Name and Contact Details of the Controller

Our controller (hereinafter "Controller") within the meaning of Art. 4 No. 7 GDPR is:

Data Types, Processing Purposes and Categories of Data Subjects

Legal Basis for Processing Personal Data

We inform you below about the legal basis for processing personal data:

1. If we have obtained your consent for the processing of personal data, Art. 6 Para. 1 S. 1 lit. a) GDPR is the legal basis.
2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures that are carried out at your request, Art. 6 Para. 1 S. 1 lit. b) GDPR is the legal basis.
3. If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. legal retention obligations), Art. 6 Para. 1 S. 1 lit. c) GDPR is the legal basis.
4. If the processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 S. 1 lit. d) GDPR is the legal basis.
5. If the processing is necessary to safeguard our legitimate interests or those of a third party and your interests, fundamental rights and freedoms do not outweigh these, Art. 6 Para. 1 S. 1 lit. f) GDPR is the legal basis.

Disclosure of Personal Data to Third Parties and Processors

Without your consent, we generally do not disclose data to third parties. Should this be the case, the disclosure is based on the aforementioned legal bases, e.g. when disclosing data to online payment providers for contract fulfillment or due to court order or because of a legal obligation to disclose the data for the purpose of criminal prosecution, averting danger or enforcing intellectual property rights.

We also use processors (external service providers, e.g. for hosting our websites and databases) to process your data. If data is passed on to processors as part of an order processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, regularly monitor them and have granted ourselves the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and comply with the data protection regulations in accordance with GDPR.

Data Transfer to Third Countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data is therefore mainly processed by companies to which the GDPR applies. Should processing by third-party services take place outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that processing is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU by the EU Commission or compliance with officially recognized special contractual obligations, the so-called “standard contractual clauses”.

Insofar as we obtain your explicit consent to data transfer to the USA according to Art. 49 Para. 1 S. 1 lit. a) GDPR due to the invalidity of the so-called “Privacy Shield”, we point out the risk of secret access by US authorities and the use of data for surveillance purposes, possibly without legal remedy options for EU citizens.

Deletion of Data and Storage Period

Unless expressly stated in this privacy policy, your personal data will be deleted or blocked as soon as the consent granted for processing is revoked by you or the purpose of storage no longer applies or the data is no longer required for the purpose, unless its further retention is required for evidence purposes or there are legal retention obligations against this. These include commercial retention obligations for business letters according to § 257 Para. 1 HGB (6 years) and tax retention obligations according to § 147 Para. 1 AO for documents (10 years). When the prescribed retention period expires, your data will be blocked or deleted, unless storage is still necessary for concluding or fulfilling a contract.

Automated Decision-Making

We do not use automated decision-making or profiling.

Provision of Our Website and Creation of Log Files

1. If you only use our website for informational purposes (i.e. no registration or other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: IP address; user’s internet service provider; date and time of access; browser type; language and browser version; content of access; time zone; access status/HTTP status code; amount of data; websites from which the request comes; operating system. This data is not stored together with other personal data about you.
2. This data serves the purpose of user-friendly, functional and secure delivery of our website to you with functions and content as well as its optimization and statistical evaluation.
3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR, which is also based on the above purposes.
4. For security reasons, we store this data in server log files for a storage period of 90 days. After this period expires, they are automatically deleted unless we need to retain them for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Performance of Contracts

1. We process inventory data (e.g. company, title/academic degree, names and addresses as well as contact data of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) for the purpose of fulfilling our contractual obligations (knowledge of who the contractual partner is; justification, substantive design and execution of the contract; verification of data plausibility) and service provisions (e.g. customer service contact) in accordance with Art. 6 Para. 1 S. 1 lit b) GDPR. The inputs marked as mandatory in online forms are required for the conclusion of the contract.
2. This data is generally not passed on to third parties, except if it is necessary to pursue our claims (e.g. transfer to a lawyer for debt collection) or to fulfill the contract (e.g. transfer of data to payment providers) or if there is a legal obligation to do so in accordance with Art. 6 Para. 1 S. 1 lit. c) GDPR.
3. We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For inventory and contract data, this is the case when the data is no longer required to execute the contract and no further claims can be made under the contract because they have expired (warranty: two years / regular limitation period: three years). We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, after three years following termination of the contract, we restrict processing, i.e. your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

Contact via Contact Form / Email / Post

1. When you contact us via contact form, post or email, your information will be processed for the purpose of handling the contact request.
2. The legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR if you have given your consent. The legal basis for processing data transmitted in the course of a contact request or email or letter is Art. 6 Para. 1 S. 1 lit. f) GDPR. The controller has a legitimate interest in processing and storing the data in order to be able to answer user inquiries, for evidence purposes for liability reasons and to be able to comply with any legal retention obligations for business letters. If the contact aims at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 S. 1 lit. b) GDPR.
3. We may store your information and contact request in our Customer Relationship Management System (‘CRM System’) or a comparable system.
4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. Inquiries from users who have an account or contract with us are stored until two years after termination of the contract. In the case of legal archiving obligations, deletion takes place after their expiry: end of commercial (6 years) and tax (10 years) retention obligations.
5. You have the option at any time to revoke your consent to the processing of personal data in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.

Contact by Telephone

1. When you contact us by telephone, your telephone number is processed to handle the contact request and is temporarily stored or displayed in the RAM/cache of the telephone device/display. Storage takes place for liability and security reasons in order to be able to provide proof of the call and for economic reasons in order to enable a callback. In the case of unauthorized advertising calls, we block the telephone numbers.
2. The legal basis for processing the telephone number is Art. 6 Para. 1 S. 1 lit. f) GDPR. If the contact aims at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b) GDPR.
3. The device cache stores calls for 30 days and successively overwrites or deletes old data; when the device is disposed of, all data is deleted and the memory is destroyed if necessary. Blocked telephone numbers are reviewed annually for the necessity of blocking.
4. You can prevent the display of your telephone number by calling with a suppressed telephone number.

Data Protection in Application Procedures

1. Applications sent to the controller electronically or by post are processed electronically or manually for the purpose of handling the application procedure.
2. We expressly point out that application documents containing ‘special categories of personal data’ according to Art. 9 GDPR (e.g. a photo that reveals your ethnic origin, religion or marital status), with the exception of any severe disability that you may wish to disclose freely, are undesirable. You should submit your application without this data. This has no effect on your application chances.
3. The legal bases for processing are Art. 6 Para. 1 S.1 lit. b) GDPR and Section 26 BDSG (German Federal Data Protection Act).
4. If an employment relationship is entered into with the applicant after completion of the application procedure, the applicant data will be stored in compliance with relevant data protection regulations. If you are not offered a position after completion of the application procedure, your submitted application letter and documents will be deleted 6 months after the rejection is sent in order to be able to meet any claims and proof obligations under the German General Equal Treatment Act (AGG).

Data Security

In order to protect all personal data transmitted to us and to ensure that the data protection regulations are complied with by us, but also by our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server is encrypted and transmitted via a secure SSL connection.