+ 49 30 509 307 500 [email protected]

Data Protection Statement

In this privacy policy, we, PRofiFLITZER GmbH, inform you about the processing of personal data when using our website: profiflitzer.de. You can print or save this privacy policy using the functions of your browser.

 

1. contact person

The contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is the

PRofiFLITZER GmbH
Streusstrasse 67-68
13086 Berlin

Phone: +49 (0) 30 509 307 500
Fax: +49 (0) 30 509 307 599
E-mail: [email protected]

For all questions on the subject of data protection in connection with our products or the use of our website, you can also contact our data protection officer at any time. This person can be reached at the above postal address and at the e-mail address given above (keyword: “Attn. Data Protection Officer”). We expressly point out that if this e-mail address is used, the contents will not be exclusively noted by our data protection officer. Therefore, if you wish to exchange confidential information, please first contact us directly via this email address.

We have our own privacy policy for our job portal my-PRofiFLITZER.de. You can access this via the following button.

TO THE PRIVACY POLICY

We have a separate data protection statement for our job portal my-PRofiFLITZER.de. You can access this using the following button.

2. data processing on our website

2.1. Calling our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes the so-called HTTP header information, including the user agent, and includes in particular:

  • IP address of the requesting device;
  • Date and time of the request;
  • Address of the called website and and path of the requested file
  • if applicable, the previously accessed website/file (HTTP referrer);
  • Information about the browser and operating system used;
  • Method of the request (e.g. GET, POST), version of the HTTP protocol, HTTP status code, size of the delivered file;
  • Request information such as language, type of content, encoding of content, character sets;
  • cookies of the accessed domain stored on the terminal device.

The data processing of this access data is necessary to enable the visit of the website, to ensure the permanent operability and security of our systems as well as for the general administrative maintenance of our website. For the purposes described above, the access data is also stored temporarily in internal log files, with the content limited to what is strictly necessary, in order to find the cause of and take action against repeated or criminally intended calls that endanger the stability and security of our website.

The legal basis for this processing is Art. 6 para. 1 p. 1 lit. b DSGVO, if the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in enabling website access and the long-term functionality and security of our systems.

The log files are stored for 30 days and archived after subsequent anonymization. Exceptionally, individual log files and IP addresses are kept longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.

2.2 Contacting

You have the possibility to contact us in particular by e-mail or telephone. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 para. 1 lit. b DSGVO, insofar as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f DSGVO due to our legitimate interest that you contact us and that we can answer your inquiry. We will only make promotional telephone calls if you have given your consent to do so. If you are not an existing customer, we will only send you promotional emails based on your consent. The legal basis in these cases is Art. 6 para. 1 lit. a DSGVO in conjunction with. § 7 para. 2 No. 1 or 2 UWG.

The data we collect when you contact us will be deleted after we have fully processed your request, unless we still need your request to fulfill contractual or legal obligations (see section “Storage period”).

2.3. Applications

You can apply for open positions through our application portal at https://profiflitzer.de/jobs/ or by emailing [email protected]. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. We collect the following data in particular for the purpose of receiving and processing your application:

  • First and last name,
  • E-mail address,
  • Application materials (e.g., references, resume, cover letter),
  • Date of earliest possible job start,
  • Salary requirement.

The legal basis for the processing of your application documents is Art. 6 para. 1 p. 1 lit. b and Art. 88 para. 1 DSGVO in conjunction with § 26 para. 1 P. 1 BDSG.

For our application portal we use the service provider JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland. We have concluded an order processing agreement with this company. Switzerland is a country outside the European Union or the European Economic Area (third country). However, an adequacy decision by the European Commission exists for data transfers to Switzerland.

We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data for as long as it is required for the employment relationship and to the extent that legal regulations require us to retain it.

If we reject your application, we will store your application data for a maximum of three months after rejecting your application, unless you give us your consent to store it for a longer period.

3. use of tools on the website

3.1. Cookie Policy

This Site uses various services and applications (collectively, “Tools”) provided either by us or by third parties. For the related use of cookies and similar technologies, in addition to the information mentioned here, we also refer to our separate Cookie Policy at: https://profiflitzer.de/cookie-richtlinie-eu/. This contains information about the individual information stored and accessed on your terminal device, including the purposes and duration of storage. The cookie policy is updated dynamically.

