PRIVACY POLICY & COOKIES

 

DATA PROTECTION

Burton Sportartikel GmbH takes data protection concerns seriously and collects, processes and uses personal data of customers in compliance with the applicable data protection laws, in particular EU Regulation 2016/679 (GDPR).

 

INFORMATION ON THE COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 - We appreciate you visiting our website and thank you for your interest. Below you'll find information about how we handle your personal data when you use our website. Personal data in this context is all data with which you can be personally identified.

1.2 - The data processing controller on this website within the meaning of the General Data Protection Regulation (GDPR) is Burton Sportartikel GmbH, Haller Strasse 111, 6020 Innsbruck, Austria, Tel.: 00 800 287 866 13, e-mail: privacy@burton.at 
The controller of personal data is the natural person or legal entity who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 - The controller has appointed a data protection officer, namely Emanuel Schmidhofer. He can be reached at the following e-mail access: privacy@burton.at

1.4 - This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries directed at the controller). You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser line.

DATA COLLECTION WHEN VISITING OUR WEBSITE

When using our website for information purposes only, that is, if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

        
  • Our web page visited
  •     
  • Date and time of access
  •     
  • Amount of data sent in bytes
  •     
  • Source/link from which you reached the page
  •     
  • Browser used
  •     
  • Operating system used
  •     
  • IP address used (if applicable: in anonymized form)

We process this data in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. We do not pass on the data or use it in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete signs of unlawful use.

 

HOSTING

Hosting by Salesforce.com Inc
Within the scope of our commissioned processing, we use the store system of the service provider Salesforce.com Inc, 415 Mission Street Third Floor, San Francisco, CA 94105, USA for the purpose of hosting and displaying the online store.

All data collected on our website is processed on the servers of Salesforce.com Inc. For further information on Salesforce's data protection, please visit the following website: compliance.salesforce.com/en/gdpr

 

COOKIES

In order to make your experience on our website more appealing and to enable the use of certain functions, we use so-called cookies on different pages. Cookies are small text files that are stored on your terminal. Some of the cookies we use are deleted after the end of the browser session, that is, when you close your browser (so-called session cookies). Other cookies remain on your terminal device and allow your browser to be recognized the next time you visit (so-called persistent cookies). When cookies are placed, they collect and process certain user information such as browser and location data and IP address values on an individual basis. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. Information on how long each cookie is stored can be found in the overview of the cookie settings of your web browser.
In some cases, cookies are used to simplify the ordering process by storing settings (for example, remembering the contents of a virtual shopping cart for a later visit to the website). If personal data is also processed by individual cookies that we set, the processing is carried out in accordance with Art. 6 para. 1 lit. b) of the GDPR either for the performance of the agreement, according to Art. 6 para. 1 lit. a) GDPR in the case of granted consent or according to Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

Please note that you can set your browser in such a way that you are informed about the setting of cookies and can decide, on a case-by-case basis, whether to accept or reject them for certain cases or in general. Each browser manages cookie settings differently. This is described in the help menu of each browser, which explains how you can change your cookie settings. Please note that if you do not accept cookies, the functionality of our website may be limited.

 

CONTACTING

Personal data is collected when contacting us (e.g. via contact form or e-mail). The respective contact form will specify which data is collected. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) of the GDPR. If you contact us in order to conclude an agreement, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted once we have finished processing your request, provided that the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations that suggest otherwise.

 

DATA PROCESSING WHEN OPENING A CUSTOMER ACCOUNT AND FOR CONTACT EXECUTION

Pursuant to Art. 6 para. 1 lit. b) GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of an agreement or when opening a customer account. You can see which data is collected from the respective input forms. You can delete your customer account at any time by sending a message to the above address of the data controller. We store and use the data provided by you for the purpose of executing the contract. After complete execution of the agreement or deletion of your customer account, your data will be blocked in compliance with tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data, or a legally permitted further use of data has been reserved on our part.
 

COMMENT FUNCTION

In the context of the comment function on this website, details of the time of creation of the comment and the name you have chosen to appear with your comment are stored and published on this website in addition to your comment. Your IP address is also logged and stored. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties by posting a comment or that illegal content is posted. We need your e-mail address to contact you if a third party objects to your published content, claiming it to be unlawful. The legal basis for storing your data is Art. 6 para. 1 lit. b) and f) GDPR. We reserve the right to delete comments if third parties find them unlawful.

 

USE OF CUSTOMER DATA FOR DIRECT ADVERTISING

8.1 - Subscription to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only information you must provide to receive the newsletter is your e-mail address. You are free to provide additional data, which will be used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you an e-mail newsletter until you have explicitly confirmed that you consent to receiving such newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a confirmation link.

By activating the confirmation link, you consent to us using your personal data in accordance with Art. 6 para. 1 lit. a) GDPR. When you subscribe to the newsletter, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of subscription to enable us to trace any possible misuse of your e-mail address at a later date. The data we collect when you subscribe to the newsletter will be used exclusively for the purpose of addressing you for advertising purposes by way of the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a corresponding message to the data controller mentioned at the beginning. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this Policy.

8.2 - Sending the newsletter via Salesforce
Our e-mail newsletters are sent via the technical service provider Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter referred to as “Salesforce”), to whom we pass on the data you provided when subscribing to the newsletter. This transmission is made in accordance with Art. 6 para. 1 lit. f) of the GDPR and serves our legitimate interest in using a newsletter system that is effective in term of advertising, secure and user-friendly. Please note that your data is usually transferred to a Salesforce server in the USA and stored there.

