Data Privacy Statement
This Data Privacy Statement explains the nature, scope and purpose of the processing of Personal Data (hereinafter referred to as "Data") within our online offer and its related websites, functions and content, as well as external online presence, such as our social media profile (hereafter collectively referred to as "Online Offer"). With regard to the terms used, such as "Processing" or "Controller", we refer to the definitions in Article 4 of the General Data Privacy Regulation (GDPR).
This Data Privacy Statement belongs to the website of AfB gGmbH under the internet address www.afb-group.eu as well as all subpages, and controls the collection and use of your personal Data. When using this website of AfB gGmbH you consent to the procedure described here.
AfB gemeinnützige GmbH
Phone: +49 7243 20000-0
Fax: +49 7243 20000-101
Managing directors: Daniel Büchle, Yvonne Cvilak, Mike Reif
Link to legal information: www.afb-group.de/meta-navigation-footer/impressum/
Data privacy officer
a.s.k. Datenschutz e. K.
Phone: +49 9155 2639970
Responsible data privacy supervisory body
State Data Protection and Freedom-of-Information Officer, NorthRhine-Westphalia
+49 211 38424-0
Types of Data processed:
- Inventory Data (e.g. names, addresses)
- Contact details (e.g. email, telephone numbers)
- Content Data (e.g. text input, photographs, videos)
- Usage Data (e.g. visited websites, interest in content, access times)
- Meta/communication Data (e.g. device information, IP addresses).
Categories of affected persons
Visitors and Users of the Online Offer (hereinafter we refer to the affected persons as "Users").
Purpose of processing
- Provision of the Online Offer, its functions and contents
- Answering contact requests and communicating with Users
- Safety measures
- Reach measurement / marketing.
"Personal Data" means any information relating to an identified or identifiable natural person (hereinafter the "Data Subject"); a natural person is considered as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location Data, to an online identifier (e.g. cookie) or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person..
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with Personal Data. The term goes far and includes virtually every handling of Data
"Pseudonymization" means the Processing of Personal Data in such a way that the Personal Data can no longer be assigned to a specific Data Subject without additional information being provided, as long as such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data is not assigned to an identified or identifiable natural person.
"Profiling" means any kind of automated Processing of Personal Data which involves the use of such Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to job performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of that natural person.
"Controller" means the natural or legal person, public authority, agency or other or body that decides, alone or in combination with others, on the purposes and means of Processing Personal Data.
"Processor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.
Relevant legal basis
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data Processing. If the legal basis is not mentioned in the Data Privacy Statement, the following applies: The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR, the legal basis for the Processing in order to perform our services and execute contractual measures as well as for the response to inquiries is Art. 6 (1) lit. b GDPR, the legal basis for Processing in order to fulfil our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for Processing in order to safeguard our legitimate interest is Article 6 (1) lit. f GDPR. In the event that the vital interests of the Data Subject or another natural person require the Processing of Personal Data, Art. 6 (1) lit. d GDPR is the legal basis.
We take appropriate technical measures and organizational measures in accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the Processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of Data by controlling physical access to the Data, as well as its access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the enjoyment of Data Subject rights, Data deletion and response to Data vulnerability. Furthermore, we consider the protection of Personal Data already during the development, or when selecting hardware, software and procedures, according to the principle of data privacy by technology design and by privacy-friendly settings by default (Article 25 GDPR).
Collaboration with Processors and third parties
If, in the context of our Processing, we disclose Data to other persons and companies (Processors or third parties), transmit the Data to them or otherwise grant them access to the Data, this will only be done on the basis of a statutory permission (e.g. if a transmission of the Data to third parties is required by payment service providers, pursuant to Art. 6 (1) lit. b GDPR to fulfil the contract), you have consented, a legal obligation requires this or this is based on our legitimate interest (e.g. the use of agents, webhosters, etc.).
If we commission third parties to process Data on the basis of a so-called Processing by a Processor governed by a contract, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process Data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transmission of Data to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interest. Subject to statutory or contractual permissions, we process or have the Data processed in a third country only in the presence of the special conditions of Art. 44 et seq. GDPR. This means, for example, that the Processing takes place on the basis of special guarantees, such as the officially recognized level of data protection (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of Data Subjects
You have the right to ask for confirmation as to whether the Data in question is being processed and for information about this Data as well as for further information and a copy of the Data in accordance with Art. 15 GDPR.
