) f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard contractual clauses
    (guarantee of the level of data protection in the case of processing in third countries); Further
    information:     Agreement on joint responsibility. The joint responsibility is limited to the collection
    and transfer of data to Meta Platforms Ireland Limited, a
    company based in the EU. The further processing of the data is
    the sole responsibility of Meta Platforms Ireland Limited, which
    in particular concerns the transfer of the data to the parent company Meta
    Platforms, Inc. in the USA (on the basis of the
    standard contractual clauses concluded between Meta
    Platforms Ireland Limited and Meta Platforms, Inc.). 
  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited
    Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis:
    Legitimate interests (Art. 6 (1) (1) f) GDPR); Website:
    https://www.linkedin.com; Data protection declaration:
    https://www.linkedin.com/legal/privacy-policy;
    Order Processing Agreement: https://legal.linkedin.com/dpa;
    Standard contractual clauses (guarantee of data protection level in the case of
    processing in third countries): https://legal.linkedin.com/dpa; Option to object (opt-out):
    https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Xing: Social network; Service provider: New Work SE, Am Strandkai 1,
    20457 Hamburg, Germany; Legal basis: Legitimate interests
    (Art. 6 (1) (1) f) GDPR); Website: https://www.xing.de;
    Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

Plug-ins and embedded features as well as contents

Our website includes functional and content elements obtained from the servers of their respective providers (hereinafter referred to as "third-party providers").
These may be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").
.

The integration always assumes that the third-party providers of this content process the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the presentation of these contents or features. We strive to only use content whose respective provider uses the IP address solely for the delivery of content. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes.
"Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be
stored in cookies on the user's device and may contain technical information about the browser and operating system, websites to be referred to, visiting times and other information about the use of our online services, as well as may be linked to such information from other sources.
.

Types of data processed: Usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses); location data (information on the geographical position of a device or a person); event data
(Facebook) ("event data" are data that can be transmitted by us to Facebook via Facebook pixels (via apps or by other means)
and relate to persons or their actions; the data include, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of forming target groups for content and advertising information (custom audiences); event data does not include the actual content (such as written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers).
Event data is deleted by Facebook after a maximum of two years (the target groups formed from them with the deletion of our Facebook account).
.

Data subjects: Users (e.g. website visitors, users of online services).

Purposes of processing: Provision of our online offer and
user-friendliness; marketing; profiles with user-related information (creation of user profiles).

Legal bases: Legitimate interests (Art. 6 (1) (1) f) of the GDPR), consent (Art. 6 (1) (1) a) GDPR).

Further information on processing operations, procedures and services:

Facebook plugins and content: Facebook social plugins and content – This may include, for example, content such as images, videos or texts and buttons with which users can share content from this online offer within Facebook. The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/ – Together with Meta
Platforms Ireland Limited, we are jointly responsible for the collection or receipt in the context of a transmission (but not the further processing) of "event data" that Facebook collects by means of the Facebook social plugins (and embedding functions for
content) that are executed on our online service or received in the
context of a transmission for the following purposes: a) display of content and advertising information that corresponds to the
presumed interests of the users; b) delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) improvement of the advertisement delivery
and personalisation of functions and content (e.g. improvement of the
recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook ("Addendum for Data Controllers",
https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must observe
(https://www.facebook.com/legal/terms/data_security_termsand in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyses and reports (which are aggregated, i.e. no information on individual users
is received and they are anonymous for us), then this processing is not carried out within the
framework of joint responsibility, but on the basis of an
order processing agreement ("Data Processing Conditions",
https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Conditions"
(https://www.facebook.com/legal/terms/data_security_terms) and with regard to processing in the USA on the basis of
standard contractual clauses ("Facebook-EU Data Transfer Addendum",
https://www.facebook.com/legal/EU_data_transfer_addendum). The rights of users (in particular to information, deletion, objection and
complaint to the responsible supervisory authority) are not restricted by the agreements with Facebook; service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; legal basis: consent (Art. 6 (1) (1) a) GDPR); Website: https://www.facebook.com; Data protection declaration:
https://www.facebook.com/about/privacy.

Google Fonts (provision on own server): Font types ("Google
Fonts") for the purpose of a user-friendly presentation of our
online service; Service provider: The Google Fonts are hosted on our
server, no data is transmitted to Google;
Legal basis: Legitimate interests (Art. 6 (1) (1) f) GDPR).

Google Maps: We embed maps from the "Google Maps" service provided by
Google. The data processed may include, in particular, IP addresses and location data of users. Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland; legal basis: Legitimate interests (Art. 6 (1) (1) f) GDPR);
Website: https://mapsplatform.google.com/; Data protection declaration:
https://policies.google.com/privacy.