3.2. Technologies used

For example, the tools used may use the following technologies to store or access information in the terminal device:

  • Cookies: information stored on the terminal device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.
  • Web Storage (Local Storage / Session Storage): information stored on the terminal device, consisting of a name and a value. Information in the Session Storage is deleted after the session, while information in the Local Storage has no expiration date and basically remains stored unless a mechanism for deletion has been set up (e.g. storage of a Local Storage with time entry). Information in Local and Session Storage can also be removed manually.
  • JavaScript: programming codes (scripts) embedded in or called up from the website that set cookies and web storage, for example, or actively collect information from the end device or about the usage behavior of visitors. JavaScript can be used for “active fingerprinting” and usage profiling. JavaScript can be blocked by a setting in the browser, although most services will then no longer function.
  • Pixel: tiny graphic automatically loaded by a service, which can make it possible to recognize visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of call-up) and to determine, for example, the opening of an e-mail or the visit to a website. With the help of pixels, “passive fingerprinting” and the creation of usage profiles can thus be carried out. The use of pixels can be prevented, for example, by blocking images, such as in e-mails, although the display is then severely restricted.

With the help of these technologies and also by simply establishing a connection on a page, so-called “fingerprints” can be created, i.e. usage profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints due to connection establishment cannot be completely prevented manually.

Most browsers are set by default to accept cookies, run scripts, and display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services will probably not work or not work properly.

The tools we use are listed below by category. It also explains in which cases we obtain your voluntary consent to use the tools and how you can revoke it.

3.3. Legal basis

We use tools necessary for website operation based on our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to provide the basic functions of our website. In certain cases, these tools may also be necessary for the performance of a contract or to carry out pre-contractual measures, in which case the processing is carried out pursuant to Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the terminal device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent in advance.

If personal data is transferred to third countries (such as the USA), please refer to section 7 “Data transfer to third countries”, also with regard to the risks this may entail. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we transfer the data processed when using the tools (also) on the basis of this consent pursuant to Art. 49 para. 1 lit. a GDPR to third countries.

3.4. Obtaining your consent

We use the Complianz tool to obtain and manage your consents. This generates a banner informing you about data processing on our website and giving you the option to consent to all, some or no data processing through optional tools. This banner appears the first time you visit our website and when you revisit the selection of your preferences to change them or revoke consents. The banner will also appear on further visits to our website, provided you have deactivated the storage of cookies or the cookies have been deleted or have expired.

Complianz stores necessary information on your terminal device to document the consents and revocations you have given. These are listed individually in our Cookie Policy: https://profiflitzer.de/cookie-richtlinie-eu/.

The data processing is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Complianz is Art. 6 para. 1 lit. f DSGVO, justified by our interest in meeting the legal requirements for consent management. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

3.5. Revocation

You can revoke your consent for certain tools, i.e. for the storage and access to information in the terminal device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do so, click on the following link/button: [Link/Button]. There you can also change the selection of tools they want to consent to use. Alternatively, you can assert your revocation directly with the provider for certain tools.

3.6. Necessary tools

3.6.1. Purposes, legal bases, data processed

We use certain tools to enable the basic functions of our website (“necessary tools”). These include, for example, tools for preparing and displaying website content, language storage, storage of previously viewed content, consent management, management and integration of tools, fraud detection and prevention, and ensuring the security of our website. Without these tools we could not provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity to fulfill our legitimate interests according to Art. 6 para. 1 lit. f DSGVO in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, the legal basis for the data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

In the event that personal data is transferred to third countries (such as the USA), we refer to Section 7 “Data transfer to third countries” in addition to the information provided below.

3.6.2. Google Tag Manager

Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).

The Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is placed in the source code of our website to run a tool, such as scripts. If these are optional tools, they are only integrated by Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and does not require the use of cookies.

The legal basis is Art. 6 para. 1 lit. f DSGVO, based on our legitimate interest to include and manage multiple tags on our website in a straightforward manner.

For the purpose of ensuring stability and functionality, Google collects information about which tags are integrated by our website as part of the use of the Google Tag Manager. However, the Google Tag Manager does not store any personal data beyond the mere establishment of the connection, in particular no data about usage behavior or the pages visited.

We have concluded an order processing agreement with Google Ireland Limited. In the event that personal data is transferred by Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 para. 2 lit. c DSGVO concluded.

For more information, see Google’s information on Tag Manager: https://support.google.com/tagmanager/answer/6102821.

