Privacy Policy

Name and address of the person responsible

The controller is the body which alone – or jointly with others – determines the purposes and means of the processing of personal data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

WASSERMANN TECHNOLOGIE GMBH
Represented by: Sebastian Wassermann, Florian Grünewald, Patrick Hasenauer
Bürgermeister-Ebert-Straße 5
36124 Eichenzell
Phone: +49 6659 82-0
E-mail: info@wassermann-technologie.de
Website: www.wassermann-group.com

Name and address of the data protection officer

You can reach the data protection officer of the controller using the following contact details:

BerIsDa GmbH
www.berisda.de
For the attention of DSB Wassermann Technologie GmbH
Phone: +49 661 29698090
E-mail: datenschutz@berisda.de

I. General information on data processing

1. scope of the processing of personal data

The controller collects and uses personal data of its users (hereinafter also referred to as “data subject”, “person concerned” or “visitor”) only insofar as this is necessary to provide a functional website and to display the content and services. The collection and processing of users’ personal data for other purposes only takes place regularly with the user’s consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons, the processing is based on pre-contractual or contractual measures, the processing of the data is permitted by law and/or the controller has a legitimate interest in the processing.

Your personal data is generally collected directly from you, e.g. when you contact us, consent to services on this website or use forms on this website. In addition, technical data that is absolutely necessary for the operation of the site is automatically collected when you enter the site.

Insofar as the controller obtains the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. If special categories of data are processed in accordance with Art. 9 para. 1 GDPR, Art. 9 para. 2 lit. a GDPR serves as the legal basis. For any transfer to a non-secure third country, processing is carried out on the basis of Art. 49 para. 1 sentence 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device, data processing is also carried out on the basis of Section 25 (1) of the German Data Protection Act (TTDSG).

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the controller is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.

3. data erasure and duration of processing

If no exact storage period has been specified in this data protection information, the personal data of our website visitors will remain with us until the purpose for data processing no longer applies. The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply or consent given by the data subject is withdrawn or processing is objected to. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. data transfer to a third country or an international organization

The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed. If it is therefore ensured that the provisions of the GDPR are complied with – for example, the existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR or the introduction of internal data protection regulations approved by a supervisory authority (so-called “appropriate safeguards”, Art. 46 para. 2, 3 GDPR). If there is no level of data protection comparable to the requirements of the GDPR, there may be risks associated with processing in a third country.

Risks of a transfer to a non-secure third country: Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who could use the data for advertising purposes, for example. In addition, it is probably not possible to effectively enforce any data subject rights against the provider. There may be a higher probability that incorrect data processing may occur, as the provider’s technical and organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality. It is also possible for government agencies to access the personal data provided without the data subject being aware of this. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of averting danger. However, the admissibility threshold for such data processing is higher in the European Union than in the country of the data recipient concerned. In summary, there is no level of data protection comparable to the requirements of the GDPR in non-secure third countries.

Among other things, we use tools on our website from providers whose headquarters or the headquarters of the parent company (or its affiliated companies) are located in a third country from a data protection perspective. We also transfer data to the USA. The transfer of data to the USA is permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. If data is transmitted to a provider that is certified in accordance with the DPF, a separate note is provided by the respective service provider.

In addition, tools from other providers from third countries and US providers that are not certified in accordance with the EU-US Data Privacy Framework (DPF) are also used on our website. The transfer and processing of personal data of data subjects in connection with these tools takes place under the conditions of Art. 49 para. 1 sentence 1 lit. a GDPR – on the basis of consent given by the data subject. If data is transferred on the basis of consent to processors whose processing takes place in a non-secure third country, a separate notice is provided by the respective service provider.

5. necessity of the provision of personal data

The provision of your personal data is not required by law or contract. There is no obligation to provide it. However, failure to provide it may mean that you are unable to use functions, services, forms and other processing on our website. We recommend that you only provide the personal data that is necessary, for example, to process your request, to carry out your desired offer and to use the functions we offer. If the provision of your personal data is required by law or contract, we will inform you of this by means of a separate note on the respective processing in this data protection information.

The collection of technical data (and possibly the collection of your IP address as a personal date) for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website and takes place automatically when you enter this website. If you do not wish to do so, you must leave this page.

II Rights of the data subject

If we process your personal data, you as the data subject have the following rights towards us as the controller:

1. Right of access, art. 15 GDPR

Within the framework of the applicable legal provisions, you have the right to (free) information about your collected and stored personal data at any time. This also includes information about the purposes of processing, its origin and recipients, the storage period and the existence of various rights.