You have, according to Art. 16 GDPR, the right to demand the completion of the Data concerning you or to demand the correction of the incorrect Data concerning you.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant Data be deleted immediately or, alternatively, to demand a restriction of the Processing of Data in accordance with Art. 18 GDPR.
You have the right to demand that the Data relating to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other Controllers.
Furthermore, you have, according to Art. 77 GDPR, the right to file a complaint with the competent supervisory authority.
You have the right to revoke consent granted with effect for the future in accordance with Art. 7 (3) GDPR.
You can object to the future Processing of your Data in accordance with Art. 21 GDPR at any time. The objection may in particular be made against Processing for direct marketing purposes.
"Cookies" are small files that are stored on Users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a User (or the device on which the cookie is stored) during or after his/her visit to an Online Offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a User leaves an online service and closes the browser. In such a cookie, for example, the content of a shopping cart can be stored in an online shop or a login status. The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. For example, the login status can be saved if Users visit it after several days. Likewise, in such a cookie the interests of the Users can be stored, which are used for range measurement or marketing purposes. A "third-party cookie" refers to cookies that are offered by providers other than the Controller who manages the Online Offer (otherwise, if it is only its own cookies, this is called "first-party cookies").
We may use temporary and permanent cookies and explain this in the context of our Data Privacy Statement.
If Users do not want cookies stored on their computer, they will be asked to disable the corresponding option in their browser's system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this Online Offer.
Revoking your cookie settings on this website
You can change your cookie settings at any time: Open cookie settings
Description of the cookies used last updated on 14 May2020
Currently no cookies are embedded on the website which are necessary for this website to function. This is why there is no description of the cookies which belong to the “necessary” category.
|Name of the cookie
|Function of the cookie
|Service life of the cookie
Registers a unique ID, which is used to generate statistical data about how the User uses the web site.
Registers a unique ID, which is used to generate statistical data about how the User uses the web site.
Is used by Google Analytics to throttle the request rate.
Randomly generates IDs für Google Analytics (performance).
|These cookies are set by KISSmetrics, an additional third party analysis service to collect information about the use of our website by the Users.
|The cookie is usually used for analysis purposes and helps count visitors to our site by tracking whether you have been to this page before.
|This cookie collects data about user behavior. This data can then be assigned to a specific group of visitors based on commonalities among site visitors.
|The cookie is used to maintain a Hotjar user ID that is unique to the site in the browser. This allows user behavior to be associated with the same User ID on subsequent visits.
|Funktion of the cookie
|Service life of the cookie
|Used by Google DoubleClick,in order to register the User’s actions on the website after an advertisement of the supplier has been displayed or after one of the supplier’s advertisements has been clicked on and to report it with the intention of measuring the effectiveness of an advertisement and the display of targeted advertising for the User.
|Youtube (Videos) / Google / Doubleclick
|Safety cookies from Google, in order to authenticate Users, prevent the deceitful use of registration information and protect User Data from unauthorized access..
|Youtube (Videos) / Google
|The NID cookie contains a unique ID, through which Google saves your preferred settings and other information, especially the language of your choice (e.g. English), how many search results per page should be displayed (e.g. 10 or 20) and if the Google SafeSearch filter should be activated.
|Is used by Google DoubeClick to optimize advertising, in order to provide advertisements relevant for the User, to improve reports on campaign efficiency or to avoid a User from repeatedly seeing the same advertisements.
|Youtube (Videos) / Google / Doubleclick
|Attempts to estimate the User bandwidth on pages with integrated YouTube videos.
|Registers a unique ID, which is used by Google to record statistics about how the User uses YouTube videos on various websites.
|Registers a unique ID to keep statistics of the YouTube videos which the User has seen.
|Registers a unique ID on mobile devices, in order to enable tracking based on the geographic GPS location.
|LinkedIn ad ID synchronization
|Indirect identifier for members for conversion tracking, retargeting, analysis
|Indirect identifier for members for conversion tracking, retargeting, analysis
|Name of the cookie
|Function of the cookie
|Service life of the cookie
|Es gewährleistet die Funktionalität der Software und enthält den Persisted State, Machine State, die Session-ID sowie Chat-Statistiken.
|Es wird genutzt, damit du bei Gesprächsabbrüchen auf unserer Webseite wieder identifiziert werden kannst. Es enthält eine individuelle User-ID und die Anzahl der Besuche.