Salesforce uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of the web beacons, Salesforce automatically creates general, non-personal statistics about the response behavior to newsletter campaigns. On the basis of our legitimate interest in statistically evaluating the newsletter campaigns in order to optimize advertising communication and better target recipient interests, however, the web beacons also collect and utilize data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system) in accordance with Art. 6 para. 1 lit. f) of the GDPR. This data allows us to draw individual conclusions about the newsletter recipient and is processed by Salesforce to automatically generate statistics that reveal whether a particular recipient has opened a newsletter message.

If you wish to deactivate the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

Salesforce may also itself use this data in accordance with Art. 6 para. 1 lit. f) of the GDPR based on its own legitimate interest in designing and optimizing the service in line with demand and for market research purposes, for example to determine which countries the recipients come from. However, Salesforce does not use the data of our newsletter recipients to write to them on its own or to pass it on to third parties.

To protect your data in the U.S., we have entered into a data processing agreement (“Data Processing Agreement”) with Salesforce based on the European Commission’s standard contractual clauses, so as to enable the transfer of your personal data to Salesforce.

You can view Salesforce’s privacy policy here: salesforce.com/de/company/privacy

8.3 - Text marketing via Attentive
On our website, we offer you the option to sign up for receiving text notifications about current offers and promotions.

It is mandatory that you disclose your mobile phone number in order to receive text notifications. You are free to provide additional data, which will be used to address you personally.

We use the so-called double opt-in procedure for you to start receiving text messages, which ensures that promotional text messages are only sent to you only after you have expressly confirmed your consent to receive text messages by clicking on a verification link sent to the mobile phone number you provided.

By activating the confirmation link, you consent to us using your personal data in accordance with Art. 6 para. 1 lit. a) GDPR. When you register to receive text messages, the date and time of registration are also stored to enable us to trace any possible misuse of your mobile phone number at a later date. The data collected during registration will be used exclusively for the purpose of advertising via text messages. You can unsubscribe from the text at any time by sending a message to the data controller mentioned above. After unsubscribing, your mobile phone number will be deleted from the distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for any other purpose that is permitted by law and about which we inform you in this Policy.

Text notifications are sent via the technical service provider Attentive Mobile Inc, 221 River Street, Suite 9047, Hoboken, NJ 07030, USA (“Attentive”), to whom we pass on your data provided during registration. This transfer takes place in accordance with Art. 6 para. 1 lit. f) of the GDPR and serves our legitimate interest in using a marketing system that is effective in advertising, secure and user-friendly. The data you enter for the purpose of receiving text (e.g. your mobile phone number) is stored on Attentive’s servers in the USA.

Attentive uses this information to send and statistically evaluate the text messages on our behalf. For the evaluation, the SMS sent contain so-called web beacons or tracking pixels, which are single-pixel image files that are stored on our website. This makes it possible to determine which links have been clicked on. With the help of the web beacons, Attentive automatically creates general, non-personal statistics about the response behavior to SMS campaigns. On the basis of our legitimate interest in statistically evaluating the SMS campaigns in order to optimize advertising communication and better target recipient interests, however, the web beacons also collect and utilize data of the respective SMS recipient (telephone number, time of retrieval, IP address, browser type and operating system) in accordance with Art. 6 para. 1 lit f) of the GDPR. This data allows us to draw individual conclusions about the SMS recipient and is processed by Attentive for to automatically generate statistics that reveal whether a particular recipient has clicked on an SMS message. If you also register for the e-mail newsletter, the data collected for statistical evaluation will also be transmitted by Attentive to Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany, where it may be combined and evaluated with other data collected in the course of registration for the newsletter and through interactions with newsletter content. The legal basis is our legitimate interest in the cross-media statistical evaluation of our marketing campaigns for the optimization of our advertising communication pursuant to Art. 6 para. 1 lit. f) of the GDPR.

If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from receiving text messages.

We have concluded a commissioned processing agreement with Attentive, by which we oblige Attentive to protect our customers’ data and not to pass it on to third parties.

You can view Attentive’s privacy policy here: attentivemobile.com/privacy

8.4 - Transmission of customer data to Google and Meta to make targeted contact for advertising purposes
In order to address users whose data we have received in the context of business or business-like relationships in an even more targeted manner, we use customer matching functions provided by the following providers:

Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) and Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

To this end, we transmit one or more files with aggregated customer data (especially e-mail addresses and telephone numbers) electronically to one or both providers. The providers do not thereby gain access to plain data, but automatically encrypt the information in the customer files during the transmission process using a special algorithm. The encrypted information can then only be used by the providers to assign it to existing user accounts that the data subjects have set up. This enables personalised advertising to be displayed via all web services linked to the respective user account.

The transmission of customer data to the provider(s) only takes place if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You may revoke this consent at any time with effect for the future.