3.6.3. Google reCAPTCHA

Our application portal (see section 2.3) uses the Google reCAPTCHA service for job offers, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for persons from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”) for all other persons.

reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities in the job advertisements of the application portal, i.e. it checks whether the entries made actually originate from a human being. For this purpose, reCAPTCHA uses JavaScript and stores cookies and information in local storage on your terminal. In particular, the following data are processed:

 

  • Referrer URL (address of the page from which the visitor came);
  • IP address;
  • cookies set by Google;
  • Snapshot from the browser window;
  • User input behavior (e.g. answering the reCAPTCHA question, input speed in form fields, order in which the user selects input fields, number of mouse clicks);
  • Technical information: Browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (JavaScript).

Furthermore, Google reads the cookies from other Google services such as Gmail, Search and Analytics. If you do not wish this assignment to your Google account, it is necessary that you log out of Google before calling up the job advertisement of the application portal.

The above data is sent to Google in encrypted form. Google’s evaluation decides in which form the captcha is displayed on the page. According to Google, your data will not be used for personalized advertising.

The legal basis in the context of the job advertisements of the application portal is the necessity for the fulfillment of a contract or for the implementation of pre-contractual measures according to Art. 6 para. 1 lit. b GDPR. Google reCAPTCHA is used to protect IT security, ensure the stability of our website and prevent misuse.

In some cases, the data may also be processed on servers in the USA.

You can find more information:

3.6.4. WordPress Statistics

Our website uses the WordPress Statistics plugin to perform simple reach analysis and improve our website. WordPress Statistics uses JavaScript for this purpose. With the help of this plugin, the use of our website is evaluated in aggregated form and visually processed.

In particular, the following data are processed for this purpose:

  • IP address (which is anonymized);
  • Pages viewed;
  • Previously viewed pages, search engine and keyword, if applicable;
  • Technical information about your browser and operating system;
  • Approximate location (country, city).

The legal basis is Art. 6 para. 1 lit. f DSGVO, based on our legitimate interest to perform a simple reach analysis of our website. Access to information in the terminal device is thereby absolutely necessary and takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

For more information on WordPress Statistics, please visit: https://wordpress.org/plugins/wp-statistics/.

3.7. Analysis tools

3.7.1. Purposes, legal bases, data processed

In order to improve our website, we use optional tools to recognize visitors and to statistically collect and analyze usage behavior based on access data (“analytics tools”). We also use analytics services to evaluate the use of our marketing channels. The usage information collected is aggregated and allows us to track the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see section 3.5: “Revocation”.

In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Art. 49 (1) a DSGVO). Please refer to section 7 “Data transfer to third countries” for the associated risks.

Data collected may include, in particular:

  • the IP address of the end device,
  • approximate location,
  • the date and time of access,
  • pages visited (URL, title, dwell time),
  • previously visited page (referrer URL)
  • downloaded files,
  • clicked links,
  • the information of a cookie or in local or session storage,
  • the device identifier of mobile devices (e.g. device ID, advertising ID) as well as
  • technical information about the terminal device, browser and operating system.
3.7.2. Google Analytics

Our website uses the Google Analytics 4 service (“Google Analytics”), which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for individuals from Europe, the Middle East and Africa (EMEA) and by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively “Google”) for all other individuals.

Google Analytics uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. These are listed individually in our Cookie Policy: https://profiflitzer.de/cookie-richtlinie-eu/.

This is used to analyze your usage behavior and to improve our website. We will process the information obtained to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred by Google to a server in the USA for evaluation and stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. For example, Google Analytics models 4 conversions to the extent that there is not enough data to optimize analysis and reports. For information, please visit: https://support.google.com/analytics/answer/10710245. The data evaluations are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria. To learn more, visit: https://support.google.com/analytics/answer/9443595.

We have made the following privacy settings for Google Analytics:

  • IP anonymization (shortening of the IP address before evaluation);
  • Automatic deletion of old visit logs by limiting the storage period to 2 months;
  • No reset of the retention period in case of new activity;
  • Disable the collection of accurate location and position data;
  • Disable the collection of accurate device data;
  • Disabled advertising feature (including audience remarketing through GA Audience);
  • Disabled Remarketing;
  • Disabled cross-device and cross-page tracking (Google Signals);
  • Disabled data sharing to other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

  • IP address;
  • User ID, Google ID (Google Signals) and/or device ID;
  • Referrer URL (previously visited page);
  • Pages viewed (date, time, URL, title, time spent);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions);
  • Technical Information: Operating system; browser type, version, and language; device type, brand, model, and resolution;
  • Approximate location (country and city, if applicable, based on anonymized IP address).

