Data protection declaration
We take protecting your data seriously
Thank you for visiting our website. We are delighted that you are interested in our company and our products / services. We take protecting your personal data very seriously, and we want you to feel secure with regard to the information you give us when you visit our website.
Despite careful translation, we shall not be held liable for the accuracy of the English version of this website. In case of doubt, the German version shall prevail.
Therefore we would like to inform you as below:
Table of Contents
Personal information refers to all information that can be used to identify you personally. We process your personal information (e.g. form of address, first name, second name, postal address, e-mail address, phone number) only in accordance with the provisions of German data protection law and the European Union’s (EU) data protection law. The following is to inform you about the methods, scope and purpose of collecting, processing and using personal information.
Contact information for the entity responsible for data protection
The entity responsible for data protection according to the General Data Protection Regulation (controller) and other, national data protection regulations applicable in the member states as well as any other provisions concerning data protection law is:
Contact information for the data protection officer:
For security reasons and in order to protect the transmission of personal information and other confident content (e.g. requests directed at the controller), this website uses SSL encryption or TLS encryption. Encrypted connections can be identified by the character sequence “https://” and the padlock icon in your browser’s address bar.
Server log files
This website is hosted by an external service provider (host). The following data is transmitted from your browser to the host (so-called server log files) in order to display our website correctly: information on the user’s browser type and version, operating system, internet service provider and IP address as well as the date and time of access, websites from which the user has accessed our website and websites accessed by the user via our website.
The web servers’ access logs track which pages were accessed at what time. They contain the following information: IP, directory protection user, date, time, pages accessed, logs, status code, data volume, referrer, user agent, host name accessed.
IP addresses are anonymized for storage by removing the final three digits, which means that 127.0.0.1 will become 127.0.0.*. IPv6 addresses will be anonymized as well. Anonymized IP addresses will be stored for 60 days. The information on the directory protection user used will be anonymized after one day.
Error logs tracking page access errors will be deleted after seven days. Beside the error messages, they contain the accessing IP address and, depending on the error, the website accessed.
The legal basis for processing information is art. 6, par. 1f, of the GDPR, pertaining to our legitimate interest in improving our website’s stability and functionality.
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.
The technically required cookies will usually be deleted once the browser is closed. Persistent cookies have lifespans varying from several minutes to several years.
You can set up your browser to inform you when cookies are saved, authorize cookies on a case-by-case basis, prevent the saving of cookies in specific cases or in general and activate automatic cookie deletion on closing the browser. Cookie management varies across browsers. Please note that our website’s functionally may be impaired if cookies are not accepted.
The saving of other cookies (e.g. cookies designed to analyze your surfing behavior) is regulated separately in this privacy statement.
Cookie Consent with Usercentrics
Our website uses the Usercentrics cookie consent technology to obtain your consent to the storage of certain cookies on your device and data protection legislation compliant documentation of the former. The party offering this technology is Usercentrics GmbH, Rosental 4, 80331 München, Germany, website: usercentrics.com (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data will be transferred to Usercentrics:
- Your declaration(s) of consent or your revocation of your declaration(s) of consent
- Your IP address
- Information about your browser
- Information about your device
- The date and time you visited our website
Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.
Our company has executed a Contract Data Processing Agreement with Usercentrics. This is an Agreement mandated by data privacy protection legislation that warrants that Usercentrics processes all personal data of our website visitors exclusively in compliance with our instructions and in compliance with the GDPR.
Contact form or e-mail
If you contact us (e.g. by contact form or e-mail), personal information will be collected. What information is collected is clear from the contact form used. That information is only stored and used for the purpose of responding to your request, that is for establishing contact and performing the technical administration required for that purpose. The legal basis for processing data is our legitimate interest in responding to your request in accordance with art. 6, par. 1f, of the GDPR. If your contacting us has the object of concluding a contract, this constitutes an additional legal basis for processing under art. 6, par. 1b, of the GDPR. Once your request has been fully resolved, your information will be deleted if there is no legal obligation to retain it.
If you elect to subscribe to any of our e-mail newsletters, we will regularly send you information on our offerings. For this purpose, we collect, process and use the information entered into the subscription form’s input boxes. For the newsletter, we use a so-called double opt-in process. That means that we will only send you an e-mail newsletter after you have given your express consent to receiving it. For this purpose, you will receive a confirmation e-mail where you can complete your newsletter subscription by clicking a link. After that, we will be glad to send you our newsletter.
