top of page

Privacy Policy.

Introduction

With the following data protection declaration, we would like to explain to you which types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both within the framework of the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offer")). 

The terms used are not gender specific. 

As of June 21st2022

Table of Contents
  • Introduction 

  • Contact person for data protection questions 

  • Overview of processing 

  • Contact Data Protection Officer 

  • Relevant legal bases 

  • Security measures 

  • Transfer and disclosure of personal data 

  • Data processing in third countries 

  • Use of cookies 

  • Commercial and business services 

  • Payment service provider 

  • Credit Check 

  • Provision of the online offer and web hosting 

  • Special notes on applications (apps) 

  • Registration, login and user account 

  • Single sign-on login 

  • Blogs and publication media 

  • Contact 

  • Communication via messenger 

  • Chatbots and chat functions 

  • Push messages 

  • Video conferencing, online meetings, webinars and screen sharing 

  • Application procedure 

  • Cloud Services 

  • Newsletter and mass communication 

  • Promotional communication via e-mail, post, fax or telephone 

  • Sweepstakes and competitions 

  • Polls and polls 

  • Web Analysis and Optimization 

  • Online Marketing 

  • Affiliate Programs and Affiliate Links 

  • Rating platforms 

  • Presences in social networks 

  • Plugins and embedded functions and content 

  • Planning, organization and support tools 

  • Deletion of data

  • Change and update of the privacy policy 

  • Rights of data subjects 

  • Definition of terms 

Ansprechpartner für Datenschutzfragen 

Johannes Wotzka 
Scrambl AG

Grosshofstrasse 9 
6010 Kriens 

E-Mail-Adresse: 

Impressum: 

Data Protection Officer 

According to Art. 37 GDPR, Scrambl does not have to appoint a data protection officer. 

Overview of processing 

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned. 

Types of data processed 

  • Inventory data (e.g. names, addresses). 

  • Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates and other information about a specific position or voluntarily provided by applicants about their person or qualifications) . 

  • Content Data  (e.g. text input, photographs, videos). 

  • Contact information (e.g. email, telephone numbers). 

  • Meta/communication data (e.g. device information, IP addresses). 

  • Usage Data  (e.g. websites visited, interest in content, access times). 

  • Payment data (e.g. bank details, invoices, payment history). 

Categories of data subjects 

  • Employees (e.g. employees, applicants, former employees). 

  • Applicants. 

  • Business and contractual partners. 

  • Prospects. 

  • Communication partner. 

  • customers. 

  • Users (e.g. website visitors, users of online services). 

Purposes of processing 

  • Registration process. 

  • Provision of our online offer and user-friendliness. 

  • Visit action evaluation. 

  • Application procedure (justification and possible later implementation as well as possible later termination of the employment relationship.). 

  • Office and organizational procedures. 

  • Click tracking. 

  • Content Delivery Network (CDN). 

  • Feedback (e.g. collecting feedback via online form). 

  • Contact requests and communication. 

  • Range measurement (e.g. access statistics, recognition of returning visitors). 

  • Security measures. 

  • Surveys and questionnaires (e.g. surveys with input options, multiple choice questions). 

  • Contractual benefits and service. 

  • Manage and respond to inquiries. 

Massgebliche Rechtsgrundlagen 

Im Folgenden teilen wir die Rechtsgrundlagen der Datenschutzgrundverordnung (DSGVO), auf deren Basis wir die personenbezogenen Daten verarbeiten, mit. Bitte beachten Sie, dass zusätzlich zu den Regelungen der DSGVO die nationalen Datenschutzvorgaben in Ihrem bzw. unserem Wohn- und Sitzland gelten können. Sollten ferner im Einzelfall speziellere Rechtsgrundlagen massgeblich sein, teilen wir Ihnen diese in der Datenschutzerklärung mit. 

 

  • Einwilligung (Art. 6 Abs. 1 S. 1 lit. a DSGVO) - Die betroffene Person hat ihre Einwilligung in die Verarbeitung der sie betreffenden personenbezogenen Daten für einen spezifischen Zweck oder mehrere bestimmte Zwecke gegeben. 

  • Vertragserfüllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b. DSGVO) - Die Verarbeitung ist für die Erfüllung eines Vertrags, dessen Vertragspartei die betroffene Person ist, oder zur Durchführung vorvertraglicher Massnahmen erforderlich, die auf Anfrage der betroffenen Person erfolgen. 

  • Rechtliche Verpflichtung (Art. 6 Abs. 1 S. 1 lit. c. DSGVO) - Die Verarbeitung ist zur Erfüllung einer rechtlichen Verpflichtung erforderlich, der der Verantwortliche unterliegt. 

  • Schutz lebenswichtiger Interessen (Art. 6 Abs. 1 S. 1 lit. d. DSGVO) - Die Verarbeitung ist erforderlich, um lebenswichtige Interessen der betroffenen Person oder einer anderen natürlichen Person zu schützen. 

  • Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f. DSGVO) - Die Verarbeitung ist zur Wahrung der berechtigten Interessen des Verantwortlichen oder eines Dritten erforderlich, sofern nicht die Interessen oder Grundrechte und Grundfreiheiten der betroffenen Person, die den Schutz personenbezogener Daten erfordern, überwiegen. 

  • Art. 9 Abs. 1 S. 1 lit. b DSGVO (Bewerbungsverfahren als vorvertragliches bzw. vertragliches Verhältnis) (Soweit im Rahmen des Bewerbungsverfahrens besondere Kategorien von personenbezogenen Daten im Sinne des Art. 9 Abs. 1 DSGVO (z.B. Gesundheitsdaten, wie Schwerbehinderteneigenschaft oder ethnische Herkunft) bei Bewerbern angefragt werden, damit der Verantwortliche oder die betroffene Person die ihm bzw. ihr aus dem Arbeitsrecht und dem Recht der sozialen Sicherheit und des Sozialschutzes erwachsenden Rechte ausüben und seinen bzw. ihren diesbezüglichen Pflichten nachkommen kann, erfolgt deren Verarbeitung nach Art. 9 Abs. 2 lit. b. DSGVO, im Fall des Schutzes lebenswichtiger Interessen der Bewerber oder anderer Personen gem. Art. 9 Abs. 2 lit. c. DSGVO oder für Zwecke der Gesundheitsvorsorge oder der Arbeitsmedizin, für die Beurteilung der Arbeitsfähigkeit des Beschäftigten, für die medizinische Diagnostik, die Versorgung oder Behandlung im Gesundheits- oder Sozialbereich oder für die Verwaltung von Systemen und Diensten im Gesundheits- oder Sozialbereich gem. Art. 9 Abs. 2 lit. h. DSGVO. Im Fall einer auf freiwilliger Einwilligung beruhenden Mitteilung von besonderen Kategorien von Daten, erfolgt deren Verarbeitung auf Grundlage von Art. 9 Abs. 2 lit. a. DSGVO.). 

Nationale Datenschutzregelungen in der Schweiz: Zusätzlich zu den Datenschutzregelungen der Datenschutz-Grundverordnung gelten nationale Regelungen zum Datenschutz in der Schweiz. Hierzu gehört insbesondere das Bundesgesetz zum Datenschutz (DSG). Das DSG gilt insbesondere dann, wenn keine EU/EWG-Bürger betroffen sind und z.B. nur Daten von Schweizer Bürgern verarbeitet werden. 

Sicherheitsmassnahmen 

Wir treffen nach Massgabe der gesetzlichen Vorgaben unter Berücksichtigung des Stands der Technik, der Implementierungskosten und der Art, des Umfangs, der Umstände und der Zwecke der Verarbeitung sowie der unterschiedlichen Eintrittswahrscheinlichkeiten und des Ausmasses der Bedrohung der Rechte und Freiheiten natürlicher Personen geeignete technische und organisatorische Massnahmen, um ein dem Risiko angemessenes Schutzniveau zu gewährleisten. 

Zu den Massnahmen gehören insbesondere die Sicherung der Vertraulichkeit, Integrität und Verfügbarkeit von Daten durch Kontrolle des physischen und elektronischen Zugangs zu den Daten als auch des sie betreffenden Zugriffs, der Eingabe, der Weitergabe, der Sicherung der Verfügbarkeit und ihrer Trennung. Des Weiteren haben wir Verfahren eingerichtet, die eine Wahrnehmung von Betroffenenrechten, die Löschung von Daten und Reaktionen auf die Gefährdung der Daten gewährleisten. Ferner berücksichtigen wir den Schutz personenbezogener Daten bereits bei der Entwicklung bzw. Auswahl von Hardware, Software sowie Verfahren entsprechend dem Prinzip des Datenschutzes, durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen. 

Kürzung der IP-Adresse: Sofern es uns möglich ist oder eine Speicherung der IP-Adresse nicht erforderlich ist, kürzen wir oder lassen Ihre IP-Adresse kürzen. Im Fall der Kürzung der IP-Adresse, auch als "IP-Masking" bezeichnet, wird das letzte Oktett, d.h., die letzten beiden Zahlen einer IP-Adresse, gelöscht (die IP-Adresse ist in diesem Kontext eine einem Internetanschluss durch den Online-Zugangs-Provider individuell zugeordnete Kennung). Mit der Kürzung der IP-Adresse soll die Identifizierung einer Person anhand ihrer IP-Adresse verhindert oder wesentlich erschwert werden. 

