Duty to Provide Information pursuant to the GDPR
Person Responsible for Data Processing pursuant to Art 13 (1) lit. a)
Company name according to Section 17 (1) of the German Commercial Code (HGB) incl. contact details of the person responsible (GF)
SIKO GmbH
Managing Director:
Sven Wischnewski, B. of Eng
Weihermattenweg 2
79256 Buchenbach
Telephone +49 7661 394-0
Fax +49 7661 394-388
Freiburg District Court, Commercial Register No. 1516
Contact data of the data protection officer pursuant to Article 13 (1) lit. b)
Helbig Datenschutz GmbH
Michaela Helbig
Nürnberger Str. 24 c
90518 Altdorf b. Nürnberg
Phone: +49 9123 70275-10
E-Mail: dataprotection.de(at)siko-global.com
Purpose and legal basis of data processing pursuant to Art. 13 (1) lit. c)
Personal data are processed for the purpose of fulfilling contracts or implementing pre-contractual measures. This includes customer master data with contact persons as well as the contact history, quotations, orders, invoices, project data and other legal obligations of the person responsible.
The legal bases are derived from Art. 6 of the GDPR. Other important legal bases are derived from the German Commercial Code, tax law, the Law on Limited Liability Partnerships and other legal regulations relevant for SIKO GmbH. These also include contractual regulations. The processing of newsletters is based on consent of the parties concerned.
Processing is for protecting the legitimate interests of the person responsible or a third party pursuant to Art. 13 (1) lit. d)
To the extent necessary, we also process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. These include:
- Sales management and sales controlling
- Asserting legal claims and mounting a defense in legal disputes
- Ensuring IT security and operation
- Measures for maintaining building and system security (e.g., access controls) as well as the right of the owner of premises to undisturbed possession
- Measures for business management and further development of employees
- Conducting surveys
Categories of recipients of personal data (data transmission) pursuant to Art. 13 (1) lit. e)
Within Germany, the European Union and the European Economic Area
Auditors, bailiffs and other creditors as well as other government agencies for the fulfillment of legal obligations and for requested certificates, logistics companies, customers as well as suppliers and other agencies and business partners.
Third country incl. appropriateness decision pursuant to Article 13 (1) lit. f)
Within the context of international business relationships, transmission is pursuant to Article 6 (1) lit. b for fulfilling contracts or implementing pre-contractual measures. For this purpose, an adequacy decision is not required.
Information about the rights of persons affected
The person affected has the right to request confirmation from the person responsible as to whether any personal information concerning him/her is undergoing processing; if this is the case, he/she has a right to information about these personal data and the information specified in Art. 15 of the GDPR.
The person affected has the right to demand that the person responsible party correct incorrect personal data concerning him/her and, if applicable, incomplete personal data (Art. 16 of the GDPR) without delay.
The person affected has the right to request that the person responsible delete personal data concerning him/her without delay if one of the reasons specified in Art. 17 of the GDPR applies, e.g., if the data are no longer required for the purposes pursued (right of deletion).
The person affected has the right to demand that the person responsible restrict processing for the duration of the check by the person responsible check if one of the conditions listed in Art. 18 of the GDPR applies, e.g., if the person affected has lodged an objection to processing.
The person affected party has the right to object at any time to the processing of personal data concerning him/her for reasons arising from his or her particular situation. The person responsible party will no longer process the personal data unless he/she can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the person affected, or the processing is for the purpose of establishing, exercising or defending legal claims (Art. 21 of the GDPR).
Rights of persons affected pursuant to Art. 13 (2) lit. c)
If you have given us your consent to process personal data for specific purposes (e.g., processing pictures of persons affected), the legality of this processing is based on your consent. You may revoke your consent at any time. This also applies to revocation of declarations of consent that were given to us before the GDPR was valid, i.e., before May 25, 2018. Please note that such revocation is only with future effect. Processing operations that are performed prior to the revocation are not affected
Right of complaint at a supervising authority pursuant to Article 13 (2) lit. d)
Any person affected has the right of appeal to a supervisory authority, without prejudice to any other administrative or judicial remedy, if the person affected considers that the processing of personal data concerning him or her is in contravention of the GDPR (Article 77 of the GDPR). The person affected may exercise this right before a supervisory authority in the member state in which he or she resides or works or in which the suspected infringement took place.
