Data protection notice Oschätzchen


The protection of your personal data is extremely important to us. We observe the strict, applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The transparency of data processing is important to us, so we would like to provide you with comprehensive information on data protection with the following information.

Status: 1/2020


Übersicht

1. RESPONSIBLE

2. DATA PROTECTION OFFICER

3. GENERAL INFORMATION ON DATA PROCESSING

4. SERVER AND LOGFILES

5. COOKIES

6. CONTACTING US

7. (PRE) CONTRACTUAL SERVICES: CUSTOMER ACCOUNT AND ONLINESHOP

8. YOUR RIGHTS

9. DATA PROCESSING FOR ADVERTISING

10. WEBSITE OPTIMIZATION, REACH MEASUREMENT AND ONLINE MARKETING

11. SOCIAL-MEDIA, THIRD PARTY CONTENT & TOOLS

12. DISCLOSURE OF DATA

13. DATA PROTECTION IN THE APPLICATION PROCESS

14. CHANGES TO THIS PRIVACY POLICY

15. DEFINITIONS

 

1.   RESPONSIBLE

The person responsible for processing your personal data on this website and in the online shop is


OSCHÄTZCHEN GmbH & Co. KG
Hohe Bleichen 26
20354 Hamburg
Germany
Phone: +49 40 5936164-70
E-Mail: info@oschaetzchen.com

 

2.   DATA PROTECTION OFFICER

If you have any questions or concerns about data protection, you can also contact our data protection officer: 


Dr. Daniel Taraz LL.M.
JENTZSCH IT Rechtsanwaltsgesellschaft mbH
Alsterarkaden 13
20354 Hamburg
Tel.: -49 40 22 86 83 86 6
E-Mail: daniel.taraz@jentzsch-it.de

 

3.   GENERAL INFORMATION ON DATA PROCESSING

a. Scope & purpose of the processing of personal data 
As a user of this website, we only process your personal data insofar as this is necessary to provide a functional website and our content and services. Your personal data will only be processed with your specific consent, unless the data processing is legally permitted without prior consent. The purposes of the processing result from the processing activities are described in more detail below.

b. Legal basis for the processing of personal data 
Insofar as we obtain your consent for the processing of personal data, Article 6 Paragraph 1 a) GDPR serves as the legal basis. If the processing of your data is necessary to fulfil a contract to which you are a party, Article 6 Paragraph 1 b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of your personal data is necessary to fulfil a legal obligation to which we are subject, Article 6 Paragraph 1 c) GDPR serves as the legal basis. In the event that vital interests of you or another natural person require the processing of personal data, Article 6 Paragraph 1 d) GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, Article 6 Paragraph 1 f) GDPR serves as the legal basis for the processing. Our legitimate interest lies in the conduct of our business activities, the maintenance of the functionality of this page (s) and the legitimate interests in direct mail. 

c. Data deletion and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by law or other legal provisions that are binding on us. The data will also be blocked or deleted if a storage period prescribed by the aforementioned legal provisions expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

d. Types of data processed

  • Customer data (e.g. name, address);
  • Contact details (e.g. email address, telephone number);
  • Content data (e.g. text entries, photographs, videos);
  • Usage data (e.g. website views, access times, personal interests);
  • Communication and metadata (e.g. IP addresses, device information);

e. Purposes of processing

  • Provision of the online offer, its functions and content;
  • Answering contact inquiries and communicating with users;
  • Safety measures;
  • Reach measurement / marketing.

f. Categories of data subjects
Visitors and users of the online offer (hereinafter "users").

g. Regulations for the provision of data and consequences of failure to provide it
The provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may be necessary for you to provide us with personal data that we subsequently have to process. For example, you are obliged to provide us with personal data when our company concludes a contract with you. Failure to provide personal data would mean that the contract could not be concluded.

h. Automated decision making
We do not make automated decisions.

 

4.   SERVER UND LOGFILES

When you visit our website (s), we automatically process information that your browser - provided the relevant functions are not deactivated - transmits to the hoster (provider) of our website. These are so-called log files, i.e. log files that are stored by the provider on the server on which our website runs.