SSL-Verschlüsselung (https): Um Ihre via unser Online-Angebot übermittelten Daten zu schützen, nutzen wir eine SSL-Verschlüsselung. Sie erkennen derart verschlüsselte Verbindungen an dem Präfix https:// in der Adresszeile Ihres Browsers. 

Übermittlung und Offenbarung von personenbezogenen Daten 

Im Rahmen unserer Verarbeitung von personenbezogenen Daten kommt es vor, dass die Daten an andere Stellen, Unternehmen, rechtlich selbstständige Organisationseinheiten oder Personen übermittelt oder sie ihnen gegenüber offengelegt werden. Zu den Empfängern dieser Daten können z.B. Zahlungsinstitute im Rahmen von Zahlungsvorgängen, mit IT-Aufgaben beauftragte Dienstleister oder Anbieter von Diensten und Inhalten, die in eine Webseite eingebunden werden, gehören. In solchen Fall beachten wir die gesetzlichen Vorgaben und schliessen insbesondere entsprechende Verträge bzw. Vereinbarungen, die dem Schutz Ihrer Daten dienen, mit den Empfängern Ihrer Daten ab. 

Datenübermittlung innerhalb der Unternehmensgruppe: Wir können personenbezogene Daten an andere Unternehmen innerhalb unserer Unternehmensgruppe übermitteln oder ihnen den Zugriff auf diese Daten gewähren. Sofern diese Weitergabe zu administrativen Zwecken erfolgt, beruht die Weitergabe der Daten auf unseren berechtigten unternehmerischen und betriebswirtschaftlichen Interessen oder erfolgt, sofern sie zur Erfüllung unserer vertragsbezogenen Verpflichtungen erforderlich ist oder wenn eine Einwilligung der Betroffenen oder eine gesetzliche Erlaubnis vorliegt. 

Datenübermittlung innerhalb der Organisation: Wir können personenbezogene Daten an andere Stellen innerhalb unserer Organisation übermitteln oder ihnen den Zugriff auf diese Daten gewähren. Sofern diese Weitergabe zu administrativen Zwecken erfolgt, beruht die Weitergabe der Daten auf unseren berechtigten unternehmerischen und betriebswirtschaftlichen Interessen oder erfolgt, sofern sie Erfüllung unserer vertragsbezogenen Verpflichtungen erforderlich ist oder wenn eine Einwilligung der Betroffenen oder eine gesetzliche Erlaubnis vorliegt. 

 

Datenverarbeitung in Drittländern 

Sofern wir Daten in einem Drittland (d.h., ausserhalb der Europäischen Union (EU), des Europäischen Wirtschaftsraums (EWR)) verarbeiten oder die Verarbeitung im Rahmen der Inanspruchnahme von Diensten Dritter oder der Offenlegung bzw. Übermittlung von Daten an andere Personen, Stellen oder Unternehmen stattfindet, erfolgt dies nur im Einklang mit den gesetzlichen Vorgaben.  

Vorbehaltlich ausdrücklicher Einwilligung oder vertraglich oder gesetzlich erforderlicher Übermittlung verarbeiten oder lassen wir die Daten nur in Drittländern mit einem anerkannten Datenschutzniveau, zu denen die unter dem "Privacy-Shield" zertifizierten US-Verarbeiter gehören, oder auf Grundlage besonderer Garantien, wie z.B. vertraglicher Verpflichtung durch sogenannte Standardschutzklauseln der EU-Kommission, des Vorliegens von Zertifizierungen oder verbindlicher interner Datenschutzvorschriften, verarbeiten (Art. 44 bis 49 DSGVO, Informationsseite der EU-Kommission:  

 

Einsatz von Cookies 

Cookies sind Textdateien, die Daten von besuchten Websites oder Domains enthalten und von einem Browser auf dem Computer des Benutzers gespeichert werden. Ein Cookie dient in erster Linie dazu, die Informationen über einen Benutzer während oder nach seinem Besuch innerhalb eines Onlineangebotes zu speichern. Zu den gespeicherten Angaben können z.B. die Spracheinstellungen auf einer Webseite, der Loginstatus, ein Warenkorb oder die Stelle, an der ein Video geschaut wurde, gehören. Zu dem Begriff der Cookies zählen wir ferner andere Technologien, die die gleichen Funktionen wie Cookies erfüllen (z.B., wenn Angaben der Nutzer anhand pseudonymer Onlinekennzeichnungen gespeichert werden, auch als «Nutzer-IDs"»bezeichnet) 

Die folgenden Cookie-Typen und Funktionen werden unterschieden: 

  • Temporäre Cookies (auch: Session- oder Sitzungs-Cookies): Temporäre Cookies werden spätestens gelöscht, nachdem ein Nutzer ein Online-Angebot verlassen und seinen Browser geschlossen hat. 

  • Permanente Cookies: Permanente Cookies bleiben auch nach dem Schliessen des Browsers gespeichert. So kann beispielsweise der Login-Status gespeichert oder bevorzugte Inhalte direkt angezeigt werden, wenn der Nutzer eine Website erneut besucht. Ebenso können die Interessen von Nutzern, die zur Reichweitenmessung oder zu Marketingzwecken verwendet werden, in einem solchen Cookie gespeichert werden. 

  • First-Party-Cookies: First-Party-Cookies werden von uns selbst gesetzt. 

  • Third-Party-Cookies (auch: Drittanbieter-Cookies): Drittanbieter-Cookies werden hauptsächlich von Werbetreibenden (sog. Dritten) verwendet, um Benutzerinformationen zu verarbeiten. 

  • Notwendige (auch: essentielle oder unbedingt erforderliche) Cookies: Cookies können zum einen für den Betrieb einer Webseite unbedingt erforderlich sein (z.B. um Logins oder andere Nutzereingaben zu speichern oder aus Gründen der Sicherheit). 

  • Statistik-, Marketing- und Personalisierungs-Cookies: Ferner werden Cookies im Regelfall auch im Rahmen der Reichweitenmessung eingesetzt sowie dann, wenn die Interessen eines Nutzers oder sein Verhalten (z.B. Betrachten bestimmter Inhalte, Nutzen von Funktionen etc.) auf einzelnen Webseiten in einem Nutzerprofil gespeichert werden. Solche Profile dienen dazu, den Nutzern z.B. Inhalte anzuzeigen, die ihren potentiellen Interessen entsprechen. Dieses Verfahren wird auch als "Tracking", d.h., Nachverfolgung der potentiellen Interessen der Nutzer bezeichnet. Soweit wir Cookies oder "Tracking"-Technologien einsetzen, informieren wir Sie gesondert in unserer Datenschutzerklärung oder im Rahmen der Einholung einer Einwilligung. 

Hinweise zu Rechtsgrundlagen:  Auf welcher Rechtsgrundlage wir Ihre personenbezogenen Daten mit Hilfe von Cookies verarbeiten, hängt davon ab, ob wir Sie um eine Einwilligung bitten. Falls dies zutrifft und Sie in die Nutzung von Cookies einwilligen, ist die Rechtsgrundlage der Verarbeitung Ihrer Daten die erklärte Einwilligung. Andernfalls werden die mithilfe von Cookies verarbeiteten Daten auf Grundlage unserer berechtigten Interessen (z.B. an einem betriebswirtschaftlichen Betrieb unseres Onlineangebotes und dessen Verbesserung) verarbeitet oder, wenn der Einsatz von Cookies erforderlich ist, um unsere vertraglichen Verpflichtungen zu erfüllen. 

Allgemeine Hinweise zum Widerruf und Widerspruch (Opt-Out):  Abhängig davon, ob die Verarbeitung auf Grundlage einer Einwilligung oder gesetzlichen Erlaubnis erfolgt, haben Sie jederzeit die Möglichkeit, eine erteilte Einwilligung zu widerrufen oder der Verarbeitung Ihrer Daten durch Cookie-Technologien zu widersprechen (zusammenfassend als "Opt-Out" bezeichnet). Sie können Ihren Widerspruch zunächst mittels der Einstellungen Ihres Browsers erklären, z.B., indem Sie die Nutzung von Cookies deaktivieren (wobei hierdurch auch die Funktionsfähigkeit unseres Onlineangebotes eingeschränkt werden kann). Ein Widerspruch gegen den Einsatz von Cookies zu Zwecken des Onlinemarketings kann auch mittels einer Vielzahl von Diensten, vor allem im Fall des Trackings, über die Webseiten https://optout.aboutads.info und https://www.youronlinechoices.com/ erklärt werden. Daneben können Sie weitere Widerspruchshinweise im Rahmen der Angaben zu den eingesetzten Dienstleistern und Cookies erhalten. 

Verarbeitung von Cookie-Daten auf Grundlage einer Einwilligung: Bevor wir Daten im Rahmen der Nutzung von Cookies verarbeiten oder verarbeiten lassen, bitten wir die Nutzer um eine jederzeit widerrufbare Einwilligung. Bevor die Einwilligung nicht ausgesprochen wurde, werden allenfalls Cookies eingesetzt, die für den Betrieb unseres Onlineangebotes erforderlich sind. Deren Einsatz erfolgt auf der Grundlage unseres Interesses und des Interesses der Nutzer an der erwarteten Funktionsfähigkeit unseres Onlineangebotes. 

  • Verarbeitete Datenarten: Nutzungsdaten (z.B. besuchte Webseiten, Interesse an Inhalten, Zugriffszeiten), Meta-/Kommunikationsdaten (z.B. Geräte-Informationen, IP-Adressen). 

