Data protection

Contact form and contact by e-mail

If you send us enquiries via the contact form or by e-mail, the information provided in the enquiry form or in your e-mail, including the personal data provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. Providing an e-mail address is required in order to contact us; providing your first and last name and telephone number is voluntary. We will not disclose this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry pursuant to Art. 6 para. 1 lit. f GDPR and, where applicable, Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is aimed at concluding a contract. Your data will be deleted once your enquiry has been finally processed, provided that there are no statutory retention obligations. In the case of Art. 6 para. 1 lit. f GDPR, you may object to the processing of your personal data at any time.

Submission of applications

If you apply to us by e-mail, we collect personal data. This includes, in particular, your contact details, such as your first and last name, telephone number and e-mail address, as well as other data provided by you regarding your career, e.g. CV, qualifications, degrees and professional experience, and your person, e.g. cover letter and personal interests. This may also include special categories of personal data, e.g. information on a severe disability.
As a rule, your personal data is collected directly from you as part of the application process and is encrypted during electronic transmission. The primary legal basis for this is Section 26 para. 1 BDSG. In addition, consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 26 para. 2 BDSG may be used as a data protection permission. If the processing of your data is based on consent, you have the right to withdraw this consent at any time with effect for the future.
Within our company, only those persons and departments, e.g. Human Resources, have access to your personal data who absolutely need it to carry out the application process or to fulfil our statutory obligations. Your applications may be forwarded to the respective responsible persons for review. Under no circumstances will your personal data be disclosed to third parties without authorization.
Your data relating to an application for a specific job advertisement will be stored and processed by us during the ongoing application process. After completion of the application process, e.g. in the form of acceptance or rejection, the application process including all personal data will be deleted from the system no later than six months after the end of the application process. The data of selected applicants will be securely stored for up to 2 years if the applicants have given their consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with Section 26 para. 2 BDSG. You may withdraw your consent at any time with effect for the future. An informal e-mail to the contact details of the controller listed above is sufficient for this purpose. In the event of acceptance, your application documents will be transferred to the personnel file.

Newsletter Brevo

If you wish to subscribe to the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information.
The provision of additional data is voluntary, for example in order to address you personally in the newsletter.
We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail once you have expressly confirmed that you consent to receiving newsletters. In the first step, you will receive an e-mail containing a link that you can use to confirm that you, as the owner of the relevant e-mail address, wish to receive newsletters in the future. By confirming, you give us your consent pursuant to Art. 6 para. 1 lit. a GDPR to use your personal data for the purpose of sending the requested newsletter.
When you register for the newsletter, in addition to the e-mail address required for sending the newsletter, we store the IP address used for the newsletter registration as well as the date and time of registration and confirmation in order to be able to trace possible misuse at a later date.
You may unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the controller named above. After unsubscribing, your e-mail address will be deleted from our newsletter mailing list without delay, unless you have expressly consented to further use of the collected data or further processing is otherwise legally permissible.
Our e-mail newsletters are sent via a technical service provider to whom we forward the data provided by you when registering for the newsletter and with whom we have concluded a data processing agreement pursuant to Art. 28 GDPR in order to ensure that your data is processed in accordance with our instructions.
Service provider: Brevo
Address: Brevo GmbH, Köpenicker Straße 126, 10179 Berlin, Germany
Privacy policy: www.brevo.com/legal/privacypolicy/
The service provider uses the information from the newsletter registration on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR for sending and statistically evaluating the newsletters on our behalf. For the evaluation, the e-mails sent may contain so-called web beacons or tracking pixels, which are one-pixel image files. This allows us to determine whether a newsletter message has been opened and which links may have been clicked. In addition, technical information may be collected, e.g. time of access, IP address, browser type and operating system. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses may be used to better adapt future newsletters to the interests of the recipients. If you do not wish your data to be analyzed for statistical evaluation purposes, you must unsubscribe from the newsletter.

Cookiebot CMP

Our website uses Cookiebot CMP, a consent management platform provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot CMP is used to obtain, manage and document consent for the use of cookies and similar technologies.
In particular, your consent decision, the date and time of consent, technical browser information and a pseudonymous identifier are processed. The processing is carried out to fulfil statutory documentation obligations on the basis of Art. 6 para. 1 lit. c GDPR and for the legally compliant and user-friendly management of consent on the basis of Art. 6 para. 1 lit. f GDPR. In addition, the requirements of Section 25 TDDDG apply.
Further information can be found in the Cookiebot/Usercentrics privacy policy: www.cookiebot.com/en/privacy-policy/

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies”.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to compile reports on website activity. Google will also use this information to provide the website operator with other services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data. The processing is carried out pursuant to Art. 6 para. 1 lit. a GDPR on the basis of the consent you have given.
We only use Google Analytics with activated IP anonymization. This means that your IP address is only processed by Google in shortened form.
We have concluded a data processing agreement with the service provider, under which we oblige the provider to protect our customers’ data and not to disclose it to third parties.
As personal data may be transferred to the USA, additional safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, we have agreed standard contractual clauses with the provider pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we seek to obtain additional regulations and assurances from the recipient in the USA.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:
www.google.com/analytics/terms/en.html
policies.google.com
The data will be deleted as soon as it is no longer required for achieving the purpose for which it was collected. Data at user and event level that is linked to cookies, user identifiers, e.g. user ID, and advertising IDs, e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers], will be deleted no later than 14 months after collection.
You can prevent the storage of cookies by adjusting the settings of your browser software accordingly. However, please note that in this case you may not be able to use all functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website, including your IP address, and from processing this data by Google by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout.