The following data are processed here:

  • the browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website,
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an internet protocol address (IP address),
  • the internet service provider of the accessing system and
  • designation of the files or information retrieved

This data is processed exclusively to ensure trouble-free operation, i.e. to correctly provide the page (s) you have requested, but also to ensure the long-term functionality of the technical systems and to improve the offer.

We reserve the right to provide the criminal authorities with the necessary information for the purpose of criminal prosecution if there is a legal obligation for the person responsible to do so.

We do not draw any conclusions about your person and do not merge this information with other (personal) data from you.


Hosting
We use a so-called hoster to provide certain services in connection with the operation of this website: in particular, IT infrastructure, computing services, database services, email dispatch, security services, server storage space and technical maintenance services are provided. We or our hoster processes inventory data, contact data, content data, contract data, usage data, meta and communication data of our visitors to our website on our behalf on the basis of Article 28 GDPR due to our legitimate interests in a professional and secure provision of our website in accordance with Article 6 Paragraph 1 f) GDPR.

 

5.   COOKIES

We use cookies. Cookies are text files that are stored and stored on a computer system via an internet browser. So-called session cookies are only stored for the duration of the browser session, whereas other cookies (persistent) are stored for a specific duration.

Cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string through which websites and servers can assign to the specific internet browser. This makes it possible to recognize the individual browser.

They serve to make the offer more user-friendly, more effective and safer.

This is how cookies make it possible for you to place items in the shopping cart in the online shop.

You can prevent us from setting cookies at any time by setting the Internet browser used accordingly and thus permanently objecting to the setting of cookies. Cookies can be deleted at any time. If you deactivate the option to set cookies, not all functions of our website may be fully usable.

This website uses the following cookies, some of which are necessary for the operation of our website:

Responsible Person Description Purpose Storage period Recipient Necessary
Clause 1 cookie-preference Shop-Funktion Session - Yes
Clause 1 csrf[frontend.account.login] Shop-Funktion Session - Yes
Clause 1 csrf[frontend.checkout.line-item.add] Shop-Funktion Session - Yes
Clause 1 csrf[frontend.checkout.switch-language] Shop-Funktion Session - Yes
Clause 1 csrf[frontend.form.newsletter.register.handle] Shop function Session - Yes
Clause 1 csrf[frontend.mollie.apple-pay.authorize] Shop function Session - Yes
Clause 1 csrf[frontend.mollie.apple-pay.shipping-methods] Shop function Session - Yes
Clause 1 csrf[frontend.store-api.proxy] Shop function Session - Yes
Clause 1 csrf[frontend.wishlist.product.add] Shop function Session - Yes
Clause 1 csrf[frontend.wishlist.product.merge.pagelet] Shop function Session - Yes
Clause 1 csrf[frontend.wishlist.product.merge] Shop function Session - Yes
Clause 1 csrf[frontend.wishlist.product.remove] Shop function Session - Yes
Clause 1 session- Shop function Session - Yes
Clause 1 timezone Shop function Session - Yes
Clause 1 wishlist-enabled Shop function Session - No
Clause 1 sw-cache-hash Shop function Session - Yes
Clause 1 sw-states Shop function Session - Yes
Clause 1 _ga Analysis / Tracking (Google Analytics) 2 years Google No
Clause 1 _gid Analysis / Tracking 1 day Google No
Clause 1 _gat_gtag_UA_27501862_1 Analysis / Tracking (Google Tag Manager) Approx. 1 min. Google No
Clause 1 _fbp Social Media (Facebook Pixel) 3 months Facebook No

If these cookies are not necessary and / or the information contained therein is personal data, the legal basis for data processing is your consent in accordance with Article 6 Paragraph 1 a GDPR. If these necessary cookies and / or the information they contain are personal data, the legal basis for data processing is Article 6 Paragraph 1 f) GDPR. Our interest in maintaining the functionality of our website is to be regarded as justified within the meaning of the aforementioned regulation.

