A. Data security
We have appropriate, state-of-the-art security measures in place to protect your information from loss, misuse and alteration. For example, our security guidelines and data protection declarations are regularly reviewed and improved where necessary. Furthermore, only authorized employees have access to personal data. Although we cannot guarantee or warrant that data will never be lost, misused or altered, we do everything in our power to prevent this.
Please remember that data transmission over the Internet is never completely secure. We cannot guarantee the security of data entered on our website during transmission via the Internet. You do this at your own risk.
Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from 'http://' to 'https://' and by the lock symbol in your browser line. If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
B. Controller and contact details
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors such as a name, an identification number, location data or an online identifier.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
D. Processing of your data when using our website for informational purposes
When you visit our website for informational purposes only, without providing personal data via registration or in any other way, only the internet connection data that your browser transmits to our server will be processed. This information contains personal data only to a limited extent. The processed data includes information on:
- Your IP address
- Your device (type, name, ID)
- Your browser (type/version)
- Your operating system (including language settings)
- Date and time of your request
- The content of your requests
- Your screen resolution
- Your Internet service provider
- Websites from which your system accesses our website (referrer URL)
- Web pages that are called up by your system via our website.
This information is processed in order to enable you to use our website (e.g. by adapting our website to the needs of your device) as well as to generate comprehensive demographic data to create anonymous statistics on the use of our website. This data is not merged with other data sources.
The legal basis for this data processing is Art. 6 (1) sent. 1 lit. b GDPR, as we need the automatically-collected data for the effective provision of our website, and Art. 6 (1) sent. 1 lit. f GDPR, as the storage serves our legitimate interest in ensuring the stability and security of the website.
For further information on the collection of personal data during your visit to our website, please refer to the section 'Cookies' (see F).
The automatically collected personal data is stored for 3 months and then deleted, unless longer storage is required or justified by law.
E. Data processing when using our services
We offer additional tools or services on our website (e.g. contacting us, newsletter). When you use these tools or services, we ask you for personal data such as your name, contact details including e-mail address, company name and position and, if necessary, other personal information. Correspondingly, required information is always marked as mandatory fields. Without this information, we may not be able to provide you with the requested service or answer any queries you may have. In the following, we provide you with an overview of the related processing procedures and legal basis.
1. Making contact
If you contact us – e.g. via contact form or e-mail – your personal data will be stored and processed by us. These are your name, contact data including your e-mail address, company name, position, as well as any other information you have provided. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration and are not passed on to third parties without your consent.
The legal basis for this data processing is Art. 6 (1) sent. 1 lit. b GDPR, if it is carried out to fulfil a contract or pre-contractual measures, as well as Art. 6 (1) sent. 1 lit. f GDPR, as the processing of these requests is in the interest of both parties.
Your personal data will be deleted immediately after completion of the enquiry. Storage obligations remain unaffected. Legal storage obligations or the requirement to process your personal data for legal claims purposes can lead to us storing your personal data for a longer period of time.
2. User account
To use some of the features on this website, you need to create a user account. Within the scope of this registration, we process the following mandatory data provided by you:
- First and last name;
- User name;
- Contact details, e.g. email address, phone;
- Login and password details;
- Company, job title, company’s website;
Furthermore, we store the voluntary data provided by you for the time of your use of the customer area, unless you delete them first. You can manage and change all data in the protected customer area.
The legal basis for this data processing is Art. 6 (1) sent. 1 lit. b GDPR because it serves the effective provision of the customer area and the management of your user account.
If you use the customer area, your data can be made available to other registered customers in accordance with the contractual performance. Non-registered members will not receive any information about you.
You can delete your user account as follows: [...]. If you decide to delete your user account, all your account data, including all communication data, will be deleted. The unique user name that you chose when you registered will be available to other users after deletion.
Unless exceptions within the services listed below apply, your personal data will be stored until you delete it or your user account as a whole. After deletion of your account, your personal data will be deleted. Legal storage obligations or the requirement to process your personal data for legal claims purposes due to misconduct in the use of services or payment problems can lead to us storing your personal data for a longer period of time.
We also process the personal data and contact details provided by you as part of the newsletter registration process to inform you directly about our other products and services. We may send you newsletters [(or other direct marketing)]:
- if we think our products and services may be of interest to you, on the basis of our legitimate interest [(Art. 6 (1) sent. 1 lit. f GDPR)] in marketing our site and services to you; or
- if you sign-up to our newsletter, on the basis that you have consented [(Art. 6 (1) sent. 1 lit. a GDPR)].
You can always object to or withdraw your consent for direct marketing by [clicking on unsubscribe in an email footer, or contacting us at [email protected] at any time.]
If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending the newsletter.
For registration, we use the so-called double-opt-in procedure. After your registration on our website, you will receive an e-mail with a link that you can use to confirm that you are the owner of the e-mail address and that you wish to create a user account on our website. If your confirmation is not received within 24 hours, your registration and the personal data provided by you will be automatically deleted.