2. Right to rectification, art. 16 GDPR

You have a right to rectification (also in the sense of completion) of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of processing. The controller must make the correction without delay.

3. Right to erasure, art. 17 GDPR

As per the conditions of art. 17 GDPR, you can request deletion of your personal data at any time, unless there are circumstances that authorize or obligate the controller to continue processing your personal data (e.g. statutory retention periods).

4. Right to restriction of processing, art. 18 GDPR

If the legal requirements apply, you can demand restriction of processing of your personal data within the scope of art. 18 GDPR.

5. right to information, Art. 19 GDPR

If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform them of your requests for rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You can request that the controller inform you about these recipients.

6. right to data portability, Art. 20 GDPR

If you have provided us with personal data and automated processing is carried out on the basis of your consent or on the basis of a contract, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. The data will be provided in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

7. right to object, Art. 21 GDPR

You have the right to object to the processing of your data at any time, provided that the processing is carried out on the basis of a balancing of interests. This is the case if the controller relies on the public interest or its legitimate interest for processing (see Art. 6 para. 1 sentence 1 lit. e and f). The prerequisite is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

Art. 21 para. 2 GDPR contains a special, deviating regulation if the personal data concerning you is used for direct marketing , in which case you have the right to object to the processing of personal data concerning you at any time without further requirements. The personal data concerning you will no longer be processed for the purpose of direct marketing. If profiling is associated with direct advertising, you can also object to this.

In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures that use technical specifications.

8. automated decision in individual cases, Art. 22 GDPR

In accordance with Art. 22 GDPR, you have the right that decisions which produce legal effects concerning you or similarly affect you are not based solely on automated processing, including profiling. Exceptions may exist if appropriate measures for the protection of your person are guaranteed and there are necessary contractual regulations or a legal provision or you have expressly consented.

You have the right to revoke your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. You can send the revocation by e-mail or by post to the controller.

10. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. If you are in another federal state or not in Germany, you can also contact the data protection authority there.

III SSL encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line. If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the system of the accessing device.

The following data is collected:

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The user’s internet service provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user’s system accesses our website
  7. Internet pages that are accessed by the user’s system via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

4. duration of storage, possibility of objection and removal

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign them to the accessing end device.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s system. When a user accesses our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use a consent management system on our website that was programmed specifically for our website. This is used to manage and store your consents and refusals and to inform you about the processing on this website. Reference is also made to this data protection information.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. In summary, these cookies are technically necessary for the operation of our website. The following data is stored and transmitted in the cookies: Language settings and consent settings.

We also use cookies on our website that enable an analysis of the user’s surfing behavior. When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection information.

Transfer to a third country: The data collected via the aforementioned cookies for analysis purposes may be transferred to a service provider based in a third country. Further information can be found in this data protection information from the respective service provider. Further information on the transfer to a third country can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”.

In principle, you can prevent or block the storage of cookies on your end device in your browser settings. To do this, you must call up the respective settings of your browser. You can also delete your stored cookie data in your browser settings.

Our consent management is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR; the storage of the cookie in your terminal device is based on § 25 para. 2 no. 2 TTDSG.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR; the storage of cookies in your terminal device is based on § 25 para. 2 no. 2 TTDSG.

The legal basis for the processing of personal data using cookies for analysis purposes is the existence of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR; for a transfer to a third country additionally on the basis of Art. 49 para. 1 lit. a GDPR. The cookie is stored on your end device on the basis of § 25 para. 1 sentence 1 TTDSG.

3. purpose of data processing

The use of consent management and the associated processing of your personal data serves to comply with the legal requirements of the GDPR and the TTDSG for obtaining and documenting consent.

The purpose of using technically necessary cookies is to simplify the use of the website for you. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a website change. In addition, cookies are required to manage your consents and refusals.

We need cookies for the following applications:

  1. Transfer of language settings
  2. Consent management: management of consents, refusals and revocations

These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The user data collected by technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

4. duration of storage, right of objection, revocation and removal

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

The data collected via consent management is stored until you ask us to delete it, delete the associated cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected by this.

The individual cookies we use are stored for the following duration:
pll_language (language settings) – storage duration: 365 days
cookiebanner_options (consent management) – storage duration: 30 days

Cookies set by our partners:
YSC (YouTube statistics) – Storage duration: End of session
VISITOR_INFO1_LIVE (YouTube bandwidth measurement) – Storage duration: 180 days
CONSENT (YouTube consent check) – Storage duration: 730 days
__cf_bm (Cloudflare Calendly) – Storage duration: 30 minutes
__cfruid (Calendly) – Storage duration: End of session

As a user, you have the right to revoke your declaration of consent under data protection law for technically unnecessary cookies at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can revoke your consent at any time via the data protection page.