The details of the aforementioned services can be found below

change Cookie agreements

 

 

6.   CONTACTING US

Contact by email, post or phone

You have the option of contacting us in several ways. By e-mail, by phone or by post. If you contact us, we will use the personal data that you voluntarily provide to us in this context for the sole purpose of being able to contact you and process your request.

The legal basis for this data processing is Article 6 Paragraph 1 b) GDPR. Your data will be deleted when they are no longer required for the purpose of processing and there is no statutory storage requirement.

 

 

7.   (PRE) CONTRACTUAL SERVICES: CUSTOMER ACCOUNT AND ONLINESHOP

We only process your personal data to the extent necessary to process your orders in the online shop or when you contact us.

We also offer you the option of voluntarily creating a customer account and storing your data accordingly.

We only process the personal data that you give us, such as your name, your contact details, payment data and order data, but also your IP address for order processing.

The data processing takes place for the purpose of the fulfillment of the contract as well as the implementation of pre-contractual measures on the legal basis of Article 6 Paragraph 1 1b) GDPR.

In order to provide you with the greatest possible comfort, we offer you the permanent storage of your personal data in a password-protected customer account / user account.

The creation of the customer account is basically voluntarily and based on your consent within the meaning of Article 6 Paragraph 1 a) GDPR. No further data entry is required after setting up a customer account. In addition, you can view and change the data stored about you in your customer account at any time.

In addition to the data requested when placing an order, you must enter a password of your choice to set up a customer account. This, together with your email address, is used to access your customer account. Please treat your personal access data confidentially and, in particular, do not make them accessible to unauthorized third parties. You have the option of deleting your customer account at any time. Please note, however, that the data that can be viewed in the customer account will not be deleted at the same time, once you have ordered from us. The deletion of your data takes place automatically after expiry of the commercial and tax retention obligations applicable to us. The legal basis for this data processing is Article 6 Paragraph 1 c) GDPR and Article 6 Paragraph 1 f) GDPR.

In order to process a purchase contract, we will pass this on to payment service providers commissioned by us, who process the payment (s). We pass on information about your delivery address to logistics companies and shipping partners commissioned by us. The respective data are transmitted solely for the respective purposes and are deleted again after delivery.

If we do not use your data for advertising purposes, we will save the data collected for the execution of the contract until the statutory or possible contractual warranty and guarantee rights have expired. After this period has expired, we keep the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data will only be processed again in the event of a review by the tax authorities.

In order to process a purchase contract via our website, the following data processing is also required:

Your payment data will be passed on to payment service providers commissioned by us, depending on the payment method, who will process the payment (s). We pass on information about your delivery address to logistics companies and shipping partners commissioned by us. In order to ensure that the goods are delivered according to your wishes, we will transmit your email address and, if applicable, the telephone number to the logistics company and / or shipping partner commissioned by us, who will take over the delivery. If necessary, they will contact you in advance of delivery in order to coordinate delivery details with you. The respective data are transmitted solely for the respective purposes and are deleted again after delivery. The legal basis for this data processing is Article 6 Paragraph 1 a), b) and f) GDPR.

In detail, we use the following payment service providers: 

7.1    PayPal
PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the person concerned selects this as a payment option during the ordering process in our online shop, data of the person concerned will be automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal are usually first name, last name, address, email address, IP address, telephone number or other data that are necessary for payment processing. In order to process the purchase contract, personal data related to the respective order is also necessary.

The purpose of transmitting the data is to process payments and prevent fraud.

The transfer takes place on the basis of the fulfillment of the contract in accordance with Article 6 Paragraph 1 b) GDPR and, insofar as personal data is also transmitted, on the basis of our legitimate interests in secure payment processing and fraud prevention in accordance with Article 6 Paragraph 1 f) GDPR.

The personal data exchanged between PayPal and us may be transmitted by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal is responsible for this.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary to fulfill the contractual obligations or the data are to be processed on behalf of.

