Data protection

If you contact us (e.g. by contact form, e-mail, telephone, social media), your personal data will be used for the purpose of processing the request and any related follow-up questions pursuant to Art. 6 para. 1 lit. b EU DS-GVO (in the context of pre-contractual/contractual measures) or pursuant to Art. 6 para. 1 lit. f EU DS-GVO (general inquiries) are stored and processed by us. We do not pass on this data without your respective consent.

The data you provide will remain with us until you request us to delete it, object to its storage, or the purpose for storing the data no longer applies (i.e. after we have completed processing your request), provided that this does not conflict with any statutory retention obligations.

If you register on our website in order to make use of goods, services and information (e.g. creation of repair certificates) in our online portal, personal data will be collected. If required, registered users have the option of changing or deleting the data provided during registration at any time. Your data may be passed on to shipping and payment service providers commissioned by us to process the transaction. Any further disclosure to third parties will not take place. The processing of your personal data is carried out on the basis of contract processing (pursuant to Art. 6 para. 1 lit. b EU GDPR). This data is deleted in accordance with the statutory retention obligations.

2.4 Use of personal data for advertising purposes

We use your contact details to inform you about our products and services. Customer information is sent on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f EU GDPR to direct advertising and insofar as this is permitted by law, such as in the case of existing customer advertising under the legal requirements of Section 7 para. 3 UWG. You will receive this information from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such information or recommendations from us by e-mail, you can object to the use of your address for this purpose at any time in accordance with Art. 21 EU GDPR without incurring any costs other than the transmission costs according to the basic tariffs. A notification in text form is sufficient for this.

If you register for our newsletter on our website, we will use the personal data you provide in this context exclusively for sending the newsletter.

The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary to prevent registrations from other e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements (consent pursuant to Art. 6 para. 1 lit. a EU GDPR). This includes storing the time of registration and confirmation as well as the IP address. Any data we receive from you and the logged information will not be passed on to third parties.

You can revoke your consent to the collection and storage of your data and its use for sending the newsletter at any time without giving reasons. You will find a link to unsubscribe from the newsletter at the end of each newsletter.

2.6 Online Events

Gemini said

To conduct online events such as webinars, training sessions, and information events efficiently, we use “Microsoft Teams.” The service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Within the scope of online events, we process personal data of the participants. In particular, master data (e.g., name, email address), technical connection and usage data (e.g., IP address, system and access data), meeting metadata (e.g., date, time, meeting ID), as well as audio and video data are processed, provided these functions are used; camera and microphone can be deactivated at any time. Processing is carried out primarily for the purpose of conducting and organizing the webinar, including registration, invitation, and participation management. The legal bases are Art. 6 (1) (b) GDPR, insofar as webinars are conducted within the framework of contractual relationships (e.g., with customers or employees), and Art. 6 (1) (f) GDPR based on our legitimate interest in the cost-efficient and secure conduct of online events as well as the maintenance of proper business operations. In addition, Art. 6 (1) (a) GDPR is relevant if voluntary information is provided or explicit consent is given for a recording. Personal data is generally not passed on to third parties; within an online event, content may be visible to other participants. Microsoft, as a processor, necessarily receives knowledge of the data; furthermore, Microsoft may process certain data under its own responsibility and provides separate information regarding this. Data processing generally takes place in data centers within the EU; however, a transfer to third countries, particularly the USA, cannot be completely ruled out, for example through routing or within the framework of Microsoft’s internal group processing. In these cases, we ensure that the transfer takes place on the basis of the requirements of Chapter V GDPR, in particular through appropriate guarantees such as standard contractual clauses as well as supplementary technical and organizational measures to ensure an adequate level of data protection. Personal data will be deleted as soon as it is no longer required for the stated purposes or consent has been revoked, provided that no statutory retention obligations prevent this.

The analysis measures listed below and used by us are carried out on the basis of Art. 6 para. 1 lit. a EU DS-GVO (consent) is carried out. With the use of these analysis measures, we want to ensure a needs-based design and the ongoing optimization of our website. By means of the analysis tools, we record the use of our website pseudonymously and evaluate it for the purpose of optimizing our offer.

You can revoke your consent at any time with effect for the future.