This cookie is set when the notification is dismissed. When loading the page a check is made if this cookie is set. If not the notification is displayed.
|Cookie-Hinweis gesehen (AfB)
Deletion of Data
The Data processed by us is deleted or limited in their Processing in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this Data Privacy Statement, the Data stored by us is deleted as soon as it is no longer required for their purpose and the deletion does not conflict with any statutory storage requirements. Unless the Data is deleted because it is required for other and legitimate purposes, its Processing will be restricted. This means that the Data is blocked and not processed for other purposes. This applies, for example, to Data that must be archived for commercial or tax reasons.
According to legal requirements in Germany, the archiving takes place in particular for 10 years according to sections 147 para 1 Tax code (AO), 257 para. 1 nos. 1 and 4, para. 4 Commercial Code (HGB) (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc.) and 6 years in accordance with section 257 (1) no. 2 and 3, para. 4 HGB (commercial letters).
According to legal regulations in Austria the archiving takes place in particular for 7 years according to section 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states and for which the Mini-One-Stop-Shop (MOSS) is used.
Data collection and use when Processing the contract and opening a customer account
We collect Personal Data if it is voluntarily submitted by you in the ordering process, when contacting us (e.g. via a contact form or by email) or when opening a customer account. Obligatory fields are marked as such, since in these cases we need the Data for contract execution, or to process your contact or for opening the customer account and you can not complete the order and/or opening the account without said information, or can not send the contact form, Which Data is collected, can be seen from the respective input forms. We use the Data communicated by you in accordance with Art. 6 (1) sentence 1 lit. b GDPR for contract handling and Processing of your inquiries. After completion of the contract or deletion of your customer account, your Data will be restricted for further Processing and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to a further use of your Data or we reserve the right to further Data use, if this is legally permitted and about which we inform you in this statement. The deletion of your customer account is possible at any time and can be done either by a message to the contact option described below or via a designated function in the customer account.
We process our contractual partners’ and potential clients’ Data as well as the Data of other clients, customers or contractual partners (uniformly referred to as “Contractual Partners”) in accordance with Art. 6 (1) lit. b. GDPR to perform our contractual or precontractual performance for them. The type, scope and purpose of the Data processed as well as the necessity of its Processing shall be based on the appertaining contractual relationship.
The Data processed includes the stock Data of our Contractual Partners (e.g, names and addresses), contact Data (e.g. email, telephone numbers), as well as contract Data (e.g services used, contract content, contractual communication, names of contacts) and payment data (e.g. bank details, payment history). In principle, we do not process special categories of Personal Data, unless these are components of a commissioned or a contractual Processing.
We process Data that is necessary for the establishment and performance of the contractual services, and indicate the necessity of this Data if this is not obvious to the Contractual Partners. Disclosure to external persons or companies will only be made if required by a contract. When Processing the Data provided to us within the framework of an order, we act in accordance with the instructions of the client as well as with the statutory requirements.
As part of the use of our online services we can store the IP address and the time of the respective User action. This storage is based on our legitimate interest as well as the interest of the User in protection against abuse and other unauthorised access. We generally do not pass Data on to third parties unless this is deemed necessary to pursue our claims in accordance with Art. 6 (1) lit. f GDPR or there is a statutory obligation in accordance with Art. 6 (1) lit. c GDPR.
We delete the Data after the Data is no longer required to complete contractual or statutory duties of care as well as for dealing with any warranty or comparable obligations, whereas the necessity of archiving the Data is checked every three years; in all other cases the statutory archiving obligations shall apply.
