Information according to § 5 TMG
Thank you for visiting our website. We would like to inform you how we process your personal data in connection with the use of our website.
External data protection representative
Mauß Datenschutz GmbH
Neuer Wall 10
T +49 40 / 999 99 52-0
1. Questions about data protection and exercising your rights
For questions about data protection or to exercise your rights under data protection law, please contact us using the contact details above.
2. Technical operation of our website
When you visit our website with your browser, it transmits various personal data to us. Of these, we process the so-called IP address so that the browser you use can retrieve content from our website and thus use it.
The legal basis for this processing of the IP address is Art. 6 para. 1 lit. f) DSGVO, since by visiting our website it is also in your interest that we technically enable its use. If the visit to our website serves the conclusion, the preparation of the conclusion or the implementation of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO. This data is not stored beyond the technically required duration.
3. E-mail newsletter
With your registration for our e-mail newsletter, we process personal data concerning you to the extent of the respective declaration of consent. We use this for the purposes described in the declaration of consent and in particular for the creation and dispatch of our newsletter.
Based on your consent, the legal basis for the processing is Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
To confirm your registration for the newsletter, you must click on the confirmation link in the verification email that we send you after your registration. By clicking on the specified link in the verification message, we process the date and time of the click, the content of the message sent to you and the email address used. This is done in order to be able to prove that you have subscribed to the newsletter and confirmed your consent. The legal basis for this processing is Art. 6 (1) lit. c) DSGVO, as we are required by law to be able to document your consent.
We will delete your personal data related to the newsletter subscription when you unsubscribe. We delete data that we need as proof that you have subscribed to the newsletter after the expiry of the limitation period for corresponding obligations to provide proof.
If you use the contact options offered by us, we will use the data you provide us with to process your request. The legal basis for this is our legitimate interest in processing your request in accordance with Art. 6 para. 1 lit. f) DSGVO. If your request serves the conclusion of a contract with us, the further legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.
Your data will be deleted after your request has been dealt with, unless we are legally obliged to store it for a longer period. In this case, the deletion takes place after the expiry of the corresponding obligation.
We are always happy to welcome new colleagues! If you apply for one of the positions we offer or send us an unsolicited application, we will process your data for the purpose of conducting the application process and for the decision on the establishment of an employment relationship. The legal basis for the processing is § 26 BDSG and subordinate Art. 6 para. 1 lit. b) DSGVO .
If we are unable to consider your application, we will delete it together with the submitted documents six months after our rejection, unless we are legally obligated to store it for a longer period or further storage is in our legitimate interest in order to be able to prove compliance with obligations incumbent upon us by law, e.g. according to the General Equal Treatment Act (AGG). In the event of longer storage, the data will be deleted upon expiry of the statutory storage period or if the reason justifying longer storage no longer applies. The legal basis for longer retention is Art. 6 (1) b) DSGVO if there are statutory retention periods and otherwise Section 26 BDSG and, subordinately, Art. 6 (1) b) DSGVO.
You can object to the further processing of your data at any time by withdrawing your application. If we establish an employment relationship with you, you will be informed separately about the processing of your data and the rights to which you are entitled.
If we are unable to consider your application for a position, we will include you in our pool of applicants, subject to your separate consent, so that we can consider your application for positions that may be filled in the future. You can object to the corresponding use of your data at any time with effect for the future. In this case, the data will be deleted immediately, unless we are entitled or obliged to store the data for a longer period for the reasons stated above. In this case, the deletion will take place when the corresponding reason ceases to exist. The legal basis for the processing of your data is Art. 6 para. 1 a. DSGVO.
a) Technically necessary cookies
b) Cookies that are used with your consent
Secondly, cookies are used based on your consent, which can be revoked at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Please note that the person responsible for the processing of personal data using such cookies within the meaning of the DSGVO is the person who has been specified in each case as the person responsible for the service with which cookies are associated in each case.
