Data Privacy Statement

We, Tintschl AG and our subsidiaries and affiliated companies (‘Tintschl Group’ or ‘we’), appreciate your interest in our company, our services and products, and want you to feel secure when visiting our websites and social media pages, submitting applications and communicating with us, including with regard to the protection of your (personal) data.

Compliance with statutory data protection regulations, in particular the General Data Protection Regulation (GDPR), is a matter of course for us. This privacy policy is intended to inform you, in accordance with the provisions of Articles 13, 14 and 21 of the GDPR, about the extent to which personal data is collected, the purposes for which we process it and your data protection rights and claims. Please note the following information.

For reasons of better readability, the masculine form is used in the text when referring to persons. However, the respective information refers to members of all genders.

As changes to legislation or our internal company processes may require adjustments to this privacy policy, we ask that you review this privacy policy regularly. We therefore reserve the right to change these guidelines at any time in compliance with data protection regulations. The current version applies to your visit.

IMPORTANT NOTE: The German version of this document will govern our relationship – these translated versions are provided for convenience only and will not be interpreted to modify the German version.

The following data protection information applies across the board to all different categories of persons covered by this data protection policy.

The Tintschl Group has taken numerous technical and organisational measures to ensure the most comprehensive protection possible for the (personal) data collected and processed via this website. However, even this cannot always guarantee absolute protection, as data transmission over the Internet can always be subject to security vulnerabilities. For this reason, you are free to contact us by other means, such as by telephone or letter.

To facilitate our business activities, we may share information that may contain personal data with any of our group companies and affiliated third parties. If we disclose, transfer or otherwise grant access to data to other companies in our group, this is done in particular for administrative purposes as a legitimate interest and, beyond that, on a basis that complies with legal requirements.

We are happy to answer any questions, suggestions or comments you may have on the subject of data protection. Simply send an email to: dsb@sicur-data.de.

Our privacy policy is intended to be simple and understandable for everyone. This privacy policy generally uses the official definitions in Article 4 of the GDPR, to which we refer here.

Tintschl AG
Goerdelerstraße 21
91058 Erlangen
Germany
Phone: 09131/812490
E-Mail: service@tintschl.de
Register court: Amtsgericht Fürth
Register number: HRB 8421

The data protection officer of the controller is: 

sicur data GmbH
Beate Bender
Seumestraße 12
90478 Nürnberg
Email: dsb@sicur-data.de

The personal data of every individual who has a contractual, pre-contractual or other relationship with our company deserves special protection. We aim to maintain a high standard of data protection. That is why we are committed to the continuous development of our data protection and data security concepts. We are therefore committed to protecting your privacy and treating your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organisational security measures, which are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognised encryption methods (SSL or TLS).
However, we would like to point out that, due to the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data – e.g. when sent by email – may be read by third parties. We have no technical influence on this. It is the user's responsibility to protect the data they provide against misuse by means of encryption or other measures.

If your personal data is processed, you are considered a data subject under the GDPR. Every data subject has the following rights with regard to the controller in relation to the processing of their personal data:

• pursuant to Art. 15 GDPR, to request information about the personal data we process. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipient to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations, the envisaged period for which the personal data will be stored, the existence of a right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with a supervisory authority, the source of your personal data, if it has not been collected from you, and the existence of automated decision-making, including profiling, pursuant to Art. 22 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
• pursuant to Art. 16 GDPR, to request the immediate correction of inaccurate or incomplete personal data stored by us.
• pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
• pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the personal data, the processing is unlawful but you oppose its erasure and we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
• pursuant to Art. 19 GDPR, that you will be informed if you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller. The controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.  
• pursuant to Art. 20 GDPR on data portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller, where technically feasible.
• pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that we are violating German or European data protection law in the processing of your personal data. As a rule, you can contact the supervisory authority of the federal state in which we are based or, if applicable, that of your usual place of residence or workplace. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

Right of withdrawal
If data is processed on the basis of your consent, you are entitled under Article 7 of the GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal only applies to the future. Processing that took place before the withdrawal is not affected. In the event of revocation, we will delete the data concerned without delay, but please note that we may be required to retain certain data for a specific period of time in order to comply with legal requirements.

Right to object:

If we process your personal data on the basis of legitimate interest (Art. 6(1)(f) GDPR), you may object to this data processing at any time in accordance with Art. 21 GDPR. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to specify a particular situation.

If you wish to assert any of the above rights against us, please contact the controller or our data protection officer, whose contact details are given at the beginning of this privacy policy. In case of doubt, we may request additional information to confirm your identity.

As a responsible company, we refrain from decision-making based solely on automated processing – including profiling – in individual cases in accordance with Article 22 of the GDPR for all of the processes mentioned.

Applicants include individuals who apply for a job vacancy at the Tintschl Group or for temporary employment in the form of third-party work assignments at other companies. In this section, we provide information about data processing in our application process.

The provision of your personal data in the context of application processes is voluntary. However, we can only make a decision to establish an employment relationship if you provide the personal data necessary to process your application.

This usually includes personal details, postal and contact addresses, and documents related to the application, such as cover letters, CVs and certificates.

By submitting their application to us, applicants consent to the processing of their data for the purposes of the application process in accordance with the following information. They are not obliged to give their consent to the processing of data that is not relevant to the performance of the contract or not required by law.

We process personal data that we receive from you personally, by post or by email as part of your application, or that you submit to us via our application form on our website (Job Centre) or via application forms on job sites and social networks. By submitting your application, you are expressing your interest in working for us.

In your own interest, please ensure that your application documents do not infringe any copyrights, trademarks or other property rights. We are not liable for this.

When submitting your application by e-mail, please note that e-mails may not be sent in encrypted form and that applicants must ensure encryption themselves. We therefore cannot take any responsibility for the transmission of the application between the sender and the recipient on our server and therefore recommend using the application form on our website (Job Centre), which guarantees encrypted data transmission.

The purpose of data processing is to select applicants for employment with the Tintschl Group or for temporary employment in the form of third-party work assignments at other companies. We process applicant data for the purpose of handling the application process and implementing (pre-)contractual measures in accordance with the legal requirements of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

The data provided by applicants may be further processed by us for the purposes of the employment relationship, e.g. to fulfil legal requirements, in the event of a successful application.

