1. Access and Use of the Site
Scope and Purpose of the Processing
When you access and use our Site, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.
The following personal data is recorded to the extent necessary for the provision of a functional Site and our contents and services:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
The website from which access is made (referrer URL)
The used browser and, if applicable, the operating system of your computer as well as the name of the access provider
Legal Basis
Article 6 (1) lit. f) GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our Company.
Data Deletion and Storage Time
The data subject’s personal data are deleted or blocked as soon as the purpose of the storage is fulfilled. Data older than seven days will be deleted. The collection of data for the provision of the Site and the storage of data in log files is absolutely necessary for the operation of the Site. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.
2. Access and Use of the Site
Scope and Purpose of the Processing
You have the opportunity to contact us using a form provided on our Site. In the course of sending your inquiry via the contact form, reference is made to this data protection declaration in order to obtain your consent. If you use the contact form, the following personal data will be processed:
Obligatory
First name
Last name
E-mail address
Phone
Country
Voluntarily
The purpose of entering your e-mail address is to assign your request and to be able to reply to you. When using the contact form, your personal data will not be forwarded to third parties.
Legal Basis
The data processing described above (cf. § 4 3. a.) for the purpose of establishing contact is carried out voluntarily in accordance with Article 6 (1) lit. a) GDPR on the declaration of consent submitted by you.
Data Deletion and Storage Time
As soon as the request you have made has been dealt with and the relevant facts have been finally clarified, your personal data processed by the contact form will be deleted. Further storage may take place in individual cases if this is required by law.
Recipients of personal data and data transfers in-/outside of the European Economic Area (EEA)
When and why can we share your personal data?
The personal data are intended for our employees with regard to their respective functions and are stored on our secure servers.
We will only share your personal data with third parties and other recipients where we have an appropriate legal ground under the GDPR, which permits us to do so. Commonly, this could include situations:
where we are legally obliged to provide the information (e.g. to data protection authorities),
to comply with our contractual duties (e.g. to an affiliated company, if necessary in terms of our business relation.),
where it is necessary in our legitimate interest (e.g. for compliance reasons), or
where you have given your express consent to do so (e.g. to third-party Cookie providers).
We have also engaged certain service providers that process your data on our behalf and, therefore, are so-called data processors (e.g. our provider of the Site and agencies that help us managing our content thereof). Such data processors are contractually obliged to solely process your personal data based on our contractual agreement and in line with our predefined instructions. As data processors our service providers are also recipients of your personal data.
Data transfers within and outside the European Economic Area (EEA)
In general, the processing of your personal data is based inside the European Economic area (EEA). However, in terms of providing the Site and its functionalities we may use certain service providers and/or third-party service provider (in the following recipients) that receive your personal data (see under 3.), which may not process your personal data inside, but in a country outside the EEA. The transfer to service providers outside the EEA takes place on the basis of the so-called adequacy decision by the EU Commission pursuant to Art. 45 GDPR or on the basis of the Standard Data Protection Clauses of the European Union as an appropriate safeguard according to Art. 46 GDPR to ensure an adequate level of data protection in regard of the processing of your personal data.
However, when sharing your personal data with a recipient that is established in a country outside the EEA based on Standard Data Protection Clauses, it may be that the processing is not appropriately safeguarded due to the specific national laws applying to the recipient in such a country. This includes sharing your personal data with and the transfer of your personal data to recipients in the US. Such transfers of personal data may not be based on appropriate safeguards due to the fact that US authorities are allowed under US law to access and use such data transferred from the EU to the US without any specific exemptional reasons and means of a right to object to such illegitimate access for affected non-US American data subjects. Furthermore, these transfers are not regulated in such a way that would meet requirements equivalent to those existing under EU law specifically regarding the principle of proportionality as monitoring programs based on US legislation are not limited to what is strictly necessary.
Therefore, when we are aware that your personal data may be transferred to the US, e.g. to Google LLC or other recipients, we ensure to collect your express consent and inform you in this Privacy Policy about the corresponding risk that your data may not be appropriately safeguarded regarding illegitimate access or use, before such transfer takes place.
List of Recipients of your personal data
Recipient/Category of Recipient | Purpose of transfer/disclosure | Legal basis of the processing | Data transfer outside the EEA |
Maxcluster GmbH | Hosting and support of our IT-systems and infrastructure | Legitimate interest | Germany |
Die Medialen GmbH | Support on providing the website and the content thereof | Legitimate interest | Germany |
OneTrust, LLC | Provision of a platform to manage cookie consent | Legitimate interest | EU and US |
Google Ireland Limited | Analysis of website usage (Google Analytics) | Consent | EU and US |
Google LLC | Provision of videos via the service Youtube | Consent | EU and US |
Webmecanik | Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers. | Consent | |
LinkedIn Ireland Unlimited Company | Provision of a login function and the retrieval of data within the digital application process | Consent | EU and US |
Vimeo LLC | Provision of videos via the Vimeo service | Consent | EU and US |
| | | |