Responsible for content
Legal information on the handling of your data. Status March 2021.
The responsible party in terms of data protection law is us, the
Hanauer Landstr. 150
60314 Frankfurt am Main
Tel. (069) 6783 067 – 51
Registered in the Commercial Register of the Local Court of Frankfurt am Main under the number HRB113835
Sebastian Heinz, Julius Heinz, Fabian Müller
Data Protection Officer:
Dr. Constantin Herfurth, Eversheds Sutherland LLP, Brienner Str. 12, 80333 Munich, email@example.com
For the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
2. general information on data processing
2.1. Scope of the processing of personal data
As a matter of principle, we only process personal data of our users to the extent that this is necessary for the provision of a functional website as well as our content and services. The processing of this data regularly takes place only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
2.2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 I 1 lit.a DSGVO serves as the legal basis. When processing personal data that is necessary for the performance of a contract between us and the data subject, Art. 6 I 1 lit.b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures, esp. customer inquiries, are required. Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which we are subject, Art. 6 I 1 lit.c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 I lit.d DSGVO serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override our legitimate interest, Art. 6 I 1 lit.f DSGVO serves as the legal basis for the processing.
2.3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires. Unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.
3. provision of the website and creation of log files
3.1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the browser version used
- Operating system of the user
- Internet provider of the user
- Date and time of access
- Web pages that are called up by the user’s system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3.2. The legal basis for the temporary storage of data and log files is Art. 6 I 1 lit.f DSGVO.
3.3. The purpose of data processing is the delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. Log files are stored to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 I 1 lit.f DSGVO.
3.4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
3.5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files are mandatory for the operation of our website. Consequently, there is no possibility of objection on the part of the user.
4.1. Description and scope of data processing
- Frequency of page views
- Use of website functions
4.2. Legal basis: Art. 6 I 1 lit.f DSGVO
4.3. Purpose of data processing
4.4. Duration of storage, possibility of objection and elimination
5.1. Description and scope of data processing
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the following data is transmitted to us from the input mask:
- First name
- Email address
- Date and time of registration
No personal data is passed on to third parties in connection with the newsletter registration and the associated data processing. The data will be used exclusively for sending the newsletter.
5.2. Legal basis: Art. 6 I 1 lit.a DSGVO
5.3. Purpose of data processing
The collection of the email address is used for the proper delivery of the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.
5.4. Duration of storage, possibility of objection and elimination
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user’s email address will be stored as long as the subscription to the newsletter is active. The subscription may be terminated by the affected user at any time. For this purpose, there is an unsubscribe link at the end of each newsletter.
6. contact form and email contact
6.1. Description and scope of data processing
On our website, you have the option of contacting us electronically using a contact form. These may be general inquiries about our company, our prices and services, job vacancies or application purposes, such as project-related inquiries to initiate a cooperation and to receive a non-binding offer (not exhaustive). If you as a user take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
- First name
- Phone number (mobile or landline)
- Country from which you are requesting
- Content of your message
6.2. The legal basis for the processing of the data is Art. 6 I 1 lit.a DSGVO if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 I 1 lit.f DSGVO. If the email contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 I 1 lit.b DSGVO.
6.3. Purpose of data processing
The processing of personal data from the input mask serves us solely to process your inquiry/contact. The same applies to contact via email. The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our IT systems. This also constitutes the necessary legitimate interest in processing the data.
6.4 Duration of storage, possibility of objection and removal
The collected, transmitted and stored data from contact via contact form or via email will be deleted as soon as they are no longer necessary to achieve the purpose of their collection, processing and storage. For the personal data from the input mask of the contact form and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it is clear from the circumstances of the individual case, the purpose and the nature of the communication that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. However, in such a case, the conversation cannot continue. In this case, all personal data stored in the course of contacting us will be deleted after a period of seven days.
7.1. General information
7.2. Personal data in the context of the application process
Personal data is any data relating to the personal circumstances of an individual or a clearly identifiable individual. These include, for example, your name, address, date of birth, telephone number, but also data relating to your specific education, professional career and career. Data that is not directly linked to your personal identity is not personal data.
7.3. Legal basis for data collection
The legal basis for data collection, processing and storage is your consent, which you give us by clicking on the appropriate button in the online application portal and uploading your application and other evidence, Art. 6 I lit. a GDPR.