Please note that, depending on the scope of your consent, this may cover services that process your personal data in countries that do not have a level of data protection that meets the standards of the DSGVO. In these countries, your data may, for example, be subject to access by government authorities against which you have no effective legal remedy. Furthermore, it may be impossible to enforce the data subject rights to which you are entitled under the DSGVO in these countries and/or against the government authorities.
c) Meaning of your consent
If you give your consent by using the function offered by us, this refers on the one hand to the storage of cookies in your browser and on the other hand to the data processing by means of the services related to this. Therefore, please also refer to the information in these data protection notices for the respective services.
d) Revocation of your consent
You can revoke your consent at any time by using the corresponding functions at the beginning of this data protection notice. With your revocation, the cookies affected by the revocation will no longer be used by means of our website. Please note that this will not delete the relevant cookies from your browser. In order to prevent the respective responsible party from calling up these cookies from other websites, you would have to delete these cookies. Instructions on how to delete cookies in commonly used browsers can be found here:
7. Advertising and communication
In order to advertise the services we offer and thus acquire customers, we use the services listed below on the basis of your consent, which can be revoked at any time. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent for the services mentioned there at any time by using the corresponding functions at the beginning of this data protection notice, otherwise by notifying us. The revocation of consent does not affect the lawfulness of the processing carried out until the revocation.
In addition, the services offer you a possibility to object to the use in general, and not only for our website. We point this out at the respective services.
Please note that the consent you have given relates to two circumstances:
The storage of cookies in the terminal device used by you;
The use of the respective service as such
a) Interest-based communication
With your consent, which can be revoked at any time, we process data relating to our interactions with you (e.g. sending newsletters, emails or telephone calls) or your interactions with our communication media (e.g. clicks on links in newsletters or on our website). The aim of this processing is to determine your presumed interests in order to provide you with individual communication media or offers based on this. The legal basis for the corresponding processing is Art. 6 para. 1 lit. a) DSGVO.
b) Google Ads
With your consent, cookies for the Google Ads service are stored in the browser you use when you visit our website, and use of this service occurs. In the chapter "Cookies", we explain to you which cookies these are and which rights and options you are entitled to in this respect.
The provider of Google Ads in the European Union is Google Ireland Limited, imprint link.
The contractual agreements between Google and us can be found here.
You can object to the use of your data for interest-related purposes here.
object to the use of your data for interest-based advertising using Google Ads. If you use a Google account, you can make privacy settings for this here.
Please note our warnings regarding third countries, as Google Analytics may process personal data in countries where there is no level of data protection that meets the standards of the DSGVO.
c) Linkedin Ads
With your consent, cookies for the Linkedin Ads service are stored in the browser you use when you visit our website and this service is used to deliver advertising material in the Linkedin advertising network. In order to measure the success of our advertising media and to optimize our advertising media, we use LinkedIn Insight Tag Data. For this purpose, we anonymously determine how many people have clicked on an ad, which website they were redirected to, and which interactions were made on this website (e.g. contacting or downloads). To ensure that our advertising materials are only displayed to people who might also be interested in them, we use the LinkedIn Conversion Tracking function, which is used by LinkedIn to display so-called target group-related advertising.
The privacy notices published by LinkedIn for the aforementioned services can be found here.
Provider of the services in the European Union is LinkedIn Ireland Unlimited Company, Imprint. You can access the contractual agreements between LinkedIn and us here: Ads Agreement, Data Processing Agreement. LinkedIn uses subcontracted processors to provide the services.
d) Facebook Pixel
With your consent, the so-called Facebook Pixel is stored in your browser when you visit our website. The provider of this function for the EU is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We use the Facebook Pixel to advertise on Facebook and with partners cooperating with Facebook (so-called "Audience Network") to display our advertising via Facebook only to those persons who have visited our website and for whom we therefore assume that they are interested in our offers and thus our advertising. Furthermore, the Facebook pixel allows us to measure the effectiveness of these advertisements, as it is determined whether a person was redirected to our website after clicking on a corresponding advertisement.
In terms of data protection law, Meta Platforms Ireland Limited acts in part for us as a processor and in part we are jointly responsible with it in accordance with Art. 26 DSGVO. In all other respects, Meta Platforms Ireland Limited is the sole controller for the corresponding processing of personal data.
(i) Order processing
Meta Platforms Ireland Limited acts as a processor insofar as so-called event data is processed on our behalf in order to create reports for us on the impact of our advertising campaigns operated by means of Facebook and other Facebook content (e.g. our posts on facebook.com) as well as analyses and insights about users of our website and their use of the website. For this purpose, no profiles are created that we can assign to specific users of our website. "Event Data" is information that we share with Facebook using the Facebook Pixel that relates to individuals and the actions they take on our website, such as visiting our website and making purchases of the products we offer. Event data includes information that is collected and transmitted when people access our website using Facebook login or Facebook plugins (e.g., the "Like" button). However, they do not collect information that is created when a user interacts with our website via Facebook login, Facebook plugins or in any other way (for example, by logging in or marking or sharing an article with "Like").