You have the option to revoke your consent to the handling of personal data at any time towards PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

PayPal's current data protection regulations can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

 

7.1  Klarna
With Klarna, we enable you to purchase on account as well as instant bank transfers. The provider is Klarna AV, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter referred to as "Klarna"). When using payments with Klarna, they will collect various personal data from you. You can read more details about this in Klarna's privacy policy at the following link: https://www.klarna.com/de/datenschutz/. 

Klarna uses cookies to optimise their check-out solution. This optimisation constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO. Cookies are small text files that are stored on your end device and do not cause any damage. Cookies remain on your end device until you delete them. Further details about the use of Klarna cookies can be found in Klarna's privacy policy: https://www.klarna.com/international/privacy-policy/

Klarna reserves the right to carry out internal and external credit checks depending on the payment method you have chosen. The legal basis for this is Art. 6 para. 1 lit b) DSGVO. Further information on credit assessments and your right to object can be found in Klarna's privacy policy:  https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/privacy

The transfer of your data to Klarna is based on Art. 6 para. 1 lit. a) DSGVO (consent) and Art. 6 para. 1 lit. b) DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.


7.3   Apple Pay

If you choose the "Apple Pay" payment method of Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, the payment processing is carried out via the "Apple Pay" function of your terminal device operated with iOS, watchOS or macOS by charging a payment card deposited with "Apple Pay". Apple Pay uses security functions that are integrated into the hardware and software of your device to protect your transactions. In order to release a payment, you must enter a code previously defined by you and verify it using the "Face ID" or "Touch ID" function of your terminal device.

For the purposes of payment processing, the information you provide during the checkout process, along with information about your order, will be shared with Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to carry out the payment. The encryption ensures that only the website from which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the source website to confirm the success of the payment. If personal data is processed during the described transfers, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 (1) lit. b) DSGVO.

Apple keeps anonymised transaction data, including the approximate amount of the purchase, the approximate date and time, and whether the transaction was completed successfully. The anonymisation completely eliminates the possibility of any personal reference. Apple uses the anonymised data to improve Apple Pay and other Apple products and services.

When you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Max and the authorisation device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you personally. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and uncheck "Allow payments on Mac".

You can find further information on data protection with Apple Pay at the following Internet address: https://support.apple.com/de-de/HT203027

 

7.4    Logistics provider
Furthermore, we process your personal data for the purpose of delivery or as part of the fulfilment of the contract to DHL Paket GmbH, Charles-de-Gaulle-Straße 20, 53113 Bonn / Deutsche Post AG, Sträßchenweg 10, 53113 Bonn.

Your (delivery) address, possibly express requests and payment information in the cash on delivery procedure are processed, provided that you choose this as a means of payment.

 

 

8.   YOUR RIGHTS

When processing your personal data, you have the following rights, which we would like to inform you about below. You can contact us as the responsible or the data protection officer, the contact details can be found above under 1. and 2.

 

8.1.    Right of providing information
Upon request, we will confirm whether your personal data is being processed. If this is the case, you have the right to be informed about the following information:

  • the purpose of the data processing,
  • the categories of data processed, as well as
  • if applicable, the recipients or categories of recipients to whom data is disclosed due to legal obligations or contractual relationships; especially for recipients in third countries
  • the planned storage duration or, if this is not possible, the criteria for determining the duration
  • the existence of a right to correct or delete your personal data, or to restrict processing by us or a right to object to this processing
  • the existence of a right to appeal with the supervisory authority
  • In the event that the personal data are not collected from the data subject: All available information on the origin of the data
  • the existence of automated decision-making including profiling and meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject
  • in the case of a transfer to a third country or to an international organization, about the appropriate guarantees in connection with the transfer.

Upon request, you will receive a copy of the data you have collected and processed. This is basically done free of charge.

 

8.2.    Right to rectification
You have the right to request the immediate correction of incorrect personal data concerning you. You have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary declaration.

 

8.3.    Right to deletion 
Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately if this does not conflict with retention or documentation obligations under tax or commercial law or if the safeguarding of the legitimate interests of the person responsible is jeopardized.