If an application does not immediately lead to a vacant position being filled but is promising for other interesting job offers, we will add the data from the application documents to our talent pool and contact you when job vacancies matching your profile arise. This will only happen if you agree to our separate request for inclusion in the talent pool by means of a separate consent form. If you do not give your consent to include your application data in our talent pool, this will not result in any disadvantages for you in future application procedures.

For the purposes of searching for applicants, submitting applications and selecting applicants, we may use applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements.

Your personal data is processed on the basis of Art. 88 GDPR in conjunction with Section 26 BDSG or Art. 6 (1) (b) GDPR for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.

Furthermore, we may process your personal data if this is necessary to fulfil legal obligations (Art. 6(1)(c) GDPR) or to defend or assert legal claims (Art. 6(1)(f) GDPR). In this case, our legitimate interest is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

If you give us your express consent to process personal data for specific purposes (e.g. inclusion in our talent pool, disclosure of contact details to hirers in the course of temporary employment), the lawfulness of this processing is based on your consent in accordance with Section 26 (2) BDSG, Art. 6 (1) lit. a GDPR. Consent that has been given can be revoked at any time with effect for the future.

If an employment relationship is established between you and us, we may, in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG or Art. 6 (1) 1 (b) GDPR, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employees arising from a law.

In the case of voluntary consent to the disclosure of special categories of data within the meaning of Art. 9 (1) GDPR (e.g. health data, severely disabled status or ethnic origin), their processing is additionally based on Art. 9 (2) lit. b GDPR.

We only process personal data that you have provided to us in connection with your application or that is necessary for the application process. The necessary applicant data is marked as mandatory in our online application form and is otherwise specified in the job descriptions.

Data categories within the scope of the application process:

• Master data (e.g. names, addresses);
• Contact details (e.g. email, telephone numbers);
• Content data (e.g. entries in online forms);
• Applicant data (e.g. personal details, postal and contact addresses, documents relating to the application and the information contained therein, such as cover letters, CVs, certificates and other information provided by applicants voluntarily with regard to a specific position or relating to their person or qualifications, notes taken during job interviews);
• Log data (e.g. electronic transmission via online form/email).

You will also receive a confirmation email from our applicant management system confirming receipt of your application. This email contains a link that you can use to access an optional questionnaire. This questionnaire contains questions about your knowledge of languages, application and specialised software, and engineering. It also asks about your professional experience in the IT sector and whether you hold various categories of driving licence. This voluntary information will be transferred to your applicant profile. If you do not complete the questionnaire, this will not disadvantage you in the selection process.

Special categories of personal data are not required for the application. Information (e.g. pregnancy, health data, political affiliation) that has been proactively submitted by the applicant will not be taken into account.

We only share your personal data within our company with those departments and individuals who need this data to fulfil contractual and legal obligations or to implement our legitimate interests.

We may transfer your personal data within our group of companies and to our affiliated companies, insofar as this is permissible within the scope of the purposes and legal bases set out above.

We also use external service providers for data processing in accordance with Art. 28 GDPR when providing services related to the applicant management system. On the basis of a data processing addendum, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and by the service provider solely for the purpose of fulfilling the necessary task. Your data is adequately protected by taking appropriate technical and organisational measures.

Details of our external providers can be found in the section ‘Overview of sub-processors’.

Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfil legal obligations, or if we have your consent.

The transfer of personal data within the European Economic Area (EEA) is permitted. We do not intend to transfer data outside the EEA.

Your application, submitted to us in person or by post, will be imported into our applicant management system immediately. Your original documents will either be returned to you by post, returned to you in person immediately, or deleted using a data protection-compliant document shredder.

If you send us your application by email to a personal or general mailbox, it will be forwarded to our applicant management system, including all attachments, and thus imported into the system. Your original email will be irrevocably deleted from your personal or general inbox and the ‘Sent Items’ folder in your email system within five working days at the latest. A backup of your data will not be made.

We store your personal data in our applicant management system for as long as is necessary to make a decision on your application. Once the application process has been completed (e.g. notification of rejection, withdrawal of an application), your personal data will be deleted after six months at the latest, unless there is a reservation due to a justified revocation by the applicant. We need this period of time to answer any follow-up questions regarding the application and to comply with our obligations to provide evidence under the regulations on equal treatment of applicants. We only store your personal data beyond this period if this is required by law or in specific cases to assert, exercise or defend legal claims for the duration of a legal dispute. Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.

If personal data is stored for the purpose of the talent pool, we will store your data for a period of 12 months. After this period, we will obtain your renewed consent to data processing for the purposes of the talent pool. Without your consent, your data will be deleted in accordance with the legal provisions.

If the application process results in employment, traineeship or internship, your data will be stored for as long as necessary and permissible, and then transferred to your personnel file.

Website users include any person who accesses one of the websites of the Tintschl Group. In this section, we provide information about data processing when visiting and interacting with our websites.

This may primarily involve IP addresses, contact enquiries and data, meta and communication data, website accesses and other data generated via a website. The use of the host is in our interest of a secure, fast and efficient provision of our online presence by a professional provider (legal basis: legitimate interest pursuant to Art. 6 (1) (f) GDPR). Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data. We have concluded a data processing agreement with the provider.

Details on the external providers can be found in the section ‘Overview of processors’.

b. Content Delivery Networks (CDN)

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6(1)(f) GDPR). Cloudflare is a sub-processor of our hosting provider. Details about this provider can also be found in the section ‘Overview of processors’.

c. Website maintenance

We use a specialised HubSpot partner as a service provider for the maintenance of our website. The use of this service provider is based on our legitimate interest in the professional presentation of our website (Art. 6(1)(f) GDPR). Some of the personal data collected on our website can be viewed in the backend of our content management system. Access to the data is regulated by a rights and roles system and is based on the need-to-know principle. Our service provider can only view your data to the extent necessary to fulfil its service obligations. It processes data only in accordance with our instructions and on the basis of a data processing agreement.

The website host automatically collects and stores the following transmitted data in so-called server log files:

• IP address from which the request is made
• Browser type / version / language / operating system
• Content of the request (specific page)
• Amount of data transferred and access status (file transferred, file not found, etc.)
• Date and time of the request
• If applicable, the website from which the request originates (referrer)
  

In this case, the IP address is attributed to personal data. The other information does not provide any clues about your identity.