The competent supervisory authority in Baden-Württemberg is:
State Commissioner for Data Protection and Freedom of Information
Address:
Königstrasse 10 a
70173 Stuttgart
Postal address:
P.O. Box 10 29 32
70025 Stuttgart
Telephone: +49 711 615541-0
Fax: +49 711 615541-15
Email: poststelle(at)lfdi.bwl.de
Provision of personal data pursuant to Article 13 (2) lit. e)
In the context of our business relationship, you must only provide those personal data that are necessary for fulfilling a contract or implementing pre-contractual measures or for which we are legally obliged to collect. We are usually not able to conclude a contractual relationship without these data.
Amendment to the purpose of the Data Privacy Policy
Change of purpose
We reserve the right to change this Data Privacy Policy in accordance with applicable data protection regulations. You can find the current version under the Data Protection Declaration on our website. If we intend to process your data for other purposes, i.e., for purposes other than those for which they have been collected, we will inform you in advance of the statutory provisions.
As of May 18, 2018
1.1 Data Privacy at a Glance
General Information
The following information provides a simple overview of what happens with your personal data when you visit our website. Personal information means any data by which you could personally be identified. Detailed information on the subject of data protection can be found in our privacy policy below.
How do we collect your data?
On the one hand, your data are collected when you communicate it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data (e.g., the browser and operating system you are using or time when you accessed the page). These data are collected automatically as soon as you visit our website.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that the data are corrected, blocked, or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of data privacy. In addition, you have a right to complain to the supervisory authority responsible.
You can contact us at any time using the address given in our legal notice if you have further questions on the topic of data privacy.
1.2 Hosting und Content Delivery Networks (CDN)
External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hosts' servers. These may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) lit. b of the GDPR) and in the interest of a safe, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) lit. f of the GDPR).
Our hoster will only process your data to the extent necessary to fulfill its performance obligations and to comply with our instructions regarding these data.
1.3 General and Mandatory Information
Data Privacy
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data are collected. Personal data means data by which you could personally be identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this is done.
We hereby give notice that data transmitted via the internet (e.g., via email communication) may be subject to security breaches. It is not possible to protect your data from third parties completely.
Storage duration
Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate deletion request or revoke consent to data processing, your data are deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons have ceased.
Information on data transfer to the USA
Our website includes tools from companies based in the USA, among other things. If these tools are active, your personal data may be shared with the US servers of the respective companies. We would like to point out that the USA is not a secure third country within the meaning of EU data protection law. Us companies are required to disclose personal data to security authorities without your being able to take legal action. Therefore, it cannot be ruled out that US authorities (e.g., secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Revoking your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time. To do so, an informal message sent to us by email is sufficient. The legality of the data processing performed prior to the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 of the GDPR)
IF THE DATA IS PROCESSED ON THE BASIS OF ART. 6 (1) LIT. E OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION STATEMENT. IF YOU LODGE YOUR OBJECTION, WE WILL NO LONGER PROCESS YOUR RELEVANT PERSONAL UNLESS WE CAN PROVE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOM, OR THE PROCESSING SERVES THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ON THE BASIS OF ART. 21 (1) OF THE GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF SUCH ADVERTISING, INCLUDING PROFILING IN SO FAR AS IT IS RELATED TO SUCH DIRECT MARKETING. THIS ALSO APPLIES TO ANY PROFILING CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR PURPOSES OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 (2) OF THE GDPR).
Right to file complaints with the competent supervisory authority
In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, particularly in the member state of their habitual residence, workplace or place of presumed infringement. Your right to complain exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have data which we process on the basis of your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you request the direct transfer of data to another data controller, this shall only take place to the extent that is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, deletion, and correction
You have the right within the context of legal provisions to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have these data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Right to limitation of processing
You have the right to request that the processing of your personal data be restricted. You can contact us at any time concerning this using the address given in the imprint. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. You have the right to restrict processing of your personal data during the verification period.
- If the processing of your personal data has taken/is taking place unlawfully, you can demand the restriction of data processing instead of data deletion.
- If we no longer require your personal data but you do for exercising, defending or asserting legal claims, you have the right to demand that the processing of your personal data be restricted instead of data being deleted.