(ii) Joint responsibility
We are joint controllers with Meta Platforms Ireland Limited pursuant to Article 26 of the GDPR for the use of Event Data generated as a result of our use of the Facebook Pixel, to the extent that it is used to improve the display of our ads served through Facebook and the delivery optimization of those ad campaigns. For this purpose, Meta Platforms Ireland Limited relates this event data to people who use products of the Facebook companies in order to show our advertising campaigns only to people who have visited our website (so-called ad targeting) or who are assumed to also be interested in our services. In connection with ad targeting and ad delivery optimization, Meta Platforms Ireland Limited uses event data generated by us to optimize ad delivery only after aggregating it with other data collected by other Facebook advertisers or otherwise on Facebook products. Facebook does not allow other advertisers or other third parties to target ads based solely on the Event Data we submit. An illustration of what personal data is processed as a result of our use of the Pixel by us and Meta Platforms Ireland Limited as joint controllers can be found here.
According to information from Facebook, this is the following data:
- HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country-specific/language), among other things.
- Information about standard/optional events such as "page view" or "app installation", other object properties as well as buttons clicked by visitors to the website, in each case according to the configuration of the business tool Please adapt to your settings / use of the pixel
- Online identifiers such as, among others, IP addresses and, if provided, Facebook related identifiers or device IDs (such as ad IDs for mobile operating systems) as well as information on the status of disabling/restricting ad tracking;
For information on how Meta Platforms Ireland Limited processes personal data, including the legal basis on which Meta Platforms Ireland Limited relies and on how data subjects can exercise their rights against Meta Platforms Ireland, please see Meta Platforms Ireland's Data Policy. Meta Platforms Ireland Limited is responsible for enabling data subjects to exercise their rights under Articles 15-20 of the DSGVO with respect to personal data stored by Meta Platforms Ireland Limited after joint processing, pursuant to the contract entered into with us. Of course, your existing rights towards us under the GDPR according to these provisions (see "Your rights") remain unaffected by this. You can thus assert these against us in parallel.
HTTP header information such as information about the web browser or app used (e.g. user agent, language setting country-specific/language), among other things.
(iii) Sole responsibility of Facebook.
Please note our warnings regarding third countries, as personal data for Facebook Pixel may be processed in countries where there is no level of data protection that meets the standards of the DSGVO.
8. warning about data transfers to third countries
For various services that are used on our website with your consent or process data by means of them (e.g. for advertising purposes), you will find the warning in this privacy notice that data transfers to third countries may occur.
a. What does this warning mean?
In the event of a data transfer to a third country, your personal data will leave the local scope of the DSGVO. In the third country, a level of data protection may apply in individual cases that does not meet the requirements of the DSGVO. For some states, e.g. Switzerland, there is a so-called adequacy decision. In these states, in the opinion of the EU Commission, the level of data protection law meets the requirements of the GDPR. They are therefore considered safe for data protection purposes. For other countries, in particular the USA, there is no such decision, as in these countries there is no level of protection for your personal data that corresponds to that of the DSGVO. Therefore, in the case of a data transfer to a third country, your personal data may be transferred to a country for which there is no level of data protection that is compatible with the DSGVO.
b. What does this mean for your personal data?
In the context of an economy based on the division of labor, many companies use service providers to process personal data. In other cases, large companies, such as Google, Amazon, Facebook, or Apple, have numerous different companies in different countries that do not each perform data processing on their own. Rather, these use group-wide IT services, so that, for example, a company in Ireland uses services from the parent company in the USA. For this purpose, either personal data is transferred to the USA or the parent company from the USA has access to the data in the EU.
By concluding so-called standard contractual clauses, the DSGVO allows to agree that the contractual partner, e.g. the parent company in the USA, must comply with the requirements of the DSGVO for the corresponding data processing, even if these would otherwise not apply to the contractual partner. This is intended to contractually create a level of data protection that corresponds to that of the DSGVO so that data subjects are not placed in a worse position than if their personal data were processed in the EU.
However, contracts only bind the parties involved in them and not third parties, such as government agencies. Therefore, in one country, such as the U.S., government agencies may have the right to access personal data of EU citizens, even if it violates their rights. These accesses can be very broad and all relate to all your data that is processed there. They can take place without a judge or similar having to order them. They can be secret, so that you do not know about these accesses. And they may be such that you have no way to defend yourself against access and any use of your data, especially in a court of law. Furthermore, the data subject rights to which you are entitled under the DSGVO (e.g., information, deletion) may also not exist or may not be enforced. The data processed in this way may also be combined with other data concerning you from other sources, for example, to create a profile about you.