7.4. Type and scope of data collection in the application process
If you apply to us via our online application portal or by email, we collect and process your personal data for the purpose of carrying out our application process and for the purpose of preparing any contractual documents. By submitting an application through our online portal or by email, you express your interest in working with us. In this context, you provide us with your personal data, which we collect, process and temporarily store exclusively for the purpose of carrying out the application process. Specifically, the following data will be collected from you:
- Name, first name
- Email address
- Phone number
- Possible start date
- Salary requirements
- Channel through which you found us
Furthermore, you can choose to send us meaningful documents such as a cover letter, a resume, references or references from previous employers. These could contain other personal data about you, such as your date of birth. On our side, only authorized employees* have access to this data and only because they are mandatorily involved in the application and selection process on our side. Your personal data will be stored exclusively for the purpose of successfully filling a vacant position with us. Your personal data regarding the application process will be stored by us for 90 days. This is usually done to comply with legal requirements. After this storage period, we delete or anonymize your data. In the case of anonymization, your data will only be available to us as so-called metadata, without any reference to your person and exclusively for the purpose of internal statistics. In case of deletion, your data will be irretrievably deleted.
Should you receive an offer to work with us and accept it, we will store your personal data for the purpose of implementing the employment relationship and at least as long as this employment relationship exists with us. We would like to draw your attention to the fact that there are retention periods for employee data under tax law, which can be up to ten years.
7.5. Disclosure of personal data in the application process
Personal data that we collect from you as part of the application process is stored in a database using TLS encryption. This database is operated by Personio GmbH, which offers applicant and HR management software(www.personio.com/legal-notice). In this context, Personio is our processor pursuant to. Art. 28 GDPR. The data processing is subject to an order processing agreement between us and Personio GmbH.
7.6. Rights in connection with personal data
Insofar as we collect, process and store your personal data as a data controller within the meaning of the GDPR, you are entitled to various rights as a data subject under the GDPR. The rights you have depend on the reason for the collection and its legal basis. You have the right to access your personal data (Art. 15 GDPR), the right to rectification (Art. 16 GDPR) and the right to erasure (Art. 17 GDPR). Furthermore, the right to restriction of processing (Art. 18 GDPR), the right to notification (Art. 19 GDPR), the right to data portability (Art. 20 GDPR) and the right to object under Art. 21 GDPR. If the data is collected, processed and stored with your consent, you also have the right to revoke this consent at any time, Art. 7 III DSGVO. To exercise your rights, please contact our data protection officer.
7.7. Personnel service provider
Insofar as we receive your application and your corresponding personal data from external personnel service providers, to whom you have in turn previously submitted your application and your corresponding personal data and, if applicable, given them the corresponding consent, both we and your* recruiter are separate data controllers within the meaning of the GDPR. We collect, process, store and delete applications and corresponding personal data from this source analogously to the above regulations under point 7. of our data protection declaration. To what extent your personnel service provider collects, processes and stores your application and your corresponding personal data, you can find out from your respective personnel service provider.
7.8. Final provisions
8. use of Google Adwords
8.1. Description and scope of data processing
We use Google Adwords on our website, a service provided by Google Inc, 1600 Amphiteatre Parkway, Mountain View, CA 94043, USA. This is an online advertising program that uses conversion tracking. When you access our website via a Google ad, Google Adwords sets a cookie on your computer (for cookies, see also above). Each Google Adwords customer is assigned a different cookie. By using our website, you consent to the processing of your data collected by Google Adwords.
8.2. Legal basis: Art. 6 I 1 lit.f DSGVO
8.3. Purpose of data processing
We use Google Adwords to track the success of our Google ads and to make business decisions about the existence and, if necessary, the expansion of our advertising activities on Google. This is also our legitimate interest in the data processing according to. Art. 6 I 1 lit.f DSGVO. We only receive knowledge about the total number of users who have responded to our site or a corresponding Google ad. No information is shared that can be used to identify you. The use therefore does not enable any traceability by us and does not serve this purpose.
8.4. Duration of storage, possibility of objection and elimination
The cookie within Google Adwords loses its validity after 30 days. You can prevent Google Conversion Tracking by deactivating the tracking procedure in your browser. For more information, visit www.google.com/intl/policies/privacy/.
9. use of Google Analytics
9.1. Description and scope of data processing
We use Google Analytics on our website, a web analytics service provided by Google Inc, 1600 Amphiteatre Parkway, Mountain View, CA 94043, USA. Cookies are used for this purpose. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. I case of activation of IP anonymization on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. You can prevent the storage of cookies by selecting the appropriate settings on your browser. However, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. By using our website, you consent to the processing of your data collected by Google Maps.