Google Analytics

We use the Google Analytics web analytics service provided by Google Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

The data processing serves the purpose of analyzing this website and its visitors, as well as for marketing and advertising purposes. For this purpose, Google will use the information obtained on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The following information, among others, may be collected: IP address, date and time of page view, click path, information about the browser you are using and the device you are using, pages visited, referrer URL (website from which you accessed our website), location data, purchase activity. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

Google Analytics uses technologies such as cookies, web storage in the browser and tracking pixels, which allow an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a Google server in the USA and stored there. There is no EU Commission adequacy decision for the USA. Data is transferred on the basis of standard contractual clauses, among others, as suitable guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adsprocessorterms/. Both Google and U.S. government agencies have access to your data. Your information may be linked by Google to other information, such as your search history, your personal accounts, your usage data from other devices, and any other information Google may have about you.

IP anonymization is activated on this website. This means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The use of cookies or similar technologies takes place with your consent on the basis of § 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit. a EU GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 para. 1 lit. a EU GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

For more information on terms of use and data privacy, please visit https://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/ and https://policies.google.com/technologies/cookies?hl=de.

Web analysis through Matomo

1. Scope of data processing

We use the open source software tool Matomo on our website to analyze the surfing behavior of our users. When individual pages of our website are accessed, the following data is stored:

3 bytes of the IP address of the user’s accessing system
the website accessed
the website from which the user reached the website accessed (referrer)
the subpages accessed from the website accessed
the time spent on the website
the frequency with which the website is accessed
The software runs exclusively on the servers of our website. This data is only stored there. The data is not passed on to third parties. The software is set so that the IP addresses are not stored in full, but the last byte of the IP address is masked (e.g. 192.168.100.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

2. Legal basis

The legal basis for the processing of users’ personal data is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is adequately taken into account.

4. Possibility of objection and removal

We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. This sets a cookie on your system that signals our system not to store the user’s data. If you delete the corresponding cookie from your own system in the meantime, you must set the opt-out cookie again.
You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/.

On the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f EU DS-GVO, contents, services and performances of other providers, which complement our offer, are integrated within our online offer. With the use of the following services, we want to ensure a demand-oriented design and the continuous optimization of our website. If we request your consent for the use of these services, the legal basis is Art. 6 para. 1 lit. a EU GDPR.

Google Tag Manager

The Google Tag Manager is used on our website. Google Tag Manager is a solution from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland, with which we can manage website tags via an interface. The tool itself (which implements the tags) is a cookieless domain that does not collect any personal data. The Google Tag Manager takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. The tags used are named separately below and can be edited by you individually in the privacy settings, for example by disabling cookies for these elements. More information: https://www.google.com/policies/privacy/.

LinkedIn Insight Tag

Our website uses the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which enables the following data to be collected: IP address, device and browser characteristics and page events (e.g. page views). This data is encrypted, anonymized within seven days and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us, but offers anonymized reports on the website target group and display performance. LinkedIn also offers the option of retargeting via the Insight Tag. We can use this data to display targeted advertising outside our website without identifying you as a website visitor. You can find more information on data protection at LinkedIn in the LinkedIn privacy policy.

https://de.linkedin.com/legal/privacy-policy [external page]

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website (“opt-out”), click here.

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out [external page]

Microsoft Bing Ads / Microsoft Advertising

The website uses the remarketing function “Bing Ads” of Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. (“Microsoft Advertising”). Microsoft Bing Ads stores a cookie on your computer if you have reached our website via an advertisement in the Microsoft Bing search engine. In this way, Microsoft Bing and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing ad and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed.

We only use this service if you have consented to its use. The legal basis for the corresponding processing of your data is Art. 6 para. 1 sentence 1 lit. a) GDPR. You can withdraw your consent at any time. If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this – for example, by setting your browser to generally deactivate the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: http://choice.microsoft.com/de-DE/opt-out to declare your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement

Online Appointment Scheduling / Terminland.de

You have the option to schedule an appointment with us using an online calendar. To use the online calendar, we require your telephone number or email address. You may provide further information, but are not required to do so. By submitting the form, you agree to the electronic collection of the data you have provided. The legal basis for processing is Art. 6 (1) (b) GDPR within a contractual relationship; otherwise, it is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in conducting the communication you seek or in processing your inquiry appropriately. We use your data in this regard exclusively to process your inquiry.