The data is processed for the following purposes in particular:

• Ensuring a smooth connection to the website,
• Ensuring the smooth use of our website,
• Evaluating system security and stability.

We do not use your data to draw conclusions about your person. This data is not merged with other data sources.

b. Legal basis for processing
Processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the above-mentioned purposes. In addition, access to information already stored on the end user's terminal device or the storage of such information is absolutely necessary for the technically error-free provision of our digital service (website) and is carried out on the basis of Section 25(2)(2) TDDDG.

c. Data categories

• Server log files
  
  

• HubSpot
• Cloudflare

e. Duration of storage

Like many other websites, we also use so-called ‘cookies’. Cookies are small text files or other types of information storage that store information about our website and your use of it. These are automatically created by your browser when you use our website and stored locally on your device, but this does not mean that we immediately obtain knowledge of your identity. The use of cookies serves, for example, to make the use of our website more pleasant for you. Via the cookie banner on our website, you can view the management of cookies and manage your consent there.

In addition to cookies, we also use so-called ‘pixels’. Pixels are not cookies, but they can serve similar tracking purposes. A tracking pixel (also known as a ‘pixel tag’, ‘web beacon’ or ‘counting pixel’) is an invisible image (usually 1×1 pixel in size) that is loaded from the provider's server when a website or email is loaded. A pixel does not store any data in the browser itself, but collects data when the page is loaded and sends it directly to the operator's server (e.g. HubSpot, Google, etc.).

We use a combination of cookies and pixels to track user behaviour more accurately, particularly for measuring success or tracking purposes.

Generally, we differentiate between technically necessary and non-necessary cookies:

Technically necessary cookies (‘first-party cookies’) are required for the operation of a website and are essential for navigating the site, using its functions and storing the user's decision when confirming the cookie banner. Depending on the purpose, temporary (session cookies) and permanent cookies are used. A randomly generated unique identification number, known as a session ID, is stored in a session cookie. A cookie also contains information about its origin and duration of storage. These cookies cannot store any other data. Depending on their purpose, permanent cookies store and manage, for example, the login to restricted areas of the website, user settings for language, the user's consent status for cookies on the current domain, or information for detecting malicious bots.

Non-essential cookies, on the other hand, are mostly preference cookies, statistics cookies and marketing & third-party cookies, which enable, for example, the number of visitors and traffic sources to be recorded and counted in order to measure and improve the performance of the website. In the case of a contact registration, e.g. by submitting a form, page visits can also be directly associated with a contact. These cookies are also required to enable the loading of third-party content and media. They also serve the purpose of finding out whether certain pages have problems or errors, which pages are most popular and how visitors navigate the website. These cookies are set from the moment you give your consent in the cookie banner.

An overview of all technically necessary and non-necessary cookies can be found under the ‘Details’ tab in our cookie banner, which you can access at any time by clicking on the icon with the black bracket in the lower left corner of our website.

The use of technically necessary cookies (“first-party cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services within the meaning of Art. 6 (1) (f) GDPR or is absolutely necessary under Section 25 (2) No. 2 TDDDG in order, for example, to comply with the legal requirements for obtaining consent, in particular for setting cookies that are not absolutely necessary.

The use of non-essential cookies, such as preference cookies, statistics cookies, and marketing & third-party cookies, is subject to the consent of the website visitor in accordance with Art. 6 (1) (a) GDPR or is also considered consent within the meaning of Section 25 (1) TDDDG. You can view, revoke, or change your cookie settings for non-essential cookies at any time. To do so, click on the icon with the black bracket in the lower left corner of our website to access the cookie settings again.

The use of the consent management service “Cookiebot by Usercentrics” itself is necessary to fulfill a legal obligation (Art. 7 (1) GDPR) to which we are subject (Art. 6 (1) (c) GDPR).

c. Recipients

Necessary cookies are set by the external service providers “Cloudflare” and “Cookiebot by Usercentrics.” The providers of non-essential cookies (e.g., HubSpot, Google) can be found in the cookie banner on our website.

d. Duration of storage

Session cookies are not permanently stored on your computer or device and are automatically deleted when you close the browser window or exit the browser after using our online services.

You can find the storage period for permanent cookies for each cookie set in the cookie banner on our website. They remain stored on your device until you delete them yourself or your web browser automatically deletes them.

As a user, you can set your web browser to generally prevent cookies from being stored on your device or to ask you each time whether you agree to cookies being set. Once cookies have been set, the user can delete them at any time in the browser's system settings. How this works is described in the help function of the respective web browser.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. However, a general deactivation of cookies can lead to functional restrictions on this website.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.

We use the consent management service “Cookiebot by Usercentrics” on our website. This service is used to provide our website visitors a comprehensive cookie notice. In addition, the consent of our website visitors to the setting of cookies and similar technologies in their browser is obtained and the consent status for cookies on the current domain is stored.

This data is logged on the provider's servers. As part of data processing, data is stored in the browser's session storage and local storage, and a pixel is used to store your consent status on your device, which is then read and checked again when you return to the page.

This enables us to check your consent status for all subsequent and future visits to our websites and to activate or deactivate cookies and other technologies when you visit the page again, in accordance with your decision.

The use of the consent management service “Cookiebot by Usercentrics” itself is necessary to fulfill a legal obligation (Art. 5 (2) GDPR) to which we are subject (Art. 6 (1) (c) GDPR). 

The legal basis for setting cookies can be found in the section “Use of cookies.”

c. Data categories

If you give or refuse consent via our consent banner, the service processes the following data with the help of cookies:

• Device information (e.g., web browser, operating system, browser language, device ID),
• Website and banner data (e.g., language, version, URL from which consent was sent),
• IP address and geographic location,
• date and time of consent,
• your consent ID for assigning and requesting your consent data,
• the consent status of the end user, which serves as proof of consent.
  
  

External service provider for the consent management service. You can find more information about this service provider in the “Overview of sub-processors” section further down in this privacy policy.

e. Duration of storage

The key and consent status are stored in the browser for 12 months using the “CookieConsent” cookie. This ensures that your cookie preference is retained for subsequent page requests. The key can be used to verify and track your consent. Your personal data will be deleted after 12 months or immediately after termination of the contract between us and our consent management service.

If you contact us as a prospective customer or customer by e-mail, post or telephone, your enquiry and the personal data contained therein will be processed by authorised persons for the purpose of processing your enquiry.