Cookie consent settings

VI Contact by e-mail and/or telephone

1. Description and scope of data processing

E-mail addresses and telephone numbers are provided on our website and in our signatures, which can be used to contact us electronically and/or by telephone. In this case, the personal data of the data subject transmitted with the e-mail will be stored. If you contact us by telephone, personal data may also be stored in order to process your request.

No data will be passed on to third parties in this context. The data will only be used to contact you and to conduct the conversation.

The legal basis for the processing of data transmitted in the course of sending an email or during a telephone call is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

3. purpose of data processing

The processing of personal data serves us solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.

4. duration of storage, possibility of objection and removal

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent by e-mail or transmitted by telephone, this is the case when the respective conversation with the data subject has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the contact, the corresponding (statutory) retention obligations and regulations apply.

If a data subject contacts us by e-mail or telephone, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

VII Contact form

1. Description and scope of data processing

Various contact forms are available on our website which you can use to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

a) Standard contact forms (sidebar, tool change systems, request now for product examples):

This data can/must be entered in our support form:

  1. First name (mandatory field)
  2. Name (mandatory field)
  3. Company
  4. E-mail address (mandatory field)
  5. Range
  6. Message (as well as other personal data that you send us via the message field in the contact form)
  7. Consent for e-mail newsletters

It is also possible to subscribe to our newsletter using the contact form. If you wish, you can give us your consent for this at the end of the contact form. Further information on our newsletter can be found under “XIV Newsletter: Registration and dispatch” in this data protection information.

b) Support contact form:

This data can/must be entered in our support form:

  1. First name (mandatory field)
  2. Last name (mandatory field)
  3. Topic
  4. Telephone
  5. E-mail address (mandatory field)
  6. Company name
  7. Message (as well as other personal data that you send us via the message field in the contact form) (mandatory field)
  8. Product number
  9. Product name
  10. File upload
  11. Consent for e-mail newsletters

It is also possible to subscribe to our newsletter using the contact form. If you wish, you can give us your consent for this at the end of the contact form. Further information on our newsletter can be found under “XIV Newsletter: Registration and dispatch” in this data protection information.

c) Contact form: Send individual configuration request with the product examples

This data is in our standard contact forms:

  1. Settings within the selection parameters in the configuration
  2. Message field for requests within the configuration (as well as other personal data that you send us via the message field in the contact form)
  3. File upload
  4. First name (mandatory field)
  5. Last name (mandatory field)
  6. Company
  7. E-mail address (mandatory field)
  8. Message (as well as other personal data that you send us via the message field in the contact form)
  9. Consent for e-mail newsletters

It is also possible to subscribe to our newsletter using the contact form. If you wish, you can give us your consent for this at the end of the contact form. Further information on our newsletter can be found under “XIV Newsletter: Registration and dispatch” in this data protection information.

The following data is also stored at the time the message is sent:

  1. The IP address of the user
  2. Date and time of registration

For the processing of the data, reference is made to this privacy policy as part of the sending process. No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation

The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

The legal basis for the processing of all other personal data processed during the sending process that is transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. purpose of data processing

The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.

4. duration of storage, possibility of objection and removal

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process is anonymized and thus stored without any inference to the data subject.

If a user contacts us via the form, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

VIII. Download options (success stories, productivity calculator)

1. Description and scope of data processing

On our website, you have the option of downloading or receiving various information, such as success stories or your results from the productivity calculator. This data is mandatory:

  • Download success story: first name, last name, e-mail address, consent
  • Download result from the productivity calculator: e-mail address, consent

In addition, the following data is collected when you enter your data:

  • Date and time of registration
  • IP address of the calling computer

As part of the download process, reference is made to this privacy policy and your consent is obtained. The data will be used to deliver the requested information and for a one-off marketing initiative by Wassermann Technologie GmbH. After receiving the document, our sales team will contact you once by e-mail about our products and services.

Evaluation of the productivity calculator

It is possible to rate the productivity calculator anonymously, independently of the download form. This evaluation serves to improve our computer. If you carry out the evaluation, no personal data will be collected from you.

The processing takes place after you have given your consent on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR and Art. 6 para. 1 sentence 1 lit. f GDPR for the purposes of direct advertising

Storage for verification purposes and defense against liability claims (storage of your revocation or inclusion in an advertising blocking file) takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.

