Privacy policy
We are pleased that you are interested in our company and our products and services and would like you to feel secure when visiting our website with regard to the protection of your data. Because we take this very seriously. It goes without saying that we comply with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act („Bundesdatenschutzgesetz“ – BDSG) and the Telecommunications Telemedia Data Protection Act („Telekommunikation-Telemedien-Datenschutz-Gesetz“ – TTDSG).
As part of our information obligations, we would like to make this privacy statement as transparent as possible. To this end, we set out below the purpose limitation of the processing of your data, the use of cookies, tracking/analysis tools, social media and other third-party services and inform you about your rights.
If, despite the following data protection information, any questions regarding the handling of your personal data remain unanswered, you are welcome to contact us or our data protection officer (see below for contact details).
1. Responsible entity
The
Luitpoldhütte GmbH
represented by Olivier Babilon and Frank Schild
Sulzbacher Straße 121
92224 Amberg
Germany
Phone: +49 9621 640-0
E-mail: info@luitpoldhuette.de
is as operator of this website (https://www.luitpoldhuette.de/) responsible body (controller) within the meaning of the GDPR, which alone or jointly with others determines the purposes and means of the processing of personal data, hereinafter “data”.
2. Definitions
To ensure that our data protection declaration is easy for you to read and understand, we will explain the terms used in advance.
“Personal data” is, according to Article 4 No. 1 GDPR, any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as name, address, telephone number, e-mail address, IP address, location data or specific characteristics such as the genetic, economic and social identity of that natural person).
According to Article 4 No. 2 GDPR, “processing” means any operation or set of operations which is performed upon data, whether or not by automatic means. This includes, in particular, collection, recording, organization, classification, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment, combination, restriction, erasure or destruction.
According to Article 4 No. 11 GDPR, “consent” of the data subject means any freely given, specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
According to Article 4 No. 8 GDPR, a “processor” is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
According to Paragraph 2 (2) No. 6 TTDSG, a “terminal device” is any device connected directly or indirectly to the interface of a public telecommunications network for sending, processing or receiving messages (for example, a desktop PC, a cell phone or a tablet PC).
With regard to the other data protection terms used, we refer to the definitions of Article 4 GDPR.
3. Scope of the processing of personal data
In principle, it is not necessary for you to provide data in order to use our website. In certain cases, however, we need your name and address as well as other information so that we can provide the requested services.
The same applies, for example, to the sending of information material and ordered goods or to answering individual questions. Where this is necessary, we will inform you accordingly. In addition, we only process data that you provide to us voluntarily and, where applicable, data that we automatically collect when you visit our website.
If you make use of services, we generally only collect data that we need to provide the services. If we ask you for further data, it is voluntary information.
4. Purpose limitation of the processing of personal data
We process the data you provide in accordance with the principles of data economy and purpose limitation (Article 5 (1) (b) and (c) GDPR). The purpose limitation principle means that data is collected for specified, explicit and legitimate purposes and may not be further processed in a manner incompatible with those purposes. Further processing for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes is not considered incompatible with the original purposes.
In principle, we process your data for the purpose of answering your inquiries, processing your orders or providing you with access to certain information or offers. In order to maintain customer relations, it may also be necessary for us or a third party commissioned by us to use this data to inform you about product offers or to conduct online surveys to better meet the tasks and requirements of our customers.
We will process the data you provide online only for the purposes disclosed to you.
5. Legal bases for the processing of personal data
In principle, any processing of personal data is prohibited by law (Article 5 (1) (a) GDPR in conjunction with Article 6 (1) (1) GDPR, so-called legal prohibition with reservation of permission). Data processing is only permitted if it falls under one of the following permissions:
Insofar as we obtain your consent for data processing operations, the consent pursuant to Article 6 (1) (1) (a) GDPR constitutes the legal basis for the processing of your data. In the case of special categories of personal data within the meaning of Article 9 (1) GDPR (for example, health data), Article 9 (2) (a) GDPR is also the relevant legal provision.
When processing data that is necessary for the fulfillment of the requested service, we invoke Article 6 (1) (1) (b) GDPR as the legal basis.