The transmission, i.e. the connection and transport of our emails, is TLS-encrypted. Please note, however, that encryption also depends on the configuration of your email programme and we therefore cannot guarantee complete data security during transport. For the purpose of detecting and preventing attacks, fraud and spam, all incoming emails are checked and filtered for malicious content (e.g. viruses), unwanted advertising (e.g. spam) and legitimate advertising (e.g. newsletters) before being delivered to a personal or general mailbox. In compliance with legal requirements, we use an external service provider for this purpose. This service provider processes the data only on our instructions and on the basis of a data processing agreement.

For information requiring a high level of confidentiality, we recommend that you send it by post.

b. Legal basis for processing

The legal basis for data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR.

c. Data categories

Automatic data processing includes the metadata of the message transmission (email address of the sender and recipient, email subject, date/time of email receipt and delivery, IP addresses of the servers involved in the communication, SMTP error code and text), content of emails and the classification of the email (clean, spam, virus, info email).

d. Recipients

External service provider for securing our email traffic. Data will not be passed on to third parties.

e. Duration of storage

The external service provider uses the message metadata for display in the control panel and deletes it after 14 months at the latest. The email itself is deleted after successful delivery or bounce. All data is stored in protected databases and exclusively on servers in Europe.

We comply with legal requirements when storing your business correspondence in our systems.

a. Nature and purpose of processing

The following sections list all web forms used on our website to collect data. We use the double opt-in procedure for all web forms used in a marketing context (e.g., newsletters, downloads of free content, registration forms for events). This means that we will only send you the requested information by email once you have expressly confirmed that you consent to the sending of marketing emails. For verification purposes, you will receive an email containing a link to confirm that you are the owner of the email address provided in the form and that you are indeed the recipient of our marketing emails. During this process, we log your inclusion in our communication subscription, the sending of a confirmation email, and the receipt of the requested response.

Unless otherwise stated, we use the form tool provided by HubSpot for all web forms on our website. When data is submitted via a HubSpot form, the system collects both the data entered in the fields and a range of automatically generated information. All fields contained in a form—such as name, email, company, phone number, etc.—are transferred directly to our customer relationship management system (CRM) and stored in the corresponding contact record, or a new contact record is created.

If consent has been given via the cookie banner, we collect the user's IP address and derived geolocation information, the date and time of the form submission, and the number of form submissions each time a form is submitted. This data is used to: estimate the geographical location, provide context for the contact (e.g. regional segmentation), measure the interaction rate with a contact, or analyse form submissions (e.g. in the event of suspicious behaviour).

b. Legal basis for processing

The logging of the form submission is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR and, in conjunction with the confirmation email, serves as proof of consent to receive marketing emails. We process the additional information on the basis of your consent pursuant to Art. 6(1)(a) GDPR.

a. Nature and purpose of processing
On our website, you can voluntarily subscribe to our email newsletter by submitting a form. We use this newsletter to send out professional information material, company news and event offers. To receive the newsletter, you only need to provide your email address. When you register to receive our newsletter, the data you provide will be used exclusively for this purpose and will not be passed on to third parties. Subscribers may also be informed by email about circumstances relevant to the service or registration (e.g. changes to the newsletter offer or technical circumstances).

Further information on data processing when using our forms can be found in the section ‘Web forms for Web forms for submitting data’.

We also process your data for the analysis of newsletter campaigns. For evaluation purposes, the emails sent and the linked pages on our website contain so-called web beacons or tracking pixels, which are one-pixel image files. Through so-called identity tracking, individual page views can be assigned to your contact when you click on a link in a tracked marketing email, provided you have given your consent to the non-essential cookies in the cookie banner. The assigned identity is based on the recipient's email address. We can use the results of these analyses to better tailor future newsletters to your interests and increase the success of our newsletter campaigns.

b. Legal basis for processing
On the basis of your expressly given consent (Art. 6 (1) (a) GDPR, Art. 7 GDPR in conjunction with § 7 (2) No. 3 UWG or on the basis of the legal permission pursuant to § 7 (3) UWG), we regularly send you our newsletter or comparable information by e-mail to your specified, valid e-mail address and measure its success. Without your consent, we are unfortunately unable to send you our newsletter.

c. Data categories

Email address and consent to receive marketing emails.

d. Recipients

After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). There is no time limit for storage in the blacklist.

f. Revocation of consent

a. Nature and purpose of processing

On our website, you can choose to download free content such as white papers, templates and workbooks by submitting a form. We store the data you provide when you submit the download form so that we can send you the free content, communicate with you about the requested content and nurture your interest in our services through marketing emails.

We process your first name*, last name*, company, telephone number, email address*, reason for enquiry*, and consent to receive marketing emails*. All information marked with an asterisk (*) is required so that we can address you personally and/or better understand your context. By completing and submitting a download form on our website, you also consent to receiving our newsletter/marketing emails. You can unsubscribe from our marketing emails at any time (see section ‘Newsletter & email marketing automation’).

Further information on data processing when using our forms can be found in the section ‘Web forms for submitting data’.

b. Legal basis for processing

The legal basis for processing is your express consent pursuant to Art. 6(1)(a) GDPR, Art. 7 GDPR in conjunction with § 7(2)(3) UWG (German Unfair Competition Act) or on the basis of the legal permission pursuant to § 7(3) UWG.

c. Data categories

Contact data, communication data and consent to receive marketing emails.

d. Recipients

The recipients of the data are internal employees of the marketing department. The provision of the form, the delivery of free content via automated emails and the processing of your data in our customer relationship management system are handled via the software-as-a-service application ‘HubSpot’. You can find more information about this processor in the ‘Overview of sub-processors’ section further down in this privacy policy.

e. Duration of storage

If you have submitted your data via the download form and thus registered to receive marketing emails, your data will be processed until you revoke your consent. With the exception of your decision to give your consent, we will store this data for six months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Art. 6(1)(f) GDPR.

Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes.

From time to time, we offer you the opportunity to voluntarily register for our webinars on our website. We process the data you provide in the registration form in order to register you for participation in the webinar and to conduct the webinar, to exchange information with you about the webinar content and to nurture your interest in our services by means of marketing emails. 