Further information on the data protection measures in relation to the customer matching function can be found - for Google here
and for Meta here
. We have concluded data processing agreements with the providers which ensure the protection of the data of our site visitors and prohibit unauthorised disclosure to third parties. The information generated is usually transferred to a server of the providers and stored there; in this context, there may also be a transfer to servers of Google, LLC and Meta Platforms Inc. in the USA. For the transfer of data to the USA, the providers invoke standard contractual clauses of the European Commission which are intended to ensure compliance with the European level of data protection. You can view Salesforce’s privacy policy here: salesforce.com/de/company/privacy

 

DATA PROCESSING FOR ORDER PROCESSING

9.1 - In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded agreements. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data we collect will be passed on to the transport company commissioned with the delivery as part of the contract execution insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the framework of payment processing insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

9.2 - Transfer of personal data to shipping providers

        
  • DPD
        If the goods are delivered by the transport service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will pass on your e-mail address and your telephone number to DPD prior to the delivery of the goods in accordance with Art. 6 para. 1 lit. a) GDPR for the purpose of coordinating a delivery date or for notice of delivery, provided that you have given your express consent to this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery in accordance with Art. 6 para. 1 lit. b) GDPR. The transfer of data is made only to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with DPD or notice of delivery is not possible.
        The consent can be withdrawn at any time with effect for the future vis-à-vis the controller named above or vis-à-vis the transport service provider DPD.
  •     
  •     

    UPS
        If the goods are delivered by the transport service provider UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss), we will pass on your e-mail address to UPS prior to the delivery of the goods in accordance with Art. 6 para. 1 lit. a) GDPR for the purpose of coordinating a delivery date or for notice of delivery, provided that you have given your express consent to this in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to UPS for the purpose of delivery in accordance with Art. 6 para. 1 lit. b) GDPR. The transfer of data is made only to the extent necessary for the delivery of goods. In this case, a prior coordination of the delivery date with UPS or the transmission of status updates of the shipment is not possible.
        The consent can be revoked at any time with effect for the future vis-à-vis the responsible person named above or vis-à-vis the transport service provider UPS.

        

9.3 - Use of payment service providers (payment services)

        
  •     

    Adyen
        If you choose a payment method offered by the payment service provider Adyen, the payment processing is carried out via the payment service provider Adyen, Simon Carmiggeltstraat 6 - 50, 1011 DJ Amsterdam, Netherlands, to whom we pass on your information provided during the ordering process together with the information about your order (name, address, IBAN, BIC, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b) GDPR. We will only pass on your data for the purpose of processing payments with the payment service provider Adyen and only insofar as it is necessary for this purpose.

        

 

CONTACT FOR RATING REMINDER BY YOTPO Inc

If you have given us your express consent to do so during or after your order in accordance with Art. 6 para. 1 lit. a) GDPR, we will transmit your e-mail address to the rating platform Yotpo Inc, 33 West 19th Street, New York, NY 10011, USA (yotpo.com) so that they can send you a rating reminder by e-mail.
You can withdraw your consent at any time by sending a message to the data controller or to the rating platform.

 

TRANSACTION FRAUD PREVENTION VIA NoFraud

This website uses the “NoFraud” service of NoFraud LLC, 48 W 48th St, #402, New York, New York 10036, USA, for technology-based authorization verification of transactions.
If, while placing your order, you choose to pay by credit or debit card, we transmit certain transaction information (name, address, order details, payment data, time zone setting, operating system and platform, the geographic origin of the website access) to NoFraud, which uses algorithm-based processes and matching to verify the authenticity of the payment information entered and the identity between the cardholder and the customer in order to rule out fraud.

If a transaction is classified as suspicious by NoFraud, this information is forwarded to the cardholder’s bank, and the cardholder is then asked to verify the transaction using his/her own bank-specific identification features.

Insofar as personal data is also processed during the transmission of transaction information to NoFraud, the processing is carried out pursuant to Art. 6 para. 1 lit. f) of the GDPR on the basis of our legitimate interest in fraud prevention when using cardless online payment methods and in safeguarding against financial default risks.

Further information on NoFraud’s privacy policy can be found at nofraud.com/privacy

 

USE OF SOCIAL MEDIA: SOCIAL PLUGINS

12.1 - Facebook as default plugin
Our website uses so-called social plugins (“plugins”) of the social media network Facebook, which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins are marked with a Facebook logo or the supplement “Social Plug-in from Facebook” or “Facebook Social Plugin.” An overview of the Facebook plugins and their visual layout can be found here: developers.facebook.com/docs/plugins

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted by Facebook directly to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted by your browser directly to a server of Facebook Inc. in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook profile. If you interact with the plugins, for example by clicking the “Like” button or posting a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.

The described data processing operations are carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of Facebook’s legitimate interests in displaying personalized advertising to inform other users of the social media network about your activities on our website and for the demand-oriented design of the Facebook service.

If you do not want Facebook to assign the data collected via our website directly to your Facebook profile, you must log out of Facebook before visiting our website. You can also object to the loading of the Facebook plugins and thus to the data processing operations described above for the future using add-ons for your browser, e.g. the script blocker “NoScript” (noscript.net)

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in Facebook’s privacy policy: 
facebook.com/policy

12.2 - LinkedIn as default plugin
Our website uses so-called social plugins (“plugins”) of the online service LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You can recognize the LinkedIn plugins by the LinkedIn logo or the “Recommend” button on our website.

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to LinkedIn’s servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated into the page. Through this integration, LinkedIn receives the information that your browser has accessed the corresponding page of our website, even if you do not have a LinkedIn profile or are not currently logged in to LinkedIn.

This information (including your IP address) is transmitted by your browser directly to a server of LinkedIn in the USA and stored there.

If you are logged in to LinkedIn, LinkedIn can directly assign your visit to our website to your LinkedIn account. If you interact with the plugins, this information is also transmitted directly to a LinkedIn server and stored there. The information is also published on your LinkedIn account and displayed there to your contacts.