By activating the confirmation link, you give us permission to collect, process and use your personal information in accordance with art. 6, par. 1a, of the GDPR.
This website uses CleverReach for sending newsletters. This service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. Our company has executed a Contract Data Processing Agreement with CleverReach. CleverReach is a service that allows its users to manage and analyze newsletter distribution. The information you have entered for the purpose of receiving a newsletter (e.g. your e-mail address) will be stored on CleverReach servers in Germany or Ireland. Sending out newsletters by CleverReach allows us to perform an anonymous analysis of newsletter recipients’ behavior. Among other things, such an analysis can indicate how many recipients have opened the newsletter message and how often each link in the newsletter has been clicked. You can find out more about CleverReach newsletter data analysis from: https://www.cleverreach.com/en/features/reporting-tracking/
You can revoke your consent at any time with effect for the future by canceling the newsletter. For this, we provide a newsletter cancelation link in each newsletter message. The information submitted to us by you for the purpose of receiving a newsletter will be stored by us until you cancel the newsletter and deleted from the CleverReach servers after cancelation.
Publication of job ads / online applications
We collect and process your application information electronically for the purpose of handling the application process. To this, you give your express consent (art. 6, par. 1a, of the GDPR), revocable at any time with effect for the future, in the online application form. If your application results in an employment contract, the information transmitted may be stored in your personnel file for standard organizational and administrative purposes in accordance with applicable legal provisions. The information transmitted will be deleted up to six months after an application has been rejected. We will store your information longer if you expressly consent to extended storage in our external-applicant database or if an extended retention is legally required (e.g. burden of proof under the General Equal-Treatment Act).
Google Analytics web analytics service
This website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses so-called cookies, text files saved to your computer that make it possible to analyze your use of the website. The information on your use of this website generated by the cookie (including a shortened IP address) is usually transmitted and saved to a Google server in the US.
The storage of Google Analytics cookies and the utilization of this analysis tool are based on art. 6, par. 1f, of the GDPR on the basis of our legitimate interest in analyzing user behavior statistically for optimization and marketing purposes. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of art. 6 par. 1 a GDPR; the agreement can be revoked at any time.
This website uses Google Analytics only with the _anonymizeIp() extension, which ensures the IP address is anonymized by shortening. With the extension, Google shortens your IP address within member states of the European Union or other states participating in the Agreement on the European Economic Area before transfer. Only in some cases will the full IP address be transmitted to US Google servers and shortened there.
Google will use that information on our behalf to evaluate your website usage, compile reports on website activity and provide other services concerning website and internet usage to us. The IP address transmitted by your browser in the context of Google Analytics will not be collated with other Google information.
The information associated with cookies, user IDs, e.g. ad IDs, transmitted by us will be deleted automatically after 14 months. Any information having reached the end of its storage deadline is deleted automatically once a month.
You can prevent cookies from being saved by making the appropriate settings in your browser software, but we advise you that you may not be able to fully use all of the functions of this website in that case. You can also prevent Google’s collecting and processing of the data created by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plugin available from the following link:
As an alternative to the browser plugin, or in case you are using a browser on a mobile device, please click the following link to create an opt-out cookie preventing Google Analytics tracking on this website in the future (this opt-out cookie only works for this browser and this domain, if you delete your cookies in this browser, you will have to click the link again): Deactivate Google Analytics.
Google Ireland Limited is an affiliate of Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043) and is certified for the EU-US Data Protection Agreement "Privacy Shield", which guarantees compliance with the data protection rates applicable in the EU. https://www.privacyshield.gov/EU-US-Framework
You can find more information on how Google Analytics handles user data in the Google privacy statement: https://support.google.com/analytics/answer/6004245?hl=en
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
Our website integrates videos from YouTube, a website run by Google. The website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.
All of these videos are included in the enhanced privacy mode, which means that no information on you as a user is transmitted to YouTube if you do not play the videos. Usage data is only transmitted if you play the videos. We have no influence on this transmission of data. Our use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest according to art. 6, par. 1f, of the GDPR. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of art. 6 par. 1 a GDPR; the agreement can be revoked at any time.
