Valid at: 07/2021
Annaberger Strasse 240
Questions for the Data Protection Officer
If you have any questions about data protection, please send us an email or contact the relevant area in our organization responsible for data protection:
Personal data are at all times processed in accordance with the data protection principles and in compliance with the requirements of the General Data Protection Regulation (EU GDPR), the Federal Data Protection Act (BDSG) and other contractual and statutory data protection legislation.
The nature of the data being processed is always content-based and depends on the nature of your contact with us. In the case of pre-contractual and contractual arrangements and contact via our contact form, the following information is processed:
Name (title, first name, surname of contact),
Address including company name,
Technical communication data (device ID, IP address) and
Information required for the business relationship.
Further details or additions for the purposes of data processing can be found in this privacy notice, including the supplementary privacy notices for the use of our website and for applicants, the respective contractual documentation, forms, a declaration of consent and/or other information provided to you, for example while you are using our website.
Obtaining of your Personal Data
Your data are collected fundamentally from yourself. It is necessary to process your personal data to fulfill contractual obligations resulting from the contract you have entered into with us. Owing to your obligations to cooperate, it is not possible to avoid providing us with the personal data requested by us because without these, we are unable to meet our contractual obligations.
In the context of pre-contractual arrangements (e.g. collection of master data to register an interest, responding to enquiries), it is necessary to provide your personal data. If the requested data are not provided by you, we cannot enter into a contract.
In order to perform our services, it may be necessary to process personal data that we have lawfully received for the respective purpose from other companies or third parties, e.g. tax offices, your business partners or the like.
Furthermore, we may process personal data from publicly accessible sources, e.g. internet sites, which we will use lawfully and only for the respective contractual purpose. In addition, we process personal data that we have lawfully obtained, received or acquired from publicly accessible sources, such as telephone directories, commercial registers and registers of associations, registers of residents, lists of debtors, land registers, press, internet and other media, and that we are entitled to process.
Relevant categories of personal data may include in particular:
Personal details (name, job/sector and comparable data),
Contact details (address, email address, telephone number and comparable data),
Confirmation of payment/covering funds for bank and credit cards,
Information about your financial situation (credit rating data including score, i.e. data for assessing the economic risk),
Metadata and communication data (e.g. device information, IP addresses)
and any other data comparable with the categories mentioned.
Purposes and Legal Basis of Data Processing
Data processing is lawful if one of the following conditions is fulfilled:
Consent (as set out in Article 6(1)(a) GDPR)
The purposes of processing personal data arise from consent to do so being granted. Consent that has been granted can be withdrawn by you at any time with future effect. Consent that was granted before the GDPR came into force (25/05/2018) can also be withdrawn. Processing that took place prior to this withdrawal remains unaffected by the withdrawal.
Fulfilment of contractual obligations or pre-contractual arrangements (as set out in Article 6(1)(b) GDPR)
The purposes of processing data arise, firstly, from the initiation of pre-contractual arrangements, which precede a contractually regulated business relationship, and, secondly, for the purpose of fulfilling the obligations from the contract entered into with you:
To be able to identify you as our business partner/contact,
To be able to perform our services,
For correspondence with you,
To process a quotation,
For measure for the governance and optimization of business processes,
For non-repudiation of orders and other agreements,
To ensure IT security (including system and plausibility tests),
To fulfil the general duties of care,
To ensure and exercise householder’s rights (e.g. through access controls),
For costing and controlling and for reporting,
For the management of any possible liability claims and raising of any claims against you.
Compliance with statutory requirements (as set out in Article 6(1)(c) GDPR) or in the public interest (as set out in Article 6(1)(e) GDPR)
The purposes of data processing arise from statutory requirements or are in the public interest
(e.g. compliance with retention obligations).
In the context of balancing of interests (as set out in Article 6(1)(f) GDPR)
The purposes of processing arise from safeguarding our legitimate interests. It may be necessary to process your personal data beyond the actual fulfilment of the contract. This legitimate interest can be used to justify the further processing of your personal data, provided that it is not outweighed by your interests or basic rights and freedoms. In particular, the legitimate interest on a case-by-case basis could be:
Reviewing and improving methods for business management and further development of products and services,
Raising legal claims and defense in the event of legal disputes,
Hindering, investigation and prevention of criminal offenses,
Ensuring an appropriate level of information security and IT operation,
Advice from and data exchange with credit agencies to determine credit and default risks,
Owing to the particular type of storage, deletion is not possible or is possible only with a disproportionately high effort, and processing for other purposes is excluded by means of suitable technical and organizational measures.
Retention and Transfer of your Personal Data
Within our company, access to your personal data is only provided to those departments who require these to fulfill the contractual and statutory obligations and who are authorized to process the data.