To process your contact inquiry in the online calendar, we use the services of terminland.de, provided by Terminland GmbH, Kreuzberger Ring 44a, 65205 Wiesbaden, Germany. Your data is processed on servers hosted by Terminland exclusively in Germany and within the scope of application of the GDPR. Furthermore, we have concluded corresponding data protection agreements with Terminland, by which we oblige the provider to process our customers’ data strictly in accordance with our instructions, to protect it, and not to disclose it to third parties. Terminland GmbH takes further technical safeguards to protect personal data. There is no transfer of personal data to third parties as defined in Art. 4 (10) GDPR.

OpenStreetMap

We use the map service OpenStreetMap to display maps. OpenStreetMap is provided by the OpenStreetMap Foundation (OSMF) based on the Open Data Commons Open Database License (ODbL). The provider uses user data for the purpose of displaying map functions and for the temporary storage of selected settings. This data includes, for example, the user’s IP address and location data. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and to make the locations specified by us on the website easy to find.

Detailed information can be found on the website: https://www.openstreetmap.de and in the privacy policy at: https://wiki.openstreetmap.org/wiki/Privacy_Policy.

Google Ads / Remarketing Function

We use the remarketing function of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on our website. This application serves the purpose of analyzing visitor behavior and visitor interests. Google uses cookies to carry out the analysis of website usage, which forms the basis for creating interest-based advertisements. The cookies are used to record visits to the website as well as anonymized data about the use of the website. No personal data of the website visitors is stored. If you subsequently visit another website in the Google Display Network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas.

Your data may be transmitted to the USA. Data transmission takes place, among other things, on the basis of standard contractual clauses as appropriate guarantees for the protection of personal data, which can be viewed at: https://policies.google.com/privacy/frameworks.

The use of cookies or comparable technologies is based on your consent pursuant to Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) (a) GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Further information on Google Remarketing and the associated privacy policy can be found at: https://www.google.com/privacy/ads/.

Friendly Captcha

(1) On our website we use Friendly Captcha, a service provided by Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany. Friendly Captcha GmbH acts as our data processor.

The legal basis for using Friendly Captcha is Art. 6(1)(f) GDPR. Our legitimate interest is to protect the website against abusive, automated crawling and spam.

(2) Friendly Captcha is a privacy-friendly spam protection solution designed to make the use of websites by automated programs and scripts (so-called “bots”) more difficult. In this way, Friendly Captcha protects websites from misuse.

(3) For this purpose, we have integrated a program code from Friendly Captcha in certain areas of our website, e.g., in a contact form. This causes the visitor’s end device, in connection with the protected area (e.g., submitting a contact form), to establish a connection to Friendly Captcha’s servers.

(4) The visitor’s browser receives a computational challenge from Friendly Captcha. The complexity of this challenge depends on various risk factors. The visitor’s end device solves the challenge, which uses certain system resources, and sends the result to our web server. Our web server then contacts Friendly Captcha’s server via an interface and receives a response indicating whether the puzzle was solved correctly by the end device.

(5) In addition, the visitor’s browser transmits connection data, environment data, interaction data, and functional data to Friendly Captcha. Friendly Captcha analyzes this data to determine how likely it is that the user is a human or a bot and transmits the result to our web server.

(6) Friendly Captcha does not store any personal data of the visitor. Data that could identify the visitor (such as IP addresses) is anonymized using one-way hashing. Friendly Captcha does not use HTTP cookies and does not store any data in persistent browser storage. Friendly Captcha does not use the data to identify a natural person or for marketing purposes. All data is used exclusively for the detection and handling of potential bots and risks as described above. The purpose of the processing is therefore to ensure the security and functionality of websites.

Further information on data protection at Friendly Captcha can be found at:

https://friendlycaptcha.com/de/privacy/

Vimeo

Videos from the Vimeo platform are embedded on our website. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011. In doing so, information about the use of our website is communicated to the Google server. If you are logged in as a Vimeo member, Vimeo assigns this information to your personal user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo. For more information on data processing and privacy notices by Vimeo, please visit https://vimeo.com/privacy.