The described data processing operations are carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of LinkedIn's legitimate interests in displaying personalized advertising to inform other users of the social network about your activities on our website and for the demand-oriented design of the LinkedIn service.

If you do not want LinkedIn to directly assign the data collected via our website to your LinkedIn profile, you must log out of LinkedIn before visiting our website. You can also object to the loading of the LinkedIn plugins and thus the data processing operations described above with add-ons for your browser for the future, e.g. with the script blocker “NoScript” (noscript.net)

The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found in LinkedIn’s privacy policy: linkedin.com/legal/privacy-policy

12.3 - Twitter as default plugin
Our website uses so-called social plugins (“plugins”) of the microblogging service Twitter, which is operated by the Twitter International Company, One Cumberland Place, Fenian Street,

Dublin 2, D02 AX07 Ireland (“Twitter”). The plugins are identified with a Twitter logo, for example in the form of a blue “Twitter bird.” An overview of the Twitter plugins and their visual layout can be found here: twitter.com/en/docs/twitter-for-websites

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to Twitter’s servers. The content of the plugin is transmitted by Twitter directly to your browser and integrated into the page. Through the integration, Twitter receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on Twitter or are not currently logged in to Twitter. This information (including your IP address) is transmitted by your browser directly to a server of Twitter Inc. in the USA and stored there.

If you are logged in to Twitter, Twitter can directly assign your visit to our website to your Twitter account. If you interact with the plugins, for example by clicking the “Tweet” button, this information is also transmitted directly to a Twitter server and stored there. The information is also published on your Twitter account and displayed there to your contacts.

The described data processing operations are carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of Twitter’s legitimate interests in displaying personalized advertising to inform other users of the social media network about your activities on our website and for the demand-oriented design of the Twitter service.

If you have an account with the Twitter social network and would like to limit the collection of data via our website and the merging of your user data with the data stored about you by Twitter, you should log out of Twitter before visiting our website.

You can also object to the loading of the Twitter plugins and thus the data processing operations described above with add-ons for your browser for the future, e.g. with the script blocker “NoScript” (noscript.net)

The purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and setting options for protecting your privacy, can be found in Twitter’s privacy policy: twitter.com/privacy

 

USE OF SOCIAL MEDIA: USE OF YouTube VIDEOS

This website uses the YouTube embedding function to display and play videos from the provider “YouTube,” which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
In this case, the extended data protection mode is used, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “YouTube,” these are used, among other things, to collect video statistics, improve the user experience and prevent abusive behavior. If you are logged in to Google, your data is directly assigned to your account when you click on a video. If you do not want the assignment with your profile at YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of Google’s legitimate interests in the display of personalized advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. Using YouTube may also result in the transmission of personal data to the servers of Google LLC. in the USA.

Regardless if the embedded videos are played, a connection to the Google network is established each time this website is accessed, which may trigger further data processing operations beyond our control.

Further information on data protection at “YouTube” can be found in YouTube’s terms of use at youtube.com/static?template=terms as well as in the Google privacy policy at google.de/intl/de/policies/privacy

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website.

 

ONLINE MARKETING

14.1 - Clutch
You have the option to participate in the loyalty program of Clutch Holdings LLC, 201 South Maple Ave, Suite 250, Ambler, PA 19002, USA (“First Chair”) when making purchases through our online store. We have integrated Clutch into our check-out process for this purpose. In this case, based on our legitimate interest in the user-friendly design and optimal marketing of our website pursuant to Art. 6 para. 1 lit. f) of the GDPR, we transmit the following data to Clutch after completion of the purchase for the purpose of crediting loyalty points: e-mail, first name, last name, value of goods of your purchase and the number of loyalty points acquired with the purchase. Telephone number and date of birth may optionally be provided and transferred. For more information, please see Clutch’s privacy policy: clutch.com/terms-and-privacy-policy-2. Our customer loyalty e-mails from Clutch contain a pixel tag, which is a small, unique image that tells us if you have opened an e-mail and what your IP address is.

14.2 - Facebook Pixel for the creation of Custom Audiences with advanced data synchronization (with cookie consent tool).
Our website uses the so-called “Facebook Pixel” of the social media network Facebook in the mode of advanced data synchronization, which is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).

Based on the user’s explicit consent, when clicking on an advertisement played on Facebook and placed by us, a supplement is added to the URL of our linked page by Facebook Pixel. Then, after being redirected, this URL parameter is embedded in the user’s browser by means of a cookie, which is set by our linked site itself. In addition, this cookie collects specific customer data, such as the mail address, which we collect on our website linked to the Facebook ad during processes such as purchase transactions, account logins or registrations (advanced data synchronization). The cookie is then read by the Facebook Pixel and enables the data, including the specific customer data, to be forwarded to Facebook.

Thanks to the Facebook pixel with advanced data synchronization, it is possible for Facebook to precisely determine the visitors to our website as a target group for the display of advertisements (so-called “Facebook ads”).

Accordingly, we use the Facebook Pixel with advanced data synchronization to display the Facebook ads we place only to those Facebook users who have shown an interest in our online offer or who share certain characteristics (e.g. interests in certain topics or products determined based on the websites visited), which we transmit to Facebook (so-called “Custom Audiences”). Using the Facebook pixel with advanced data synchronization, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not a nuisance. This allows us to further evaluate the effectiveness of Facebook ads for statistical and market research purposes by tracking whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”). Compared to the standard variant of Facebook Pixel, the advanced data synchronization feature helps us better measure the effectiveness of our ad campaigns by capturing more associated conversions.