This possible use of your data could, but does not have to, be associated with disadvantages for you. Since government agencies in third countries, in particular, are not subject to EU law or German law, it is not possible to specify exactly what these disadvantages might be. Disadvantages can therefore be of any nature, e.g. economic or political. For example, it could be that you are denied entry into a country, but it could also be that this data is used against you in foreign criminal proceedings. The disadvantages can be very serious in individual cases.
c. How high are my risks?
We cannot give a general answer as to how high the risks described are in individual cases. We can only point out that the decisive question is which service, and thus which company, has access to your data in connection with your use of our website. Furthermore, it is decisive which personal data is affected by this. On our website, it is - in our opinion - only a possible processing of personal data in third countries, in connection with advertising services such as Google, Microsoft or Facebook. This will be data about which website you visited and when, how long you stayed on it, from where the access took place approximately, which end device or software (browser, app) was used for this, which interactions they have made on the website, if this is transmitted to the operator of the service (e.g. the purchase of a product after clicking on an advertisement. Please read the information provided with the respective services) and, if applicable, other data that the respective operator processes. For this, we refer you to the respective data protection information of the services. The links to these can be found in these data protection notices in the explanation of the respective service.
You must consider for yourself whether granting consent and a possible transfer to a third country could create a situation for you that you do not wish to live with. In this case, please do not give your consent to the use of these services.
d. You will not suffer any disadvantages if you do not give your consent
If you do not want to give your consent to the use of certain or all services or storage of cookies, this will not have any disadvantages for you on our website. All our offers are available to our customers under the same conditions, regardless of whether they give consent or not. Of course, you can revoke your consent at any time with effect for the future.
Browser - this is the software you use to browse the internet and access our website.
Cookies - these are small text files that are stored in the browser you use and can contain various data. Each cookie is given a storage period, which you can find out from the information in the browser.
EEA - is the European Economic Area. These are, in addition to the EU countries, the countries of Iceland, Liechtenstein and Norway.
Third countries - are countries that do not belong to the EEA and for which there is no adequacy decision of the EU Commission.
IP address - any device that exchanges data over the Internet needs a unique identifier, otherwise data (e.g. web pages) to be sent to this device cannot be delivered. The computer, smartphone, tablet, etc. that you use therefore uses an IP address so that it can retrieve and receive data from the Internet. As a rule, you do not use a separate IP address for each terminal device. Instead, the technology used to connect to the Internet (e.g., your Internet router at home) lets all the terminals in a network appear to the outside world under a common IP address.
lit. - is a Latin abbreviation for "letter" used when quoting legal texts. Art. 6 (1) lit. a) DSGVO therefore means "letter a)".
Standard Contractual Clauses - are a set of contracts provided by the EU Commission that can be the basis for a data transfer to a third country according to Art. 46 (2) (d) DSGVO.
10. Your rights
You are entitled to the following rights in particular in connection with your personal data from the DSGVO. Because of the details, we refer to the legal regulations (in particular Art. 15 et seq. DSGVO).
a) Right to information
According to Art. 15 DSGVO, you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this should be the case, you have a right to information about this personal data and to further information mentioned in Art. 15 DSGVO.
b) Right to rectification
According to Art. 16 DSGVO, you have the right to demand that we correct incorrect personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
c) Right to erasure ("right to be forgotten")
Within the limits of Art. 17 DSGVO, you have the right to demand that we delete personal data relating to you without delay. We are obliged to delete personal data without delay, provided that the relevant requirements of Art. 17 DSGVO are met. Because of the details, we refer to Art. 17 DSGVO.
d) Right to restriction of processing
In accordance with Art. 18 DSGVO, you have the right under certain conditions to demand that we restrict the processing of your personal data. For details, please refer to Art. 18 DSGVO.
e) Right to data portability
Under the conditions of Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Pursuant to Art. 20 DSGVO, you further have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and the processing is carried out with the help of automated procedures.
f) Existence of a right of appeal to the supervisory authority.
Pursuant to Article 77 DSGVO, you have the right to complain to the supervisory authority, without prejudice to any other administrative or judicial remedy. This right exists in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
g) Right to object
Pursuant to Article 21 DSGVO, you have the right to object to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.