Administration, financial accounting, office organization, contact management
We process Data in the context of administrative tasks as well as organization of our business, financial accounting and compliance with legal obligations, such as archiving. In doing so, we process the same Data that we process in the course of rendering our contractual services. The Processing principles are Art. 6 (1) lit. c GDPR, Art. 6 (1) lit. f GDPR. The Processing affects customers, prospects, business partners and website visitors. The purpose of and interest in Processing lies in administration, financial accounting, office organization, Data archiving, i.e. tasks that serve to maintain our business, perform our duties and provide our services. The deletion of the Data in terms of contractual services and contractual communication corresponds to the information provided in these Processing activities.
In doing so, we disclose or transmit Data to the fiscal authorities, consultants, such as tax accountants or auditors, as well as other fee agents and payment service providers.
Furthermore, we store information on suppliers, promoters and other business partners on the basis of our business interests, e.g. for the purpose of contacting them later. We generally store this Data, which is predominantly company-related, permanently.
Business analysis and market research
In order to operate our business economically, to be able to recognize market tendencies, wishes of the Contractual Partners and Users, we analyse the Data available to us regarding business processes, contracts, inquiries, etc. We process inventory Data, communication Data, contract Data, payment Data, usage Data, meta Data on the basis of Art. 6 (1) lit. f GDPR, whereby the persons affected include Contractual Partners, prospects, customers, clients, visitors and Users of our Online Offer.
The analyses are carried out for the purpose of economic evaluations, marketing and market research. We can take into account the profiles of registered Users with information, e.g. on the services they have used. The analyses serve us to increase the User-friendliness, the optimization of our offer and the economic efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.
If these analyses or profiles are personal, they will be deleted or made anonymous upon termination of the Users, otherwise after two years from the conclusion of the contract. Otherwise, macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
Provision of our services in accordance with the articles of association and business
We process the Data of our members, supporters, prospects, customers or other persons in accordance with Art. 6 (1) lit. b GDPR, insofar as we offer contractual services to them or act within the framework of existing business relationships, e.g. to members, or are ourselves recipients of services and benefits. Otherwise, we process the Data of affected parties in accordance with Art. 6 (1) lit. f GDPR on the basis of legitimate interest, e.g. if administrative tasks or public relations work are involved. The Data processed, type, scope and purpose as well as the necessity of its Processing are based on the underlying contractual relationship. This basically includes inventory and master Data of the persons (e.g. name, address, etc.), as well as contact Data (e.g. email address, telephone, etc.), contract Data (e.g. services used, contents and information provided, names of contact persons) and, if we offer services or products that are subject to payment, payment Data (e.g. bank details, payment history, etc.).
We delete Data that is no longer required for the provision of our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of business Processing, we retain the Data for as long as it may be relevant to the business transaction and also with regard to any warranty or liability obligations. The necessity of storing the Data is reviewed every three years; otherwise the statutory storage obligations apply.
Data privacy information in the application process
We process applicant data only for the purpose of and within the scope of the application process in accordance with the legal requirements. Applicant data is processed to fulfil our (pre)contractual obligations within the scope of the application process in accordance with Art. 6 para. 1 lit. b. GDPR / Art. 6 para. 1 lit. f. GDPR insofar as the data processing becomes necessary for us, e.g. within the scope of legal proceedings (in Germany, section 26 BDSG also applies).
The application process requires applicants to provide us with applicant data. The necessary applicant data is marked if we offer an online form, otherwise the data results from the job descriptions and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants may voluntarily provide us with additional information.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants as part of the application process, its processing is additionally carried out in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data if this is necessary to do the job).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or sending by post. Instead of applying via the online form and email, applicants still have the option of sending us their application by post.
The data transmitted as part of your application will be transferred via TLS encryption and stored in a database. This database is operated by Personio GmbH, which provides personnel administration and applicant management software (https://www.personio.de/impressum/). Personio is our processor in this context in accordance with Art. 28 GDPR. The basis for the processing here is an order processing contract between us as the controller and Personio.
In the event of a successful application, the data provided by applicants may be processed further by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified withdrawal by the applicants, the deletion will take place after the expiry of a period of 3 months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
As part of the application process, we offer applicants the opportunity to be included in our "talent pool" for a period of 12 months on the basis of consent in accordance with Art. 6 para. 1 lit. b. and Art. 7 GDPR.