Insofar as data processing is necessary for the fulfillment of a legal obligation to which our company is subject, Article 6 (1) (1) (c) GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) (1) (f) GDPR forms the legal basis for the processing.
In the further course of our data protection declaration, we list the relevant legal basis for each individual data processing operation. The processing may also be based on several legal bases.
6. Legal basis for storing information in the end user’s terminal equipment or accessing information already stored in the terminal equipment
The storage of information in the end user’s terminal equipment or access to information already stored in the terminal equipment is only permitted if it is covered by one of the following permissions:
- Paragraph 25 (1) TTDSG: If the end user has consented on the basis of clear and comprehensive information.
- Paragraph 25 (2) No. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network.
- Paragraph 25 (2) No. 2 TTDSG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.
In the further course of our data protection statement, we list – where necessary – the relevant legal basis in each case.
7. Data deletion and storage duration
Unless a more specific retention period is listed in our Privacy Policy, it is determined by the following rules:
We only store your data until the purpose has been fulfilled and no other legal storage obligations exist (for example, storage obligations under commercial or tax law).
If you have given us your consent, we will store your data until you revoke your consent, provided there is no other legal basis for processing your data and no legal retention periods prevent deletion.
In addition, in individual cases, for example for evidentiary purposes, longer storage may be indicated for the defense or enforcement of civil or public law claims.
8. Disclosure of data to third parties
Your data will only be passed on to third parties in exceptional cases,
- to external service providers acting on our behalf (order processors) if this is necessary for the purpose of implementing the contractual relationship,
- to companies affiliated with us, insofar as this is necessary for the fulfillment of contractual obligations,
- to state institutions and authorities if we are legally obliged to do so or
- if you consent to this.
We conclude the corresponding agreements on commissioned processing with the commissioned processors on the basis of Article 28 GDPR. The service companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of the GDPR and the BDSG. The data passed on may only be used by our service providers to fulfill their task. Any other use of the information is not permitted and does not take place with any of the service processors entrusted by us.
The transmission and further processing of data to institutions and authorities entitled to receive information will only take place within the framework of the relevant laws or if we are obliged to do so by a court decision.
Beyond this, we do not pass on any data to third parties unless you have expressly consented to this.
Of course, we will respect your wishes if you do not want to provide us with your data to support our customer relationship (especially for direct marketing or market research purposes). We will neither sell your data to third parties nor market it in any other way unless you have given us your consent to do so.
9. Data transfers to a third country
If, in the context of using third-party services, data is disclosed or transferred to third parties in a third country, i.e. outside the European Union or the European Economic Area, and data is further processed, this will only be done on the basis of your consent, a legal obligation, our legitimate interests or if it is necessary for the fulfillment of our (pre-)contractual obligations. Subject to legal or contractual permissions, we will only process data or have data processed in a third country if the special requirements of Article 44 et seq. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the European Union or compliance with officially recognized special contractual obligations (for example, standard contractual clauses for the transfer of personal data to third countries, so-called “EU standard contractual clauses” or “standard contractual clauses – SCC”). Where applicable, a transfer of personal data to third countries or to international organizations will exceptionally take place based on your explicit consent pursuant to Article 49 (1) (1) (a) GDPR. If this is the case, we will point this out to you once again in our data protection declaration – explaining the existing possible risks of such data transfers.
10. Data collected automatically when you visit our website
When using our website, the following data may be automatically processed in so-called server log files (log files) for organizational and technical reasons:
- the names of the visited Internet pages,
- the sub-websites that are accessed via an accessing system on our website,
- the website from which an accessing system arrives at our website (so-called referrer),
- the browser you use (type and version),
- the operating system you are using,
- the date and time of access to the website,
- the search engines used,
- the names of downloaded files,
- the Internet Protocol (IP) address and
- the Internet service provider of the accessing system
- other similar data and information that serve the defense against dangers in the event of attacks on our information technology systems.
When processing this data, we do not draw any conclusions about the data subject. Rather, the information serves the purpose,
- to deliver the website content in a technically correct manner,
- to optimize the website content as well as the advertising for it,
- to ensure the long-term functionality of our information technology systems and the technology of our website, and
- Provide law enforcement authorities with the information necessary for prosecution (for example, in the event of a cyberattack).