  • Betroffene Personen: Nutzer (z.B. Webseitenbesucher, Nutzer von Onlinediensten). 

  • Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a DSGVO), Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f. DSGVO). 

 

Kommerzielle und geschäftliche Leistungen 

Wir verarbeiten Daten unserer Vertrags- und Geschäftspartner, z.B. Nutzer und Interessenten (zusammenfassend bezeichnet als "Vertragspartner") im Rahmen von vertraglichen und vergleichbaren Rechtsverhältnissen sowie damit verbundenen Massnahmen und im Rahmen der Kommunikation mit den Vertragspartnern (oder vorvertraglich), z.B., um Anfragen zu beantworten. 

Diese Daten verarbeiten wir zur Erfüllung unserer vertraglichen Pflichten, zur Sicherung unserer Rechte und zu Zwecken der mit diesen Angaben einhergehenden Verwaltungsaufgaben sowie der unternehmerischen Organisation. Die Daten der Vertragspartner geben wir im Rahmen des geltenden Rechts nur insoweit an Dritte weiter, als dies zu den vorgenannten Zwecken oder zur Erfüllung gesetzlicher Pflichten erforderlich ist oder mit Einwilligung der Vertragspartner erfolgt (z.B. an beteiligte Telekommunikations-, Transport- und sonstige Hilfsdienste sowie Subunternehmer, Banken, Steuer- und Rechtsberater, Zahlungsdienstleister oder Steuerbehörden). Über weitere Verarbeitungsformen, z.B. zu Zwecken des Marketings, werden die Vertragspartner im Rahmen dieser Datenschutzerklärung informiert. 

Welche Daten für die vorgenannten Zwecke erforderlich sind, teilen wir den Vertragspartnern vor oder im Rahmen der Datenerhebung, z.B. in Onlineformularen, durch besondere Kennzeichnung (z.B. Farben) bzw. Symbole (z.B. Sternchen o.ä.), oder persönlich mit. 

Wir löschen die Daten nach Ablauf gesetzlicher Gewährleistungs- und vergleichbarer Pflichten, d.h., grundsätzlich nach Ablauf von 4 Jahren, es sei denn, dass die Daten in einem Kundenkonto gespeichert werden, z.B., solange sie aus gesetzlichen Gründen der Archivierung aufbewahrt werden müssen (z.B. für Steuerzwecke im Regelfall 10 Jahre). Daten, die uns im Rahmen eines Auftrags durch den Vertragspartner offengelegt wurden, löschen wir entsprechend den Vorgaben des Auftrags, grundsätzlich nach Ende des Auftrags. 

Soweit wir zur Erbringung unserer Leistungen Drittanbieter oder Plattformen einsetzen, gelten im Verhältnis zwischen den Nutzern und den Anbietern die Geschäftsbedingungen und Datenschutzhinweise der jeweiligen Drittanbieter oder Plattformen. 

Nutzerkonto: Vertragspartner können innerhalb unseres Onlineangebotes ein Konto anlegen (z.B. Kunden- bzw. Nutzerkonto, kurz "Nutzerkonto"). Falls die Registrierung eines Nutzerkontos erforderlich ist, werden Vertragspartner hierauf ebenso hingewiesen wie auf die für die Registrierung erforderlichen Angaben. Die Nutzerkonten sind öffentlich und können von Suchmaschinen indexiert werden.  

Wenn Nutzer ihr Nutzerkonto gekündigt haben, werden die das Nutzerkonto betreffenden Daten gelöscht, vorbehaltlich, deren Aufbewahrung ist aus gesetzlichen Gründen oder zur Fertigstellung einer bereits eingegangen Vertragspflicht erforderlich. Es obliegt den Nutzern, ihre Daten bei erfolgter Kündigung des Nutzerkontos zu sichern. 

Wirtschaftliche Analysen und Marktforschung: Aus betriebswirtschaftlichen Gründen und um Markttendenzen, Wünsche der Vertragspartner und Nutzer erkennen zu können, analysieren wir die uns vorliegenden Daten zu Geschäftsvorgängen, Verträgen, Anfragen, etc., wobei in die Gruppe der betroffenen Personen Vertragspartner, Interessenten, Kunden, Besucher und Nutzer unseres Onlineangebotes fallen können. 

Die Analysen erfolgen zum Zweck betriebswirtschaftlicher Auswertungen, des Marketings und der Marktforschung (z.B. zur Bestimmung von Kundengruppen mit unterschiedlichen Eigenschaften). Dabei können wir, sofern vorhanden, die Profile von registrierten Nutzern samt ihrer Angaben, z.B. zu in Anspruch genommenen Leistungen, berücksichtigen. Die Analysen dienen alleine uns und werden nicht extern offenbart, sofern es sich nicht um anonyme Analysen mit zusammengefassten, also anonymisierten Werten handelt. Ferner nehmen wir Rücksicht auf die Privatsphäre der Nutzer und verarbeiten die Daten zu den Analysezwecken möglichst pseudonym und, sofern machbar, anonym (z.B. als zusammengefasste Daten). 

Shop und E-Commerce: Wir verarbeiten die Daten unserer Kunden, um ihnen die Auswahl, den Erwerb, bzw. die Bestellung der gewählten Produkte, Waren sowie verbundener Leistungen, als auch deren Bezahlung und Zustellung, bzw. Ausführung zu ermöglichen. 

Die erforderlichen Angaben sind als solche im Rahmen des Bestell- bzw. vergleichbaren Erwerbsvorgangs gekennzeichnet und umfassen die zur Auslieferung, bzw. Zurverfügungstellung und Abrechnung benötigten Angaben sowie Kontaktinformationen, um etwaige Rücksprache halten zu können. 

Bildungs- und Schulungsleistungen: Wir verarbeiten die Daten der Teilnehmer unserer Bildungs- und Schulungsangebote (einheitlich bezeichnet als "Aus- und Fortzubildende“), um ihnen gegenüber unsere Schulungsleistungen erbringen zu können. Die hierbei verarbeiteten Daten, die Art, der Umfang, der Zweck und die Erforderlichkeit ihrer Verarbeitung bestimmen sich nach dem zugrundeliegenden Vertrags- und Schulungsverhältnis. Zu den Verarbeitungsformen gehören auch die Leistungsbewertung und die Evaluation unserer Leistungen sowie jener der Lehrenden. 

In Rahmen unserer Tätigkeit können wir ferner besondere Kategorien von Daten, hier insbesondere Angaben zur Gesundheit der Aus- und Fortzubildenden sowie Daten, aus denen die ethnische Herkunft, politische Meinungen, religiöse oder weltanschauliche Überzeugungen hervorgehen, verarbeiten. Hierzu holen wir, sofern erforderlich, eine ausdrückliche Einwilligung der Aus- und Fortzubildenden ein und verarbeiten die besonderen Kategorien von Daten ansonsten nur, wenn es zur Erbringung der Schulungsleistungen, zu Zwecken der Gesundheitsvorsorge, des Sozialschutzes oder des Schutzes lebensnotwendiger Interessen der Aus- und Fortzubildenden erforderlich ist. 

Sofern es für unsere Vertragserfüllung, zum Schutz lebenswichtiger Interessen oder gesetzlich erforderlich ist, bzw. eine Einwilligung der Aus- und Fortzubildenden vorliegt, offenbaren oder übermitteln wir die Daten der Aus- und Fortzubildenden unter Beachtung der berufsrechtlichen Vorgaben an Dritte oder Beauftragte, wie z.B. Behörden oder im Bereich der IT, der Büro- oder vergleichbarer Dienstleistungen. 

Coaching: Wir verarbeiten die Daten unserer Klienten sowie Interessenten und anderer Auftraggeber oder Vertragspartner (einheitlich bezeichnet als "Klienten“), um ihnen gegenüber unsere Leistungen erbringen zu können. Die verarbeiteten Daten, die Art, der Umfang, der Zweck und die Erforderlichkeit ihrer Verarbeitung bestimmen sich nach dem zugrundeliegenden Vertrags- und Klientenverhältnis. 

In Rahmen unserer Tätigkeit können wir ferner besondere Kategorien von Daten, hier insbesondere Angaben zur Gesundheit der Klienten, ggf. mit Bezug zu deren Sexualleben oder der sexuellen Orientierung, sowie Daten, aus denen die rassische und ethnische Herkunft, politische Meinungen, religiöse oder weltanschauliche Überzeugungen oder die Gewerkschaftszugehörigkeit hervorgehen, verarbeiten. Hierzu holen wir, sofern erforderlich, eine ausdrückliche Einwilligung der Klienten ein und verarbeiten die besonderen Kategorien von Daten ansonsten sofern dies der Gesundheit der Klienten dient, die Daten öffentlich sind oder andere gesetzliche Erlaubnisse vorliegen. 

Sofern es für unsere Vertragserfüllung, zum Schutz lebenswichtiger Interessen oder gesetzlich erforderlich ist, bzw. eine Einwilligung der Klienten vorliegt, offenbaren oder übermitteln wir die Daten der Klienten unter Beachtung der berufsrechtlichen Vorgaben an Dritte oder Beauftragte, wie z.B. Behörden, Abrechnungsstellen sowie im Bereich der IT, der Büro- oder vergleichbarer Dienstleistungen. 

