Privacy Policy

1. Overview of Data Protection

General Information

This section provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to identify you personally. For more detailed information, please refer to the full privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. Contact details can be found in the section “Information about the Responsible Party” in this privacy policy.

How do we collect your data?

Some data is collected when you provide it to us. For example, this may include data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website. This mainly includes technical data (e.g., browser type, operating system, or time of page access). This data is collected automatically as soon as you access the website.

Why do we use your data?

Some data is collected to ensure the website functions properly. Other data may be used to analyze user behavior. If the website enables the conclusion or initiation of contracts, transmitted data may also be processed for offers, orders, or other requests related to such contracts.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipients, and purpose of your stored personal data at any time, free of charge. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can withdraw it at any time for the future. Under certain conditions, you may also request the restriction of processing of your personal data. Additionally, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with questions regarding data protection.

Analytics and Third-Party Tools

Your browsing behavior may be statistically analyzed when visiting this website. This is primarily done using analytics programs.

Detailed information on these tools can be found in the following privacy policy.

2. Hosting

This website is hosted by the following provider:

webgo

Provider: webgo GmbH, Heidenkampsweg 81, 20097 Hamburg, Germany (“webgo”). When you visit our website, webgo collects various log files including your IP address.

Further details are available in webgo’s privacy policy: https://www.webgo.de/datenschutz/.

We use webgo based on Art. 6(1)(f) GDPR. We have a legitimate interest in a reliable presentation of our website. If consent was requested, processing is based solely on Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent the consent includes the storage of cookies or access to information on the user’s device (e.g., for device fingerprinting). Consent can be withdrawn at any time.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with webgo. This legally required contract ensures that webgo processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Notes and Mandatory Information

Data Protection

The operators of this site take the protection of your personal data very seriously. Your personal data is treated confidentially and in accordance with data protection laws and this privacy policy.

When you use this website, various personal data is collected. This privacy policy explains which data we collect, how we use it, and for what purpose.

We point out that data transmission over the Internet (e.g., via email communication) can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information About the Responsible Party

Responsible entity for data processing on this website:

EMDION GmbH
Zweiter Polderweg 18
26723 Emden
Germany

Phone: 0049 4921 3658 – 200
Email: info@emdion.eu

The responsible party is the natural or legal person who decides, alone or jointly with others, on the purposes and means of processing personal data (e.g., names, email addresses).

Storage Duration

Unless a more specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you request deletion or withdraw your consent, your data will be deleted unless we are legally required or permitted to retain it (e.g., retention periods under tax or commercial law); in this case, deletion occurs after those periods expire.

Legal Bases for Data Processing

If you have given consent, we process your personal data based on Art. 6(1)(a) GDPR or, if special categories of data are processed, based on Art. 9(2)(a) GDPR. If you consented to the transfer of personal data to third countries, this processing is also based on Art. 49(1)(a) GDPR. If you consented to the storage of cookies or access to device information (e.g., via device fingerprinting), processing is also based on § 25(1) TDDDG. Consent can be withdrawn at any time. If your data is required for a contract or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. We may also process your data based on legal obligations (Art. 6(1)(c) GDPR) or on our legitimate interests (Art. 6(1)(f) GDPR). Further legal bases are explained below.

Data Protection Officer

We have appointed a Data Protection Officer.

ViCoTec IT-Sicherheit und Datenschutz GmbH & Co. KG
Managing Director: Thorsten Brendel
August-Wilhelm-Kühnholz Str.5
26135 Oldenburg

Phone: +49 441 24 92 65 20
Email: info@vicotec.de

Recipients of Personal Data

In the course of our business activities, we may share personal data with external parties when required for contract fulfillment, when legally obligated (e.g., to tax authorities), based on legitimate interest (Art. 6(1)(f) GDPR), or under other legal grounds. If we use processors, data is only shared under a valid data processing contract. For joint processing, a joint processing agreement is concluded.

Revocation of Your Consent

You may revoke any consent previously given at any time. The legality of data processing prior to revocation remains unaffected.

Right to Object to Data Processing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR DATA UNLESS WE HAVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR IF THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING, INCLUDING PROFILING RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21(2) GDPR).

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, especially in the EU member state of your residence, workplace, or place of the alleged violation. This does not affect any other administrative or judicial remedy.

Right to Data Portability

You have the right to receive data we process based on your consent or a contract in a commonly used, machine-readable format. You can also request that this data be transmitted directly to another controller, where technically feasible.

Access, Rectification, and Erasure

You have the right to request free access to your stored personal data, its origin, recipients, and processing purpose at any time, as well as the right to request correction or deletion of this data. Please contact us for such requests.

Right to Restriction of Processing

You have the right to request restriction of processing in certain cases:

If you contest the accuracy of your data, we need time to verify it. You can request restriction during this time.
If processing is unlawful, you may request restriction instead of deletion.
If we no longer need the data but you require it for legal claims, you may request restriction instead of deletion.
If you objected under Art. 21(1) GDPR, a balance must be struck. Until resolved, you may request restriction.