The data and information collected are therefore only evaluated statistically and with the aim of increasing data protection and data security, in order to ultimately ensure an optimal level of protection. The data and information of the server log files are also stored separately from any data provided by a data subject.
Our overriding legitimate interests according to Article 6 (1) (1) (f) GDPR form the legal basis for the collection and evaluation of the server log files. Our interest as the operator of this website to collect them for the reasons mentioned above outweighs your interest in not collecting the data. The decisive factor for this balancing result is that logging promotes technical data protection and the intrusion resulting from its use is of low intensity. Furthermore, the data is collected for the purpose of fulfilling contracts with our potential and existing customers. The legal basis for this is Article 6 (1) (1) (b) GDPR.
11. Web hosting
Our website is hosted by an external service provider (so-called web hoster or hosting provider).
Our hosting provider for this website is:
Droptop GmbH
Am Grashorn 8
14548 Schwielowsee
Germany
Therefore, the data collected when visiting our website is stored on the servers of the hosting provider. This is mainly data that is automatically collected when visiting the website (see above). Our hosting provider will only process the data to the extent necessary to fulfill its service obligations. This provider is subject to our instructions regarding the provision of its services. To ensure the rights and obligations under data protection law, a contract on commissioned processing in accordance with Article 28 GDPR has been concluded with this provider.
We use the hosting provider to offer you our website. Through this, we guarantee you a secure and fast online experience through a professional service provider. Namely, the hosting provider has the necessary resources and expertise.
Our overriding legitimate interests pursuant to Article 6 (1) (1) (f) GDPR form the legal basis for the use of the hosting provider. Our interest as the operator of this website in using a web hoster for the reasons stated above outweighs your interest in not using one. The decisive factor for this balancing result is that this promotes technical data protection and the intrusion resulting from its use is of low intensity. Furthermore, the use of a hosting provider is for the purpose of fulfilling contracts with our potential and existing customers. The legal basis for this is Article 6 (1) (1) (b) GDPR.
12. Cookies
When you visit our website, we may store information on your terminal equipment in the form of a cookie. Cookies are small text files that are sent from a web server to your browser and stored on the data carrier of your terminal equipment.
Some cookies are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal equipment and allow your browser to be recognized the next time you visit (so-called permanent cookies or persistent cookies). Permanent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. However, you can also delete them yourself or have them deleted automatically by your browser.
If cookies are set, they process certain user information such as browser and location data as well as IP address values to an individual extent. The purpose and functionality of the individual cookies varies, which is why these contents may be shown to you again separately in our privacy policy.
The cookies we use do not usually store any of the user’s personal data other than the IP address. This information is used to automatically recognize you the next time you visit our website and to facilitate navigation.
Cookies from third parties (so-called third-party cookies) may also be stored on your terminal device when you visit our website. These enable you or us to use a certain service of the third party.
Of course, you can also view our website without cookies. If you do not want us to recognize your terminal device, for example, you can prevent cookies from being stored on your data carrier by activating the “do not accept cookies” function in your browser settings. Please refer to the operating instructions of your browser manufacturer for details on how this works. If you do not accept cookies, however, this may lead to functional restrictions of our offers.
Cookies that are necessary for the technically error-free and optimized provision of our services (so-called “technically necessary cookies” such as for a shopping cart function or a real-time chat) are stored on your terminal device on the basis of Paragraph 25 (2) No. 2 TTDSG. Consent on your part is not required for this. Any subsequent data processing, on the other hand, is based on Article 6 (1) (1) GDPR. As a rule, we have an overriding legitimate interest in processing the information of the technically necessary cookies in order to provide you with our website in an error-free and optimized manner (Article 6 (1) (1) (f) GDPR). Depending on the cookie use, however, other legal bases may also be relevant, which is why we may present these to you separately for each cookie used in our privacy policy. In the case of technically unnecessary cookies (so-called “optional cookies”), access to your terminal equipment only takes place if you have given us your consent in accordance with Paragraph 25 (1) TTDSG. The subsequent data processing, if any, is also based on your consent pursuant to Article 6 (1) (1) (a) GDPR.
If we use third-party cookies or optional cookies on our website, we will inform you about this in detail in the further course of our data protection declaration.