- If you have lodged an objection pursuant to Art. 21 (1) pf the GDPR, your as well as our interests must be weighed. As long as which interests have priority has not been determined, you have the right to restrict processing of your personal data.
Where processing of your personal data has been restricted, such data, apart from being stored, may be processed only with your consent, or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person, or on the grounds of an important public interest of the European Union or a member state.
Objection to marketing emails
The use of the contact data published as part of editorial imprint requirements by third parties for sending advertisement and informational materials not expressly requested is hereby prohibited. The operators of the sites reserve the right to take express legal steps in the case of unsolicited promotional information, such as spam emails.
1.4 Data Collection on This Website
Cookie consent with Cookiebot
Our website uses Cookiebot's cookie-consent technology to obtain your consent to the storage of certain cookies on your device and to document them in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as “Cookiebot”).
When you log on to our website, a connection is established to the servers of Cookiebot to obtain your consent and other explanations about the use of cookies. Cookiebot then stores a cookie in your browser to be able to assign the granted consents or their revocation to you. The data collected in this way are stored until you ask us to delete it, delete the cookie offer cookie itself or the purpose for data storage ceases to apply. Compulsory storage obligations mandated by law remain unaffected by this.
The use of Cookiebot is done to obtain the legally prescribed consent for the use of cookies. The legal basis for this is Art. 6 (1) sentence 1 lit. c of the GDPR.
Server log files
The website provider automatically collects and stores information in "server log files", which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Time of the server request
- IP address
These data are not combined with data from other sources.
These data are collected based on Art. 6 (1) lit. f of the GDPR. The website operator has a legitimate interest in the technically fault-free display and optimization of its website; for this purpose, the server log files must be recorded.
Contact form
Should you send us questions via the contact form, we will store the data entered on the form, including the contact details you provide, for processing the question and any follow-up questions and forward them to our sales partners and subsidiaries for processing. Any disclosure to other parties will only be made with your express consent.
These data are processed on the basis of Art. 6 (1) b of the GDPR, provided your request is related to the performance of a contract or necessary for the implementation of pre-contractual arrangements. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) lit. f of the GDPR) or on your consent (Art. 6 (1) lit. a of the GDPR) if this has been requested.
We will retain the data you provide on the contact form until such time as you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g., after fulfilling your request). Any mandatory statutory provisions – especially those regarding mandatory data retention periods – remain unaffected by this provision.
Inquiry by email, phone or fax
If you contact us by email, phone or fax, your request, including all ensuing personal data (name, nature of inquiry), is stored and processed by us for the purposes of processing your request and forward them to our sales partners and subsidiaries for processing. Any disclosure to other parties will only be made with your express consent.
These data are processed on the basis of Art. 6 (1) b of the GDPR, provided your request is related to the performance of a contract or necessary for the implementation of pre-contractual arrangements. In all other cases, the processing is based on your consent (Art. 6 (1) lit. a of the GDPR) and / or on our legitimate interests (Art. 6 (1) lit. f of the GDPR), as we have a legitimate interest in effectively processing the requests addressed to us.
We will retain the data you provide via the contact request until such time as you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g., after processing your issue). Any mandatory statutory provisions – especially those regarding legal data retention periods – remain unaffected by this provision.
1.5 Social Media
Facebook Plugins (Like & Share Buttons)
Plugins of the social media network Facebook are integrated on our website. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected will also be transferred to the USA and other third countries.
You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. As a result, Facebook receives information that you visited this website using your IP address. If you click the Facebook "Like" button while you are logged in to Facebook, you can link the contents of this website with your Facebook profile. As a result, Facebook can link your visit to this website with your user account. We point out that we as provider of the website do not receive any information about the contents of the transmitted data nor their use by Facebook. You can find further information about this in the Data Privacy Policy of Facebook at: https://de-de.facebook.com/privacy/explanation.
If you do not want Facebook to be able to link the visit to this website with your Facebook user account, please log out from your Facebook account.
The use of Facebook plugins is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.
Twitter Plugin
The functions of Twitter are integrated into our website. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use Twitter and “Re-Tweet“ function, the Websites you visit are linked with your Twitter account and made known to other users. In this context, data are also transmitted to Twitter. We point out that we as provider of the website do not receive any information about the contents of the transmitted data nor their use by Twitter. You can find further information about this in the Data Privacy Policy of Twitter at: https://twitter.com/de/privacy.