Consulting: Wir verarbeiten die Daten unserer Klienten, Mandanten sowie Interessenten und anderer Auftraggeber oder Vertragspartner (einheitlich bezeichnet als "Klienten“), um ihnen gegenüber unsere Beratungsleistungen erbringen zu können. Die verarbeiteten Daten, die Art, der Umfang, der Zweck und die Erforderlichkeit ihrer Verarbeitung bestimmen sich nach dem zugrundeliegenden Vertrags- und Klientenverhältnis. 

Sofern es für unsere Vertragserfüllung, zum Schutz lebenswichtiger Interessen oder gesetzlich erforderlich ist, bzw. eine Einwilligung der Klienten vorliegt, offenbaren oder übermitteln wir die Daten der Klienten unter Beachtung der berufsrechtlichen Vorgaben an Dritte oder Beauftragte, wie z.B. Behörden, Subunternehmer oder im Bereich der IT, der Büro- oder vergleichbarer Dienstleistungen. 

Makler- und Vermittlungsleistungen: Wir verarbeiten die Daten unserer Kunden, Klienten und Interessenten (einheitlich bezeichnet als "Kunden“) entsprechend dem zugrundeliegenden Auftrag der Kunden. Wir können ferner die Angaben zu den Eigenschaften und Umständen von Personen oder ihnen gehörenden Sachen verarbeiten, wenn dies zum Gegenstand unseres Auftrags gehört. Dies können z.B. Angaben zu persönlichen Lebensumständen, mobilen oder immobilen Sachgütern und der finanziellen Situation sein. 

Sofern für die Vertragserfüllung oder gesetzlich erforderlich bzw. durch die Kunden bewilligt oder auf Grundlage auf unserer berechtigten Interessen basierend, offenbaren oder übermitteln wir die Daten der Kunden im Rahmen von Deckungsanfragen, Abschlüssen und der Abwicklung von Verträgen an Anbieter der vermittelten Leistungen/ Objekte, Versicherer, Rückversicherer, Maklerpools, technische Dienstleister, sonstige Dienstleister, wie z.B. kooperierende Verbände, sowie Finanzdienstleister, Kreditinstitute und Kapitalanlagegesellschaften sowie Sozialversicherungsträger, Steuerbehörden, Steuerberater, Treuhänder, Rechtsberater, Wirtschaftsprüfer, Versicherungs-Ombudsmänner, Eidgenössische Finanzmarktaufsicht (Finma) der Schweiz und die Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) in Deutschland. Ferner können wir, vorbehaltlich anderer Abreden, Unterauftragnehmer beauftragen, wie z.B. Untervermittler. 

Projekt- und Entwicklungsleistungen: Wir verarbeiten die Daten unserer Kunden sowie Auftraggeber (nachfolgend einheitlich als "Kunden" bezeichnet), um ihnen die Auswahl, den Erwerb bzw. die Beauftragung der gewählten Leistungen oder Werke sowie verbundener Tätigkeiten als auch deren Bezahlung und Zurverfügungstellung bzw. Ausführung oder Erbringung zu ermöglichen. 

Die erforderlichen Angaben sind als solche im Rahmen des Auftrags-, Bestell- bzw. vergleichbaren Vertragsschlusses gekennzeichnet und umfassen die zur Leistungserbringung und Abrechnung benötigten Angaben sowie Kontaktinformationen, um etwaige Rücksprachen halten zu können. Soweit wir Zugang zu Informationen der Endkunden, Mitarbeitern oder anderer Personen erhalten, verarbeiten wir diese im Einklang mit den gesetzlichen und vertraglichen Vorgaben. 

Publikationstätigkeit: Wir verarbeiten die Daten von unseren Kontaktpartnern, Interviewpartnern sowie sonstigen Personen, die Gegenstand unserer publizistischen, redaktionellen und journalistischen sowie verwandter Tätigkeiten sind. In diesem Zusammenhang verweisen wir auf die Geltung von Schutzvorschriften der Meinungs- und Pressefreiheit gem. Art. 85 DSGVO in Verbindung mit den jeweiligen nationalen Gesetzen. Die Verarbeitung dient der Erfüllung unserer Auftragstätigkeiten und findet im Übrigen insbesondere auf Grundlage des Interesses der Allgemeinheit an Informations- und Medienangeboten statt. 

Recruiting-Leistungen: Wir verarbeiten im Rahmen unserer Leistungen, zu denen insbesondere die Suche nach potentiellen Stellenkandidaten, die Kontaktaufnahme zu ihnen sowie deren Vermittlung gehören, die Daten der Stellenkandidaten und die personenbezogenen Daten der potentiellen Arbeitgeber bzw. ihrer Mitarbeiter. 

Wir verarbeiten die von den Stellenkandidaten gemachten Angaben und Kontaktdaten für Zwecke der Begründung, Durchführung und ggf. Beendigung eines Vertrages zur Stellenvermittlung. Zudem können wir Interessenten zu einem späteren Zeitpunkt, im Einklang mit gesetzlichen Vorgaben, Rückfragen zum Erfolg unserer Vermittlungsleistung stellen. 

Wir verarbeiten die Daten der Stellenkandidaten als auch der Arbeitgeber zur Erfüllung unserer Vertragspflichten, um die uns angetragenen Anfragen zur Vermittlung von Stellen zur Zufriedenheit der beteiligten Parteien bearbeiten zu können. 

Wir können die Vermittlungsvorgänge protokollieren, um das Bestehen des Vertragsverhältnisses und Einverständnisse der Interessenten entsprechend den gesetzlichen Rechenschaftspflichten (Art. 5 Abs. 2 DSGVO) nachweisen zu können. Diese Angaben werden für einen Zeitraum von drei bis vier Jahren gespeichert, falls wir die ursprüngliche Anfrage nachweisen müssen (z.B., um die Berechtigung zu einer Kontaktaufnahme mit den Stellenkandidaten belegen zu können). 

Angebot von Software- und Plattformleistungen: Wir verarbeiten die Daten unserer Nutzer, angemeldeter und etwaiger Testnutzer (nachfolgend einheitlich als "Nutzer" bezeichnet), um ihnen gegenüber unsere vertraglichen Leistungen erbringen zu können sowie auf Grundlage berechtigter Interessen, um die Sicherheit unseres Angebotes gewährleisten und es weiterentwickeln zu können. Die erforderlichen Angaben sind als solche im Rahmen des Auftrags-, Bestell- bzw. vergleichbaren Vertragsschlusses gekennzeichnet und umfassen die zur Leistungserbringung und Abrechnung benötigten Angaben sowie Kontaktinformationen, um etwaige Rücksprachen halten zu können. 

Vermittlungsleistungen: Wir verarbeiten die von den Interessenten im Rahmen der Vermittlungsanfrage gemachten Angaben für Zwecke der Begründung, Durchführung und ggf. Beendigung eines Vertrages zur Vermittlung von Angeboten von Anbietern der ihrerseits angefragten Produkte oder Dienstleistungen. 

Die Kontaktdaten der Interessenten nutzen wir, um ihre Anfrage mittels des vereinbarten oder sonst erlaubten Kommunikationskanals (z.B. Telefon oder E-Mail) zu spezifizieren und um ihnen auf Grundlage der spezifizierten Anfrage passende Anbieter oder Angebote vorzuschlagen. Zudem können wir Interessenten zu einem späteren Zeitpunkt, im Einklang mit gesetzlichen Vorgaben, Rückfragen zum Erfolg unserer Vermittlungsleistung stellen. 

Wir verarbeiten die Daten der Interessenten als auch der Anbieter zur Erfüllung unserer Vertragspflichten, um die uns angetragene Anfrage der Interessenten mit den zu ihr passenden Angeboten der Anbieter zu verknüpfen und sie an entsprechende Anbieter weiterzuleiten, bzw. die Anbieter vorzuschlagen. 

Wir können die Eingaben in das von Interessenten abgesandte Onlineformular protokollieren, um das Bestehen des Vertragsverhältnisses und Einverständnisse der Interessenten entsprechend den gesetzlichen Rechenschaftspflichten (Art. 5 Abs. 2 DSGVO) nachweisen zu können. Diese Angaben werden für einen Zeitraum bis vier Jahren gespeichert, falls wir die ursprüngliche Anfrage nachweisen müssen (z.B., um die Berechtigung zu einer Kontaktaufnahme mit den Interessenten belegen zu können). 

  • Verarbeitete Datenarten: Bestandsdaten (z.B. Namen, Adressen), Zahlungsdaten (z.B. Bankverbindungen, Rechnungen, Zahlungshistorie), Kontaktdaten (z.B. E-Mail, Telefonnummern), Vertragsdaten  (z.B. Vertragsgegenstand, Laufzeit, Kundenkategorie), Nutzungsdaten  (z.B. besuchte Webseiten, Interesse an Inhalten, Zugriffszeiten), Meta-/Kommunikationsdaten (z.B. Geräte-Informationen, IP-Adressen), Bewerberdaten (z.B. Angaben zur Person, Post- und Kontaktadressen, die zur Bewerbung gehörenden Unterlagen und die darin enthaltenen Informationen, wie z.B. Anschreiben, Lebenslauf, Zeugnisse sowie weitere im Hinblick auf eine konkrete Stelle oder freiwillig von Bewerbern mitgeteilte Informationen zu deren Person oder Qualifikation). 

  • Besondere Kategorien personenbezogener Daten: Gesundheitsdaten (Art. 9 Abs. 1 DGSVO), Daten zum Sexualleben oder der sexuellen Orientierung (Art. 9 Abs. 1 DGSVO), Religiöse oder weltanschauliche Überzeugungen (Art. 9 Abs. 1 DGSVO), Daten, aus denen die rassische und ethnische Herkunft hervorgehen. 