All transmitted data is stored and processed by Facebook, enabling a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes, in accordance with Facebook’s data usage policy (facebook.com/about/privacy). The data may enable Facebook and its partners to place advertisements on and off Facebook.

These processing operations are carried out exclusively by giving explicit consent in accordance with Art. 6 para. 1 lit. a) of the GDPR.

Only users over the age of 16 years may give their consent to the use of the Facebook Pixel. If you are younger, please ask your parent or guardian for permission.

The information generated by Facebook is usually transmitted to a Facebook server and stored there, which may also involve transmission to the servers of Facebook Inc. in the USA. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, remove the check mark next to the setting for the “Facebook Pixel” in the “Cookie Consent Tool” embedded on the website.

14.3 - Use of Google Ads Conversion Tracking
This website uses the online advertising program “Google Ads” and, within the scope of Google Ads, the conversion tracking of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are by referring to the data of the advertising campaigns. Our aim is to show you advertising relevant to your interests, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

The cookie for conversion tracking is set when a user clicks on an ad placed by Google Ads. Cookies are small text files that are stored on your terminal. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked across Google Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Google Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive information that personally identifies users.

Details on the processing prompted by Google Ads conversion tracking and on how Google handles data from websites can be found here: policies.google.com/technologies/partner-sites

If you prefer not to participate in the tracking, you can block this usage by deactivating the Google conversion tracking cookie via your internet browser under the keyword “User settings.” You will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising pursuant to Art. 6 para. 1 lit. f) of the GDPR. Using Google Ads may also result in the transmission of personal data to the servers of Google LLC. in the USA.

You can obtain more information about Google’s privacy policy at the following web address: google.de/policies/privacy

You can permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the browser plug-in from Google available at the following link: 
google.com/settings/ads
Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies.

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website or, alternatively, follow the option described above to make an objection.

14.4 - Use of affiliate programs; AWIN performance advertising network
We participate in the performance advertising network of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter referred to as “AWIN”). As part of its tracking services, AWIN stores cookies for the documentation of transactions (for example, of “sales leads”) on terminals of users who visit or use websites or other online offers of its customers (for example, subscription to a newsletter or placement of an online order). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding accounting within the framework of its network.

Only the information about when a certain advertising medium was clicked on by a terminal device is placed in a cookie. In the AWIN tracking cookies, an individual sequence of numbers is stored, which cannot be assigned to the individual user, and with which the partner program of an advertiser, the publisher, and the time of the user’s action (click or view) are documented. AWIN also collects information about the terminal device from which a transaction is carried out, for example, the operating system and the browser used to access the page. Should the information also contain personal data, the described processing is based on our legitimate financial interest in processing commission payments with AWIN pursuant to Art. 6 para. 1 lit. f) of the GDPR.

If you do not want cookies to be stored in your browser, you can object to them by changing the appropriate browser settings. In your browser, you can deactivate the setting of cookies under Tools/Internet Options, limit it to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case the online offers will only be displayed to a limited extent and the user interface will be restricted.

You can also delete cookies at any time. In this case, the information stored in them will be removed from your terminal device.

For more information about AWIN’s use of data, please see the company’s privacy policy: awin.com/de/rechtliches

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your granted consent at any time with effect for the future. In order to exercise your withdrawal, please follow the option described above for making an objection.

 

WEB ANALYTICS SERVICES

15.1 -  Google Analytics 4
When using Google Analytics 4, so-called “cookies” are used by default. Cookies are text files that are stored on your terminal device and enable the analysis of how you use a website. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, which is based in the USA, and further processing of the information there.

As a rule, when using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is only ever collected and processed anonymously and automatically so that the information collected cannot be directly linked to a person. This automatic anonymization is carried out by Google shortening the IP address transmitted by your terminal device by the last digits within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA).

On our behalf, Google uses this and other information to evaluate your use of the website, to compile reports about your website activities and usage behavior, and to provide us with other services related to your website and internet usage. In this process, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for two months and then deleted.

Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users based of an evaluation of interest-based advertising and with the involvement of third-party information via a special feature, the so-called “demographic features.” This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the “demographic features” cannot be assigned to a specific person and thus cannot be assigned to you personally. This data collected via the “demographic features” function is retained for two months and then deleted.

All data processing described above, in particular the setting of Google Analytics cookies for storing and reading information on the terminal device you use to browse the website, will only take place if you have given us your express consent in this respect in accordance with Art. 6 para. 1 lit. a) GDPR. Without your consent, Google Analytics 4 will not be used while you are using the website. You can withdraw your granted consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the “Cookie Consent Tool” provided on the website.

In connection with this website, the “UserIDs” function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google create cross-device reports (so-called “cross-device tracking”). This means that your usage behavior can also be analyzed across devices if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a) GDPR, if you have set up a personal account by registering on this website and are logged into your personal account on different terminal devices with your login data. The data collected in this way shows, among other things, which terminal device you were using when you first clicked on an ad and on which terminal device the relevant conversion took place.

In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we may have Google create cross-device reports (so-called “cross-device tracking”). If you have activated “personalized ads” in your Google account settings and have linked your internet-enabled terminal devices to your Google account, Google can analyze usage behavior across devices and create database models based on this if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 para. 1 lit. a) GDPR. The logins and device types of all website users who were logged into a Google account and executed a conversion are taken into account. The data collected shows, among other things, which terminal device you were using when you first clicked on an ad and on which terminal device the relevant conversion took place. We do not receive any personal data from Google in this regard, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the “personalized ads” function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals.