A right to removal exists under the following conditions:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
  • You revoke your consent on which the processing was based in accordance with Article 6 Paragraph 1 a) GDPR or Article 9 Paragraph 2 a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing in accordance with Article 21 Paragraph 1 GDPR, and there are no overriding legitimate reasons for the processing, or an objection has been filed against the processing in accordance with Article 21 Paragraph 2 GDPR.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfill a legal obligation under European Union law or the law of the member states to which the person responsible is subject.
  • The personal data was collected in relation to the information society services offered in accordance with Article 8 Paragraph 1 GDPR (consent was given by a child).

 

8.4.    Right to restriction of processing (blocking)
Under the following conditions, you have the right to request the restriction of processing, i.e. the blocking of your personal data for processing:

  • You dispute the correctness of the personal data for a period that enables us to check the correctness of the personal data.
  • The processing is unlawful, you reject the deletion of the personal data and instead request that the use of the personal data be restricted.
  • The person responsible no longer needs the personal data for the purpose of processing, but you need them to assert, exercise or defend legal claims.
  • The user has objected to the processing in accordance with Article 21 Paragraph 1) GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the user.

 

8.5.   Right to data portability 
Upon request, your data can be made available for a fee in a commonly used and machine-readable format that is structured for you and a subsequent service provider, in order to enable fast transmission. This applies in any case if the processing is based on consent in accordance with Article 6 Paragraph 1 a GDPR or Article 9 Paragraph 2 a) GDPR or on a contract in accordance with Article 6 Paragraph 1 b) GDPR and the processing is carried out using automated procedures .

 


 

8.6.    Right to object
You also have the right to object to the processing of your personal data.

If the processing takes place for the purpose of direct advertising (e.g. newsletter), this right exists at any time.

Otherwise, you may also have the right, for reasons that arise from your particular situation, to object to the processing of your personal data at any time. This only applies if the processing takes place on the basis of Article 6 Paragraph 1 e) or f) GDPR (protection of public interests or protection of legitimate interests by / the person responsible).

To exercise this right of withdrawal, you can also send us an informal message to info@oschaetzchen.com, stating your email address, expressing your intention to withdraw.

 


 

8.7.    Right of appeal to the supervisory authority
If you are of the opinion that there has been a breach of data protection regulations, you have the right to complain with the competent supervisory authority. For us, for example, this is the Hamburg officer for data protection and freedom of information: https://datenschutz-hamburg.de/

 

 

9.    DATA PROCESSING FOR ADVERTISING PURPOSES

9.1 NEWSLETTER
If you would like to receive the newsletter offered on our website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. When you register for the newsletter, we also save the IP address assigned by the Internet service provider (ISP) of the computer system you were using at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and thus serves as legal protection for us. We use this data exclusively for sending the requested information and do not pass it on to third parties. The legal basis for this data processing is Article 6 Paragraph 1a) GDPR.

 

Notice of right of withdrawal
You can withdraw your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time with effect for the future by sending a message to us, e.g. to our e-mail address info@oschaetzchen.com or by revoking the unsubscribe option at the end of each newsletter.

We work with the provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This may give them access to your e-mail address and your name, but we have concluded an order processing contract, which means that data will be processed strictly in accordance with instructions within the scope of the consent you have given us. Tracking, i.e. tracking of your activities with readers of our e-mail newsletter, does not take place.

 

9.2 Advertising to existing customers
We basically have a legitimate interest in using data from our existing customers for marketing purposes. We collect the following data from our existing customers for our own marketing purposes: first name, last name, postal address, email address, year of birth. The legal basis for the use of personal data for marketing purposes is Article 6 Paragraph 1 f) GDPR.

If you are not an existing customer of ours, we will only process your data for marketing purposes based on your expressed consent to these purposes in accordance with Article 6 Paragraph 1 a) GDPR.

Proper order processing agreements have been concluded with service providers that we use for delivering advertising and who process data strictly bound by instructions on our behalf.

Reference to the right of objection
You can object to the use of your personal data for the aforementioned advertising purposes at any time free of charge with effect for the future using the contact options specified in Section 1.