  • Betroffene Personen: Interessenten, Geschäfts- und Vertragspartner, Kunden, Bewerber. 

  • Zwecke der Verarbeitung: Vertragliche Leistungen und Service, Kontaktanfragen und Kommunikation, Büro- und Organisationsverfahren, Verwaltung und Beantwortung von Anfragen, Sicherheitsmassnahmen, Besuchsaktionsauswertung, Interessenbasiertes und verhaltensbezogenes Marketing, Profiling (Erstellen von Nutzerprofilen), Konversionsmessung (Messung der Effektivität von Marketingmassnahmen). 

  • Rechtsgrundlagen: Vertragserfüllung und vorvertragliche Anfragen (Art. 6 Abs. 1 S. 1 lit. b. DSGVO), Rechtliche Verpflichtung (Art. 6 Abs. 1 S. 1 lit. c. DSGVO), Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f. DSGVO), Einwilligung (Art. 6 Abs. 1 S. 1 lit. a DSGVO). 

Payment service provider 

As part of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use other payment service providers in addition to banks and credit institutions (collectively "payment service providers"). 

The data processed by the payment service provider includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card-related information, only information with confirmation or negative information about the payment. Under certain circumstances, the payment service provider may transmit the data to credit agencies. The purpose of this transmission is to check identity and creditworthiness. For this we refer to the terms and conditions and the data protection information of the payment service provider. 

The terms and conditions and data protection notices of the respective payment service providers apply to the payment transactions, which can be accessed within the respective websites or transaction applications. We also refer to this for the purpose of further information and the assertion of revocation, information and other data subject rights. 

  • Types of data processed: Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data  (e.g. subject of the contract, term, customer category), usage data  (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), contact data (e.g. e-mail, telephone numbers), content data  (e.g. text input, photographs, videos). 

  • Affected persons: customers, interested parties, users (e.g. website visitors, users of online services). 

  • Purposes of processing: contractual services and services, tracking (e.g. interest/behavioral profiling, use of cookies), feedback (e.g. collecting feedback via online form), contact requests and communication, affiliate tracking. 

  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a GDPR). 

Services and service providers used: 

 

Credit Check 

If we pay in advance or take comparable economic risks (e.g. when ordering on account), we reserve the right, in order to protect legitimate interests, to provide information on identity and creditworthiness for the purpose of assessing the credit risk on the basis of mathematical-statistical processes from service companies specialized in this (credit agencies ) to obtain.   

We process the information received from the credit agencies about the statistical probability of non-payment as part of an appropriate discretionary decision on the establishment, implementation and termination of the contractual relationship. We reserve the right to refuse payment on account or any other advance payment in the event of a negative result of the credit check. 

The decision as to whether we will provide advance payment is made in accordance with Art. 22 GDPR solely on the basis of an automated decision in individual cases, which our software makes on the basis of information from the credit agency. 

If we obtain the express consent of contractual partners, the legal basis for the credit report and the transmission of the customer's data to the credit agencies is the consent. If no consent is obtained, the credit check is based on our legitimate interests in the reliability of our payment claims. 

  • Types of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data  (e.g. subject of the contract, term, customer category). 

  • Affected persons: customers, prospects. 

  • Purposes of processing: assessment of creditworthiness and creditworthiness. 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR). 

  • Automated decisions in individual cases: credit report (decision based on a credit check). 

Services and service providers used: 

Provision of the online offer and web hosting 

In order to be able to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services. 

The data processed as part of the provision of the hosting offer may include all information relating to the users of our online offer that arises in the course of use and communication. This regularly includes the IP address, which is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or on websites. 

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information regarding the e-mail dispatch (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for SPAM detection purposes. Please note that e-mails are generally not sent in encrypted form on the Internet. As a rule, e-mails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the e-mails between the sender and receipt on our server. 

Collection of access data and log files: We ourselves (or our web hosting provider) collect data for every access to the server (so-called server log files). The address and name of the retrieved websites and files, date and time of retrieval, amounts of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP Addresses and the requesting provider belong. 

On the one hand, the server log files can be used for security purposes, e.g. to avoid server overload (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability. 

 

Special notes on applications (apps) 

We process the data of the users of our application insofar as this is necessary in order to be able to provide the application and its functionalities to the users, to monitor their security and to be able to develop them further. We can also contact users in compliance with legal requirements if communication is required for administration or use of the application. In addition, with regard to the processing of user data, we refer to the data protection information in this data protection declaration. 

Legal bases: The processing of data, which is necessary for the provision of the functionalities of the application, serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g. approval of device functions). If the processing  of data is not necessary for the provision of the functionalities of the application, but serves the security of the application or our business interests (e.g. collection of data for the purpose of optimizing the application or security purposes), it is based on our legitimate interests. If users are expressly asked to give their consent to the processing of their data, the data covered by the consent will be processed on the basis of the consent. 

Commercial use: We process the data of the users of our application, registered users and any test users (hereinafter referred to as "users") in order to be able to provide them with our contractual services and on the basis of legitimate interests to ensure the security of our application and to develop it further to be able to The required information is marked as such within the framework of the conclusion of the use, order, order or comparable contract and may include the information required for the provision of services and any billing as well as contact information in order to be able to hold any consultations. 

Storage of a universal and unique identifier (UUID): The application stores a so-called universal and unique identifier (UUID) for the purpose of analyzing the use and functionality of the application and storing user settings. This identifier is generated when this application is installed, is stored between the start of the application and its updates, and is deleted when users remove the application from their device. 

Device authorizations for access to functions and data: The use of our application or its functionalities may require user authorizations to access certain functions of the devices used or to the data stored on the devices or accessible using the devices. By default, these authorizations must be granted by the users and can be revoked at any time in the settings of the respective devices. The exact process for controlling app permissions may vary depending on users' device and software. If you need clarification, users can contact us. We would like to point out that the refusal or revocation of the respective authorizations can affect the functionality of our application. 

Access to the camera and stored recordings: When using our application, image and/or video recordings (including audio recordings) of the user (and of other persons recorded by the recordings) are made by accessing the camera functions or stored recordings processed. Access to the camera functions or saved recordings requires user authorization that can be revoked at any time. The processing of the image and/or video recordings only serves to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality. 

Use of microphone functions: When using our application, the microphone functions and the audio recordings recorded with their help are processed. The use of the microphone functions requires user authorization, which can be revoked at any time. The use of the microphone functions and audio data only serves to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality 

Processing of saved contacts: When using our application, the contact information of people (name, e-mail address, telephone number) saved in the contact directory of the device is processed. The use of contact information requires user authorization, which can be revoked at any time. The use of the contact information only serves to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality. Users are advised that permission to process contact information must be permitted and, particularly in the case of natural persons, requires their consent or legal permission. 

Use of contact data for contact matching purposes: The data stored in the contact directory of the device from contacts can be used to check whether these contacts also use our application. For this purpose, the contact details of the respective contacts (which includes phone number and email address as well as names) are uploaded to our server and used only for the purpose of matching. 

Processing of location data: When using our application, the location data collected from the device used or otherwise entered by the user is processed. The use of location data requires user authorization, which can be revoked at any time. The use of location data  serves only to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality. 

Location history and movement profiles: On the basis of the location data collected as part of the use of our application, a location history is created from which the geographic movements of the devices used over a period of time result (and can allow conclusions to be drawn about the movement profile of the user).  The location history only serves to provide the respective functionality of our application, according to its description to the users, or its typical and expected functionality. 

  • Types of data processed: inventory data (e.g. names, addresses), meta/communication data (e.g. device information, IP addresses), payment data (e.g. bank details, invoices, payment history), contract data  (e.g. subject matter of the contract, term, customer category), image and/or video recordings (e.g. photographs or video recordings of a person), sound recordings, location data (data indicating the location of an end user's end device), location history and movement profiles (collection of location data and position changes over time). 

  • Affected persons: users (e.g. website visitors, users of online services). 

  • Purposes of processing: Contractual services and services. 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S 1 lit. f. GDPR). 

 

Single sign-on login 

"Single sign-on" or "single sign-on registration or "authentication" refers to procedures that allow users to use a user account to log in to a provider of single sign-on procedures (e.g. a social network), also with our online offer. The prerequisite for single sign-on authentication is that the user is registered with the respective single sign-on provider and enters the required access data in the online form provided for this purpose, or .are already registered with the single sign-on provider and confirm the single sign-on registration via button. 

The authentication takes place directly with the respective single sign-on provider. As part of such authentication, we receive a user ID with the information that the user is logged in to the respective single sign-on provider under this user ID and an ID that we can no longer use for other purposes (so-called "user handle "). Whether additional data is transmitted to us depends solely on the single sign-on procedure used, on the selected data releases as part of the authentication and also on what data users have in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the choice of the user, it can be different data, usually it is the e-mail address and the user name. The password entered during the sign-on procedure with the single sign-on provider is neither visible to us nor is it stored by us.

Users are asked to note that their information stored by us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actually takes place. For example, if the user's e-mail address changes, they must change it manually in their user account with us. 

If agreed with the users, we can use the single sign-on registration in the context of or before the fulfillment of the contract, insofar as the users have been asked to do so, process it within the framework of consent and otherwise use it on the basis of our legitimate interests and those of the interests of users in an effective and secure login system. 