If processing is restricted, such data may only be processed with your consent or for legal claims or to protect others or public interest of the EU or member states.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock icon in your browser’s address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packages that do not cause any harm to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after you end your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within websites (e.g., cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies that are necessary for the execution of the electronic communication process, to provide certain functions you desire (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web audience) (necessary cookies) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and only allow cookies on a case-by-case basis, exclude the acceptance of cookies for certain cases or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may restrict the functionality of this website.

You can find out which cookies and services are used on this website from this privacy policy.

Consent with Complianz

Our website uses the consent technology from Complianz to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands (hereinafter “Complianz”).

Complianz is hosted on our servers, so no connection is made to the servers of the Complianz provider. Complianz stores a cookie in your browser to assign the consents given or their revocation to you. The data collected in this way is stored until you request deletion from us, delete the Complianz cookie yourself, or the purpose for data storage no longer applies. Mandatory legal retention obligations remain unaffected.

The use of Complianz is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested; consent can be revoked at any time.

The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry by Email, Telephone, or Fax

If you contact us by email, telephone, or fax, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested; consent can be revoked at any time.

The data you send to us via contact inquiries remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially legal retention periods – remain unaffected.

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform independent analyses. It is only used to manage and deploy the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Matomo

This website uses the open-source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyze data about the use of our website by visitors. This allows us, among other things, to find out when certain page views occurred and from which region they came. We also collect various log files (e.g., IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offer and its advertising. If corresponding consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

IP anonymization

In the analysis with Matomo, we use IP anonymization. Here, your IP address is shortened before analysis, so that it can no longer be clearly assigned to you.

Cookie-free analysis

We have configured Matomo so that Matomo does not store any cookies in your browser.

Hosting

We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when users enter certain search terms on Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available at Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data by analyzing, for example, which search terms led to the display of our ads and how many ads led to corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards in data processing in the USA. Every company certified under the DPF commits to complying with these data protection standards. More information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Conversion Tracking, Google and we can recognize whether a user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were particularly viewed or purchased. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that would allow us to personally identify the user. Google itself uses cookies or similar recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

More information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Meta Pixel (formerly Facebook Pixel)

This website uses the Meta visitor action pixel for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.

This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Meta advertisement. This enables the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous to us as the operator of this website; we cannot draw conclusions about the identity of users. However, the data is stored and processed by Meta, so that a connection to the respective user profile on Facebook or Instagram is possible, and Meta can use the data for its own advertising purposes according to the Meta Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Meta to place ads on Facebook, Instagram, and other advertising channels. This use of data cannot be influenced by us as the site operator.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

We use the advanced matching feature within the Meta Pixel.

The advanced matching allows us to transmit various types of data (e.g., residence, state, postal code, hashed email addresses, names, gender, date of birth, or phone numbers) of our customers and prospects collected via our website to Meta. This allows us to tailor our advertising campaigns on Facebook and Instagram more precisely to people interested in our offers. Furthermore, advanced matching improves the attribution of website conversions and extends Custom Audiences.

As far as personal data is collected on our website and transmitted to Meta using this tool, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to data collection and transmission to Meta. The processing carried out by Meta after transmission is not part of the joint responsibility. Our joint obligations are laid down in a joint processing agreement. The wording of this agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Meta tool and for the legally compliant implementation of the tool on our website. Meta is responsible for the data security of Meta products. Data subject rights (e.g., requests for information) regarding data processed at Facebook or Instagram can be asserted directly at Meta. If you assert data subject rights with us, we are obliged to forward these to Meta.

The data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on the protection of your privacy can be found in Meta’s privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the ad settings area under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook for this.

If you do not have an account on Facebook or Instagram, you can disable usage-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

Meta Conversion API

We have integrated the Meta Conversion API on this website. Provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.

The Meta Conversion API allows us to capture interactions of the website visitor with our website and forward them to Meta to improve advertising performance on Facebook and Instagram.

This includes, in particular, the time of the visit, the accessed webpage, your IP address and user agent, and possibly other specific data (e.g., purchased products, shopping cart value, and currency). A complete overview of the data that can be collected can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Further information on protecting your privacy can be found in Meta’s privacy notices: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the ad settings area at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this.