9.2. Legal basis: Art. 6 I 1 lit.f DSGVO
9.3. Purpose of data processing
The purpose of using Google Analytics is to specifically address a target group that has already expressed an initial interest by visiting the page. This is also our legitimate interest in the data processing according to. Art. 6 I 1 lit.f DSGVO.
9.4. Duration of storage, possibility of objection and elimination
Cookies are stored on the user’s computer and transmitted by the user to our website. Advertising data in server logs is anonymized by Google deleting parts of the IP addresses and cookie information after 9 and 18 months respectively. You can also prevent the collection of the data generated by the cokie and related to your use of the website, including your IP address. of your IP address to Google as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://google.com/dlpage/gaoptout?hl=de. You can also find more information at https://www.google.com/intl/de/policies/privacy/.
10. use of Facebook Pixel
10.1. Description and scope of data processing
We use the application “Facebook Pixel” of the company Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”). Due to the “Facebook Pixel” application, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of “Facebook Pixel”, Facebook receives the following categories of data: Http header, Pixel-specific data, Button click data, Optional values and Form field names (see for more details https://www.facebook.com/business/gdpr under “What data does the Facebook Pixel collect?”). If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider uses tracking procedures to obtain and store your IP address and other identifying features.
10.2. Legal basis
The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 a) GDPR. When using the “Facebook Pixel” application, personal data is transmitted to a so-called third country. This data transfer is permitted because Facebook has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) (see https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC).
The use of Facebook Pixel enables us to show you personalized and thus more interesting advertising.
10.4. Duration of storage, possibility of objection and elimination
We store your personal data as long as it is necessary for the fulfillment of the above-mentioned purposes or until you revoke your consent. Consent can be revoked at any time by clicking on the opt-out link below: [cookies_revoke]
11. transfer of personal data to third countries
In principle, your personal data is processed in Germany and in other European countries. If, exceptionally, your personal data is processed in countries outside the European Union or the European Economic Area (so-called third countries), this will only take place if certain protective measures ensure that an adequate level of data protection exists. Typically, we take the following protective measures to do this:
- Adequacy Decision of the EU Commission: Recipients in Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay (Further information at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)
- Standard contractual clauses: Other recipients (Further information at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en)
- Exceptions according to Art. 49 DS-GVO: Other recipients.
Further information on third country transfers or copies of these measures can be obtained by contacting the above addresses.
12. use of Google Maps plugin
12.1. Description and scope of data processing
We use the Google Maps plugin on our website, a service provided by Google Inc, 1600 Amphiteatre Parkway, Mountain View, CA 94043, USA. This is an interactive map and geoservice from Google. By using Google Maps on our website, information about the use of our site, your IP address and, in the case of the route planning function, the addresses entered are transmitted to a Google server in the USA and stored there. By using our website, you consent to the processing of your data collected by Google Maps.
12.2. Legal basis: Art. 6 I 1 lit.f DSGVO
12.3. Purpose of data processing
We have no knowledge about the purpose of the data collection, nor about the use of the data by Google.
12.4. Duration of storage, possibility of objection and elimination
We do not have any information about the duration of the storage. For more information on appeal and removal options, please visit https://www.google.com/int/de/policies/privacy/.
13. use hotjar plugin
13.1. Description and scope of data processing
We use Hotjar to better understand the needs of our users and to optimize the offering and experience on this website. Using Hotjar’s technology, we get a better understanding of our users’ experiences (e.g. how much time users spend on which pages, which links they click on, what they like and don’t like, etc.) and this helps us tailor our offering to our users’ feedback. Hotjar works with cookies and other technologies to collect data about our users’ behavior and about their end devices, in particular IP address of the device (collected and stored only in anonymized form during your website use), screen size, device type (Unique Device Identifiers), information about the browser used, location (country only), language preferred to view our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.
13.2. Legal basis: Art. 6 I 1 lit.f DSGVO
13.3. Purpose of data processing
We have no knowledge about the purpose of the data collection, nor about the use of the data by Hotjar.
13.4. Duration of storage, possibility of objection and elimination
We do not have any information about the duration of the storage. For more information on appeal and removal options, please visit https://help.hotjar.com/hc/en-us/sections/115003180467-Data-Privacy.
