1. Privacy at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.
Data Collection on this Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Controller Information" section of this privacy policy.
How do we collect your data?
Your data is collected, on one hand, by you providing it to us. This can include data that you enter into a contact form, for example.
Other data is automatically collected or after your consent when you visit the website through our IT systems. These are primarily technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.
2. Hosting
This website is hosted externally. Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The external hosting serves the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Our host(s) will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
Data Processing Agreement
We have concluded a data processing agreement (DPA) for the use of the service mentioned above. This is a data protectionally required contract that ensures that this service processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Information
Data Protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
When you use this website, various personal data are collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this happens.
We point out that data transmission over the Internet (e.g., communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Controller Information
The controller responsible for data processing on this website is:
ICT Cloud Computing Services GmbH
Mergenthalerallee 77
65760 Eschborn
Phone: +49 (160) 99061517
Email: info@ict.cloud
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a specific storage period is specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion will take place after these reasons cease to apply.
General Notes on Data Processing Legal Bases on this Website
If you have given your consent to the processing of your data, we will process your personal data based on Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR if special categories of data according to Art. 9 Para. 1 GDPR are processed. In the event of express consent, e.g., for the transfer of personal data to third countries, the processing is also based on Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), the processing will also take place based on § 25 Para. 1 TDDDG. The consent can be revoked at any time. If your data is processed to fulfill a contract or to carry out pre-contractual measures, the processing is based on Art. 6 Para. 1 lit. b GDPR. Furthermore, we process data for the fulfillment of legal obligations based on Art. 6 Para. 1 lit. c GDPR, and for the protection of legitimate interests based on Art. 6 Para. 1 lit. f GDPR. Information on the relevant legal bases will be provided in the following paragraphs of this privacy policy.
Designation of a data protection officer
We have appointed a data protection officer.
DEUDAT GmbH
Zehntenhofstraße 5 b
65201 Wiesbaden
Phone: +49 611 950008-40
E-mail: info@deudat.de
Website: https://www.deudat.de/home
Note on Data Transfer to the USA and Other Third Countries
We also use tools from companies based in the USA or other countries outside the European Economic Area (EEA) that are not secure in terms of data protection. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that in these countries, a level of data protection comparable to that in the EU cannot be guaranteed. For example, US companies are obliged to hand over personal data to security authorities without you being able to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Recipients of personal data
In the scope of our business activities, we cooperate with various external parties. In some cases, this also requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is required as part of the fulfillment of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclosure of this data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on data processing. In the case of joint processing, a joint processing agreement is concluded.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.
Right to Object to Data Collection in Special Cases and Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to Lodge a Complaint with the Supervisory Authority
In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
Information about, rectification and eradication of data
Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data instead of demanding the eradication of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
- If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
4. Data Collection on this Website
Cookies
Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, to provide certain functions requested by you (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent for the storage of cookies and similar identification technologies has been requested, processing will only be carried out based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and only allow cookies on a case-by-case basis, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
You can find out which cookies and services are used on this website in this privacy policy.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The used operating system
- Referrer URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
- This data is not merged with other data sources.
This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
Request by e-mail, telephone, fax or Contact Form
If contact us by e-mail, telephone or fax, or you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Inquiries by Email, Telephone, or Fax
If you contact us by email, telephone, or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been requested; the consent can be revoked at any time.
The data you send us via contact inquiries will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Registration with Facebook Connect
Instead of registering directly on this website, you also have the option to register using Facebook Connect. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
If you decide to register via Facebook Connect and click on the “Login with Facebook”/„Connect with Facebook” button, you will be automatically connected to the Facebook platform. There, you can log in using your username and password. As a result, your Facebook profile will be linked to this website or our services. This link gives us access to the data you have archived with Facebook. These data comprise primarily the following:
- Facebook name
- Facebook profile photo and cover photo
- Facebook cover photo
- E-mail address archived with Facebook
- Facebook-ID
- Facebook friends lists
- Facebook Likes (“Likes” information)
- Date of birth
- Gender
- Country
- Language
This information will be used to set up, provide and customize your account.
The registration via Facebook Connect and the affiliated data processing transactions are implemented on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time, which shall affect all future transactions thereafter.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the privacy-secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
For more information, please consult the Facebook Terms of Use and the Facebook Data Privacy Policies. Use these links to access this information: https://www.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.
5. Social Media
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, X etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Individual social networks
LinkedIn
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448
6. Analysis Tools and Advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only serves to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on its website. If consent has been obtained, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses features of the Google Analytics web analytics service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the origin of the user. This data is aggregated into a user ID and associated with the respective device of the website visitor.
Furthermore, we can record your mouse movements, scroll movements, and clicks with Google Analytics. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent under Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/..
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de..
For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
7. Plugins and Tools
Pipedrive ChatBot
We have integrated Pipedrive Chatbot on this website. The provider is Pipedrive Inc., 530 Fifth Avenue, 8th floor, Suite 802, New York, NY 10036, United States, USA (hereinafter "Pipedrive").
Pipedrive Chatbot allows the customer to contact us via the chatbot.
The use of Pipedrive is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting his website from cyber attacks as effectively as possible. If consent has been obtained, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission.
Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the means of this service, we can integrate map material on our website.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
8. E-Commerce and Payment Providers
Processing of Customer and Contract Data
We collect, process, and use personal customer and contract data for the establishment, content-related design, and modification of our contractual relationships. We only collect, process, and use personal data regarding the use of this website (usage data) to the extent necessary to enable or bill the user for the use of the service. The legal basis for this is Art. 6 para. 1 lit. b GDPR.
The customer data collected will be deleted after the completion of the order or termination of the business relationship and after the expiration of any statutory retention periods that may exist. Statutory retention periods remain unaffected.
9. Own Services
Handling of Applicant Data
We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected within the framework of the application process. We assure you that the collection, processing, and use of your data is in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
If you submit an application to us, we process the associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) to the extent necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general initiation of a contract), and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be disclosed within our company to persons involved in the processing of your application.
If the application is successful, the data you submitted will be stored in our data processing systems for the purpose of carrying out the employment relationship based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR.
Data Retention Period
If we are unable to offer you a position, you reject a job offer, or withdraw your application, we reserve the right to retain the data you have provided to us based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). Afterward, the data will be deleted, and the physical application documents will be destroyed. The retention serves primarily as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g., due to a pending legal dispute), deletion will only take place once the purpose for further retention no longer applies.
Extended retention may also occur if you have given corresponding consent (Art. 6 para. 1 lit. a GDPR).
Last update: 07/2024