We process your first name*, last name*, email address*, country* and your consent to receive marketing emails*. All information marked with an asterisk (*) is required so that we can address you personally and/or better understand your context. By completing and submitting the registration form on our website, you also agree to receive our newsletter/marketing emails. You can unsubscribe from our marketing emails at any time (see section ‘Newsletter & email marketing automation’). Further information on data processing when using our forms can be found in the section ‘Web forms for submitting data’.

We use the software-as-a-service application ‘GoTo Webinar’ to conduct our webinars. When using this service, the data collected via our websites is transmitted to this processor. To participate the webinar, you must click on the webinar link sent to you and you will then be redirected to our webinar provider's service. When using the service, the additional data you enter when participating, as well as the data related to the connection (session duration, connections established, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and, if applicable, diagnostic data for troubleshooting problems with the provision of webinars) will be processed.

b. Legal basis for processing

The legal basis for processing is your explicit consent pursuant to Art. 6(1)(a) GDPR, Art. 7 GDPR in conjunction with § 7(2)(3) UWG (German Unfair Competition Act) or on the basis of the legal permission pursuant to § 7(3) UWG.

c. Data categories

Contact data, communication data and consent to receive marketing emails.

d. Recipients

The recipients of the data are internal employees of the marketing department. For the purpose of conducting the webinar, the data is transferred to our processor ‘GoTo Webinar’. You can find more information about this processor in the section ‘Overview of processors’ further down in this privacy policy.

e. Duration of storage

If you have submitted your data via the registration form and thus registered to receive marketing emails, your data will be processed until you revoke your consent. With the exception of the decision to give consent, we will store this data for 6 months longer in order to be able to prove the lawfulness of the processing within a reasonable period of time on the basis of Art. 6 (1)(f) GDPR.

By using the service, data is transmitted to the above-mentioned recipients and stored there for as long as is necessary to achieve the stated purposes. Where necessary, we process and store your personal data for the duration of our business relationship or for the fulfilment of contractual purposes.

f. Revocation of consent

Contact data, communication data, content data and, where applicable, consent to receive marketing emails.

d. Recipients

Contact data, communication data, content data and, where applicable, consent to receive marketing emails.

d. Recipients
The recipients of the data are internal employees according to the need-to-know principle. The provision of the form and the processing of your data in our customer relationship management system are handled via the software-as-a-service application ‘HubSpot’. You can find more information about this processor in the ‘Overview of processors’ section further down in this privacy policy.

e. Duration of storage
We delete personal data when it is no longer necessary for the purpose for which it was collected or otherwise processed. We continuously review the necessity of this; we store enquiries from customers who have an active contractual relationship with us permanently, unless a request for deletion has been made. If a contractual relationship is established, we are subject to the statutory retention periods under the German Commercial Code (HGB) and delete your data after these periods have expired.

f. Revocationof consent
You may revoke your consent to the storage of your personal data at any time with future effect. Please send us your revocation by e-mail to the controller or data protection officer named above in this privacy policy.

Please refer to the separate section III ‘For applicants’ regarding data processing on our application form.

For the application form on our website (Job Centre), we use a form based on the JavaScript programming technology AJAX. When you enter your data in the form and submit it, the data is encrypted and transmitted directly to our applicant management system.

Where links to other websites are provided, we have no influence or control over the linked content and the data protection provisions applicable there. We recommend that you review the privacy policies on the linked websites. This will enable you to determine whether and to what extent personal data is collected, processed, used or made available to third parties.

Our online presence within social networks (e.g. Facebook, Instagram, YouTube, LinkedIn, XING and kununu) is only integrated into our website in the form of a link to the corresponding services. After clicking on the integrated text/image link, you will be redirected to our respective online presence on the provider's pages. Only after the redirection will user information be transferred to the respective provider. For information on how your personal data is handled when you use our social media sites, please refer to the section ‘V. For social media visitors’ in our privacy policy.

IP address, device/browser data, referrer URL, usage behaviour, cookies/tracking data, location data, Google account data

Our website uses the kununu Live Score widget from the social network Kununu, which is operated by New Work SE (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany). This allows our visitors to view our kununu Live Score on our website, thereby strengthening our image. The legal basis for its use is Art. 6 (1) (f) GDPR.

When you visit this website, your browser briefly connects to New Work SE (‘kununu’) servers, which provide the ‘kununu widget’ functions (in particular the display of the kununu live score). kununu does not store any personal data about you when you visit this website. In particular, kununu does not store IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the ‘kununu widget’.

For the purpose and scope of data collection and the further processing and use of data by Kununu, as well as your rights in this regard and setting options for protecting your privacy, please refer to Kununu's privacy policy at http://www.kununu.com/info/agb.

Social media visitors include individuals who visit or interact with our social media pages. In this section, we provide information about data processing when visiting our social media pages.

a. Nature and purpose of processing
We appreciate your interest in our Facebook page. When you visit our social media presence, data is collected immediately and we are therefore also involved in the data processing carried out by the platform operator. We are jointly responsible for this with the operator. In addition, your data is processed jointly in connection with so-called ‘page insights’.

The operator of the Facebook platform is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, a subsidiary of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. We are the operator of our Facebook page and fan page.

We have concluded an agreement with the platform operator in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Page Controller Addendum). This agreement specifies which data processing operations we or the platform operator are responsible for when you visit our fan page or our presence on the platform. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

When you visit our social media presence, the platform operator uses cookies and similar technologies on your device to store or read data. In addition to the necessary cookies, functional, marketing or statistical cookies may also be set with your consent. Your personal data may therefore also be collected if you are not logged in or do not have an account on Facebook. With the help of the data collected in this way, Facebook can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both on and off Facebook. Alternatively, the data is also processed for market research purposes.

If you are logged into your Facebook account and visit our social media presence, Facebook can assign this visit and your interactions (e.g. clicks, comments and likes) to your user account (including, for example, master data and demographic data). If you have a Facebook account, interest-based advertising may be displayed on all devices on which you are or have been logged in. 

One feature provided by Facebook that is based on personal data, among other things, is Page Insights (https://www.facebook.com/business/a/page/page-insights). Page Insights provides us with summarised (aggregated) data about visitor interaction on and with our page and in connection with the content provided, but this data does not allow any conclusions to be drawn about individual persons.

Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by being able to place appropriate advertisements within or outside the platforms based on the target groups identified by the platform operator . Furthermore, we process your personal data for marketing purposes (e.g. increasing the reach and awareness of our fan page through target group-oriented design of posts, evaluation of the success of marketing campaigns).