To do so, follow the instructions on this page: support.google.com/ads/answer/2662922?hl=de

You can find more information about Google Signals at the following link: support.google.com/analytics/answer/7532985?hl=de

We have concluded a so-called commissioned processing agreement with Google as part of our use of Google Analytics 4, by which Google is obliged to protect the data of our website users and not to pass it on to third parties.

To ensure compliance with the European level of data protection also in the event of any transfer of data from the EU or the EEA to the USA and possible further processing there, Google refers to the so-called standard contractual clauses of the European Commission, which we have contractually agreed to with Google.

You will find further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, at the following link: policies.google.com/privacy?hl=de&gl=de

Details on the processing prompted by Google Analytics 4 and on how Google handles data from websites can be found here: policies.google.com/technologies/partner-sites

15.2 - Conversion Tracking via Rockerbox  
This website uses the conversion tracking technology of the following provider: Rockerbox, Inc., 138 Mulberry St Fl 6, New York, New York, 10013, USA

If you have been directed to our website by an advertisement, the success of the advertisement can be tracked with the help of cookies and/or comparable technologies (tracking pixels, web beacons, pings or HTTP requests).

For this purpose, certain end device and browser information, including your IP address if applicable, is read via the tracking technology in order to record and evaluate user actions predefined by us (e.g. completed transactions, leads, search queries on the website, product page visits). This allows us to create statistics about the usage behaviour on our website after redirection from an advertisement, which we use to optimise our offer.
All processing described above, in particular the setting of cookies for the reading of information on the end device used, is only carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the ""Cookie Consent Tool"" provided on the website.

We have concluded a data processing agreement with the provider which ensures the protection of the data of our site visitors and prohibits unauthorised disclosure to third parties.For the transfer of data to the USA, the provider invokes standard contractual clauses of the European Commission which are intended to ensure compliance with the European level of data protection

 

RETARGETING, REMARKETING, REFFERAL ADVERTISING MICROSOFT ADVERTISING

This website uses the conversion tracking technology “Microsoft Advertising” from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft sets a cookie on your computer if you have accessed our website via a Microsoft Advertising ad. Cookies are small text files that are stored on your terminal. These cookies expire after 180 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to this page (conversion page).
The information collected using the conversion cookie is used to create conversion statistics, i.e. to record how many users reach a conversion page after clicking on an ad. We learn the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, we do not receive information that personally identifies users.

All data processing described above, in particular the setting of Google Analytics cookies for storing and reading information on the terminal device you use to browse the website, will only take place if you have given us your express consent in this respect in accordance with Art. 6 para. 1 lit. a) GDPR. Without this consent, Microsoft Advertising will not be used during your visit to the site.

You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website.

You can obtain more information about Microsoft’s privacy policy at the following Internet address: privacy.microsoft.com/de-de/privacystatement

16.1 - Microsoft Advertising Universal Event Tracking
This website uses the Universal Event Tracking of the conversion tracking technology “Microsoft Advertising” by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).

In order to use Universal Event Tracking, a tag is placed on each page of our website that interacts with the conversion cookie set by Microsoft. This interaction makes user behavior on our website traceable and sends the information thus collected to Microsoft. The purpose of this is that certain predefined goals, such as purchases or leads, can be statistically recorded and evaluated in order to make the target and content of our offers more aligned with your interests. The tags are never used to personally identify users.

All data processing described above, in particular the setting of Google Analytics cookies for storing and reading information on the terminal device you use to browse the website, will only take place if you have given us your express consent in this respect in accordance with Art. 6 para. 1 lit. a) GDPR. Without this consent, Microsoft Advertising will not be used during your visit to the site.

You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website.

You can obtain more information about Microsoft Advertising’s privacy policy at the following internet address: privacy.microsoft.com/de-de/privacystatement

16.2 - Google Ads remarketing
Our website uses the functions of Google Ads Remarketing, with which we advertise for this website in Google search results as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). For this purpose, Google sets a cookie in the browser of your terminal, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f) of the GDPR.

Additional data processing only takes place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads that you view on the web. In this case, if they are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. Using Google Ads Remarketing may also result in the transmission of personal data to the servers of Google LLC. in the USA.

Details on the processing prompted by Google Ads Remarketing and on how Google handles data from websites can be found here: policies.google.com/technologies/partner-sites

You can permanently object to the setting of cookies by Google Ads Remarketing by downloading and installing the browser plug-in from Google available at the following link: 
google.com/settings/ads/onweb
You can view further information and the privacy policy regarding advertising and Google here: 
google.com/policies/technologies/ads
Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website or, alternatively, follow the option described above to make an objection.

16.3 - TikTok Pixel
This website uses the “TikTok Pixel”, a tracking technology of the social network “TikTok” of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (“TikTok”).

With the help of cookies (small text files that are stored on the terminal device used), information about the navigation behavior on our website is collected in pseudonymized form, transmitted to TikTok, stored there and analyzed in order to then enable the playout of interest-based and personalized product recommendations on TikTok. The object of the information collected and processed pseudonymously in this way is basically the device ID, the device type, time stamp, the operating system used and the IP address. The information can be assigned to the person of the user with the aid of other information that TikTok has stored about the user, for example, due to the ownership of an account on the social network “TikTok.” TikTok may also combine the information collected through the pixel with other information that TikTok has collected through other websites and/or in connection with the use of the social network “TikTok,” and thus create pseudonymous usage profiles. Under no circumstances can the information collected be used to personally identify visitors to this website.