You can find more information on how YouTube handles user data in the Google privacy statement: https://www.google.de/intl/en/policies/privacy.
YouTube also processes your personal information in the US and has agreed to provide an appropriate level of data protection under the EU-US Privacy Shield. https://www.privacyshield.gov/EU-US-Framework
Rights as data subject
If your personal information is processed, you are a data subject according to the GDPR and have the following rights vis-à-vis the controller:
Right of access in accordance with art. 15 of the GDPR: You have the right of access to the personal information processed by us as well as the purpose of processing, the categories of personal information processed, the recipients or recipient categories your information is or has been disclosed to, the planned storage period or the criteria for determining the storage period, to the existence of a right to rectification, erasure, restriction of processing, objection to processing and lodging a complaint with a supervisory authority, to the source of your personal information if it was not collected by us, to information on the existence of automated decision-making, including profiling, and, where applicable, meaningful information on the logic involved and the intended consequences of such processing as well as to information on your right of access to information on what safeguards exist pursuant to art. 46 of the GDPR relating to the passing on of your information to a third country.
Right to rectification in accordance with art. 16 of the GDPR: You have the right to rectification of your personal information if it is incorrect and/or incomplete.
Right to erasure in accordance with art. 17 of the GDPR: You have the right to have your personal information deleted if one of the conditions of art. 17, par. 1, of the GDPR is met. However, this right does not apply if processing is required for the exercise of the right of freedom of expression or information, for fulfilling legal obligations, for reasons of public interest or for the establishment, exercise or defense of legal claims.
Right to restriction of processing in accordance with art. 18 of the GDPR: You have the right to have the processing of your personal information restricted for the period during which they are being verified if you demand, instead of their deletion, a restriction of the processing of your information due to inadmissible data processing, if we no longer require your information for processing purposes but you require them for establishing, exercising or defending legal claims or if you have objected to processing and no final determination has been reached whether our legitimate grounds override yours.
Right to notification in accordance with art. 19 of the GDPR: If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, they have an obligation to notify all recipients to whom your personal information has been disclosed of that rectification, erasure or restriction of processing of data unless this proves impossible or requires unreasonable effort. You are entitled to be informed about the recipients.
Right to data portability in accordance with art. 20 of the GDPR: You have the right to obtain or have transferred to another controller the personal information you have provided in a structured, commonly used and machine-readable format, wherever technically feasible.
Right to withdraw consent in accordance with art. 7, par. 3, of the GDPR: You have the right to withdraw your consent to data processing, once given, at any time with effect for the future. If you withdraw it, we will delete the information concerned immediately unless there is a legal basis for further processing without consent. Withdrawing your consent does not affect the lawfulness of any processing having taken place with consent prior to withdrawal.
Right to lodge a complaint in accordance with art. 77 of the GDPR: Irrespective of other administrative or judicial remedies, you are entitled to lodge a complaint with a supervisory authority, particularly in the member state where you reside, work or where the alleged violation has taken place if you deem the processing of your personal information to violate the GDPR.
The supervisory authority with which the complaint is lodged will inform the complainant of the status and the outcome of the complaint including the option of judicial remedies in accordance with art. 78 of the GDPR.
Right of objection
Art. 21 GDPR
If the processing of personal data concerning you is carried out in order to safeguard our overriding legitimate interest based on art. 6 par. 1 f GDPR or in the public interest based on art. 6 par. 1 e GDPR, you have the right to object at any time to the processing of your personal information for reasons relating to your individual situation.
If you exercise your right of objection, we will cease to process the information concerned unless we can demonstrate that there are compelling legitimate grounds for processing overriding your interests, rights and freedoms or unless the processing serves the establishment, exercise or defense of legal claims.
If your personal information is processed for the purpose of direct advertising, you have the right to object to the processing of your personal information for such advertising at any time and without indication of reasons. This includes profiling if it takes place in the context of such direct advertising.
If you object to processing for purposes of direct advertising, your personal information will no longer be processed for those purposes.
Storage period for personal information
How long personal information will be stored depends on the applicable legal retention period (e.g. retention periods under commercial and fiscal law). Once the period expires, the information concerned will be routinely deleted wherever it is no longer required for contract fulfilment or initiation and/or there is no longer any continued legitimate interest on our part for retention.
Date: December 2019