We furthermore arranged for certain of the above-mentioned processes and services to be carried out by carefully selected service providers based within the EU who are instructed in data protection compliance. These are companies in the categories: IT services, payments, billing and collection.
Your personal data are not transferred to third parties for any purposes other than those stated. We only pass your personal data to third parties if:
You have given your express consent to us doing so,
Processing is required in order to execute a contract with you,
Processing is required in order to fulfill a legal obligation,
Processing is required to safeguard legitimate interests and there is no reason to believe that you have an interest in your data not being passed on that outweighs our interests and is worthy of protection, and we are authorized to do so.
Your personal data is processed via the contact form after you have agreed to the data protection declaration (see list of third-party website operator WIX below)
Recipients of personal data may be:
Public bodies and institutions (e.g. financial authorities, social security institutions, courts) in the case of a legal or official obligation;
Other companies or comparable institutions to which we transfer personal data in order to implement the business relationship with you (e.g. credit agencies, …);
Other bodies, to the extent that you have granted express consent for data to be transferred.
When using the contact form (third party provider of the website operator WIX):
Hosting and server co-location services, communication and content delivery networks (CDNs), data and cyber security services, invoicing and payment processing services, those responsible for registering domain names, fraud detection and prevention service providers, web analysts, email distribution and monitoring services, session recording services, remote access and performance measurement services, data optimization and marketing services, content providers, and our legal and financial advisors
Automated Decision-Making Including Profiling
No fully automated decision-making in the sense of Article 22 GDPR is used to process your personal data. The tracking tool Google Analytics can evaluate the behavior of visitors to the website and analyze their interests if activated. A pseudonymous user profile is created (see “Cookies” below).
Duration of Processing (Deletion of Data)
Your personal data continues to be processed for as long as is necessary to achieve the contractually agreed purpose; in principle, for as long as the contractual relationship with you is in place. After termination of the contractual relationship, your personal data are processed for compliance with statutory retention obligations or on account of our legitimate interests. After the statutory retention period has elapsed and/or we cease to have a legitimate interest, your personal data will be deleted. Expected duration of the retention obligations applying to us and of our legitimate interests:
Fulfilment with retention periods under commercial and tax law. The retention documentation periods specified there are between two and ten years.
Preservation of evidence for statutes of limitation. In accordance with Sections 195 ff. of the German Civil Code (BGB), these limitation periods may be up to 30 years with the standard limitation period being three years.
Contractual obligations that go beyond statutory retention obligations.
Your Rights as a Data Subject
Using the contact details given for our Data Protection Officer, you can exercise the following rights at any time:
Information about your data stored with us and how it is processed, as set out in Article 15 GDPR,
Rectification of inaccurate personal data as set out in Article 16 GDPR,
Erasure of your data stored with us as set out in Article 17 GDPR,
Restriction of data processing as set out in Article 18 GDPR, Section 35 BDSG (new),
Data portability as set out in Article 20 GDPR,
Objection to the processing of your data as set out in Article 21 GDPR.
If you enter an objection, we will cease to process your personal data unless we can provide evidence of compelling reasons, worthy of protection, for such processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of raising, exercising or defending legal claims.
We may also process your personal data for the purpose of direct advertising. If you do not wish to receive advertising, you have the right to enter an objection against this at any time; this also applies to profiling, to the extent that it is connected to such direct advertising. We will observe this objection for future activities.
If you object to processing for the purposes of direct advertising, the personal data relating to you will no longer be processed for these purposes.
Objections should be addressed to:
Annaberger Strasse 240
Right to lodge a complaint with a supervisory authority as set out in Article 13(2)(d) and Article 77 GDPR in association with Section 19 BDSG (new)
Withdrawal of consent as set out in Article 7(3) GDPR
Acquisition of General Information when Visiting our Website
Use of our website purely for informational purposes, meaning without using the contact form or other means of transferring information, results in the collection of personal data transferred to our server by your browser. If you choose to view our website, we will collect the following data that we require for technical reasons in order to display our website to you and ensure stability and security (legal basis: Article 6(1)(f) GDPR):
Username (if HTTP authentication is activated, e.g. in the case of password protection)
Data volume transferred
This relates solely to information that cannot be used to identify you as a person.
When you use our website, cookies are stored on your computer. Cookies are small text files that are saved to your hard disk by the browser you use and provide certain information to the website provider. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the internet offering more user-friendly and efficient.
On the website visited by you and operated by the Data Controller (see above), cookies are used for:
Ensuring a connection to the website is established without problems,
Ensuring seamless use of our website,
Evaluating system security and stability.
Marketing purposes (if all cookies have been accepted).
Anonymous information of this type may be evaluated by us for statistical purposes to optimize our internet presence and the technology supporting it.
In order to ensure the security of your data during transfer, we use appropriate encryption methods (e.g. SSL) via HTTPS in accordance with the latest technology.