Since Vimeo may use Google Analytics, we refer you to Google’s privacy policy(https://www.google.com/policies/privacy) as well as opt-out options for Google Analytics(http://tools.google.com/dlpage/gaoptout?hl=de).

Use of Chatbots

We use an AI-powered chatbot on our website to provide visitors with an easy way to obtain information and get in touch. Generally, the chatbot does not process any personal data. In particular, no IP addresses, location data, device information, or other access data of website visitors are collected or stored. Personal data is only processed if you enter it voluntarily and independently while using the chatbot (e.g., name, email address, or other details within the chat dialog).

The content entered by the user is processed exclusively during the active session to enable a context-related response to the inquiry. The chatbot only features a short-term session storage function; after the session is ended, the conversation context is discarded and is neither stored nor used for further purposes. Inputs are not used for training AI models, profiling, analysis, advertising purposes, or permanent storage. Automated decision-making within the meaning of Art. 22 GDPR does not take place.

Technical provision and hosting take place within the EU via a processor with whom we have concluded a data processing agreement in accordance with Art. 28 GDPR. This ensures that, should personal data be entered, it is processed exclusively according to our instructions and in compliance with the GDPR.

Processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in providing efficient, modern, and user-friendly communication. If your inquiry is aimed at the initiation or fulfillment of a contractual relationship, processing may additionally be based on Art. 6 (1) (b) GDPR. If a corresponding consent has been requested, processing is based on Art. 6 (1) (a) GDPR. This includes, in particular, voluntarily provided personal information. Consent can be revoked at any time.

Data voluntarily transmitted during use will be deleted as soon as it is no longer required for the stated purposes or if you request us to delete it, provided that no statutory retention obligations prevent this.

Calendly

On our website, you have the option to schedule appointments with us. For appointment booking, we use the tool “Calendly.” The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

For the purpose of booking an appointment, you enter the requested data as well as your preferred date into the booking mask provided for this purpose. In particular, your name, your email address, and, if applicable, further details required for the preparation, implementation, and, if necessary, follow-up of the appointment are processed. The data is processed exclusively for the organization and implementation of the appointment scheduling.

The legal basis for data processing is Art. 6 (1) (f) GDPR, as we have a legitimate interest in efficient and user-friendly appointment organization with interested parties and customers. If consent is requested in connection with the use of Calendly, processing is based on Art. 6 (1) (a) GDPR.

We have concluded a data processing agreement with Calendly, which ensures that Calendly processes personal data exclusively according to our instructions and in compliance with the GDPR. Calendly also processes personal data in the USA. The transfer takes place on the basis of the EU Commission’s adequacy decision for the EU-US Data Privacy Framework pursuant to Art. 45 GDPR; Calendly, LLC is certified as an active participant in the EU-US Data Privacy Framework. Additionally, Calendly bases data transfers on the standard contractual clauses approved by the EU Commission pursuant to Art. 46 GDPR. Details can be found here: https://calendly.com/pages/dpa.

The data you enter will be deleted as soon as it is no longer required for the stated purposes, you revoke your consent, or you request deletion, provided that no statutory retention obligations prevent this.

Special features of online appointment booking via the Calendly website: Online appointment booking takes place via an external website operated by Calendly. For the Calendly website (including the use of cookies or comparable technologies), Calendly is the independent data controller within the meaning of Art. 4 (7) GDPR.

For this data processing, the privacy policy of Calendly applies exclusively. Further information on the processing of personal data by Calendly is available at: https://calendly.com/de/pages/privacy.

Links to third-party websites

Based on our legitimate interest, it may happen that links to other providers, which complement our offer, are integrated within this online offer. When calling up web pages referred to within the framework of this website, information such as name, IP address, browser properties, etc. may be requested again. This privacy policy does not regulate the collection, disclosure or handling of personal data by third parties. In this context, please note the specific privacy statements of the individual third-party providers and service providers whose links we include on our website.