We publish posts on our Facebook social media presence using the software-as-a-service application HubSpot. We receive visitors' interactions with our posts (e.g. sharing, liking, clicking on posts) as aggregated data in HubSpot. We use this data to compile statistics in order to improve the appeal of our social media presence. When commenting on our posts or replying to those comments and when using mentions, the individual social media profile of the person acting is displayed to us in HubSpot's social media tool. We can use the social media profile to create new CRM contacts or link them to existing CRM contacts. We use the HubSpot CRM system as our CRM (customer relationship management) system. All associated social media profiles can then be displayed in the contact record, and all existing and new social media interactions can be displayed in the contact's activity timeline. We can use the existing social media interactions with the contact to segment our customer approach and personalise it with the support of CRM internal AI summaries and AI suggestions. You can find more information about this processor in the ‘Overview of processors’ section further down in this privacy policy.

Please also note that we cannot track all processing operations on Facebook. Facebook may therefore carry out further processing operations. For details, please refer to Facebook's Terms of Use and Privacy Policy: https://de-de.facebook.com/privacy/policy.

b. Legal basis for processing

In cases where access to information or the storage of information is absolutely necessary for the technically error-free provision of services when visiting our social media presence on Facebook, this is done on the basis of Section 25 ((1) sentence 1, (2) no. 2) TDDDG. If access to information or the storage of information serves other purposes (e.g. the customised design of our social media presence), this is done on the basis of Section 25 (1) TDDDG only with your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future.

Any subsequent data processing by us, such as the use of page insights, is carried out on the basis of Art. 6 (1) (f) GDPR on the basis of our legitimate interest in using aggregated information about interactions with our Facebook fan page for advertising purposes. The analysis processes initiated by Facebook may be based on different legal grounds, which are to be specified by Facebook (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

c. Data categories

For details on what specific data is collected and how it is used, please refer to Facebook's privacy policy: https://de-de.facebook.com/privacy/policy.

d. Recipients

• Internal marketing department
• Facebook (Meta Platforms, Inc.)
• HubSpot

We cannot provide any information about the extent to which, where and for how long Facebook stores data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing deletion obligations, what analyses and connections Facebook makes with the data, and to whom Facebook passes on the data. Please refer to Facebook's terms of use and privacy policy for more information.

If you wish to delete your comment in the connected ‘HubSpot’ system, you must delete your comment directly in the social network. HubSpot will reflect this change after the next synchronisation. To delete your contact details from our CRM system, please send us your revocation by email to the controller or data protection officer named above in this privacy policy.

f. Third-country transfer

When you visit our Facebook page, your data may be processed in third countries, in particular the USA. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework (adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR; https://www.dataprivacyframework.gov/list; Active Participants) and undertakes to comply with appropriate data protection standards. In the case of a transfer to a third country without an adequacy decision, there is a risk that authorities may access your data. To ensure an adequate level of data protection, Meta Platforms, Inc. uses the EU's standard contractual clauses and takes additional security measures where necessary. These are regularly reviewed by the platform operator and adjusted if necessary.

For HubSpot, please refer to the separate section ‘Overview of Processors’ further down in this privacy policy.

g. Exercising your rights in the case of joint responsibility

If, as a visitor to our website or our fan page, you wish to exercise your rights as a data subject (see the section "rights of data subjects" in this privacy policy), you can contact both Facebook and us. You can use your Facebook settings to restrict the visibility of your Facebook account (also) to us, and you can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads

To contact Facebook's data protection officer, you can use the online contact form provided by Facebook: https://www.facebook.com/help/contact/540977946302970.

a. Nature and purpose of processing
We appreciate your interest in our company profile on LinkedIn. When you visit our social media presence, data is collected immediately and we are therefore also involved in the data processing of the platform operator. Here, we are jointly responsible with the operator. In addition, your data is processed jointly in connection with so-called ‘Page Insights’.

The operator of the ‘LinkedIn’ platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA 94085, USA. We are the operator of our company profile on LinkedIn.

We have concluded an agreement with the operator of the platform in accordance with Art. 26 GDPR on joint responsibility for the processing of your personal data (Page Insights Joint Controller Addendum). This agreement specifies which data processing operations we or the platform operator are responsible for when you visit our company profile on the platform. You can view this agreement at the following link: https://legal.linkedin.com/pages-joint-controller-addendum.

When you visit our company profile, the platform operator uses cookies and similar technologies on your device to store or read data. In addition to the necessary cookies, functional, marketing or statistical cookies may also be set with your consent. Your personal data may therefore be collected even if you are not logged in or do not have an account on LinkedIn. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed to you both on and off LinkedIn. Alternatively, you can disable cookies in your browser settings. With the help of the data collected in this way, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both inside and outside LinkedIn. Alternatively, the data is also processed for market research purposes.

If you are logged into your LinkedIn account and visit our social media presence, LinkedIn may assign this visit and your interactions (clicks, comments and reactions) to your user account (including, for example, master data and demographic data). If you have an account on LinkedIn, interest-based advertising may be displayed on all devices on which you are or have been logged in.

One feature provided by LinkedIn that is based on personal data, among other things, is Page Insights. This provides us with summarised (aggregated) data about visitor interaction on or with our company profile and in connection with the content provided, but does not allow any conclusions to be drawn about individual persons.

Although we do not have direct access to the data processed by the platform operator, we also benefit from this data processing by being able to place appropriate advertisements within or outside the platforms based on the target groups identified by the platform operator. Furthermore, we process your personal data for marketing purposes (e.g. increasing the reach and awareness of our company profile through the design of posts tailored to specific target groups, evaluating the success of marketing campaigns).

We publish posts on our LinkedIn social media presence via the software-as-a-service application HubSpot. We receive visitors' interactions with our posts (e.g. sharing, reacting, clicking on posts) as aggregated data in HubSpot. We use this data to compile statistics in order to improve the appeal of our social media presence. When commenting on our posts or responding to those comments and when using mentions, the individual social media profile of the person acting is displayed to us in HubSpot's social media tool. We can use the social media profile to create new CRM contacts or link them to existing CRM contacts. We use the HubSpot CRM system as our customer relationship management (CRM) system. All associated social media profiles can then be displayed in the contact record, and all existing and new social media interactions can be displayed in the contact's activity timeline. We can use the existing social media interactions with the contact to segment our customer approach and personalise it with the support of CRM internal AI summaries and AI suggestions. You can find more information about this processor in the ‘Overview of processors’ section further down in this privacy policy.

