Data protection

Deletion of Data
The data we process are deleted in accordance with Art. 17 and 18 GDPR, or their processing is restricted. Unless expressly stated otherwise in this privacy policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations prevent deletion. Where data cannot be deleted because they are required for other, legally permissible purposes, their processing is restricted; i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Under German law, records are kept in particular for ten years pursuant to §§ 147 (1) AO, 257 (1) Nos. 1 and 4, (4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and six years pursuant to § 257 (1) Nos. 2 and 3, (4) HGB (commercial correspondence).

Hosting
The hosting services we use serve to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offering.

In doing so, we—and/or our hosting provider—process inventory data, contact data, content data, contract data, usage data as well as meta and communication data of customers, prospects and visitors to this online offering on the basis of our legitimate interest in an efficient and secure provision of this online offering pursuant to Art. 6 (1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a processing agreement).

Collection of Access Data and Log Files
No log files are collected by our hosting provider.

Privacy Information for the Application Procedure
We process applicant data solely for the purpose and within the scope of the application procedure, in accordance with statutory provisions. Processing of applicant data is carried out to fulfil our (pre-)contractual obligations within the application procedure in the sense of Art. 6 (1)(b) GDPR and Art. 6 (1)(f) GDPR where processing becomes necessary for us, for example, in the course of legal proceedings (in Germany, § 26 BDSG also applies).

The application procedure requires applicants to provide us with their data. Mandatory applicant data are indicated where we offer an online form, otherwise they result from the job descriptions and generally include information about the person, postal and contact addresses and documents related to the application such as cover letter, CV and certificates. Applicants may also voluntarily provide additional information.

By submitting an application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this privacy policy.

Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as a severe disability or ethnic origin) are voluntarily communicated within the application procedure, their processing is additionally carried out under Art. 9 (2)(b) GDPR. Where special categories of personal data are requested from applicants within the application procedure, their processing is additionally based on Art. 9 (2)(a) GDPR (e.g. health data if required for the exercise of the profession).

Where provided, applicants can submit their applications to us via an online form on our website; data are transmitted to us in encrypted form in line with the state of the art.

Applicants can also send us applications via e-mail. Please note, however, that e-mails are generally not encrypted and applicants must ensure encryption themselves. We therefore cannot assume responsibility for the transmission path of the application between the sender and receipt on our server and recommend using the online form or postal mail instead. Applicants may still send applications by post rather than via the online form or e-mail.

The data provided by applicants may, in the event of a successful application, be further processed by us for the purposes of employment. Otherwise, if an application for a job offer is unsuccessful, the applicants’ data are deleted. Applicants’ data are also deleted if an application is withdrawn, which applicants are entitled to do at any time.

Deletion takes place, subject to a justified withdrawal by the applicants, after a period of six months so that we can answer any follow-up questions regarding the application and meet our burden of proof under the German Equal Treatment Act. Invoices for any travel-expense reimbursement are archived in accordance with tax regulations.

Contact
When contacting us (e.g. via contact form, e-mail, telephone or social media), the user’s details are processed to handle and respond to the contact enquiry pursuant to Art. 6 (1)(b) GDPR. User information may be stored in a Customer-Relationship-Management system (“CRM system”) or comparable enquiry-management system.

We delete enquiries when they are no longer necessary; we review necessity every two years. Statutory archiving obligations apply.
 

Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface (and thus integrate, for example, Google Analytics and other Google-marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process personal data of users. For processing of personal data of users, please refer to the following information on Google services. Usage guidelines: https://www.google.com/analytics/tag-manager/use-policy/

Google Analytics
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1)(f) GDPR), we use Google Analytics, a web-analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there. Google is certified under the Privacy-Shield agreement and thus offers a guarantee of compliance with European data-protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with further services associated with the use of this online offering and the Internet. Pseudonymous usage profiles of users may be created from the processed data. We use Google Analytics only with IP-anonymisation enabled; this means that the IP address of users is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering and from processing these data by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de. Further information on data use by Google, settings and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google https://adssettings.google.com/authenticated. Personal data of users are deleted or anonymised after 14 months.

Google Universal Analytics
We use Google Analytics in the form of “Universal Analytics”. “Universal Analytics” refers to a Google Analytics process in which user analysis is based on a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of different devices (“cross-device tracking”).

Audience Building with Google Analytics
We use Google Analytics to display ads placed within Google’s advertising services and those of its partners only to users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products, determined on the basis of the websites visited) that we transmit to Google (“remarketing” or “Google-Analytics audiences”). With the help of remarketing audiences, we also aim to ensure that our ads correspond to the potential interest of users.

Google AdWords and Conversion Tracking
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1)(f) GDPR) we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified under the Privacy-Shield agreement and thus offers a guarantee of compliance with European data-protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We use the online-marketing procedure Google “AdWords” to place ads in the Google advertising network (e.g. in search results, videos, on websites) so that they are shown to users who are presumed to be interested in the ads. This allows us to display ads for and within our online offering more specifically in order to present users only with ads that potentially correspond to their interests. If, for example, users are shown ads for products they have shown an interest in on other online offerings, this is referred to as “remarketing”.

Google DoubleClick
We use, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 (1)(f) GDPR), the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google is certified under the Privacy-Shield agreement, offering a guarantee of compliance with European data-protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). We use the online-marketing procedure Google “DoubleClick” to place ads within the Google advertising network. DoubleClick is characterised by displaying ads in real time based on presumed user interests. For this purpose, Google executes code directly and embeds (re-)marketing tags (“web beacons”) in the website. This allows an individual cookie to be placed on the user’s device. In the cookie various data are stored about which websites the user has visited, which content they are interested in, which offers they have clicked on, technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offering. The IP address of the users is also recorded, truncated within EU member states or in other contracting states of the EEA agreement and only in exceptional cases transmitted in full to a Google server in the USA and truncated there. The aforementioned information may also be combined by Google with information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to them according to their presumed interests on the basis of their user profile.
The data of users are processed within Google’s advertising network under a pseudonym. That is, Google does not store and process the name or e-mail address of users but processes the relevant data cookie-related within pseudonymous user profiles. From Google’s perspective, the ads are therefore managed and displayed for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. Information collected about users by Google-marketing services is transmitted to Google and stored on Google servers in the USA. Further information on data use by Google, settings and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the ad-settings interface at https://adssettings.google.com/authenticated.