The use of Twitter plugins is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
You can change your data privacy settings in your account settings at Twitter at https://twitter.com/account/settings.
Instagram Plugin
The functions of Instagram are integrated into this website. These features are provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
If you are logged into your Instagram account, you can click the Instagram button to link the content of this website to your Instagram profile. As a result, Instagram can link your visit to this website with your user account. We point out that we as provider of the website do not receive any information about the contents of the transmitted data nor their use by Instagram.
These data are collected and analyzed based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
You can find further information about this in the Data Privacy Policy of Instagram: https://instagram.com/about/legal/privacy/.
LinkedIn Plugin
This website uses functions from the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Each time one of our pages of this website containing LinkedIn features is accessed, your browser establishes a direct connection to LinkedIn servers. LinkedIn is informed that you have visited this website from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to this website to your user account. We point out that we as provider of the website do not receive any information about the contents of the transmitted data nor their use by LinkedIn.
The use of LinkedIn plugins is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
You can find further information about this in the data protection privacy of LinkedIn at: https://www.linkedin.com/legal/privacy-policy.
XING Plugin
This website uses functions from the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data are stored in the process. In particular, no IP addresses are stored nor is usage behavior evaluated.
These data are collected and analyzed based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the greatest possible visibility in social media. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
For more information about data protection and the XING Share button, please see the XING data protection policy at: https://www.xing.com/app/share?op=data_protection.
1.6 Analysis Tools and Advertising
Google Analytics
This website uses functions of web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. Here the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. These data might be summarized by Google in a profile that is assigned to the respective user or their device.
Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of the website is usually transmitted to and stored on a Google server in the USA.
The use analysis tools is based on Art. 6 (1) lit. f of the GDPR. The website owners have a legitimate interest in analyzing user behavior to optimize their website and advertising. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymization
We activated the IP anonymization function on this website. As a result, tour IP address is truncated by Google within the European Union or and the European Economic Area prior to transmission to the United States. The complete IP address is only transmitted to a Google server in the USA in exceptional cases and abbreviated there. For order of the operator of this website, Google uses this information to evaluate your use of this website, create reports about the website activities and provide other services connected with use of the website and Internet for the website operator. The IP address transmitted from your browser within the context of Google Analytics will not be associated with other data of Google.
Browser Plugin
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information about how Google Analytics handles user data in Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: deactivate Google Analytics
You can find more information about how Google Analytics handles user data in Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de.
Demographic features of Google Analytics
This website uses Google Analytics' "Demographics" function. This allows reports to be generated containing statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account, or you can generally forbid the collection of your data by Google Analytics as described in the section “Objection to data collection.”
Storage duration
Data stored by Google at the user and event level, which are linked to cookies, user identifiers (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID), are anonymized or deleted after 14 (fourteen) months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de
Kyto
This website uses functions of web analytics service Kyto GmbH. (https://www.kyto.de) (Linienstrasse 126, 10115 Berlin, hereinafter referred to as: “Kyto”, Ireland.
In this case, data are collected, processed and stored, which are used to create user profiles using a pseudonym. These use profiles are completely anonymized whenever possible and meaningful. Cookies can be used for this purpose. Cookies are small text files that are stored in the visitor's internet browser and serve to recognize the internet browser. The collected data may also contain personal data that are either transferred to Kyto or collected directly by Kyto.
Kyto may use information obtained from visits to the website to create anonymized user profiles. The collected data are not used to personally identify the visitor without the separate consent of the visitor. The data are not merged with personal data via the pseudonym. Any IP addresses possibly collected shall be anonymized immediately after collection by deleting the last number block.
On the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. f. GDPR), we use the web analysis service of Kyto GmbH. (https://www.kyto.de) (Linienstrasse 126, 10115 Berlin, hereinafter referred to as: “Kyto”). If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
In addition, consent for the collection, processing and storage of data can be revoked at any time with future effect. Simply click the following Opt-Out link.
Setting and saving cookies can also be bypassed via browser settings, but this may result in limited functionality of the website.
Google AdSense (not personalized)
This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google AdSense in “non-personalized” mode. Unlike personalized mode, the ads are therefore not based on your previous user behavior and no user profile is created for you. Instead, “context information” is used when selecting the advertisement. For example, the ads selected are based on your location, the content of the site you are on, or your current keywords. You can learn more about the differences between personalized and non-personalized targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.