Zendesk at TM3 Software GmbH

TM3 Software GmbH, Prüfeninger Straße 20, D-93049 Regensburg (hereinafter: TM3) uses the cloud-based customer relationship management and support software from Zendesk, Inc. 1019 Market Street San Francisco, CA 94103, to manage customer service. The Zendesk software facilitates the organization and management of customer data. This constitutes TM3’s legitimate interest in the use of Zendesk, Art. 6 para. 1 lit. f GDPR. TM3 has concluded an order processing agreement with Zendesk, Inc. in accordance with Art. 28 para. 3 GDPR, which includes the standard contractual clauses (SCCs) of the EU Commission for the implementation of Decision 2021/914 of June 4, 2021, due to the transfer of data to a third country. This data processing agreement also provides for additional safeguards taking into account Annex II of the new SSCs and provides details of Zendesk’s system access controls, data access controls, transfer controls and network architecture and security.

Further information on data protection and the aforementioned contracts and additional protective measures of Zendesk can be found at https://www.zendesk.de/company/agreements-and-terms/privacy-notice/ or https://www.zendesk.de/blog/eu-us-data-transfers-after-schrems-ii/#georedirect.

Your data will not be passed on to third parties beyond this unless TM3 is obliged to do so by law or by court or official order.

Creating a customer’s employee account for support (via Zendesk at TM3 Software GmbH)

You can register as an employee of a customer in the Zendesk support system (see section 5). Mandatory information for registration is your name and your e-mail address. The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR). After sending this data, you will receive an e-mail from TM3 Software GmbH to the e-mail address you have provided, asking you to confirm your registration (so-called double opt-in procedure) and to assign a password.

The data collected during registration will be stored by Zendesk for as long as you are registered in the support system and will be deleted if you request TM3 Software GmbH to do so. Statutory retention periods remain unaffected if the data is billing or tax-relevant information. In this case, the statutory retention periods of 10 years in accordance with HGB and AO apply.

2.9 Social Media

We maintain publicly accessible online presences on social networks to communicate with customers and interested parties active there and to present our services.

We point out that user data may be processed outside the European Union. Furthermore, user data is generally processed for market research and advertising purposes. To our knowledge, the providers use cookies that store your usage behavior (including across different end devices). This allows targeted advertising to be displayed within the provider’s own platform as well as on third-party sites.

The processing of users’ personal data is based on our legitimate interests in effective user information and communication with users pursuant to Art. 6 (1) (f) GDPR. If users are asked by the respective platform providers for consent to data processing or if information is sent voluntarily to our online presences by the user, the legal basis for processing is Art. 6 (1) (a) GDPR in conjunction with Art. 7 GDPR. If such information contains content relevant to a contract, Art. 6 (1) (b) GDPR serves as the legal basis.

For a detailed description of the respective processing operations and the options for objection (opt-out), we refer to the information provided by the providers linked below.

Also, in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the respective user data and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you may contact us.

• Facebook: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads
• Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Privacy Policy / Opt-Out: https://instagram.com/about/legal/privacy/.
• LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Privacy Policy: https://www.linkedin.com/legal/privacy-policy. Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
• kununu: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Privacy Policy / Opt-Out: https://privacy.xing.com/en/privacy-policy.
• YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy / Opt-Out: https://policies.google.com/privacy?hl=en&gl=en.
• Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Privacy Policy / Opt-Out: https://privacy.xing.com/en/privacy-policy.

Facebook and Instagram (Meta)

When you interact with our social media pages on Facebook and Instagram (post a comment, like posts, or send us a message), your data will be stored by us. These social networks are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter: Meta).

The operation of a company profile on these channels constitutes joint responsibility under data protection law pursuant to Art. 26 GDPR between Meta and our company. Accordingly, we have entered into an agreement with Meta governing the respective obligations under the GDPR: https://www.facebook.com/legal/terms/page_controller_addendum.

Meta provides profile operators with statistics and insights into the types of actions taken by our profile visitors (“Page Insights”). We have no influence over the collection of this data by Meta. According to Meta, this data is provided to us exclusively in anonymized form, so that the user cannot be identified from the information.

Personal data will be deleted as soon as the purpose of storage no longer applies. Storage beyond this may occur if provided for by statutory retention obligations to which our company is subject.