Instagram plugins and content: Instagram plugins and content – This may include, for example, content such as images, videos or texts and buttons, with which users can
share content of this online offer within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for
the collection or receipt in the context of a transmission (but not
the further processing) of "event data", which Facebook collects via Instagram functions (e.g. embedding functions for content), which are executed on our online offer, or received in the context of a transmission for the following purposes: a)
display of content and advertising information, which correspond to the presumed interests of the users; b) delivery of commercial and
transaction-related messages (e.g. addressing users via
Facebook Messenger); c) improvement of the delivery of advertisements and
personalisation of functions and content (e.g. improvement of the
recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook ("Addendum for Data Controllers",
https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must observe
(https://www.facebook.com/legal/terms/data_security_terms) and in which
Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyses and reports (which are aggregated, i.e. no information on individual users
is received and they are anonymous for us), then this processing is not carried out within the
framework of joint responsibility, but on the basis of an
order processing agreement ("Data Processing Conditions",
https://www.facebook.com/legal/terms/dataprocessing), the
"Data Security Conditions"
(https://www.facebook.com/legal/terms/data_security_terms) and with
regard to processing in the US, on the basis of
standard contractual clauses ("Facebook-EU Data Transfer Addendum",
https://www.facebook.com/legal/EU_data_transfer_addendum). The rights
of the users (in particular to information, deletion, objection and
complaint to the responsible supervisory authority) are not restricted by the
agreements with Facebook. Service provider: Meta
Platforms Irland Limited, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (
1) f) GDPR); Website: https://www.instagram.com;
Privacy Policy: https://instagram.com/about/legal/privacy.

LinkedIn plugins and content: LinkedIn plugins and content - This
may include, for example, content such as images, videos or texts and buttons
with which users can
share content from this online service within LinkedIn. Service provider: LinkedIn Ireland Unlimited Company, Wilton
Place, Dublin 2, Ireland; Legal basis: Legitimate interests
(Art. 6 (1) (1) f) GDPR); Website: https://www.linkedin.com;
Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
Order Processing Agreement: https://legal.linkedin.com/dpa;
Standard contractual clauses (guarantee of data protection level in the case of
processing in third countries): https://legal.linkedin.com/dpa;
Option to object (Opt-out):
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Changes and updates to this privacy statement

We ask you to
inform yourself regularly about the contents of our privacy statement. We will adapt our privacy
statement when changes in data processing carried out
by us make this necessary. We
will inform you as soon as the changes require a cooperative action from you
(e.g. consent) or other
individual notification.
Where we provide addresses and contact information of
companies and organizations in this privacy statement, we ask you to note that the
addresses may change over time and ask you to check the information prior to establishing contact.

Changes and updates to this privacy statement

As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 of the GDPR:

  • You have the right, for reasons arising from
    your specific situation, to object to the processing
    of personal data concerning you at any time, which is carried out in accordance with Art.
    6 (1) (e) or (f) GDPR; this also applies
    to profiling based on those provisions. If the personal data concerning
    you are processed for the
    purpose of direct advertising, you have the right to
    object at any time to the processing of your
    personal data for the purpose of such
    advertising; this also applies to profiling, insofar as it is related to such
    direct advertising.
  • Right to revoke consent: You have the right to revoke
    your consents at any time.
  • Right to information: You have the right to request confirmation as to
    whether the data in question is being processed and to request information about
    this data as well as further information and a copy of the data in accordance with legal requirements.
  • Right to rectification: In accordance with the legal
    requirements, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.
  • Right to delete data or restrict its processing: You have the right, in accordance with the statutory provisions, to demand that data concerning you be deleted immediately or, alternatively, to demand its processing be restricted in accordance with the statutory provisions.
  • Right to data transfer: You have the right to receive the data you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to demand that it be transferred to another controller.
  • Complaint to the supervisory authority: In accordance with the legal
    requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority, in particular a supervisory authority in the Member State in which you usually reside, the supervisory authority of your workplace or the place of the alleged infringement, if you are of the opinion that the processing of your personal data infringes the GDPR.

Definition of terms

This section gives you an overview of the terms used in this privacy statement. Many of the terms are taken from
legislation and are primarily defined in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended primarily for a better understanding. The terms are sorted alphabetically.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural
    person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, encompasses any type of automated processing of personal data, which consists in using this personal data which relates to a natural person (depending on the type of profiling, this may include different information relating to demography, behaviour and interests, such as the interaction with websites and their content, etc.) to analyse or evaluate certain personal aspects or predict them (e.g. the interests in certain content or products, the click behaviour on a website or the location). Cookies and web beacons are often used for profiling purposes.
  • Location data: Location data arise when a mobile device (or another device with the technical prerequisites of a location determination) connects to a radio cell, a WLAN or similar technical intermediaries and functions that determine location.
    Location data serve to indicate at which geographically determinable position of the earth the respective device is located. Location data can be used, for example, to display map functions or other information dependent on a location.
  • Controller: Controller refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.
  • Processing: is any operation or series of operations carried out with or without the help of automated procedures in
    connection with personal data. The term is broad and covers virtually every aspect of dealing with data, be it collection,
    evaluation, storage, transmission or deletion.

EX-DOOR GmbH

Headquarters:
Germany
Hollmannstraße 23
44229 Dortmund

Contact

+49 (0)231 42575472
info@ex-door.com
hallo
hallo

Legal information

Imprint
Privacy policy
hallo
hallo
en_US
de_DE en_US