Please note that cookies or comparable recognition technologies (e.g., device fingerprinting) can also be stored in non-personalized mode when you use Google AdSense. According to Google, these are used to combat fraud and abuse.
The use of v is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the most effective marketing possible of its website If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can adjust your advertising settings independently in your user account. To do this, click the following link and log in: https://adssettings.google.com/authenticated.
You can find additional information about the advertising technologies of Google here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.
Google Remarketing
This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user patterns on our website (e.g., clicks on specific products) to allocate a certain advertising target groups to you and to subsequently display matching online offers to you when you visit other online offers (remarketing or retargeting).
In addition, the advertising target groups created with Google Remarketing can be linked to the cross-device functions of Google. This allows advertising to be displayed based on your personal interests, identified from your previous usage and surfing behavior on one device (e.g., your cellphone), on other devices (such as a tablet or computer).
If you have a Google Account, you can opt out of personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the most effective marketing possible of its products If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
You can find additional information and the data protection provisions in Google's data protection policy at: https://policies.google.com/technologies/ads?hl=de.
Google Ads
This website uses Google Ads. Google Ads is the online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). In addition, targeted advertisements can be displayed based on the user data available at Google (e.g., location data and interests) (target group targeting). As a website operator, we can evaluate these data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of Google Ads is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in the most effective marketing possible of its products
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion Tracking
This website uses Google conversion tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, we and Google can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly often. This information is used to generate conversion statistics. We find out the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.
The use of Google Conversion Tracking is based on Art. 6 (1) lit. f of the GDPR. The website owners have a legitimate interest in analyzing user behavior to optimize their website and advertising. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
For more information about Google Conversion Tracking, please refer to Google's data protection policy: https://policies.google.com/privacy?hl=de.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, stores no cookies and does not carry out independent analyses. It is only used to manage and run the tools that are integrated through it. However, Google Tag Manager collects your IP address, which can also be transferred to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6 (1) lit. f of the GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Google DoubleClick
This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland “hereinafter referred to as 2DoubleClick”).
DoubleClick is used to show you interest-based ads in the complete Google ad network. The advertisements can be tailored to the interests of the respective viewer with the help of DoubleClick. For example, our ads can appear in Google search results or in advertising banners associated with DoubleClick.
DoubleClick must be able to recognize the viewer to be able to display advertisements that suit the user's interests. For this purpose, a cookie is stored in the user's browser, behind which the websites visited by the user, clicks and various other information are stored. This information is combined into a pseudonymous user profile to display interest-oriented advertising to the user concerned.
Google DoubleClick is used for targeted advertising purposes. This represents a legitimate interest within the meaning of Art. 6 (1) (f) of the GDPR. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
You can set your computer to not store any cookies. However, this may entail a limitation of the accessible website functions. It is also pointed out that DoubleClick might also use other technologies under certain circumstances to form user profiles. Disabling cookies therefore offers no guarantee that user profiles will no longer be created.
For more information on how to object to ads displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.
Facebook Pixel
Our website measures conversions using visitor action pixels from Facebook. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected will also be transferred to the USA and other third countries.
These allow the behavior of site visitors to be tracked after they click a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
The collected data are anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook Data Use Policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We as the operator of the site have no control over how these data are used.
The use of Facebook Pixels is based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in effective promotional activities, including social media. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
In Facebook's privacy policy, you will find further information on protecting your privacy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. screen. To do so, you first need to log into Facebook.
If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Mouseflow
This website uses Mouseflow, a web analysis tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark. Data processing is used for the purpose of analyzing this website and its visitors. The data are collected and stored for optimization and marketing purposes. These data can be used to create user profiles under a pseudonym. Cookies can be used for this. The Mouseflow web analysis tool records randomly selected individual visits (only with an anonymized IP address).
This creates a record of mouse movements and clicks with the intention of randomly playing back individual website visits, thus deriving potential improvements for the website. The data collected with these technologies are not used to identify the visitor of this website personally and are not combined with personal data of the carrier of the pseudonym without the individually granted consent of the person affected. Processing is carried out on the basis of Art. 6 (1) f) GDPR based on legitimate interest in direct customer communication and in the needs-based design of the website. You have the right at any time to object, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 (1) (f) GDPR.