For more information about Google Analytics 4 cookies, please visit: https://support.google.com/analytics/answer/11397207?hl=de.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

We have concluded an order processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred by Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 para. 2 lit. c DSGVO concluded. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

For more information, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

 

 

3.8. Marketing – Tools

3.8.1. Purposes, legal bases, data processed

We also use optional tools for advertising purposes (“Marketing Tools”). Some of the access data generated when using our website is used to create usage profiles that store, in particular, your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyze your usage behavior in order to recognize you on other pages and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (especially so-called conversions and leads). However, the data collected is only stored pseudonymously, so that no direct conclusions can be drawn about individuals.

The legal basis for the marketing tools is your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see section 3.5: “Revocation”.

In the event that personal data is transferred to third countries (such as the USA), your consent expressly extends to the data transfer (Art. 49 para. 1 lit. a DSGVO). Please refer to the section “Data transfer to third countries” for the associated risks.

Data collected may include, in particular:

  • the IP address of the end device,
  • approximate location,
  • the date and time of access,
  • pages visited (URL, title, dwell time),
  • previously visited page (referrer URL)
  • downloaded files,
  • clicked links,
  • the information of a cookie or in local or session storage,
  • the device identifier of mobile devices (e.g. device ID, advertising ID) as well as
  • technical information about the terminal device, the browser and the operating system.

3.9. YouTube video integration

We have embedded videos in our website that are stored on YouTube and can be played directly from our websites. YouTube is a multimedia service of YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In the process, YouTube may store information such as local storage and session storage on your terminal device and execute JavaScript, which accesses information in your terminal device.

We have activated YouTube’s enhanced privacy mode. As a result, according to YouTube’s own documentation, Google receives less usage information and also does not personalize video recommendations and advertisements. Cookies are no longer stored. However, information will still be stored in the Local Storage and Session Storage of your end device, in particular your device ID and other information regarding the playback of the video, which can be retrieved by Google.

The following information is stored in the Local Storage:

  • “yt-remote-device-id”: storage of the device ID;
  • “yt-player-headers-readable”: Saves the possibility of reading the player header information;
  • “yt.innertube::requests”: storage of the user’s requests;
  • “yt.innertube::nextId”: store the ID of the next video;
  • “yt-remote-connected-devices”: storage of the connected end devices;
  • “yt-player-bandwidth”: store the bandwidth of the connection;
  • “yt-player-volume”: save the volume of the video;
  • “yt-player-quality”: save the resolution/quality of the video;
  • “yt-player-performance-cap”: storage of a possible cap on resolution due to the bandwidth of the connection;
  • “yt-html5-player-modules::subtitlesModuleData::module-enabled”: Store whether subtitles are enabled.

The following information is stored in the session storage:

  • “yt-remote-session-app”: storage of the type of terminal device;
  • “yt-remote-cast-installed”: Storage whether YouTube streaming is installed;
  • “yt-remote-session-name”: store the type of terminal device;
  • “yt-remote-cast-available”: Store whether YouTube streaming is available;
  • “yt-remote-fast-check-period”: saving the check of the bandwidth of the connection;
  • “yt-player-volume”: save the volume of the video;
  • “yt-player-caption-language-preferences”: save the language of the subtitles.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the terminal device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your express consent pursuant to Art. 49 para. 1 lit. a GDPR.

By visiting our website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether you are logged in to YouTube or Google or not. In addition, if you access YouTube on our website while logged into your YouTube or Google profile, YouTube and Google may link this event to the respective profiles. If you do not want the assignment, it is necessary that you log out of Google before calling up our website.

You can prevent the collection of data relating to your use of this website and the processing of this data by Google by deactivating personalized advertising in Google’s advertising settings: https://adssettings.google.com/notarget. In this case, Google will display only non-individualized advertising.

Further information can be found in Google’s privacy policy, which also applies to YouTube: https://policies.google.com/privacy.

4. disclosure of data

The data we collect will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

 

  • You have provided us with your personal data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO have given express consent to this,
  • the disclosure according to Art. 6 para. 1 p. 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
  • we according to Art. 6 para. 1 p. 1 lit. c DSGVO are legally obliged to disclose, in particular if this is necessary for legal prosecution or enforcement due to official requests, court decisions and legal proceedings, or
  • this is legally permissible and in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO is necessary for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.

Part of the data processing is carried out by KAMP Netzwerkdienste GmbH. Other parts of the data processing may be carried out by other of our service providers. In addition to the service providers mentioned in this privacy statement, this may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies.

If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, and are regularly monitored by us.

5. social networks

5.1. Operation of corporate sites
5.1.1. General

We operate company pages on social networks in order to communicate there with customers, interested parties and users, among others, and to provide information about our services.