Please note that we have no influence on the data collection and further processing carried out by LinkedIn. For information on the purposes for which LinkedIn processes your personal data and the legal basis for this data processing, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy. 

b. Legal basis for processing

In cases where visiting our company profile on LinkedIn requires access to information or the storage of information in order to ensure the technically error-free provision of services, this is done on the basis of Section 25 (1) (1), (2) no. 2 TDDDG. If access to information or the storage of information serves other purposes (e.g., the needs-based design of our social media presence), this is done on the basis of Section 25 (1) TDDDG only with your consent in accordance with Art. 6 (1) (1) (a) GDPR. Consent can be revoked at any time for the future.

Any subsequent data processing by us, such as the use of Page Insights, is carried out on the basis of Art. 6 (1) (1) (f) GDPR on the basis of our legitimate interest in using aggregated information about interactions with our company profile for advertising purposes. The analysis processes initiated by LinkedIn may be based on different legal grounds, which are to be specified by LinkedIn (e.g. consent within the meaning of Art. 6 (1) (a) GDPR). 

c. Data categories

For details on what specific data is collected and how it is used, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

d. Recipients

• Internal marketing department
• LinkedIn 
• HubSpot

We cannot provide any information about the extent to which, where, and for how long LinkedIn stores data. Furthermore, we cannot make any statements about the extent to which LinkedIn complies with existing deletion obligations, what evaluations and links LinkedIn makes with the data, and to whom LinkedIn passes on the data. Please refer to LinkedIn's terms of use and privacy policy for more information.

If you wish to delete your comment in the connected “HubSpot” system, you must delete your comment directly in the social network. HubSpot will reflect this change after the next synchronization. To delete your contact in our CRM system, please send us your revocation by email to the controller or data protection officer named above in this privacy policy.

f. Third-country transfer

When you visit our company profile on LinkedIn, your data may be processed in third countries, in particular the USA. LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework (adequacy decision of the EU Commission pursuant to Art. 45 (1) GDPR; https://www.dataprivacyframework.gov/list; Active Participants) and undertakes to comply with appropriate data protection standards. In the case of a transfer to a third country without an adequacy decision, there is a risk that authorities may access your data. To ensure an adequate level of data protection, LinkedIn Corp. uses the EU's standard contractual clauses and takes additional security measures where necessary.

These are regularly reviewed by the platform operator and adjusted if necessary.

For HubSpot, please refer to the separate section “Overview of Processors” further down in this privacy policy.

g. Exercising your rights in the event of joint responsibility

If you are visiting our company profile and wish to exercise your rights as a data subject (see details under “Rights of data subjects” in this privacy policy), you can contact both LinkedIn and us. You can use the LinkedIn settings to restrict the visibility of your LinkedIn account (also) to us.

To contact LinkedIn's data protection officer, you can use the contact form at https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

• When you visit or interact with our social media profile, we process personal data (e.g. ‘Like’ information, profile information), in particular for advertising purposes and for communication and interaction with our company.
• When you contact us via the messaging function, we process your details and the contact details you have provided or released in order to deal with your enquiry. The data will be deleted as soon as it is no longer required, unless there are legal retention obligations that prevent this.

The processing of your personal data on the social media platform itself is carried out under the responsibility of the platform operator within the meaning of Art. 7 (4) GDPR. The operator of the Xing platform is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. We have no influence on the data processing carried out by the platform operator. For further information (e.g. third country transfers), please check the Xing privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

b. Legal basis for processing

The aforementioned processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest. If your contact is aimed at concluding a contract or pre-contractual measures (e.g. enquiries about our services), we will process your data in accordance with Art. 6(1)(b) GDPR.

c. Data categories

Profile data, behavioural data, content data

d. Recipients

• Internal marketing department
• XING

e. Exercising your rights

To assert your rights as a data subject, we would like to point out that these can be most effectively asserted directly with the platform provider. Only they have access to the data collected from you.

f. Third-country transfer

As part of our responsibility, no personal data is processed outside the European Union (EU) or the European Economic Area (EEA).

We appreciate your interest in our employer profile on kununu, which we operate for effective external presentation. We would like to give you an overview of the data we collect, use and store on our own responsibility:

• We may process data you enter on kununu, such as an employer review, by responding to it. The data you freely publish and distribute on kununu may be included by us in our offering or on our employer profile and thus also made available to other visitors of this site.
  

As the platform operator, kununu is solely responsible for processing your personal data on the employer review platform, collecting usage data from site visitors, and the reviews submitted anonymously and independently by users (within the meaning of Art. 7 (4) GDPR). The operator of the kununu platform is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. We have no influence on the data processing carried out by the platform operator. For further information (e.g. purposes, third-country transfers), please refer to kununu's privacy policy, which also refers to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung. Further information is also available at: https://support.kununu.com/hc/de/categories/5139748304913-Datenschutz

b. Legal basis for processing

Our processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in communicating with you and other users via kununu and responding to your review.

c. Data categories

content data

d. Recipients

• Visitors to our employer profile
• kununu (New Work SE)

To assert your rights as a data subject, we would like to point out that these can be most effectively asserted directly with the platform provider. Only they have access to the data collected from you.

• We process the data you enter on YouTube regarding our videos, such as ‘Like/Dislike’ or comments, including profile information, by responding to them. The data you freely publish and distribute on YouTube is included by us in our YouTube channel and thus also made available to other visitors to this site.
• When you visit our YouTube channel or interact with our content (e.g. watch videos, like, comment or follow our channel), we process data that Google provides us with as part of YouTube Analytics. However, this is aggregated, anonymised statistics without any personal references.