The application documents in the talent pool will be processed solely in the context of future job advertisements and employee searches and will be destroyed at the latest after expiry of the period. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke this consent at any time for the future and declare their objection within the meaning of Art. 21 GDPR.
When contacting us (for example by contact form, email, telephone or via social media) the information of the User to process the contact request and its Processing are processed in accordance with Art. 6 (1) lit. b GDPR. User information can be stored in a Customer Relationship Management System (CRM system) or using a comparable request system.
We delete the requests if they are no longer required. We check the necessity every two years. Furthermore, the statutory archiving obligations apply.
With the following information, we will inform you about the content of our newsletter as well as the registration, sending and statistical evaluation procedures as well as your right to objection. By subscribing to our newsletter, you agree to the receipt and the procedures described.
Contents of the Newsletter: We send newsletters, emails and other electronic notifications with advertising information (hereinafter "Newsletter") only with the consent of the recipient or a statutory permission. Insofar as the contents of a Newsletter are concretely described, they are decisive for the consent of the Users. Furthermore our Newsletters contain information about our products and information appertaining to them (e.g. safety information), offers, campaigns and our company.
Double-opt-in and recording: The registration for our Newsletter takes place in a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with a third party email address. The registration for the Newsletter will be logged in order to be able to verify the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Similarly, the changes to your Data stored with the sending service provider will be recorded.
Log in Data: To subscribe to the Newsletter, it is sufficient to enter your email address. Optionally we ask you to specify a name in order for us to personalize the Newsletter.
The sending of the Newsletter and the related measurement of success take place on the basis of the recipient’s consent in accordance with Art. 6 (1) lit. a. Art. 7 GDPR together with section 107 (2) TKG or if consent is not necessary on the basis of our legitimate interest in direct marketing in accordance with. Art. 6 (1) lit. f GDPR together with section 107 (2) and (3) TKG.
The registration process is recorded on the basis of our legitimate interest in acc. with Art. 6 (1) lit. f GDPR. Our interest is based on the use of a user friendly as well as secure Newsletter system, which serves our business interests as well as the expectations of the Users and additionally enables us to verify consent.
Termination/revocation: You can cancel the Newsletter at any time and thus revoke your consent to receive the Newsletter. A link to cancel the Newsletter appears at the end of each Newsletter. We can store the deactivated email addresses for up to three years on the basis of our legitimate interest before we delete them in order to be able to prove a prior consent issued. The Processing of this Data is limited to the purpose of a defence against claims. An individual deletion request can be made at any time, if at the same time the prior existence of a consent is confirmed
Information on evaluating your user behaviour
AfB gemeinnützige GmbH uses a so-called anonymous tracking in its Newsletters. This involves recording recipient reactions (opening a mailing, clicking on text and image links, downloading images with an email program) and saving them anonymously for statistical purposes. It is not possible to identify individual Users on the basis of the stored Data without their explicit consent. If you have explicitly consented to receiving our Newsletter tailored to your individual interests and the use of personalized User profiles when registering for the Newsletter, we in particular will process your email address and your name in order to send the Newsletter. The evaluation of the user behaviour in particular covers which areas of the respective website of the mobile app and or the Newsletter you are visiting and which links you click there. During this process, personalized User profiles are created with reference to your identity and/or your email address for the purpose of better tailoring advertising approaches to your personal interests, in particular in the form of newsletters and print advertising, and to improve the respective websites. You can revoke your consent to receive the Newsletter or to our creation of personalized User profiles at any time with effect for the future, by unsubscribing from the Newsletter on our website. The link to unsubscribe the Newsletter can be found at the end of every Newsletter. If you revoke your consent we will delete the collected User Data.
The Users can cancel the Newsletter at any time and thus revoke their consent to receive the Newsletter. Any existing consent to personal tracking in the Newsletter will also expire. Any existing Personal Data relating to recipient reactions will then be deleted or made anonymous. The Users also have the option of revoking their consent to the storage and Processing of Personal Data relating to recipient reactions separately from their consent to receive the Newsletter. The existing Personal Data relating to recipient reactions will then be deleted or made anonymous. To cancel the Newsletter or to revoke your consent to the storage and Processing of Personal Data relating to recipient reactions, simply send an email to email@example.com. Furthermore, the Users have the option to cancel the Newsletter or to revoke their consent to the storage and Processing of Personal Data relating to recipient reactions using this link or clicking on the cancellation or objection link contained in each Newsletter.