The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, usage profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements are then placed within the social networks, for example, but also on third-party websites.

As part of the operation of our company pages, it is possible that we may access information such as statistics on the use of our company pages provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) as well as data on interaction with our company pages (e.g. likes, subscription, sharing, viewing of images and videos) and the posts and content distributed via them. These can also provide information about users’ interests and which content and topics are particularly relevant to them. This information may also be used by us to customize the design and optimize our activities and content on the Company Sites for our audience. Please refer to the list below for details and links to the social network data that we, as operators of the company pages, can access. The collection and use of these statistics is usually subject to joint accountability. Where applicable, the relevant contract is listed below.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b DSGVO to stay in contact with and inform our customers and to carry out pre-contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may allow us to contact you. This can be done, for example, via direct messages or via posted articles. The content communication via the social network and the processing of the content data is subject to the responsibility of the social network as messenger and platform service. As soon as we transfer or further process personal data from you into our own systems, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 para. 1 lit. b GDPR.

For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection notices of the respective social network. The links below also provide you with further information on the respective data processing as well as the options to object.

We would like to point out that the most efficient way for you to assert your data protection requests and rights is against the respective provider of the social network. They have access to the data and can implement appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network. We are happy to support users in asserting their rights as far as we are able.

Below is a list of information about the social networks on which we operate company pages:

5.1.2. Facebook Fanpage
5.1.3. Instagram fan page
5.1.4. LinkedIn Company Page
5.1.5. Xing company page
    5.2. Links and buttons to social networks

      There are buttons on our website to link to our company pages on social networks. When you press these buttons, you will be redirected to the corresponding social network. There, the data protection provisions of the respective providers of the social networks apply.

      In our blog there are also buttons for sharing posts on social networks. These buttons, when clicked, open a new window of the corresponding social network where you can share our blog post.

      In both cases, no data processing will take place as long as you do not press the button. These are hyperlinks that open the social networks in a new window or tab.

      6. storage period

      In principle, we store personal data only as long as necessary to fulfill the purposes for which we collected the data. Thereafter, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

      For evidentiary purposes, we must retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims shall become statute-barred at the earliest on this date in accordance with the standard statutory limitation period.

      Even after that, we still have to store some of your data for accounting reasons. We are obliged to do so because of statutory documentation requirements that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

      7. data transfer to third countries

      As explained in this Privacy Policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. To the extent that this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

      Where this is not possible, we base the data transfer on exceptions of Art. 49 DSGVO, in particular your explicit consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

      If a third country transfer is provided for and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transferred data in order to collect and analyze it, and that enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed about this.

      8. your rights

      8.1. General

      You have the following rights as a data subject:

      • Right to information (Art. 15 DSGVO): You have the right to request information about the processing of your personal data by us at any time. In the course of providing information, we will explain the data processing to you and provide you with an overview of the data stored about your person.
      • Right to rectification (Art. 16 DSGVO): If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.
      • Right to erasure (Art. 17 DSGVO): You can also request the deletion of your data. If deletion is exceptionally not possible due to other legal regulations, the data will be blocked so that they are only available for this legal purpose.
      • Right to restriction of processing (Art. 18 DSGVO): You can also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect.
      • Right to data portability (Art. 20 DSGVO): You also have the right to data portability, which means that we will provide you with a digital copy of the personal data you have provided to us upon request.

      To exercise your rights described here, you may contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees demonstrating an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.

      Your inquiries regarding the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, even longer if there is cause to assert, exercise or defend legal claims. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in defending against any civil claims under Art. 82 GDPR, avoiding fines under Art. 83 GDPR, and fulfilling our accountability obligations under Art. 5(f) GDPR. 2 GDPR.

      Finally, you have the right to complain to a data protection supervisory authority (Art. 77 DSGVO). You can exercise this right, for example, before a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement. In Berlin, the responsible supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

      8.2. Right of revocation and objection

      You have the right to revoke your consent at any time (Art. 7 para. 3 DSGVO). As a result, we will no longer continue the data processing that was based on this consent for the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

      Insofar as we use your data on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO, you have the right to object to the processing of your data on grounds relating to your particular situation (Article 21(1) DSGVO). If it is a matter of an objection to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons (Article 21 (2) DSGVO).

      If you wish to exercise your right of revocation or objection, it is sufficient to send an informal message to the above contact details.

      9. changes to the privacy policy

      We may occasionally update this privacy statement, for example, if we make changes to our website or if legal or regulatory requirements change.

      Version: 2.0 / Status: January 2023