If users decide that they no longer want to use the connection to their user account with the single sign-on provider for the single sign-on process, they must cancel this connection within their user account with the single sign-on provider. If users want to delete their data from us, they must cancel their registration with us. 

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers). 

  • Affected persons: users (e.g. website visitors, users of online services). 

  • Purposes of processing: contractual services and services, registration process. 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S 1 lit. f. GDPR). 

Services and service providers used: 

 

Blogs and publication media 

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The data of the readers are processed for the purposes of the publication medium only insofar as it is necessary for its presentation and the communication between authors and readers or for reasons of security. For the rest, we refer to the information on the processing of visitors to our publication medium in the context of this data protection notice. 

Comments and Posts: When users leave comments or other posts, their IP addresses may be stored based on our legitimate interests. This is for our security if someone leaves illegal content in comments and posts (insults, forbidden political propaganda, etc.). In this case, we can be prosecuted for the comment or contribution and are therefore interested in the identity of the author. 

Furthermore, we reserve the right to process user information for the purpose of spam detection on the basis of our legitimate interests. 

On the same legal basis, in the case of surveys, we reserve the right to store the IP addresses of users for the duration of the survey and to use cookies to avoid multiple votes. 

The personal information provided in the comments and posts, any contact and website information as well as the content will be stored by us permanently until the user objects. 

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data  (e.g. text input, photographs, videos), usage data  (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Affected persons: users (e.g. website visitors, users of online services). 

  • Purposes of processing: contractual services and services, feedback (e.g. collecting feedback via online form), security measures, administration and answering of inquiries. 

  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a GDPR), protection of vital interests (Art. 6 Para. 1 S. 1 lit. d. GDPR). 

 

Contact 

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the details of the requesting person will be processed insofar as this is necessary to answer the contact requests and any requested measures. 

The answering of contact inquiries within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of the legitimate interests in answering the inquiries. 

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Affected persons: communication partner. 

  • Purposes of processing: contact requests and communication, management and response to requests. 

  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR). 

 

Communication via messenger 

We use messengers for communication purposes and therefore ask you to observe the following information on the functionality of the messenger, on encryption, on the use of the metadata of the communication and on your options to object. 

You can also contact us in alternative ways, e.g. via telephone or e-mail. Please use the contact options provided to you or the contact options specified within our online offer. 

In the case of end-to-end encryption of content (i.e. the content of your message and attachments), please note that the communication content (i.e. the content of the message and attached images) is encrypted from end-to-end. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use a current version of the messenger with activated encryption to ensure that the message content is encrypted.  

However, we also point out to our communication partners that the providers of the messengers cannot see the content, but can find out that and when communication partners communicate with us as well as technical information on the device used by the communication partner and, depending on the settings of their device, also location information ( so-called metadata) are processed. 

Notes on legal bases: If we ask communication partners for permission before communicating with them via Messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for your consent and you contact us, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and fulfillment of the needs of our communication partners in communication via messenger. We would also like to point out that we will not transmit the contact data you have given us to Messenger for the first time without your consent. 

Revocation, objection and deletion: You can revoke your consent at any time and object to communication with us via Messenger at any time. In the case of communication via messenger, we delete the messages in accordance with our general deletion guidelines (i.e., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from the communication partner, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention requirements. 

Reservation of the reference to other communication channels: Finally, we would like to point out that for reasons of your security we reserve the right not to answer inquiries via Messenger. This is the case, for example, if internal contract details require particular secrecy or an answer via messenger does not meet the formal requirements. In such cases, we will refer you to more appropriate communication channels. 

Skype: Skype's end-to-end encryption requires its activation (unless it is activated by default). 

  • Types of data processed: contact data (e.g. e-mail, telephone numbers), usage data  (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data  (e.g. text input, photographs, videos). 

  • Affected persons: communication partner. 

  • Purposes of processing: contact requests and communication, direct marketing (e.g. by email or post). 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR). 

Services and service providers used: 

 

Chatbots and chat functions 

We offer online chat and chatbot functionality (collectively, "Chat Services") as a means of communication. A chat is an online conversation conducted with a certain timeliness. A chatbot is software that answers users' questions or informs them about messages. If you use our chat functions, we can process your personal data. 

If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. Furthermore, we store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove them in accordance with legal requirements.  

We point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as technical information on the device used by the user and, depending on the settings of their device, also location information (so-called metadata) for the purpose of optimizing the respective services and security purposes. Likewise, the metadata of communication via chat services (i.e., e.g., the information about who communicated with whom) could be used by the respective platform provider in accordance with their provisions, to which we refer for further information, for marketing purposes or to display advertising tailored to users be used. 

If users agree to a chatbot activating information with regular messages, they have the option to unsubscribe from the information for the future at any time. The chatbot tells users how and with which terms they can unsubscribe from the messages. By unsubscribing from the chatbot messages, user data will be deleted from the list of message recipients. 

We use the above information to operate our chat services, e.g. to address users personally, to answer their inquiries, to transmit any requested content and also to improve our chat services (e.g. to chatbots answers to frequently "teach" asked questions or recognize unanswered requests). 

Notes on legal bases: We use the chat services on the basis of consent if we have previously obtained the users' consent to the processing of their data in the context of our chat services (this applies to cases in which users have asked for their consent e.g. so that a chatbot sends you regular messages). If we use chat services to answer user inquiries about our services or our company, this is done for contractual and pre-contractual communication. In addition, we use chat services on the basis of our legitimate interests in optimizing the chat services, their economic efficiency and increasing the positive user experience. 

Revocation, objection and deletion: You can revoke your consent at any time or object to the processing of your data in the context of our chat services. 

  • Types of data processed: contact data (e.g. e-mail, telephone numbers), content data  (e.g. text input, photographs, videos), usage data  (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Affected persons: communication partner. 

  • Purposes of processing: contact requests and communication, direct marketing (e.g. by email or post). 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR). 

 

Push messages 

With the consent of the users, we can send the users so-called "push notifications". These are messages that are displayed on the screens, end devices or in the browsers of the users, even if our online service is not currently being actively used.  

In order to register for the push notifications, users must confirm the request from their browser or end device to receive the push notifications. This approval process is documented and saved. The storage is necessary in order to recognize whether users have consented to receiving the push notifications and to be able to prove their consent. For these purposes, a pseudonymous identifier of the browser (so-called "push token") or the device ID of an end device is stored. 

On the one hand, the push messages may be necessary for the fulfillment of contractual obligations (e.g. technical and organizational information relevant to the use of our online offer) and are otherwise, unless specifically mentioned below, sent on the basis of the user's consent. Users can change the receipt of push messages at any time using the notification settings of their respective browsers or end devices. 

Location-dependent sending of push notifications: The push notifications we send can be displayed depending on the whereabouts of the user, based on the location data transmitted by the end device used. 

Analysis and success measurement: We evaluate push messages statistically and can thus recognize whether and when push messages were displayed and clicked on. This information is used to technically improve our push messages based on the technical data or the target groups and their retrieval behavior or the retrieval times. This analysis also includes determining whether the push messages are opened, when they are opened and whether users interact with their content or buttons. For technical reasons, this information can be assigned to the individual push message recipients. However, it is neither our aim nor, if used, that of the push message service provider to monitor individual users. Rather, the evaluations serve us to recognize the usage habits of our users and to adapt our push messages to them or to send different push messages according to the interests of our users. 

The evaluation of the push messages and the measurement of success are based on the express consent of the user, which is given with the consent to receive the push messages. Users can object to the analysis and performance measurement by unsubscribing from the push messages. A separate revocation of the analysis and success measurement is unfortunately not possible. 

Content: 

- Information about us, our services, promotions and offers. 

- Alerts to recent posts and comments." 

- Technical information and changes to our application and its functions." 

  • Types of data processed: location data (data that indicates the location of an end user's end device), usage data  (e.g. websites visited, interest in content, access times). 

  • Purposes of processing: contractual services and range measurement (e.g. access statistics, recognition of returning visitors). 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR). 

 

Video conferencing, online meetings, webinars and screen sharing 

We use platforms and applications from other providers (hereinafter referred to as "third-party providers") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we observe the legal requirements.  

In this context, the data of the communication participants are processed and stored on the servers of third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact details, visual and vocal contributions, as well as entries in chats and shared screen content. 

If users are referred to the third-party providers or their software or platforms as part of communication, business or other relationships with us, the third-party providers can process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers. 

Notes on legal bases: If we ask users for their consent to the use of third-party providers or certain functions (e.g. consent to the recording of conversations), the legal basis for processing is consent. Furthermore, their use can be part of our (pre)contractual services, provided that the use of third-party providers has been agreed in this context.

 

Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we would also like to refer you to the information on the use of cookies in this data protection declaration. 

  • Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data  (e.g. text input, photographs, videos), usage data  (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Affected persons: communication partners, users (e.g. website visitors, users of online services). 

  • Purposes of processing: contractual services and services, contact inquiries and communication, office and organizational procedures, direct marketing (e.g. by email or post). 

  • Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR), legitimate interests (Art. 6 Para. 1 S 1 lit. f. GDPR). 

Services and service providers used: 

Application procedure

The application process requires applicants to provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the details provided there.  

In principle, the required information includes personal information such as name, address, contact details and proof of the qualifications required for a position. Upon request, we will be happy to provide additional information about which details are required. 