If you object, your data will be blocked for further advertising data processing. We would like to point out that in exceptional cases, advertising material may still be sent temporarily after receipt of your objection. This is technically due to the lead-time required for the selection and does not mean that we have not implemented your objection.

 

 

 10.   WEBSITE OPTIMIZATION, REACH MEASUREMENT AND ONLINE MARKETING

10.1 GOOGLE ANALYTICS
We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House Barrow Street, Dublin 4, parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”), on our website based on our legitimate interests (namely the interest in the analysis and improvement as well as the commercial design of our online offer) within the meaning of Article 6 Paragraph 1 f) GDPR. Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and is stored there.

The information generated by the cookie about your use of this website is for example

  • Browser type / version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request

In the context of Google Analytics, however, we use the addition "anonymizeIp". By means of this addition, the IP address of the Internet connection of the person concerned is shortened and anonymized by Google if our Internet pages are accessed from a member state of the European Union or from another signatory to the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases.

Google will use the aforementioned information on our behalf to evaluate the use of our online offer by users and to provide us with reports on the activities within this online offer and, if necessary, to provide us with other services in this context. For this purpose, pseudonymous user profiles can be created from the processed data.

The (shortened) IP address transmitted by the user's browser is not merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly and prevent the collection of the data generated by the cookie in relation to the online offer and its processing by Google by downloading and installing the browser plug-in available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

You can find more information on Google's data usage, setting and objection options in Google's data protection declaration (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements on Google
(https://adssettings.google.com/authenticated).

The personal data of the users will be deleted or anonymized after 14 months.

 

10.2 Google Tag Manager
We would like to point out that we use the Google Tag Manager. The Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among other things, to measure traffic and visitor behavior, to record the impact of online advertising and social channels, to set up remarketing and targeting, and to test and optimize websites.

We use the Tag Manager for the Google services “Google Analytics” and “GA Audience”. If you have made a deactivation, this deactivation will be taken into account by Google Tag Manager.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,

Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA;

Website: https://marketingplatform.google.com;

Data protection declaration: https://policies.google.com/privacy;

Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

For further information on the Google Tag Manager see:  siehe: https://www.google.com/intl/de/tagmanager/use-policy.html.

 

 

11.   SOCIAL MEDIA, THIRD PARTY CONTENT & TOOLS

We use social plug-ins from the social networks Facebook, Google+ and Twitter on our website on the basis of Article 6 Paragraph 1f) GDPR to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider.

The purpose and scope of the data collection and the further processing and use of the data by the respective provider as well as your related rights and setting options to protect your privacy can be found in the respective data protection information of the provider, which we link below.

By logging out of the social network pages beforehand and deleting cookies that have been set, you can prevent social networks from assigning the information collected about you to your user account on the respective social network during your visit to our site. If you do not want social networks to assign the data collected via our website directly to your profile, you must log out of the relevant social networks before visiting our website. You can completely prevent the loading of the plugins with add-ons for your browser, e.g. with the script blocker "NoScript", to be found at: http://noscript.net.

 

11.1 Facebook Pixel
As part of our website, we use based on consent in accordance with Article 6 Paragraph 1 f) GDPR or, if consent is not available in individual cases and is not legally required, based on our legitimate interests (i.e. interest in evaluating the use of our website and Improvement of the operation of our website within the meaning of Article 6 Paragraph 1 f) GDPR) the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook").

Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

Facebook Pixel enables Facebook to determine the visitors to our website as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use Facebook Pixel to only display the Facebook ads placed by us to Facebook users who have also shown an interest in our offers or who have certain characteristics (e.g. interests in certain topics or products based on the visited websites) that we transmit to Facebook (so-called "Custom Audiences"). With the help of Facebook Pixel, we want to help to ensure that our Facebook ads correspond to the presumed interest of the user and that ads do not appear disruptive or unsuitable, but appear interesting and useful to the user. Facebook Pixel is also intended to help us understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement (so-called "conversion").

Facebook processes the data within the framework of Facebook's data usage policy. This policy contains more information about the display of Facebook advertisements: https://www.facebook.com/policy.php.