Google Maps

Our homepage uses the online map service provider Google Maps via an interface. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to store your IP address.
Google uses cookies to collect information about user behavior. The legal basis for the processing of your personal data is the consent you have given pursuant to Art. 6 para. 1 lit. a GDPR.
As personal data may be transferred to the USA, additional safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, Google uses standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we seek to obtain additional regulations and assurances from the recipient in the USA.
Further information on how user data is handled can be found in Google’s privacy policy:
policies.google.com/privacy
Opt-out: www.google.com/settings/ads/

Google Fonts

We use “Google Fonts” on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”. Google Fonts enables us to use external fonts. For this purpose, the required Google Fonts are loaded from our web server into your browser cache when you access our website. This is necessary so that your browser can display our texts in an optically improved manner. If your browser does not support this function, a standard font from your computer will be used for display.
The fonts are hosted by us and are therefore not loaded from an external provider. For this purpose, the processing of your IP address is required.
We use Google Fonts for optimization purposes, in particular to improve the use of our website for you and to make its design more user-friendly. The legal basis for the data processing is our legitimate interest in this regard pursuant to Art. 6 para. 1 lit. f GDPR.

Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed via an interface. Google Tag Manager merely implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish the connection. Google Tag Manager triggers other tags, which may in turn collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, it remains in place for all tracking tags insofar as they are implemented with Google Tag Manager.
We use Google Tag Manager on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.
As the IP address may be transferred to Google in the USA, additional safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, we have agreed standard contractual clauses with the provider pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we seek to obtain additional regulations and assurances from the recipient in the USA.

YouTube

On our website, we embed videos from “YouTube”, a social media platform of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland, hereinafter referred to as “Google”. The legal basis for the processing of your personal data is the consent you have given pursuant to Art. 6 para. 1 lit. a GDPR.
If playback of embedded YouTube videos is started with your consent, the provider “YouTube” uses cookies to collect information about user behavior. According to information from “YouTube”, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive actions. If you are logged into Google, your data will be directly assigned to your account when you click on a video. If you do not wish this data to be assigned to your YouTube profile, you must log out before activating the button. Google stores this data as usage profiles and uses it for advertising, market research and/or needs-based design of its websites. Such an evaluation is carried out in particular, including for users who are not logged in, to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. Please contact Google directly for this purpose.

As personal data may be transferred to the USA, additional safeguards are required to ensure the level of data protection provided by the GDPR. To ensure this, Google uses standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we seek to obtain additional regulations and assurances from the recipient in the USA.
Further information on data protection and data use by Google can be found on the following Google website: policies.google.com/privacy

External links

Social networks (YouTube) are integrated on our website solely as links to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information is only transmitted to the respective provider after the redirection. Information on how your personal data is handled when using these websites can be found in the respective privacy policies of the providers you use.

Data disclosure and recipients

Your personal data will not be transmitted to third parties, except

• if we have explicitly stated this in the description of the respective data processing,
• if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR,
• if disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason

to assume that you have an overriding legitimate interest in your data not being disclosed,

• if there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
• insofar as this is necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.

We also use external service providers to process our services. These providers have been carefully selected, commissioned in writing and, where necessary, we have concluded data processing agreements with them pursuant to Art. 28 GDPR. They are bound by our instructions and are regularly monitored by us. These include service providers for hosting, the sending of e-mails as well as maintenance and servicing of our IT systems, etc. The service providers will not disclose this data to third parties.

Data security

In accordance with Art. 32 GDPR, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. For security reasons and to protect the transmission of confidential content, this website uses SSL encryption.

Duration of storage of personal data

The duration of the storage of personal data is determined by the relevant statutory retention periods, e.g. under commercial and tax law. After expiry of the respective period, the corresponding data is routinely deleted. If data is required for the fulfilment of a contract or pre-contractual measures, or if we have a legitimate interest in continued storage, the data will be deleted when it is no longer required for these purposes or when you exercise your right of withdrawal or objection.

Your rights

Below you will find information on the rights granted to you as a data subject under applicable data protection law vis-à-vis the controller with regard to the processing of your personal data:
The right pursuant to Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information on its details.
The right pursuant to Art. 16 GDPR to request the immediate correction of inaccurate personal data stored by us or the completion of incomplete personal data.
The right pursuant to Art. 17 GDPR to request the deletion of your personal data stored by us, unless processing is required to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.
The right pursuant to Art. 18 GDPR to request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you oppose its deletion, we no longer need the data but you require it to establish, exercise or defend legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
The right pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller.
The right pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, where applicable, that of your usual place of residence or workplace.
The right to withdraw consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw consent once given to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the affected data without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

Right to object

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data, provided that this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right to object without the need to specify a particular situation.
If you wish to exercise your right of withdrawal or objection, an e-mail is sufficient

Statutory obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfilment of a contract or the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data as is required for the conclusion of the contract, the fulfilment of the contract or pre-contractual measures.

Automated decision-making

Automated decision-making or profiling pursuant to Art. 22 GDPR does not take place.

Reservation of changes

We reserve the right to amend or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.

Last updated: 29 November 2022