Hosting and emailing
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, emailing, security and technical maintenance services which we use to operate this Online Offer.
We, or our hosting provider, process inventory Data, contact Data, content Data, contract Data, usage Data, meta and communication Data of customers, prospects and visitors to this Online Offer on the basis of our legitimate interest in an efficient and secure provision of this Online Offer acc. to Art. 6 (1) lit. f GDPR in connection with Art. 28 GDPR (Processing by a Processor governed by a contract).
Direct mail advertising and your right to object
Additionally, we reserve the right to use your first and surname as well as your postal address for our own advertising purposes, e.g.to send you interesting offers and information about our products by mail. This serves to safeguard our legitimate interest in an advertising approach to our customers that are overriding in the process of balancing of interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
The direct mail letters are sent as part of a contract Processing by a service provider we have contracted to whom we pass on your Data for this purpose.
You can object to your Data being stored and used for this purpose at any time by contacting us at the contact stated below.
Collection of access Data and log files
We, or our hosting provider, on the basis of our legitimate interest within the meaning of Art. 6 (1) lit. f. GDPR, collect Data on every access to the server on which this service is located (so-called server log files). The access Data includes name of the retrieved web page, file, date and time of retrieval, amount of Data transferred, message about successful retrieval, browser type and version, the User's operating system, referrer URL (the previously visited page), IP address and the requesting internet provider.
Logfile information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.
Google Tag Manager
Google Tag Manager is a tool that allows us to manage so-called web site tags through an interface (for example to include Google Analytics and other Google marketing services in our Online Offer). The Tag Manager itself (which implements the tags) does not process Users' Personal Data. With regard to the Processing of Users' Personal Data, reference is made to the following information about Google's services.
Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data privacy law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our Online Offer by Users, to compile reports on the activities within this Online Offer and to provide us with further services related to the use of this Online Offer and the internet usage. In this case, pseudonymous usage profiles of the Users can be created from the processed Data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the Users will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.
The IP address submitted by the User's internet browser will not be merged with other Data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection by Google of the Data generated by the cookie and related to its use of the Online Offer and the Processing of such Data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The Personal Data of Users will be deleted or anonymized after 14 months.
Google Universal Analytics
We use Google Analytics in the design as “Universal-Analytics”. “Universal Analytics” means a process of Google Analytics, in which the User analysis is based on a pseudonymous User ID and thus a pseudonymous profile of the User is created with information from the use of different devices (so-called "cross-device tracking").
Target group formation with Google Analytics
We use Google Analytics to form target groups, in order to show the ads that are displayed within the advertising services of Google and its affiliates only to those Users who have either shown an interest in our Online Offer or who have certain characteristics (e.g. interests in certain topics or products determined from web pages visited) that we have sent to Google (so-called “Remarketing” or “Google Analytics Audiences”). We use Remarketing Audiences to ensure that our ads correspond to the potential interests of Users.
Google AdWords and Conversion Tracking
On the basis of our legitimate interest (i.e. interest in the analysis, optimization and economic operation of our Online Offer pursuant to Art. 6 (1) lit. f GDPR) we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield Agreement and offers a guarantee as a result to uphold the EU data privacy law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google "AdWords" online marketing system to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites, etc.), so that they are shown to Users, who are assumed to have an interest in the advertisements. This enables us to display advertisements for and within our Online Offer more accurately in order to only present Users advertisements that potentially match their interests. If a User, for example, sees advertisements for products he has been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a Google code and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the User's device (comparable technologies can also be used instead of cookies). In this file it is noted which websites the User visits, which content he is interested in and which offers he has clicked on, as well as technical information about the internet browser and operating system, referring websites, visiting time as well as further information about the use of the Online Offer.
Furthermore we receive an individual "conversion cookie". The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we are only informed of the total number of anonymous Users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive any information that personally identifies Users.
User Data is processed pseudonymously within the Google advertising network. This means that Google does not store and process e.g. the name or email address of the User, but processes the relevant Data cookie-related within pseudonymous User profiles. From Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a User has expressly permitted Google to process the Data without this Pseudonymization. The information collected about Users is transmitted to Google and stored on Google's servers in the USA.