To do this, you can globally disable a recording on all websites using Mouseflow for the browser you are using at the following link: https://mouseflow.de/opt-out/.
1.7 Newsletter
Newsletter Data
If you would like to receive the newsletter provided on this website, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data are collected or will only be collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form are processed exclusively on the basis of your consent (Art. 6 (1) lit. a of the GDPR). You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g., via the "unsubscribe" link in the newsletter. The legality of data processing which has already occurred remains unaffected by this revocation.
The data stored with us for the purpose of receiving our newsletter are stored by us or the newsletter service provider to distribute the newsletter until such time as you cancel your subscription, when said data are deleted from the newsletter distribution list. Data stored by us for other purposes shall remain unaffected by this.
After your deletion from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f of the GDPR). Storage in the blacklist is not limited in time. You may object to storage if your interests outweigh our legitimate interest.
Rapidmail
This website uses Rapidmail to send newsletters. This service is provided by rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i. Br., Germany,
Rapidmail is a service which organizes and analyzes the distribution of newsletters. The data you provide in order to subscribe to our newsletter are stored on Rapidmail servers in Germany.
If you do not want your usage of the newsletter to be analyzed by Rapidmail, you must unsubscribe from the newsletter. We provide a link to do this in every newsletter we send. Furthermore, you can also directly unsubscribe from the newsletter on the website.
Data Analysis by Rapidmail
For analysis purposes, emails sent with Rapidmail contain a tracking pixel which connects to Rapidmail servers when the email is opened. This makes it possible to determine whether a newsletter message has been opened.
It also helps us determine which links have been clicked with help from Rapidmail. All links in the email are tracking links, with which your clicks can be counted.
For more information on Rapidmail's analytics functions, refer to the following link: https://de.rapidmail.wiki/kategorien/statistiken.
Storage duration
The data stored with us for the purpose of receiving our newsletter are stored by us or the newsletter service provider to distribute the newsletter until such time as you cancel your subscription, when said data are deleted from the newsletter distribution list. Data stored by us for other purposes shall remain unaffected by this.
After your deletion from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f of the GDPR). Storage in the blacklist is not limited in time. You may object to storage if your interests outweigh our legitimate interest.
For more information, please refer to Rapidmail's data security instructions at: https://www.rapidmail.de/datensicherheit.
Conclusion of a contract for order processing
We have entered into a data processing agreement with Rapidmail, in which we require Rapidmail to protect the data of our customers and not to disclose said data to third parties. The agreement can be downloaded from the following link: https://de.rapidmail.wiki/files/adv/muster-auftragsdatenverarbeitung.pdf.
1.10 Plugins and Tools
YouTube with Extended Data Protection
This website integrates YouTube videos. The provider of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in the extended data protection mode. According to YouTube, this mode causes YouTube not to store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners is, however, not mandatorily excluded by the extended data protection mode. Therefore, YouTube will establish a connection to the Google DoubleClick network, regardless of whether you are viewing a video or not.
You are linked to the YouTube servers as soon as you start a YouTube video on this website. The YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can store different cookies or comparable recognition technologies (e.g., device fingerprinting) on your device once you have started a video. In this way, YouTube can obtain information about visitors to this website. Such information is used inter alia to capture video statistics, to improve user-friendliness, and to prevent attempted fraud.
If applicable, starting a YouTube video may trigger further data processing operations. We have no control over this.
YouTube is used in the interests of making our online presence more attractive. This represents a legitimate interest within the meaning of Art. 6 (1) f of the GDPR. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
You can find more information about YouTube's privacy policy in their privacy policy at: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use "Google reCAPTCHA" (hereafter referred to as "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether the data entered on our website (e.g., on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as visitors enter the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, how long the visitor remains on the website, or mouse movements made by the user). The data collected during the analysis are forwarded to Google.
reCAPTCHA analyses take place entirely in the background. Visitors are not being advised of such an analysis taking place.
These data are collected and analyzed based on Art. 6 (1) lit. f of the GDPR. The website owner has a legitimate interest in protecting his web offers from abusive automated spying and spam. If a corresponding consent has been requested (e.g., consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 (1) lit. a of the GDPR; the consent can be revoked at any time.