We store your personal data as long as you have subscribed to our newsletter. Legal storage obligations and exceptions remain unaffected.
You can object to the processing of your personal data for the purpose of direct advertising at any time. We will then stop further processing for these purposes.
You can object to the sending of such newsletters for the future at any time without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us in some other way.
4. Application Data
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under Art. 28 GDPR. In this case, the processing is based on an agreement for the processing of orders between us as controller and Personio.
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search/application process.
In particular, the following data is collected during this process:
- Name (first and last names)
- E-mail address
- Phone number
- LinkedIn profile (optional)
- Channel through which you found us
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc.
Only authorized HR staff and/or staff involved in the application process have access to your data. The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.
Your data will be stored for a period of 90 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to store your data for 180 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool.
Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
F. Online advertising and analysis tools
We also work together with other service providers who help us to improve our website or offer additional functions. Such service providers may use their own cookies. You will find further information on this in the following sections.
You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, restrict the acceptance of cookies to certain cases or exclude them altogether, and activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functionality of this website may be limited.
As soon as the data transmitted to us via cookies is no longer required for the purposes described above, this information will be deleted after 1 month, unless longer storage is required or justified by law.
2. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies. The information generated by the cookie about your use of this website is transferred to a Google server and stored there. We have activated the IP anonymisation function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield.
The storage of Google Analytics cookies is based on your consent in accordance with Art. 6 (1) sent. 1 lit. a GDPR.
This website uses the function 'demographic characteristics' of Google Analytics. This enables reports to be generated which contain statements on the age, gender and interests of website visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can disable this feature at any time by going to the Ads Settings section of your Google Account.
You can prevent the use of Google Analytics including the 'demographic features' function at any time, either by installing the Google Browser Plugin, which sets an opt-out cookie, or by selecting the appropriate setting in your browser software. Either option will only prevent the use of web analytics if you are using the browser on which you installed the plugin and you do not delete the opt-out cookie. Please note that in this case you may not be able to use all the functions of this website to their full extent. You can find further information here (https://tools.google.com/dlpage/gaoptout) and here (https://marketingplatform.google.com/about/analytics/terms/us/).
Your personal data will be stored for 3 months and then deleted, unless longer storage is required or justified by law.
G. Transfer of personal data to third parties
Some of the recipients are located outside the European Economic Area (EEA). For more information on cross-border transfers in general and transfers outside the EEA, see H.
Your personal data may be disclosed to the following processors, who supports us in providing our services:
The processors will only process your personal data in accordance with our instructions. The legal basis is Art. 28 GDPR in conjunction with the respective data processing agreement.
In the event of a restructuring or sale of our company to a third party, your personal data may be transferred to the restructured company or third party in accordance with applicable law.
If we are legally entitled or obliged to do so (for example, due to applicable law or a court order), we may disclose your personal data.
H. Transfer of personal data to third countries
Within the scope of processing, your personal data mentioned above may be transferred to countries outside the EU and the EEA (so-called third countries).
Please note that data processed in other countries may be subject to foreign laws and may be accessible to the governments, courts and law enforcement and supervisory authorities there. However, if your personal data is transferred to third countries, we will take appropriate measures to adequately secure your data.
When transferring data to third countries, the transfer is generally protected by the application of the so-called EU standard contractual clauses. Corresponding evidence or further details can be obtained by sending an e-mail to the above address.
I. Your rights
You have the following data protection rights, depending on the circumstances of the specific case:
- Information: You have the right to request information about and access to your personal data and/or copies of such data. This includes information on the purpose of use, the category of data used, the recipients and authorized persons, and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
- Correction, blocking, deletion: You have the right to demand the correction, deletion or limitation of the processing of your personal data, insofar as its use is not permitted under data protection law. This is particularly the case if (i) the data is incomplete or incorrect, (ii) it is no longer necessary for the purposes for which it was collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised your right to object to the processing of the data; in cases where the data is processed by third parties, we will forward your requests for correction, deletion or restriction of processing to these third parties, unless this proves impossible or involves disproportionate effort;
- Refusal/revocation of your consent: Many data processing operations are only possible with your express consent. You have the right to refuse your consent or to revoke at any time any consent you have already given, without affecting the lawfulness of the data processing operations carried out before the revocation.
- Data transferability: You have the right to have data that you have provided us with handed over to yourself or a third party in a common structured, machine-readable format. However, the right to demand direct transfer to another responsible party exists only insofar as this is technically feasible.
- Right of appeal to the competent supervisory authority: If you believe that your rights have been violated as a result of your personal data not being processed in accordance with data protection regulations, you have a right of appeal to the competent supervisory authority.
- Right of objection: You have the right to object at any time to the processing of your personal data if we process your personal data for direct marketing purposes or if we process your personal data to pursue our legitimate interests and there are reasons arising from your particular situation.
You may (i) exercise the above rights or (ii) ask questions or (iii) lodge a complaint against our processing of your personal data by contacting us as set out above.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html).
The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal information, as well as deal with any complaints that you have about our processing of your personal information.