14. your rights in relation to the personal data concerning you
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller.
14.1. Right to information
You may request confirmation from us as to whether personal data concerning you is being processed by us. You also have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to. Art 46 GDPR to be informed in connection with the transfer.
If there is a processing of personal data concerning you, you can request information from us about the following:
- The purposes for which the personal data are processed;
- The categories of personal data which are processed;
- The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
- The planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for the determination of the storage duration;
- The existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by us or an objection to such processing;
- The existence of a right of appeal to a supervisory authority;
- Any available information on the origin of the data if the personal data is not collected from the data subject;
- The existence of automated decision-making including profiling pursuant to. Article 22 I, IV DSGVO and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
14.2. You have a right to rectification and/or completion if the personal data processed concerning you is inaccurate or incomplete. We shall make the correction without delay.
14.3. You have a right to restrict processing. You may request the restriction of the processing of personal data concerning you under the following conditions:
- if you dispute the accuracy of the personal data concerning you for a period of time that allows us to verify the accuracy of the personal data
- the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data
- we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or
- if you object to the processing according to. Art. 21 I DSGVO and it has not yet been determined whether our legitimate reasons outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.
14.4. You have a right to have the personal data concerning you deleted. You may at any time request us to delete the personal data concerning you without undue delay and we are obliged to delete such data without undue delay, provided that one of the following reasons applies:
- The personal data concerned are no longer necessary for the purposes for which they were collected, stored or processed.
- You revoke your consent on which the processing is based according to. Art. 6 1 lit. a or Art. 9 II lit. a DSGVO and there is no other legal basis for the processing.
- They lay out acc. Article 21 I DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 I DSGVO. Art. 21 II DSGVO to object to the processing.
- The personal data concerning them have been processed unlawfully.
- The deletion of personal data concerning you is necessary for compliance with a legal obligation under European Union law or the law of the member states to which we are subject.
- The personal data concerning you has been collected in relation to information society services offered pursuant to. Art. 8 I DSGVO collected.
If we have made the personal data relating to you public and we are required to do so pursuant to. Article 17 I DSGVO, we shall take reasonable measures, including technical measures, to inform data controllers that you have requested the erasure of all links to this personal data concerning you, taking into account the available technology and the costs of implementation.
The right to erasure does not exist insofar as the processing is necessary, namely
- To exercise the right to freedom of expression and information;
- To fulfill a legal obligation or to perform a task in the public interest or in the exercise of official authority.
- For reasons of public interest in the field of public health according to. Art. 9 II lit. h and Art. 9 III DSGVO.
- For archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. Art 89 I GDPR.
- For the assertion, exercise or defense of legal claims
14.5. You have a right to be informed. If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or their restriction of processing. Unless this proves impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
14.6. You have a right to data portability. You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have data transferred to another controller without hindrance from us, provided that
- The processing is based on a consent according to. Art. 6 I 1 lit. a or Art. 9 II lit. a DSGVO or on a contract pursuant to. Art. 6 I 1 lit. b DSGVO is based and
- The processing is carried out with the help of automated procedures.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from us to another controller, where this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
14.7. You have the right to object. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you, which in turn is carried out on the basis of Art. 6 I 1 lit.e or f DSGVO. This also applies to profiling based on these provisions. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which in turn override your interests, rights and freedoms; or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object to the processing of this data for this purpose at any time. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed by us for these purposes. You have the possibility, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.
14.8. You have a right to revoke the declaration of consent under data protection law. Thus, you can revoke your declaration of consent under data protection law at any time. Withdrawal of consent does not subsequently eliminate the lawfulness of the processing that took place on the basis of consent until your withdrawal.
14.9. You have a right to a case-by-case decision. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, this does not apply if the decision
- Is necessary for the conclusion or performance of a contract between you and us,
- Permitted by Union or Member State legislation to which we are subject, and that legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests
- is done with your express consent.
However, such decisions shall not be based on special categories of personal data pursuant to Asrt. 9 I DSGVO, unless Art. 9 II lit. a or g DSGVO and appropriate measures have been taken to protect the rights, freedoms and legitimate interests. With regard to the above-mentioned cases, we take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the rights to obtain the intervention of a person on our side, to express your point of view and to contest the decision.
14.10. You have the right to complain to a supervisory authority. In particular, you have this right in the member state of your residence, workplace or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.