Please note that when using and accessing our Facebook and Instagram pages, your personal data is also processed by the provider Meta. Meta is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, as well as its US-based parent company. In addition to the processing mentioned above, Meta processes your data for analysis and advertising purposes. To our knowledge, Meta uses cookies that store your usage behavior (including across different end devices). This enables Meta to display targeted advertising within its own platform and on third-party pages. Further information can be found in the privacy policies of Facebook: https://www.facebook.com/about/privacy/ and Instagram: https://help.instagram.com/519522125107875. Facebook and Instagram also offer the option to object to certain data processing; relevant information and opt-out options can be found at: https://www.facebook.com/settings?tab=ads and https://www.instagram.com/accounts/privacy_and_security/. Please note that according to Meta’s privacy policy, user data may also be processed in the USA or other third countries. Meta only transfers user data to countries for which an adequacy decision of the European Commission pursuant to Art. 45 GDPR exists or on the basis of appropriate guarantees pursuant to Art. 46 GDPR.

With regard to data processing via our Facebook and Instagram page, you have the option to assert your data subject rights against Meta as well. Further information on this can be found in Meta’s privacy policy: https://www.facebook.com/about/privacy/.

Your data will be processed by us for the purpose of processing your application in accordance with Art. 88 EU DS-GVO in conjunction with § 26 BDSG-neu. If special categories of personal data within the meaning of Art. 9 para. 1 EU DS-GVO, their processing is additionally carried out according to Art. 9 para. 2 lit. b EU GDPR.

The recipients of your data are the units involved in the HR process (including Human Resources, managers and department heads) of the responsible unit. Your data will be treated as strictly confidential and will not be disclosed to third parties without your respective consent. A transfer to third countries or international organizations is not intended.

Your application data will be deleted 180 days after the position has been filled. If you are also interested in future advertised positions, we require your written consent to store your application documents for a longer period of time. You can withdraw this consent at any time in accordance with Art. 7 para. 3 EU DS-GVO to us for the future. For this purpose, please send an e-mail with the corresponding note to the contact address given above.

4.1 Purpose and legal basis for the collection and processing

First and foremost, data processing serves to establish, implement and terminate the contractual relationship. The primary legal basis for this is Art. 6 para. 1 lit. b EU GDPR. Without this type of use of your data, the implementation of the business relationship existing between you and us is not possible.

We also process your data on the basis of Art. 6 para. 1 lit. f EU DS-GVO to protect our legitimate interests or those of third parties (e.g. public authorities). This may be necessary, for example, to maintain IT security and IT operations or for corporate management, internal communication and other administrative purposes. You can object to this processing by stating special reasons in accordance with Art. 21 EU GDPR.

In addition, we process your data to fulfill legal obligations such as regulatory requirements, commercial and tax retention obligations or documentation obligations. The legal basis for this is Art. 6 para. 1 lit. c EU GDPR in conjunction with the nationally applicable laws.

In individual cases, we may also process your data on the basis of your separate consent granted to us in accordance with Art. 6 para. 1 lit. a, 7 EU DS-GVO (e.g. publication of photo and video recordings). You are always free to decide whether you want to declare your consent. Once you have given your consent, you can revoke it at any time with effect for the future. For this purpose, please use the link provided in the respective action or send corresponding inquiries to the contact address given above.

If we process your personal data for a purpose not mentioned above, we will inform you in advance.

4.2 Recipients of your data

Within our company, only those persons receive your personal data who need them to fulfill our contractual and legal obligations. In addition, we sometimes use different service providers to fulfill these obligations, so that it may be necessary to transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfill our contractual and legal obligations. These third parties can be, for example, government agencies, financial institutions, suppliers, etc.

In order to process your data technically, we sometimes use external service providers. We may transfer and process your data outside the country in which you have your residence/company headquarters or in one of the countries in which we operate. These may also be located outside the European Economic Area. If we transfer personal data to service providers or companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place. Detailed information can also be requested using the contact information above.

4.3 Storage of your data

We only store your personal data for as long as it is required for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and to retain records, which are regulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The storage periods are then up to ten years. In addition, personal data may be retained for the period during which claims may be brought against us (statutory limitation period of three or up to thirty years).