You can find more information about Google reCAPTCHA in the Google Privacy Policy and Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
1.11 Audio/data and Video Conferences
Data processing
Among other things, we use online conference tools to communicate with our customers. The tools we use are listed below. If you communicate with us via video or audio conference via the internet, your personal data are collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/employ to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or otherwise provided within the tool, it is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voice mail uploaded photos and videos, files, whiteboards, and other information shared during the use of the service.
Please note that we do not have comprehensive influence on the data processing processes of the tools used. Our options depend to a large extent on the corporate policy of the relevant provider. Further information on data processing by the conference tools can be found in the data protection declarations of the respective tools used, which we have listed under this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 (1) sentence 1 lit. b of the GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us and our company (legitimate interest within the meaning of Art. 6 (1) lit. f of the GDPR). Insofar as consent has been requested, the use of the relevant tools is based on this consent; the consent can be revoked at any time with effect for the future.
Storage duration
The data collected directly by us via the video or audio conference tools are deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to storage, or the purpose of data storage no longer applies. Stored cookies remain in your terminal until you delete them. Compulsory storage obligations mandated by law remain unaffected by this.
We have no influence on the storage period of your data that are stored by the operators of conference tools for their own purposes. For details, please contact the conference tool operators directly.
Conference tools used
We use the following conference tools: Microsoft Teams
We use Microsoft Teams. The operator is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, refer to the Privacy Statement of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.
1.12 Online Appointment Scheduling with Microsoft Bookings
We use the Microsoft Bookings service (part of Microsoft Office 365) from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft") for online appointments.
The connection to the service is only established if you actually make an appointment booking via Microsoft Bookings and use the online booking function to make an appointment. Your entries in the appointment booking form are transmitted to Microsoft for the appointment booking. Further information on the handling of your data can be found in Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
The legal basis for the processing of your data in relation to the "Microsoft Bookings" service is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest in data processing). The legitimate interest arises from our desire to offer you a user-friendly website with a wide range of functions and to give you the opportunity to make your desired appointment quickly and easily at any time if required.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected.
We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment."
1.13 Own Services
Handling of Applicant Data
We provide you with the opportunity to apply to us (e.g., by email, postal mail or an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected in the application process. We assure that the collection, processing and use of your data are carried out in accordance with applicable data protection law and all other legal provisions and that your data are kept strictly confidential.
Scope and purpose of data collection
When you send us an application, we process your related personal data (e.g., contact and communication data, application documents, interview notes, etc.), to the extent that this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG-neu) under German law (employment initiation), Art. 6 (1) lit. b of the GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) lit. a of the GDPR. Consent can be revoked at any time. Your personal data are only passed on within our company to persons who are involved in the processing of your application.
If the application is successful, the data submitted by you are stored in our data processing systems on the basis of Section 26 of the Federal Data Protection Act (BDSG-neu) and Art. 6 (1) lit. b of the GDPR for the purpose of carrying out the employment relationship.
Data retention period
If we are unable to offer you a job, you refuse a job offer or withdraw your application, we reserve the right to store the information you provide based on our legitimate interests (Art. 6 (1) lit. f of the GDPR) up to six months from the end of the application procedure (rejection or withdrawal of the application). The data are then deleted and the physical application documents destroyed. The storage serves in particular the purpose of proof in the event of a legal dispute. If it is evident that the data are required after the expiry of the six-month period (e.g., due to an imminent or pending legal dispute), data are only deleted if the purpose for further retention ceases to apply.
Prolonged retention may also take place if you have given your consent (Art. 6 (1) lit. a of the GDPR) or if statutory retention obligations preclude deletion.
Admission to the pool of applicants
If we do not offer you a job, you may be able to join our pool of applicants. In case of admission, all documents and information from the application are transferred to the applicant pool in order to contact you in case of suitable vacancies.
The data entered in the applicant pool are processed exclusively based on your consent (Art. 6 (1) lit. a of the GDPR). Consent is voluntary and unrelated to the ongoing application process. Affected applicants may revoke their consent at any time. In this case, the data are irrevocably deleted from the pool of applicants unless there are legal grounds for retention.
The data from the pool of applicants shall be irrevocably deleted no later than two years after the consent has been granted.
Source: eRecht24