The TikTok Pixel further enables us to track the effectiveness of advertisements on TikTok. If the user is redirected from an ad on TikTok to pages on this website and the cookies have not yet expired, the pixel records certain user actions predefined by us and can track them (e.g. completed transactions, leads, searches on the website, opening of product pages). When performing such an action, your browser sends an HTTP request from the cookie to the TikTok server via the TikTok pixel, which transmits certain information about the action. Through this transmission, TikTok can create statistics about the usage behavior on our website after forwarding from a TikTok ad, which we use to optimize our offer.

All data processing described above, in particular the setting of Google Analytics cookies for storing and reading information on the terminal device you use to browse the website, will only take place if you have given us your express consent in this respect in accordance with Art. 6 para. 1 lit. a) GDPR. Without this consent, the TikTok Pixel will not be used during your visit to the site.

You can withdraw your granted consent at any time with effect for the future. To exercise your withdrawal, deactivate this service in the “Cookie Consent Tool” provided on the website. We have entered into a commissioned processing agreement with TikTok for the use of the TikTok Pixel, which obligates TikTok to protect the data of our site visitors and not to disclose it to third parties. TikTok generally transfers collected information outside the European Economic Area and relies on so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection.

You can find more information about TikTok’s privacy policy here: tiktok.com/legal/new-privacy-policy

 

USE OF A LIVE CHAT SYSTEM SALESFORCE

We offer you the option on our website to join a live chat with us. For this purpose, we use technologies of Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany (hereinafter referred to as “Salesforce”).
The data processing takes place because it is necessary for the execution of the contract/contract initiation, Art. 6 para. 1 lit. b) EU-GDPR, or we have a legitimate interest in it, Art. 6 para. 1 lit. f) EU-GDPR. Our legitimate interest lies in the effective as well as direct support of our customers and interested parties. The data we collect includes: Chat history, IP address at the time of the chat and country of origin as well as all data that you disclose to us during the chat. If you do not disclose any personal information (e.g. real name, e-mail address, telephone number, etc.) during the chat, we cannot draw any conclusions about your person. Only our employees who need this for the fulfillment of their tasks have access to the data. This data will not be passed on to third parties and will only be used by us to answer your specific request and anonymously for internal statistics. The data will be deleted or anonymized after the end of the specific process.

By using the chat, you automatically use the services of Salesforce. The purpose and scope of the data collection and the further processing and use of the data by Salesforce, as well as your rights in this regard and setting options for protecting your privacy, can be found in Salesforce’s privacy policy: salesforce.com/de/company/privacy

 

USE OF AN E-MAIL TICKETING SYSTEM

We use the e-mail ticketing system of the service provider Salesforce.com Inc, 415 Mission Street Third Floor, San Francisco, CA 94105, USA to process customer requests. All data collected on our website is processed on the servers of Salesforce.com Inc. For further information on Salesforce's data protection, please visit the following website: compliance.salesforce.com/en/gdpr

 

TOOLS AND MISCELLANEOUS

19.1 - Infor Inc
We use the cloud-based accounting software of INFOR, INC. 641 AVENUE OF THE AMERICAS, NEW YORK, NY 10011, USA to handle our accounting. Infor processes incoming and outgoing invoices and, if applicable, also our company’s bank transactions in order to automatically record invoices, match them to transactions and create the financial accounting from this in a semi-automated process. If personal data is also processed in this process, the processing is carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of our legitimate interest in the efficient organization and documentation of our business transactions.

For more information about Infor, automated data processing, and privacy policies, please visit infor.com/about/gdpr-validation

19.2 - OneTrust IPO
This website uses the cookie consent tool "One Trust" from OneTrust IPO, 1350 Spring Street NW #500, Atlanta, GA 30309, USA to obtain effective user consent for cookies and cookie-based applications that require consent. By integrating a corresponding JavaScript code, users are shown a banner when they call up the page, in which consent for certain cookies and/or cookie-based applications can be granted by setting a check mark. The tool blocks the setting of all cookies requiring consent until the respective user grants the corresponding consent by setting a check mark. This ensures that cookies of this type are only set on the user's terminal device if consent has been granted.

In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings made by the user for a session duration, certain user information (including the IP address) is collected when our website is called up by the cookie consent tool, transmitted to One Trust servers and stored there.

This data processing is carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant setup of our website.

Further legal basis for the described data processing is furthermore Art. 6 para. 1 lit. c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

For more information about One Trust’s use of data, please visit onetrust.com/blog/gdpr-compliance

19.3 - Applications to job advertisements by e-mail
On our website, we advertise current vacancies in a separate section, for which interested parties can apply by e-mail to the contact address provided.

In order to be included in the application process, applicants must provide us with all personal data required for a sound and informed assessment and selection together with the application via e-mail.

Required information in this regard includes general personal information (the name, address, a telephone number or electronic means of contact) and performance-specific evidence of the qualifications required for a position. If necessary, health-related information may also be required, which must be given special consideration under labor and social law in the interest of social security in the person of the applicant.

The components that an application must contain in order to be considered in each individual case and the form in which these components must be submitted by e-mail can be found in the respective job advertisement.

After receiving the application sent using the specified e-mail contact address, we will store the applicant data and evaluate it exclusively for the purpose of processing the application. For queries arising in the course of processing, we will use either the e-mail address provided by the applicant with his/her application or a telephone number provided, at our discretion.