In addition, we make use of appropriate technical and organizational protective measures to protect your data against accidental or deliberate tampering, data loss, destruction or unauthorized access. Our security measures are continually improved in accordance with technological development.
If you get in touch with us via email or our contact form with questions of any kind, you will grant us your voluntary consent for the purposes of making contact. A valid email address must be provided for this purpose. This is used to assign the enquiry and subsequently reply to it. Providing further data is optional. The details you provide are stored for the purposes of processing the enquiry and for any possible follow-up questions. Once your enquiry has been dealt with, personal data are deleted.
Your personal data is stored on the servers of the cloud provider WIX. Its service providers operate infrastructures in the following countries: United States, Ireland, South Korea, Taiwan, Israel, Germany.
The list includes so-called "third countries" that do not guarantee an adequate level of data protection as determined by the European Commission. According to Art. 46 EU-GDPR - data transfer subject to suitable guarantees - the processing of personal data may only take place through additional contractual safeguards (standard contractual clauses) with the service provider in the relevant country.
This WIX guarantees, please see: https://support.wix.com/de/article/dsgvo-deine-website-f%C3%BCr-die-dsgvo-vorbaren.
Use of Google Analytics
Nature, purpose and legal basis for processing
This website uses Google Analytics, a web analytics service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter: “Google”). Google Analytics uses “cookies”, text files that are saved to your computer and that facilitate analysis of your use of the website. The information generated by the cookie about your use of this website will usually be transferred to a Google server in the USA and stored there. However, because IP anonymization is activated on this website, before this transfer takes place your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about website activities and to perform further services for the website operator associated with use of the website and internet. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other data by Google.
The purposes of data processing are for evaluating use of the website and for compiling reports about activities on the website. Further associated services should then be provided on the basis of use of the website and internet.
Data processing takes place on the basis of user consent (Article 6(1)(a) GDPR).
Recipients of the data
The recipient of the data is Google as Data Processor. We have entered into the corresponding data processing contract with Google for this purpose.
Duration of Storage
The data are deleted automatically as soon as they are no longer required for our recording purposes.
Transfer to third country
Google processes your data in the USA. If you wish to object to data processing by Google, deactivate the Analytics cookie in the selection when you open our website and install the browser add-on for deactivating Google Analytics.
Provision prescribed or necessary
Provision of your personal data is voluntary and solely on the basis of your consent. If you prevent access, this may restrict the function of the website.
Withdrawal of consent
You can prevent cookies from being saved to your computer by setting your browser software accordingly; your attention is drawn to the fact that, in this case, certain functions of the website may not be fully available to you. Furthermore, you can prevent the acquisition by Google of the data generated by the cookie and related to your use of the website, including your IP address, and the processing of these data by Google by downloading and installing the browser plug-in available at the following link: Browser add-on for deactivating Google Analytics. This installs an opt-out cookie on your device, which prevents Google Analytics from collecting information from this website and this browser in future for as long as the cookie remains installed in your browser.
The tracking tool Google Analytics can be used to evaluate the behavior of visitors to the website and analyze their interests. We create a pseudonymous user profile for this purpose.
Use of script libraries (Google web fonts)
So that we can display our contents correctly and in a visually appealing way across all browsers, we use script and font libraries on this website (e.g. Google web fonts https://www.google.com/webfonts/). In order to avoid repeated loading, Google web fonts are transferred to your browser cache. If the browser does not support Google web fonts or prevents access to them, contents are displayed in a standard font.
Opening script and font libraries automatically triggers a connection to the library operator. This means it is theoretically possible for operators of corresponding libraries to collect data; although currently unclear whether and for what purposes they would do so.
Supplementary Privacy Notice for Applicants
Scope of data processing
In the context of the application procedure, we will only process the data that you provide us with in your documentation (e.g. name, contact details, place and date of birth, photo).
Purposes and legal basis for data processing
Collection of your personal data forms the basis for participation in the application procedure. Furthermore, it should be possible using the data provided to make an assessment about the suitability of the applicant for the job role being filled. Without these data, we cannot consider your application in the application procedure.
Authorization to process data in order to carry out pre-contractual arrangements is based on Article 6(1)(b) GDPR.
Data recipient in the context of the application procedure
Within our company, your personal data are only provided to those departments and employees who are involved in carrying out the application procedure.
Furthermore, data that are relevant on the basis of statutory provisions or contractual agreement may be transferred to third parties on a case-by-case basis. These may be Data Processors, for example payroll offices.
Duration of the processing of your data
The storage duration of your data is a minimum of the time it takes to complete the application procedure. Regardless of this, we will delete your data in the event of a rejection six months after sending the rejection at the latest.
For a successful application, we will save the data in the personnel file for further processing in order to maintain the employment relationship.
In other respects, we draw your attention to the full contents of the above general privacy notices and the supplementary privacy notices for the use of our website.