Based on our justified interests (i.e. interest in the analysis, optimization and efficient operation of our Online Offer in the meaning of Art. 6 (1) lit. f GDPR), we use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google is certified under the Privacy Shield Agreement and it thereby offers a guarantee that the European Data protection laws are observed (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google "DoubleClick" online marketing system to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites, etc.). DoubleClick is characterized by displaying ads in real time based on presumed interests of the Users. This enables us to display advertisements for and within our Online Offer more accurately in order to only present Users advertisements that potentially match their interests. If a User, for example, sees advertisements for products he has been interested in on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a Google code and (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the User's device (comparable technologies can also be used instead of cookies). In this file it is noted which websites the User visits, which content he is interested in and which offers he has clicked on, as well as technical information about the internet browser and operating system, referring websites, visiting time as well as further information about the use of the Online Offer.
Also the Users’ IP addresses are gathered, whereas these will be truncated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and transferred only in exceptions in full length to a server of Google in the USA to be truncated there. The aforementioned information can also be combined by Google with information from other sources. If a User subsequently visits other websites, ads personalized to him/her according to his/her presumed interests based on his/her User profile can be displayed to him/her.
User Data is processed pseudonymously within the Google advertising network. This means that Google does not store and process e.g. the name or email address of the User, but processes the relevant Data cookie-related within pseudonymous User profiles. From Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a User has expressly permitted Google to process the Data without this Pseudonymization. The information gathered by Google marketing services about the Users is transmitted to Google and stored on Google's servers in the USA.
On our website we use the Hotjar tool, with which we want to improve the functionality of our website and make it more user-friendly by analysing the surfing behaviour of our visitors. The basis for the use of Hotjar is our legitimate interest (Art. 6 (1) lit. f GDPR).
Hotjar is operated by the European startup Hotjar Ltd, which has its headquarters in Malta (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Among other things, the following data is collected via the Hotjar tracking code: Terminal-specific data: IP address of your device (in an anonymized format), size of the device screen, device type (individual device identifiers) and browser information, geographic location (country only), preferred language when viewing the web site. Log information: referring domain, pages visited, geographic location (country only), language preferred when viewing the Web page, date and time the Web site pages were accessed. No personal data is collected and transmitted. Hotjar only anonymously collects mouse clicks, mouse movements, scrolling activities and text data from input fields. The data is transmitted to Hotjar's servers, which are located in Ireland. Hotjar uses various services hosted by third parties, such as Google Analytics and Optimizely. These services may collect data sent by your browser as part of the website request, such as cookies or your IP address.
Device-dependent data collected by your device and web browser:
- IP address (anonymized)
- Device type and browser information
- Geographical data (country only)
- Language used to display our website
- User Interactions
Log data, which is automatically used by our server when Hotjar is used:
- Referring domaiin
- Visited websites
- Geographical data (country only)
- Language used to display our website
- Date and time of access
For more information about how Hotjar works, please see: www.hotjar.com/privacy.
Facebook Pixel, Custom Audiences and Facebook Conversion
Based on our legitimate interest in the analysis, optimization and economic operation of our Online Offer and for these purposes we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
With the help of the Facebook Pixel, Facebook is able on the one hand, to determine the visitors to our website as a target group for the presentation of advertisements (so-called "Facebook Ads"). Accordingly we use the Facebook Pixel to show the Facebook Ads we have booked only to the Facebook Users who are also interested in our website or who demonstrate specific characteristics (e.g. interest in certain topics or products, which are determined from visits to certain websites), which we send to Facebook (so-called “Custom Audiences”). With the help of the Facebook Pixel we also want to ensure that our Facebook Ads are in line with the potential interest of the Users and do not appear annoying. Thanks to the Facebook Pixel we can additionally gauge the effectiveness of Facebook advertising for statistical and market research purposes by seeing if the Users were transferred to our website after clicking on a Facebook Ad (so-called conversion).