The legal basis for this processing, including contacting us for queries, is generally Art. 6 para. 1 lit. b) of the GDPR (for processing in Germany in conjunction with Sec. 26 para. 1 of the German Federal Data Protection Act (BDSG)), in the sense of which the application process is deemed to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 of the GDPR (e.g. health data such as information on the severely disabled status) are requested from applicants as part of the application process, the processing shall be carried out in accordance with Art. 9 para. 2 lit. b) GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h) GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector.

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his/her application prematurely, his/her data transmitted by e-mail and all electronic correspondence, including the original application e-mail, will be deleted at the latest after six months following appropriate notification. This period is measured on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b) GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

19.4 - Online applications using a form
On our website, we offer job applicants the opportunity to apply online using a corresponding form. In order to be included in the application process, applicants must provide us with all the personal data required for a well-founded and informed assessment and selection via the form.

Required information includes general personal information (the name, address, a telephone number or electronic means of contact) and performance-specific evidence of the qualifications required for a position. If necessary, health-related information may also be required, which must be given special consideration under labor and social law in the interest of social security in the person of the applicant.

In the course of submitting the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application.

The legal basis for this processing is generally Art. 6 para. 1 lit. b) of the GDPR (for processing in Germany in conjunction with Sec. 26 para. 1 of the German Federal Data Protection Act (BDSG)), in the sense of which the application process is deemed to be the initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 para. 1 of the GDPR (e.g. health data such as information on the severely disabled status) are requested from applicants as part of the application process, the processing shall be carried out in accordance with Art. 9 para. 2 lit. b) GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard.

Cumulatively or alternatively, the processing of the special categories of data may also be based on Art. 9 para. 1 lit. h) GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant/s fitness for work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector.

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws his/her application prematurely, his/her data transmitted in the form will be deleted at the latest after six months following appropriate notification. This period is measured on the basis of our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b) GDPR (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.

19.5 - Google Maps
On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. By using this service, you will see our location and it will be easier for you to find us.

As soon as you access those sub-pages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, which may also involve transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and analysis are carried out in accordance with Art. 6 para. 1 lit. f) of the GDPR on the basis of Google’s legitimate interest in displaying personalized advertising, market research and/or the demand-oriented design of Google websites. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google as part of the use of Google Maps, you also have the option to completely disable the Google Maps web service by turning off the JavaScript application in your browser. In this case, Google Maps and thus the map display on this website cannot be used.

You can view Google’s terms of use at google.de/intl/de/policies/terms/regional, the additional terms of use for Google Maps can be found at google.com/intl/de_US/help/terms_maps.html

Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): google.de/intl/de/policies/privacy

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your granted consent at any time with effect for the future. In order to exercise your withdrawal, please follow the option described above for making an objection.

MICROSOFT Power BI

For internal visualization of business processes and for user-defined analyses of business processes, we use the “Microsoft Power BI” service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Where applicable, personal customer data may be the subject of visualization and analysis processes and may be processed by Microsoft BI for this purpose. In this case, Microsoft processes personal data as a processor bound by instructions in accordance with Art. 28 GDPR and has made a contractual commitment to us to protect this data in accordance with the statutory requirements. For this purpose, Microsoft uses state-of-the-art encryption methods and ensures that data processing procedures are carried out exclusively in data centers within the EU.
You can view more information about Power BI’s data protection measures at microsoft.com/de-de/trustcenter/security/powerbi-security

 

RIGHTS OF THE DATA SUBJECT

21.1 - The applicable data protection law grants you comprehensive data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, regarding which we inform you below:

        
  • Right of access pursuant to Art. 15 GDPR: In particular, you have the right to obtain information about your personal data which we process, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, to object to processing, to lodge a complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making, including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing that affect you, as well as your right to be informed about what guarantees exist in accordance with Art. 46 of the GDPR when your data is transferred to third countries;
  •     
  • Right to rectification pursuant to Art. 16 GDPR: You have a right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
  •     
  • Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data if the requirements of Art. 17 para. 1 GDPR are met. However, this right does not apply in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  •     
  • Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you refuse the erasure of your data due to unauthorized data processing and instead request the restriction of processing of your data, if you need your data for the assertion, exercise or defense of legal claims after we no longer need this data after the purpose has been achieved, or if you have objected on the grounds of your particular situation as long as it has not yet been determined whether our legitimate reasons prevail;
  •     
  • Right of information pursuant to Art. 19 GDPR: If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
  •     
  • Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
  •     
  • Right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal of consent, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent.

21.2 - The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal;

        
  •     

    Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement.

        

21.2 - RIGHT TO OBJECT

        
  • IF WE PROCESS YOUR PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
  •     
  • IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
  •     
  • IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
  •     
  • IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

 

DURATION OF THE STORAGE OF PERSONAL DATA

The duration of the storage of personal data is determined according to the relevant legal basis, the purpose of processing and – if applicable – additionally according to the respective legal retention period (e.g. retention periods under commercial and fiscal law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a) GDPR, this data is stored until the data subject withdraws his/her consent.

If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b) GDPR, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfillment or initiation of a contract and/or we do not have a legitimate interest in continuing to store it.

When processing personal data on the basis of Art. 6 para. 1 lit. f) of the GDPR, this data is stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 1 of the GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f) of the GDPR, this data is stored until the data subject exercises his/her right to object pursuant to Art. 21 para. 2 of the GDPR.

Unless otherwise stated in the other information in this statement about specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

 


Updated 12.11.2021