The legal basis for the processing of all other personal data processed during the sending process, which are transmitted by means of the forms, is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. purpose of data processing

The collection of data is necessary for the download or delivery of the requested information. Your data is also processed to carry out one-off marketing initiatives for the delivery of emails and product information that we believe will be of interest to you.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

4. duration of storage, right of objection, revocation and removal

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user’s data is therefore stored for a period of 60 days and then deleted if no further activity takes place. The other personal data collected during the registration process is generally deleted after a period of seven days.

In addition to sending you the requested information (download), we use your e-mail address to inform you by e-mail about similar products and services.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can send your revocation either by post or by e-mail to the controller.

We may also store your personal data for up to three years on the basis of our legitimate interest in order to be able to prove that consent was previously given, even after it has been withdrawn.

You can object to the processing of your personal data for direct marketing purposes at any time:

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. (Objection pursuant to Art. 21 para. 2 GDPR)

Please use the contact details provided in the legal notice. You will not incur any costs other than the transmission costs according to the basic rates.

In the event of a permanent objection, we reserve the right to store your e-mail address in an advertising blocking file solely for this purpose. Storage in the advertising block file is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

IX. YouTube with enhanced data protection

1. Description and scope of data processing

This website integrates videos from the YouTube platform. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network regardless of whether you are watching a video. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our websites you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.

Upstream user action

If you have not consented to the processing of your data by YouTube within Consent Management, the videos that are integrated on our site will not be played directly. You can also give your consent afterwards directly with the video by means of an upstream action.

The parent company Google LLC. is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”. Further information on the provider’s DPF can be found at the following link https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR – as well as § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. purpose of data processing

The use of YouTube is in the interest of an appealing and clear presentation of our online offers, products and services.

4. duration of storage, possibility of objection and removal

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given via Consent Management.

You can find more information about data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de.

II Social media wall: Taggbox

1. Description and scope of data processing

This website integrates the social media pages (Instagram and Facebook) of the controller via the Taggbox service. Taggbox is a service of Social Scape Tech LLP, B-138 Main Queens Road, Rajasthan 302021, India. Taggbox is a social media aggregation tool that makes it possible to collect posts from several social media sites and integrate them on the website.

Taggbox is integrated as a plugin on the website. As soon as this is activated by your consent, a connection is established between your browser and the Taggbox servers and the servers of the social networks whose content has been integrated (here: Instagram and Facebook). We have no influence whatsoever on the type and scope of the data transmitted. There is a possibility that your IP address will be transmitted. If you are logged into your account with the respective social network while visiting our site, the information from your visit to our website can be linked to your account. If you interact with our posts (“like, share or comment”) while you are logged in, this will also be linked to your account. Furthermore, Taggbox can store various cookies on your end device. In this way, Taggbox and partners can obtain information about visitors to this website. If necessary, further data processing operations may be triggered after activation of the social media wall, over which we have no influence.

Upstream user action

If you have not consented to the processing of your data by Social Scape Tech LLP within Consent Management, the social media wall that is integrated on our site will not be displayed directly. You can also give your consent afterwards directly on the social media wall by means of an upstream action.

Personal data is therefore also processed in a non-secure third country. In India, there is no level of data protection comparable to the requirements of the GDPR. Your personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who may use the data for advertising purposes, for example. Further information on the transfer to a non-secure third country can be found in this data protection information under “I. General information on data processing – 4. data transfer to a third country or an international organization”.

The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 p. 1 lit. a and Art. 49 para. 1 p. 1 lit. a GDPR – as well as § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. purpose of data processing

The use of Taggbox is in the interest of an appealing and clear presentation of our company and to simplify the presentation of our contributions.

4. duration of storage, possibility of objection and removal

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given with effect for the future via the data protection page.

Further information about data protection at TAGGBOX can be found in their privacy policy at: https://taggbox.com/privacy-policy/

XI. Google Tag Manager

1. Description and scope of data processing

This website uses Google Tag Manager. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC based in the USA.

Google Tag Manager is a tool that we can use to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to servers in the USA.

The provider is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”. Further information on the provider’s DPF can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a. GDPR – as well as § 25 para. 1 sentence 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. purpose of data processing

Google Tag Manager is used to manage website tags via an interface. This enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate our users’ access to our website.

4. duration of storage, possibility of objection and removal

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given via the data protection page.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

IV. Use of Calendly (appointment booking)

1. Description and scope of data processing

You can make appointments with us on our website. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

To book an appointment, enter the requested data and the desired date in the form provided. The data entered will be used for the planning, execution and, if necessary, follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/de/pages/privacy.