The Processing of Data by Facebook takes place in line with the Facebook Data Processing guidelines. Accordingly general information about the display of Facebook-Ads is available in Facebook’s Data Usage Policy: www.facebook.com/policy.php. Special Information and Details about the Facebook Pixel and how it works can be found in the help section of Facebook:
You can object to the gathering and use of your Data by Facebook Pixel for the display of Facebook Ads. To configure which types of ads can be displayed to you on Facebook, you can call up the page set up by Facebook and follow the instructions there to adjust the settings for advertising based on your activity: https://www.facebook.com/settings?tab=ads. The settings are made independent of the platform, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
Online presence on social media
We maintain an online presence within social networks and platforms in order to communicate with customers, prospects and Users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data Processing guidelines apply to their respective operators.
Unless otherwise stated in our Data Privacy Statement, we process the Users' Data as far as they communicate with us on social networks and platforms, e.g. write posts on our online presence or send us messages.
Incorporation of services and content of third parties
Based on our legitimate interest (i.e. interest in analysis, optimization and economic operation of our Online Offer within the meaning of Art. 6 (1) lit. f GDPR) we use content or services from third party providers on our website, in order to integrate their content and services such as videos or fonts (hereinafter referred to as “Content”).
This always requires that the third-party providers of this Content receive the IP address of the Users, since without the IP address they could not send the Content to their browser. The IP address is therefore required for the display of this Content. We attempt to use only the Content whose respective providers use the IP address solely for the delivery of the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the Users’ device and may include technical information about the internet browser and operating system, referring websites, visiting time and other information about the use of our Online Offer, as well as be linked to such information from other sources.
We embed videos from the “YouTube” platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, Data privacy statement: www.google.com/policies/privacy/, opt-out: adssettings.google.com/authenticated.
We embed maps from the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The Data processed can in particular include IP addresses and the Users’ location Data, which however is not collected without their consent (generally as part of the settings on their mobile equipment). The Data can be processed in the USA. Data privacy statement: www.google.com/policies/privacy/, opt-out:
Our Online Offer makes use of the functions and content of the Twitter service, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This can include for example Content such as images, videos or texts and control buttons with which Users can share Content of this Online Offer within Twitter.
If the Users are members of the Twitter , platform. the call up of the above mentioned Content and functions can be allocated to Users’ profiles there by Twitter. Twitter is certified under the Privacy Shield Agreement and as a result guarantees to uphold European data privacy law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data privacy statement: twitter.com/de/privacy, Opt-Out: twitter.com/personalization.
Our Online Offer makes use of the functions and content of Xing, offered by XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. This may include Content such as images, videos or texts and control buttons with which Users can share Content of this Online Offer within Xing. If the Users are members of the Xing platform. the call up of the above mentioned Content and functions can be allocated to Users’ profiles there by Xing. Xing data privacy statement: https://www.xing.com/app/share?op=data_protection.
Our Online Offer makes use of the functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This may include Content such as images, videos or texts and control buttons with which Users can share Content of this website within LinkedIn. If the Users are members of the LinkedIn platform, the call up of the above mentioned Content and functions can be allocated to Users’ profiles there by LinkedIn. LinkedIn data privacy statement: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
LinkedIn Insight tag
The LinkedIn Insight tag allows us to collect information about visits to your site, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamps. IP addresses are truncated or (if used to reach members across devices) hashed. The direct identifiers of members are removed within seven days in order to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days.
LinkedIn does not share any personally identifiable information with the owner of this website, but only provides reports (which do not identify you) about website audience and ad performance. LinkedIn also provides retargeting for site visitors, which allows the site owner to use this data to display targeted advertising outside their site without identifying the member. We also use data that does not identify you to improve the relevance of ads and reach members across devices. LinkedIn members can control the use of their personal information for advertising purposes in their account settings.
Purpose of data processing
The LinkedIn Insight tag is used for the purpose of providing detailed campaign reporting and information about visitors to our website and thus our advertising and marketing interests. As a LinkedIn marketing solutions customer, we use the LinkedIn Insight tag to track conversions, retarget our site visitors, and gather additional information about the LinkedIn members who view our ads.
Legal basis of data processing
The legal basis for the processing of personal data is (Art. 6 para. 1 sentence 1 lit. f GDPR), i.e. a legitimate interest on our part. Our legitimate interest here lies in the above-mentioned purposes.