If you do not have a Facebook or Instagram account, you can disable usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a data protection legally required contract that ensures the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze professional data (e.g., career level, company size, country, location, industry, and job title) of our visitors to better tailor our site to the respective target groups. Furthermore, we can measure, with the help of the LinkedIn Insight Tag, whether visitors perform a purchase or other action (conversion tracking). Conversion tracking can also be cross-device (e.g., from PC to tablet). The LinkedIn Insight Tag also offers a retargeting function, which allows us to show targeted advertising to our website visitors outside of the website, whereby LinkedIn states that no identification of the advertising recipient takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymized). Direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. Remaining pseudonymized data are deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use them for its own advertising purposes. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal Basis

Where consent has been obtained, the use of the above service is exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time. Where no consent has been obtained, the use of this service is based on Art. 6 para. 1 lit. f GDPR; the website operator has a legitimate interest in effective advertising measures including social media.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the Use of LinkedIn Insight Tag

You can object to the analysis of usage behavior and targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To avoid linking data collected on our website by LinkedIn with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data Processing Agreement

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No further data is collected or only voluntarily. These data are used exclusively to send the requested information and are not passed on to third parties.

The processing of the data entered in the newsletter subscription form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke the consent given for storing the data, the email address, and its use for sending the newsletter at any time, e.g. via the “unsubscribe” link in the newsletter. The legality of the data processing carried out until the revocation remains unaffected.

The data you provide for the purpose of newsletter subscription are stored by us until you unsubscribe from the newsletter or the purpose of storage ceases to apply and deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest under Art. 6 para. 1 lit. f GDPR.

Data stored for other purposes remain unaffected.

After you unsubscribe from the newsletter distribution list, your email address will be stored by us or the newsletter service provider on a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube with Extended Privacy

This website embeds videos from YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit a website where YouTube is embedded, a connection to YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behavior to your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended privacy mode. Videos played in extended privacy mode, according to YouTube, are not used to personalize surfing on YouTube. Ads shown in extended privacy mode are also not personalized. In extended privacy mode, no cookies are set. However, so-called Local Storage elements are stored in the user’s browser, which are similar to cookies and can store data.

The processing of your data is based on Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in the best possible presentation of its online offers.

More information on data protection at YouTube can be found at: https://policies.google.com/privacy.

Google Fonts

For uniform font representation, this website uses Google Fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you open a page, your browser loads the required fonts into your browser cache to display texts and fonts correctly. For this, your browser connects to Google servers.

The processing of your data is based on Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in a uniform and appealing presentation of its online offers.

Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

OpenStreetMap

We use the mapping service from OpenStreetMap (OSM).

We embed map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a data protection safe third country. This means that the UK has a level of data protection equivalent to the European Union. When using OpenStreetMap maps, a connection to the servers of the OpenStreetMap Foundation is established. This may include forwarding your IP address and other information about your behavior on this website to the OSMF. OpenStreetMap may also store cookies in your browser or use comparable recognition technologies.

The use of OpenStreetMap is in the interest of a visually appealing presentation of our online offers and easy findability of the locations we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

8. Audio and Video Conferences

Data Processing

For communication with our customers, we use online conferencing tools among others. The specific tools we use are listed below. When you communicate with us via video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data you provide/use to use the tools (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end time of participation in the conference, number of participants, and other “context information” related to the communication process (metadata).

In addition, the provider of the tool processes all technical data required for the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and type of connection.

If content is exchanged, uploaded, or otherwise made available within the tool, this content is also stored on the servers of the tool providers. Such content includes in particular cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options depend primarily on the corporate policies of the respective provider. Further information about data processing by the conferencing tools can be found in the privacy policies of the tools used, which we have listed below this text.

Purpose and Legal Basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been obtained, the use of the respective tools is based on this consent; consent can be revoked at any time with effect for the future.

Storage Duration

The data directly collected by us via the video and conferencing tools are deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage duration of your data stored by the operators of the conferencing tools for their own purposes. For details, please consult the operators of the conferencing tools directly.

Used Conferencing Tools

We use the following conferencing tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhere to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6474.

Order Processing

We have concluded a contract on order processing (AVV) for the use of the above-mentioned service. This is a legally required contract ensuring that the service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

9. Own Services

Handling of Applicant Data

We offer you the opportunity to apply to us (e.g., via email, post, or online application form). Below we inform you about the scope, purpose, and use of the personal data collected during the application process. We assure you that the collection, processing, and use of your data is in accordance with applicable data protection law and all other legal requirements and that your data is treated strictly confidentially.

Scope and Purpose of Data Collection

If you submit an application to us, we process the associated personal data (e.g., contact and communication data, application documents, notes during interviews, etc.) as far as necessary to decide on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and—if you have given consent—Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data is only passed on within our company to persons involved in processing your application.

If the application is successful, the data you submitted is stored based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of conducting the employment relationship in our data processing systems.

Data Retention Period

If we cannot make you a job offer, you reject a job offer, or withdraw your application, we reserve the right to store the data you have submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal). Afterwards, the data will be deleted and any physical application documents destroyed. The retention serves in particular as evidence in case of legal disputes. If it is apparent that the data will be required after the 6-month period (e.g., due to pending or threatened legal disputes), deletion will only take place once the purpose for further retention no longer applies.

Longer storage may also take place if you have given corresponding consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations oppose deletion.