The provider is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”. Further information on the provider’s DPF can be found at the following link https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2z3d0000002GVgAAM&status=Active

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in making it as easy as possible to arrange appointments with interested parties and customers. If the appointment booking is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

For the technical use on the site, a corresponding consent is requested via the consent management, this processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a and § 25 para. 1 sentence 1TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG.

3. purpose of data processing

The data are processed for the purposes of planning and managing appointment bookings from our customers and interested parties.

4. duration of storage, possibility of objection and removal

The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can send your revocation either by post or by e-mail to the controller.

XIII Online application

1. Description and scope of data processing

We collect and process your personal data in order to offer advertised positions and to be able to carry out the selection process. Processing can also be carried out electronically. This is particularly the case if you send us your application via our application forms.

In the course of your online application, we will collect and process the personal application data listed below from you within the application form:

Mandatory fields: Gender, first name, last name, e-mail, telephone, file upload (CV), data protection checkbox

Optional fields: Street, postal code, city, country, salary expectations (gross), file upload (complete documents, cover letter, photo, references, certificates)

In addition to the above data, we may process other personal data if you sent us these in your application. Your personal data is generally collected directly from you as part of the recruitment process. Your data will only be forwarded to the internal departments and specialist departments of our company responsible for the specific application process.

Further information on the description and scope of data processing can be found in our data protection information for applicants.

The legal basis for the processing of applicants’ data is Art. 6 para. 1 p. 1 lit. b GDPR in conjunction with. § Section 26 para. 1 BDSG for the establishment of an employment relationship.

The legal basis for the processing of all other personal data processed during the sending process, which is transmitted via your online application, is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. purpose of data processing

Your personal application data is collected and processed exclusively for the purpose of filling vacancies within our company. The primary purpose of data processing is therefore to establish an employment relationship with the controller.

Your data will only be forwarded to the internal departments and specialist departments of our company responsible for the specific application process.

The other personal data processed during the sending process serve to prevent misuse of the application form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.

4. duration of storage, possibility of objection and removal

In the event of rejection, your application documents will be deleted no later than six months after completion of the application process, unless you have given us your consent for longer storage (applicant pool).

If you are hired, we will transfer your application documents to your personnel file. After termination of the employment relationship, we will continue to store the personal data that we are legally obliged to retain. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. We will send you the data protection information for employees, in which you will find more detailed information, when you accept employment.

The additional personal data collected during the sending process is anonymized and thus stored without any inference to the person concerned

VI Newsletter: Registration and dispatch

1. Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us.

The following data must be collected: Name, e-mail address, consent (checkbox).

The following data is also collected during registration:

  1. IP address of the calling computer
  2. Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy. The data will be used exclusively for sending the newsletter.

The purpose of our newsletter is to send you product information that we believe will be of interest to you, to contact you to inform you about our products and services and to provide you with the latest developments and helpful information and to invite you to interesting events such as webinars or trade fairs. The newsletter is sent out regularly.

Double opt-in procedure

Registration for our newsletter is always carried out using a double opt-in procedure. After registering on our website, you will receive an e-mail asking you to confirm your subscription to our newsletter. This confirmation serves as proof that you have registered for our newsletter with your e-mail address.

Storage of your revocation

We may also store unsubscribed e-mail addresses on the basis of our legitimate interest in order to be able to prove a previously given consent even after unsubscribing from our newsletter.

The legal basis for the processing of data when registering for our newsletter is the existence of the user’s consent (with double opt-in) in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis for the implementation of the double opt-in procedure is Art. 6 para. 1 sentence 1 lit. f GDPR for proof and verification of your consent. For storage for verification purposes and defense against liability claims (storage of revocation) Art. 6 para. 1 sentence 1 lit. f

The legal basis for the processing of all other personal data processed during the registration process, which is transmitted during registration for our newsletter, is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. purpose of data processing

The purpose of collecting the user’s e-mail address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

The double opt-in procedure serves as proof and verification of your consent. The storage of your revocation takes place in order to be able to prove previously given consents even after revocation and thus to ward off any liability claims.

The other personal data processed during the sending process serve to prevent misuse of the newsletter registration and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.

4. duration of storage, right of objection, revocation and removal

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.

The other personal data collected during the registration process is generally deleted after a period of 3 months.

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can send your revocation either by post or by e-mail to the controller.

We may also store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interest in order to be able to prove a previously given consent even after unsubscribing.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, you will find a corresponding link in every newsletter. This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

It is not possible to cancel the newsletter tracking separately; in this case, the entire subscription must be canceled.