13. Your inquiries by e-mail, telephone or fax
13.1 Contact
If you contact us by e-mail, telephone or fax, the data you provide will be processed. We use this data to be able to process your request. The processing of the data is based on your consent in accordance with Article 6 (1) (1) (a) GDPR. However, depending on the circumstances, the processing of the data may also be based on Article 6 (1) (1) (b) GDPR (fulfillment of pre-contractual or contractual obligations) or on Article 6 (1) (1) (f) GDPR (overriding legitimate interest in the effective and efficient processing of your request).
As soon as the respective conversation with you has ended and the facts concerned have been conclusively clarified, we will delete the data accruing in this context. Mandatory legal provisions, such as statutory retention obligations, remain unaffected.
We would like to point out that data transmission via e-mail is generally not encrypted. A (complete) protection of the data can therefore not be guaranteed with this type of contact.
13.2 Passing on data to service companies
We use various services of third parties for the operation and optimization of our website and our services and for the execution of contracts. In this context, it is necessary that the data required for the fulfillment of tasks, in particular for central IT services or the hosting of our website as well as for the payment and delivery of products, are passed on to them.
When passing on your data, we always ensure the highest possible level of security. We assure you that the third parties involved have been carefully selected by us beforehand and are contractually obligated. Insofar as a third party is active for us by way of commissioned processing (for example, for hosting the website), we ensure that appropriate data protection precautions and data security measures have been agreed with the third parties commissioned by us.
We pass on the personal data necessary for the delivery of ordered goods, such as first name, last name, address to logistics companies and the parcel / postal service provider specified in the order, such as DHL, DPD, UPS and Hermes. This is necessary in particular for the fulfillment of contracts and to protect our legitimate interests or those of a third party (Article 6 (1) (1) (b) and (f) GDPR).
In addition, we transmit the data provided during the order process to payment service providers or to a financing bank for their own use in the processing of the contract, if applicable.
During payment, we do not collect and store any payment transaction information such as credit card numbers or bank details. You only provide this information directly to the respective payment service provider.
14. Application procedure
14.1 Scope of data processing
You have the opportunity to view job postings on our website and then apply for them.
For your participation in the application process, it is necessary to provide data. This data includes, among other things, identification data such as first name, last name, date of birth, contact data such as address, telephone number or e-mail address, as well as data relating to your educational and/or professional background, such as school and work certificates, data on apprenticeships, internships or previous employers. This data may originate from an application form to be completed by you online on the application platform or from documents provided by you, such as a cover letter, a resume, an application photo, certificates or other evidence of professional qualifications. Data that is absolutely necessary for participation in the application process is marked accordingly as mandatory data.
We will only pass on the data to persons who are involved in processing your application.
Insofar as no third-party provider is named in this data protection declaration whose service we use to provide the online application function, no data is passed on to third parties.
14.2 Purpose and legal basis of data processing
We process the above data for the purpose of carrying out the application process. If you have given us your consent, the legal basis for the processing of the data is Article 6 (1) (1) (a) GDPR. You may revoke your consent at any time with effect for the future. However, insofar as the processing of the above data is carried out for the purpose of initiating an employment relationship/contractual relationship, the legal basis of the data processing is Article 88 (1) GDPR in conjunction with Paragraph 26 (1) BDSG or Article 6 (1) (1) (b) GDPR.
14.3 Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event that an employment relationship, training relationship, internship or other service relationship is established following the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process ends with the receipt of a rejection. In this case, the data will be deleted after six months. Deletion does not take place if further processing and storage of your personal data is necessary in individual cases for the assertion, exercise or defense of legal claims. In this case, we have an overriding legitimate interest in the further processing and storage of your data. The legal basis for this is Article 6 (1) (1) (f) GDPR. Deletion will also not take place if we are obliged to continue storing your personal data due to legal regulations (Article 6 (1) (1) (c) GDPR).
14.4 Revocation and objection
You can revoke any consent given to us at any time with effect for the future. You can object to the processing of your data at any time. In particular, you have the option to withdraw your application. As part of the application process, you should only provide us with the data that is required for participation in the application process and its implementation. There is no legal or contractual obligation to provide data. However, we would like to point out that without this data we will not be able to carry out the application process and consider your application. The same applies in the event of an objection to the processing of your data. You can have the data stored about you changed at any time.