Special information about Facebook Pixel and how it works can be found in the Facebook help section: https://www.facebook.com/business/help/651294705016616

You can object to the collection by Facebook Pixel and the use of your data to display Facebook advertisements. To configure which types of advertisements are displayed to you within Facebook, you can call up the following page provided by Facebook in order to follow the information on the configuration of usage-based advertising: https://www.facebook.com/settings?tab=ads. The configuration is not limited to the specific platform / hardware you are using, i.e. it is adopted for all devices such as desktop computers or mobile devices.

You can opt out of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or contradict the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

11.3 VIMEO
Vimeo is a platform for videos. We sometimes provide videos on our pages, which we embed here, but which run on Vimeo's servers. It is not necessary to provide data or create a profile.

When the videos are played on our website, your IP address and your browser type or its configuration may be transmitted to Vimeo in order to be able to display content. This is done in order to be able to provide you with the requested service and to better display our pages.

Vimeo Inc., 555 West 18th Street, New York, 10011 New York, USA is responsible for the Vimeo portal.

Vimeo Inc. is certified by the US Privacy Shield and thus fulfills the data protection requirements according to Article 44 ff. GDPR.

The data protection information from Vimeo Inc. can be found at

https://vimeo.com/privacy

 

 

12.   Disclosure of data

With the exception of the processing shown, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing mentioned here causes data to be transmitted to the servers of the providers of tracking and targeting technologies commissioned by us. These servers are located in the USA, if the provider is based there. The data is transmitted based on so-called standard contractual clauses of the EU Commission as well as the principles of the so-called Privacy Shield. Further information on the Privacy Shield is available on the US website:

https://www.privacyshield.gov/welcome.

We only pass on your personal data to third parties if:

  • you have expressly given your consent in accordance with Article 6 Paragraph 1 a) GDPR,
  • the transfer according to Article 6 Paragraph 1 f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • there is a legal obligation for the transfer according to Article 6 Paragraph 1 c) GDPR or
  • this is legally permissible and required according to Article 6 Paragraph 1 b) GDPR for the processing of contractual relationships with you.

It will only be passed on to tax offices and social security agencies if there is a legal obligation to do so; the legal basis is Article 6 Paragraph 1 c) GDPR.

The transfer to service providers takes place only based on a proper agreement for order processing in accordance with Article 28 GDPR.

 

 

13.   DATA PROTECTION IN THE APPLICATION PROCESS

We process the personal data of applicants for handling the application process. The processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by email. If an employment contract is concluded with an applicant, the data transmitted will be stored for processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be automatically deleted six months after notification of the rejection decision, if deletion does not conflict with any other legitimate interests of the person responsible. 

 

14.   CHANGES TO THIS PRIVACY POLICY

The person responsible reserves the right to adapt security and data protection measures, insofar as this becomes necessary due to technical or legal developments. In these cases, the person responsible will also adapt this information on data protection accordingly. Please therefore note the current version of our data protection information.

 

15.   Definitions

For a better understanding, we would like to provide you with the definitions of the GDPR below, insofar as they are relevant for our data protection information.

 

Supervisory authority

"Supervisory authority" is an independent state body set up by a member state in accordance with Article 51 GDPR.

Processor

Processor is an individual or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

Third party

A third party is an individual or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing (in the sense of blocking)

Consent

Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to the processing of their personal data.

Recipient

Recipient is an individual or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.

Personal data

Personal data is all information that relates to an identified or identifiable individual person (hereinafter "data subject"). An individual person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual person.

In simple terms, personal data are individual details about personal or factual circumstances of a specific or identifiable individual person, i.e. not legal entities such as a GmbH. Personal data primarily includes information such as name, address, e-mail address, but also the IP address.

Profiling

Profiling is any type of automated processing of personal data that consists of using this personal data to analyze or predict the certain personal aspects relating to an individual person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this individual person. 

Pseudonymization

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that guarantee that the personal data cannot be assigned to an identified or identifiable natural person. 

Responsible person 

The person responsible is the individual or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by European Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with EuropeanUnion law or the law of the member states. 

Processing 

Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.