If provided, applicants can submit their applications to us using an online form. The data is transmitted to us in encrypted form in accordance with the state of the art. Applicants can also send us their applications by e-mail. Please note, however, that e-mails sent via the Internet are generally not encrypted. As a rule, e-mails are encrypted in transit, but not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the application between the sender and the reception on our server.  

For the purpose of searching for applicants, submitting applications and selecting applicants, we may use applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements. 

Applicants are welcome to contact us regarding the method of submission of the application or to send us the application by mail. 

Processing of special categories of data: insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application process in order for the controller or the data subject to exercise the rights accruing to him or her under labor law and social security and social protection law and to comply with his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) letter b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of notification of the special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO. 

Deletion of data: The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified withdrawal by the applicants, the deletion will take place at the latest after the expiry of a period of six months so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements. 

Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.

Duration of data retention in the applicant pool in months: 12 

Types of data processed: applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, CV, certificates and other information provided with regard to a specific position or voluntarily by applicants regarding their person or qualifications). 

Data subjects: Applicants. 

Purposes of processing: application procedure (establishment and possible subsequent implementation as well as possible subsequent termination of the employment relationship.). 

Legal basis: Art. 9 para. 1 p. 1 lit. b DSGVO (application procedure as a pre-contractual or contractual relationship) (Insofar as special categories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants so that the data controller or the data subject can exercise the rights accruing to him or her under employment law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Art. 9 (2) lit. b. DSGVO, in case of protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO or for the purposes of preventive health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the management of systems and services in the health or social sector pursuant to Art. 9 para. 2 lit. h. DSGVO. In the case of communication of special categories of data based on voluntary consent, their processing is based on Art. 9 para. 2 lit. a. DSGVO.).

Services used and service providers:

 

Cloud-Services 

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services", also referred to as "software as a service") for the following purposes: document storage and management, calendar management, emailing, spreadsheets and presentations, sharing documents, content and information with specific recipients or publishing web pages, forms or other content and information, as well as chats and participation in audio and video conferences. 

In this context, personal data may be processed and stored on the servers of the providers to the extent that these are part of communication processes with us or are otherwise processed by us as set out in the context of this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents. The cloud service providers also process usage data and metadata used by them for security purposes and service optimization. 

If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on the users' devices for the purpose of web analytics or to remember users' settings (e.g., in the case of media control). 

Notes on legal bases: If we ask for consent to use the cloud services, the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, the users' data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure management and collaboration processes)

  • Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses). 

  • Data subjects: Customers, employees (e.g. employees, applicants, former employees), prospective customers, communication partners. 

  • Purposes of processing: office and organizational procedures. 

  • Legal bases: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers: 

 

Newsletter and broad communication

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Otherwise, our newsletters contain information about our services and us. 

In order to subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name, for the purpose of a personal address in the newsletter, or further details, if these are required for the purposes of the newsletter. 

Double opt-in procedure: The registration for our newsletter is always carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged. 

Deletion and restriction of processing: We may store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove consent previously given. The processing of this data will be limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone. 

The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.

Notes on legal basis: The newsletter is sent on the basis of the recipients' consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, if and to the extent that this is permitted by law, e.g. in the case of existing customer advertising. Insofar as we commission a service provider to send e-mails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law. 

Content: Information about us, our services, promotions and offers. 

Analysis and performance measurement: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server or, if we use a shipping service provider, from their server when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected.  

This information is used for the technical improvement of our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can indeed be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. Rather, the evaluations serve us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. 

The evaluation of the newsletter and the measurement of its success are carried out, subject to the express consent of the users, on the basis of our legitimate interests for the purpose of using a user-friendly and secure newsletter system that serves our business interests and meets the expectations of the users.

A separate revocation of the performance measurement is unfortunately not possible, in this case the entire newsletter subscription must be cancelled, or it must be contradicted.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. web pages visited, interest in content, access times). 

  • Data subjects: Communication partners. 

  • Purposes of processing: direct marketing (e.g., by e-mail or postal mail). 

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO). 

  • Option to object (Opt-Out): You can cancel the receipt of our newsletter at any time, i.e. revoke your consent, or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you can otherwise use one of the above contact options, preferably e-mail, for this purpose.

Eingesetzte Dienste und Diensteanbieter: 

 

Promotional communication via e-mail, mail, fax or telephone

We process personal data for the purpose of promotional communication, which may take place via various channels, such as e-mail, telephone, mail or fax, in accordance with legal requirements. 

The recipients have the right to revoke consent given at any time or to object to the promotional communication at any time. 

After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data will be limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers). 

  • Data subjects: Communication partners. 

  • Purposes of processing: direct marketing (e.g. by e-mail or post). 

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

 

Sweepstakes and contests

We process personal data of participants of sweepstakes and contests only in compliance with the relevant data protection provisions, insofar as the processing is contractually necessary for the provision, implementation and execution of the sweepstakes, the participants have consented to the processing or the processing serves our legitimate interests (e.g., in the security of the sweepstakes or the protection of our interests against misuse through possible collection of IP addresses when submitting sweepstakes entries). 

If contributions from participants are published as part of the sweepstakes (e.g. as part of a vote or presentation of the sweepstakes entries or the winners or reporting on the sweepstakes), we point out that the names of the participants may also be published in this context. The participants can object to this at any time. 

 

If the sweepstakes takes place within an online platform or a social network (e.g. Facebook or Instagram, hereinafter referred to as "online platform"), the usage and data protection provisions of the respective platforms shall also apply. In these cases, we would like to point out that we are responsible for the information provided by the participants as part of the sweepstakes and that inquiries with regard to the sweepstakes should be directed to us.

The participants' data will be deleted as soon as the competition or contest has ended and the data is no longer required to inform the winners or because queries about the competition are to be expected. In principle, the participants' data will be deleted no later than 6 months after the end of the sweepstakes. Winners' data may be retained for longer in order, for example, to answer queries about the prizes or to be able to fulfill the prize services; in this case, the retention period depends on the type of prize and is up to three years for items or services, for example, in order to be able to process warranty claims. Furthermore, the participants' data may be stored for longer, e.g. in the form of reporting on the sweepstakes in online and offline media. 

 

If data was also collected for other purposes as part of the sweepstakes, its processing and the retention period will be governed by the data protection information on this use (e.g. in the case of registration for the newsletter as part of a sweepstakes).

  • Types of data processed: inventory data (e.g. names, addresses), content data (e.g. text input, photographs, videos). 

  • Data subjects: Sweepstakes and contest participants. 

  • Purposes of processing: implementation of sweepstakes and contests. 

  • Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO).

Umfragen und Befragungen 

The surveys and polls we conduct (hereinafter "surveys") are evaluated anonymously. Personal data is only processed insofar as this is necessary for the provision and technical implementation of the surveys (e.g. processing of the IP address in order to display the survey in the user's browser or to enable a resumption of the survey with the aid of a temporary cookie (session cookie)) or users have consented to this. 

Notes on legal bases: If we ask participants for consent to process their data, this is the legal basis for the processing; otherwise, the processing of participants' data is based on our legitimate interests in conducting an objective survey.

  • Types of data processed: contact data (e.g. email, phone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Data subjects: Communication partners, users (e.g. website visitors, users of online services). 

  • Purposes of processing: contact requests and communication, direct marketing (e.g. by email or postal mail), feedback (e.g. collecting feedback via online form), tracking (e.g. interest/behavioral profiling, use of cookies). 

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Eingesetzte Dienste und Diensteanbieter: 

 

Web analysis and optimization

Web analytics (also referred to as "reach measurement") is used to evaluate the flow of visitors to our online offering and may include behavior, interests or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offer or its functions or content are most frequently used or invite re-use. Likewise, we can understand which areas require optimization.  

In addition to web analytics, we may also use testing procedures, for example, to test and optimize different versions of our online offering or its components. 

For these purposes, so-called user profiles may be created and stored in a file (so-called "cookie") or similar procedures may be used with the same purpose. This information may include, for example, content viewed, web pages visited and elements used there and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed, depending on the provider. 

The IP addresses of users are also stored. However, we use an IP masking procedure (i.e., pseudonymization by shortening the IP address) to protect users. Generally, in the context of web analysis, A/B testing and optimization, no clear data of the users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures. 

Notes on legal bases: If we ask users for their consent to use the third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). 

  • Data subjects: Users (e.g., website visitors, users of online services). 

  • Purposes of processing: reach measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behavior-based profiling, use of cookies), visit action evaluation, profiling (creation of user profiles), click tracking, A/B testing, interest-based and behavioral marketing, targeting (determination of target groups relevant for marketing purposes or other output of content). 

  • Security measures: IP masking (pseudonymization of the IP address). 

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

 

Onlinemarketing 

We process personal data for online marketing purposes, which may include, in particular, the marketing of advertising space or display of promotional and other content (collectively, "content") based on potential user interests and the measurement of its effectiveness.  

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed. 

The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of the users (such as e-mail addresses or names) are stored in the context of the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles. 

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider. 

 

Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use and the network links the users' profiles with the aforementioned data. We ask to note that users may make additional arrangements with the providers, e.g., by giving consent as part of the registration process. 

In principle, we only receive access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract being concluded with us. The conversion measurement is used solely to analyze the success of our marketing measures. 

 

Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years. 

 

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis of the

Facebook pixel: With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of ads (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those users on Facebook and within the services of partners cooperating with Facebook (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that are evident from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion measurement").

  • Types of data processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user's terminal device). 