YouTube, as the platform operator, is solely responsible for the processing of your personal data on the social media platform, the collection of usage data from site visitors and the comment function (within the meaning of Art. 7 (4) GDPR). The operator of the YouTube platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You can find the privacy policy for YouTube here: https://policies.google.com/privacy

If you are logged into your YouTube account and visit our social media presence, YouTube can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have a YouTube account. In this case, this data collection is carried out, for example, via cookies stored on your device or by recording your IP address. YouTube can use the data collected in this way to create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and off YouTube. If you have a YouTube account, interest-based advertising can be displayed on all devices on which you are or have been logged in. Please also note that we cannot track all processing operations on YouTube. YouTube may therefore carry out further processing operations. We have no influence on the data processing carried out by the platform operator. For further information (e.g. third country transfers), please check Google's terms of use and privacy policy: https://policies.google.com/privacy

The processing for which we are responsible is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest. If you have given Google or YouTube your consent to data processing (e.g. via a cookie banner or account settings), this processing is carried out on the basis of Art. 6(1)(a) GDPR.

c. Data categories

Profile data, behavioural data, content data

d. Recipients

• Visitors to our YouTube channel
• YouTube (Google)

e. Exercising your rights

To assert your rights as a data subject, we would like to point out that these can be most effectively asserted directly with the platform provider. Only they have access to the data collected from you.

g. Third-country transfer

The YouTube platform is operated by Google Ireland Limited. Although this company is based in the EU, it is a subsidiary of Google LLC, which is based in the USA. When using our YouTube channel, personal data may be transferred to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection within the meaning of Art. 45 GDPR. Alternatively or in addition, the transfer to third countries is based on standard contractual clauses pursuant to Art. 46 (2) (c) GDPR, which have been approved by the European Commission.

If, in the course of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if the transfer of data to third parties is necessary for the fulfilment of a contract), users have consented, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we disclose data to other companies in our group, transfer it to them or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, beyond that, on a basis that complies with legal requirements.

Below you will find the organisations, companies and individuals that we, as the operator of this website, authorise to process data.

HubSpot, Inc. is a software company based in the United States (HubSpot, Inc. Two Canal Park, USA, Cambridge, MA 02141, USA; https://legal.hubspot.com/de/impressum). Our contractual partner is the branch office HubSpot Ireland Ltd, 1 Sir John Rogerson's Quay Dublin 2 Ireland.

We use the platform to manage business and contact data (e.g. prospects, applicants, customers, suppliers) and, if necessary, to create, enrich and evaluate profiles. In a marketing context, we use the application to create our website, content on our social media presences, our email marketing campaigns and lead management components. We also analyse and evaluate interactions with our digital marketing assets.

This software provider acts on our behalf and may therefore also view (receive) your data to the extent necessary. A data processing agreement has been concluded with HubSpot (https://legal.hubspot.com/dpa). We have no influence on further data processing by the third-party provider.

Hosting takes place in a data centre in the European Union (Germany). When HubSpot transfers personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR.

For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46 (2) (c) GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. 

For more information about HubSpot's privacy policy, please visit: https://legal.hubspot.com/de/privacy-policy.

An overview of HubSpot's policies, technologies and certifications can be found in the Trust Centre at: https://trust.hubspot.com/

An overview of the subcontractors used by HubSpot can be found at: https://legal.hubspot.com/sub-processors-page

Cloudflare (Cloudflare Inc.) is one of the largest networks on the internet, ensuring the security and performance of web applications. Cloudflare provides a content delivery network, internet security services and distributed DNS services, and acts as a subcontractor to HubSpot in the context of our website.

Due to the way Cloudflare's features are integrated into our website infrastructure, the service filters all traffic passing through our website, i.e. communications passing through our website and the user's browser, while also enabling the collection of analytical data contained on our website. Cloudflare uses functional cookies that cannot be deselected when visiting our website.

Cloudflare, Inc. is a software company based in the United States (Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA); https://www.cloudflare.com/trust-hub/.

According to information in HubSpot's list of subcontractors, subcontracting for a European data centre location takes place in the data centre closest to the data centre location (https://legal.hubspot.com/sub-processors-page). When HubSpot transfers personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR.

For the US, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-US Data Privacy Framework. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link: www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, standard data protection clauses are also agreed in accordance with Art. 46(2)(c) GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. 

For more information about Cloudflare's privacy policy, please visit: https://www.cloudflare.com/privacypolicy/
For an overview of Cloudflare's policies, technologies, and certifications, please visit the Trust Hub at: https://www.cloudflare.com/de-de/trust-hub/

We use the cookie consent banner ‘Cookiebot’ from Usercentrics (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark) on our website to organise consent management for cookies. 

With the cookie consent banner, Usercentrics offers a service that ensures that we can comply with the legal requirements for obtaining consent, in particular for setting cookies that are not absolutely necessary within the meaning of Section 25 (2) TDDDG. It requests the consent of website visitors for the processing of personal data and collects, stores and manages this consent. It also informs website visitors about the cookies and services used on our website.

Usercentrics uses functional cookies that cannot be deselected when visiting our website. In this context, your browser may transmit personal data to Usercentrics. According to Usercentrics' own statements, all data is stored in protected databases and exclusively on servers in Europe. Further information on the handling of the transferred data can be found in Usercentrics' privacy policy: https://www.cookiebot.com/de/privacy-policy/

We have signed a data processing agreement with the service provider, in which we oblige them to protect our customers' data and not to pass it on to third parties: https://www.cookiebot.com/de/wp-content/uploads/sites/2/2025/01/DPA_EN_Template_UC-A_S_Without-signature-Aug-2024_V9.0.pdf.

compleet GmbH is a software company for applicant management systems based in Germany (compleet GmbH, Hermann-Weinhauser-Straße 73, 81673 Munich, Germany; https://compleet.com/impressum). This software provider acts on our behalf and may therefore also view (receive) your data to the extent necessary. We have concluded a contract with the provider for order processing.

According to the provider, all data collected is stored on server systems in Germany or in another EU or EEA member state. The data is not transferred to third countries.

GoTo Webinar is a product of the software provider GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson's Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland, https://www.goto.de/company/rechtliches/impressum. This company is our contractual partner and a subsidiary of GoTo Group, Inc. based in the USA.

This software provider acts on our behalf and may therefore also view (receive) your data to the extent necessary. A data processing agreement has been concluded with GoTo Technologies Ireland Unlimited Company https://www.goto.de/company/rechtliches/data-processing-addendum.

For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. GoTo, Inc. is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link : www.dataprivacyframework.gov/s/participant-search. For potential transfers to other third countries outside the EU and the EEA, for which there is no adequacy decision by the EU Commission, standard data protection clauses in accordance with Art. 46 (2) (c) GDPR are agreed. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on data protection at GoTo can be found at: https://www.goto.de/company/rechtliches/datenschutz