  • Data Subjects: Users (e.g., website visitors, users of online services), prospective customers. 

  • Purposes of processing: tracking (e.g. interest/behavior-based profiling, use of cookies), remarketing, visit action evaluation, interest-based and behavioral marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g.. e.g. access statistics, recognition of returning visitors), targeting (determination of target groups relevant for marketing purposes or other output of content), cross-device tracking (cross-device processing of user data for marketing purposes). 

  • Security measures: IP masking (pseudonymization of the IP address). 

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO). 

  • Possibility of objection (opt-out): We refer to the data protection notices of the respective providers and the objection options given to the providers (so-called "opt-out"). If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict functions of our online offer. We therefore recommend the following additional opt-out options, which are offered in summary for the respective areas:a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info.

Eingesetzte Dienste und Diensteanbieter: 

 

Presence on social networks

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us. 

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they thereby undertake to comply with EU data protection standards.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behavior and interests of the users are stored. Furthermore, data independent of the devices used by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). 

For a detailed presentation of the respective forms of processing and the options to object (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks. 

In the case of requests for information and the assertion of data subject rights, we also point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

  • Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., text input, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses). 

  • Data subjects: Users (e.g., website visitors, users of online services). 

  • Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors), affiliate tracking. 

  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Eingesetzte Dienste und Diensteanbieter: 

Plugins and embedded functions and content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These can be, for example, graphics, videos or social media buttons and posts (hereinafter uniformly referred to as "content"). 

The integration always requires that the third-party providers of this content process the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the presentation of this content or functionality. We strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to analyze information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer as well as be linked to such information from other sources. 

Notes on legal basis: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data indicating the location of an end user's terminal device), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), inventory data (e.g. names, addresses).

  • Data subjects: Users (e.g. website visitors, users of online services), communication partners.

  • Purposes of processing: provision of our online offer and user-friendliness, contractual performance and service, contact requests and communication, direct marketing (e.g. by e-mail or postal mail), tracking (e.g. interest/behavior-based profiling, use of cookies), interest-based and behavior-based marketing, profiling (creation of user profiles), security measures, administration and response to requests.

  • Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO), consent (Art. 6 para. 1 p. 1 lit. a DSGVO), contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO).

Eingesetzte Dienste und Diensteanbieter: 

 

Planning, organization and auxiliary tools

We use services, platforms and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organizing, managing, planning and providing our services. When selecting the third-party providers and their services, we observe the legal requirements.  

In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their content. 

If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the third-party providers has been agreed within this framework. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

  • Data subjects: Communication partners, users (e.g. website visitors, users of online services), interested parties.

  • Purposes of processing: contact inquiries and communication, coverage measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest/behavior-based profiling, use of cookies), managing and responding to inquiries, feedback (e.g. collecting feedback via online form), surveys and questionnaires (e.g.. surveys with input options, multiple choice questions), profiling (creation of user profiles), target grouping (determination of target groups relevant for marketing purposes or other output of content), remarketing, visit action evaluation, interest-based and behavioral marketing, conversion measurement (measurement of the effectiveness of marketing measures).

  • Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Eingesetzte Dienste und Diensteanbieter: 

 

Data deletion

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data has ceased to apply or it is not required for the purpose). 

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person. 

Further information on the deletion of personal data can also be found in the individual data protection notices of this privacy policy.

 

Change and update of the privacy policy 
We ask you to regularly check the content of our privacy policy. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification. 

If we provide addresses and contact information of companies and organizations in this privacy statement, please note that the addresses may change over time and please check the information before contacting us.

 

Rights of the data subjects 
As a data subject, you are entitled to various rights under the GDPR, which arise in particular f
rom Articles 15 to 18 and 21 GDPR: 

  • Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

  • Right of revocation for consents: You have the right to revoke any consent you have given at any time.

  • Right of access: You have the right to request confirmation as to whether data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements. 

  • Right to rectification: In accordance with the law, you have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified.

  • Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be erased immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.

  • Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another controller.

  • Complaint to supervisory authority: You also have the right, as provided by law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

 

Definitions of terms 

This section provides you with an overview of the terms used in this privacy policy. Many of the terms are taken from the law and defined primarily in Art. 4 of the GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are sorted alphabetically.

  

  • A/B tests: A/B tests are used to improve the usability and performance of online offerings. For example, users are presented with different versions of a website or its elements, such as input forms, on which the placement of the content or the labels of the navigation elements may differ. Then, based on the behavior of the users, e.g., staying longer on the web page or interacting more frequently with the elements, it can be determined which of these web pages or elements are more likely to meet the needs of the users.

  • Affiliate tracking: Affiliate tracking logs links that the linking websites use to direct users to websites with product or other offers. The operators of the respective linking websites may receive a commission if users follow these so-called affiliate links and subsequently take advantage of the offers (e.g. buy goods or use services). For this purpose, it is necessary for the providers to be able to track whether users who are interested in certain offers subsequently take advantage of them at the instigation of the affiliate links. It is therefore necessary for the functionality of affiliate links that they are supplemented by certain values that become part of the link or are stored elsewhere, e.g. in a cookie. The values include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, an online identifier of the user as well as tracking-specific values, such as, for example, advertising media ID, affiliate ID and categorizations.

  • Visit action evaluation: "Visit action evaluation" (English "Conversion Tracking") refers to a procedure with which the effectiveness of marketing measures can be determined. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then retrieved again on the target website. For example, this allows us to track whether the ads we have placed on other websites have been successful).  

  • Creditworthiness information: Automated decisions are based on automatic data processing without human intervention (e.g. in the case of an automatic rejection of a purchase on account, an online credit application or an online application process without any human intervention. Such automated decisions are only permitted under Art. 22 GDPR if data subjects consent, if they are necessary for the performance of a contract, or if national laws permit such decisions.

  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service with the help of which the content of an online offering, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. 

  • Cross-device tracking: Cross-device tracking is a form of tracking in which user behavior and interest information is recorded across devices in so-called profiles by assigning users an online identifier. This allows user information to be analyzed for marketing purposes, irrespective of the browsers or devices used (e.g. cell phones or desktop computers). For most providers, the online identifier is not linked to clear data such as names, postal addresses or e-mail addresses.

  • IP masking: "IP masking" refers to a method in which the last octet, i.e., the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. Therefore, IP masking is a means of pseudonymizing processing procedures, especially in online marketing

  • Interest-based and behavioral marketing: Interest-based and/or behavioral marketing is when users' potential interests in ads and other content are determined as precisely as possible. This is done on the basis of information about their previous behavior (e.g., visiting and staying on certain websites, purchasing behavior or interaction with other users), which is stored in a so-called profile. Cookies are generally used for these purposes.

  • Click tracking: Click tracking allows us to keep track of users' movements within an entire online experience. Since the results of these tests are more accurate if user interaction can be tracked over a period of time (e.g., so that we can find out whether a user likes to return), cookies are usually stored on users' computers for these testing purposes.

  • Conversion measurement: Conversion measurement is a method used to determine the effectiveness of marketing measures. For this purpose, a cookie is usually stored on the users' devices within the websites on which the marketing measures take place and then retrieved again on the target website. For example, this allows us to track whether the ads we have placed on other websites have been successful.

  • Personal data: "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Profiling: "Profiling" is any form of automated processing of personal data that involves the use of personal data to analyze, evaluate or predict certain personal aspects relating to a natural person (depending on the type of profiling, this may include information relating to age, gender, location data and movement data, interaction with websites and their content, shopping behavior, social interactions with other people) (e.g., interests in certain content or products, click behavior on a website or location). Cookies and web beacons are often used for profiling purposes.

  • Reach measurement: Reach measurement (also known as web analytics) is used to evaluate the flow of visitors to an online offering and can include visitors' behavior or interests in certain information, such as website content. With the help of reach analysis, website owners can see, for example, at what time visitors visit their website and what content they are interested in. This enables them, for example, to better adapt the content of the website to the needs of their visitors. For the purposes of reach analysis, pseudonymous cookies and web beacons are often used to recognize returning visitors and thus obtain more precise analyses of the use of an online offer.

  • Remarketing: "Remarketing" or "retargeting" is when, for example, for advertising purposes, a note is made of which products a user was interested in on a website in order to remind the user of these products on other websites, e.g. in advertisements.

  • Location history and movement profiles: Location history (also referred to as "movement profile") is the collection of location data over a period of time. Location history allows conclusions to be drawn about the geographical movements (i.e. changes in position) of devices, or their users.

  • Tracking: Tracking is when the behavior of users can be traced across several online services. As a rule, behavioral and interest information relating to the online services used is stored in cookies or on servers of the providers of the tracking technologies (so-called profiling). This information can subsequently be used, for example, to display advertisements to users that are likely to correspond to their interests.

  • Controller: a "controller" is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

  • Processing: "Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data, be it collection, analysis, storage, transmission or deletion.

  • Target group formation: We speak of target group formation (or "custom audiences") when target groups are determined for advertising purposes, e.g., insertion of advertisements. For example, based on a user's interest in certain products or topics on the Internet, it can be concluded that this user is interested in advertisements for similar products or the online store where the user viewed the products. In turn, we speak of "lookalike audiences" (or similar target groups) when the content deemed suitable is displayed to users whose profiles or interests presumably correspond to the users for whom the profiles were formed. Cookies and web beacons are generally used for the purpose of creating Custom Audiences and Lookalike Audiences.  

bottom of page