15. Use of audio and video conferencing systems
We use audio and video conferencing systems in particular for direct communication.
If you communicate with us via an audio or video conferencing system via the Internet, your data will be collected and processed by us and the provider of the respective audio and video conferencing system.
The audio and video conferencing systems collect all data that you provide for use (e-mail address and/or your telephone number). Furthermore, the systems process the conference duration, start and end (time) of participation in the conference, number of participants and other contextual information related to the communication process (metadata). Furthermore, the audio and video conferencing system provider processes all technical data required to handle the communication (for example, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection). Insofar as content is exchanged, uploaded or otherwise made available within the audio and video conferencing system, this is also stored on the servers of the providers. Such content includes, for example, cloud recordings, chat messages, uploaded photos and videos, files, whiteboards and other information shared while using the service.
The data collected directly by us via the audio and video conferencing systems will be deleted by us as soon as you request us to do so, revoke your consent to storage, or the purpose for storing the data no longer applies. However, statutory retention periods remain unaffected. Any cookies stored will remain on your terminal equipment until you delete them yourself. We have no influence on the storage period of your data, which is stored by the providers of audio and video conferencing systems for their own purposes. Details about the collection and storage of your data as well as the type, scope and purpose of its use by the providers are described by them in their own privacy statements (see below). Please note that we do not have full influence on the data processing operations of the audio and video conferencing systems used.
The data collected about you in this context will be processed by the providers of the audio and video conferencing systems and, where applicable, transferred to countries outside the European Union, in particular the United States of America (USA). According to their own statements, the providers named below – insofar as they are not originally European companies – maintain an appropriate level of data protection. We have concluded the standard data protection clauses with the companies for this purpose. However, it cannot be ruled out that U.S. authorities may access the data stored by the providers. The United States of America is currently considered a third country from a data protection perspective. You do not have the same rights there as within the European Union. You may not be entitled to any legal remedies against access by authorities.
We use the audio and video conferencing systems to communicate with prospective or existing contractual partners or to offer certain services to our customers. The legal basis for the associated data processing is Article 6 (1) (1) (b) GDPR. Furthermore, the use of audio and video conferencing systems serves to simplify and accelerate communication with us or our company. This constitutes an overriding legitimate interest within the meaning of Article 6 (1) (1) (f) GDPR. Insofar as consent has been requested, the audio and video conferencing systems in question are used on the basis of this consent (Article 6 (1) (1) (a) GDPR). This can be revoked at any time with effect for the future.
We would like to outline below which audio and video conferencing system providers we use.
15.1 TeamViewer
For audio and video conferences we use the remote maintenance software “TeamViewer”.
“TeamViewer” is operated by TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany (https://www.teamviewer.com/de/).
You can find more information about “TeamViewer” at https://www.teamviewer.com/de/datenschutzinformation/ (Privacy information)
15.2 Microsoft Teams
For audio and video conferences we use “Microsoft Teams”.
“Microsoft Teams” is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, United States of America (USA).
You can find more information about “Microsoft Teams” at https://privacy.microsoft.com/de-de/privacystatement (Privacy Center)
16. Appearances in social networks (social media)
We maintain publicly accessible profiles on social networks.
On our website, you may also find a link to these profiles. However, unless otherwise stated in our privacy policy, this is merely a link to the external websites. Unlike so-called social media plug-ins, for example, the integration of the hyperlink on our website does not yet process any data of the website visitors in relation to the social networks. In contrast, calling up and visiting the profile by activating the link initiates a number of data processing processes.
We maintain social media profiles in order to communicate with users and interested parties and to present information about us. This enables us to better align our products and services with the needs of interested parties. In addition, we want to meet you in the virtual place and communicate with you where you already feel comfortable and know your way around. This improves the overall communication between you and us.
For this purpose, we make use of the technical platform and services of third-party providers. Since the providers of the social networks – in addition to us – pursue their own purposes, we are considered joint controllers under data protection law in accordance with Article 26 GDPR. We would like to point out that you use our social media profiles and their functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, commenting and sharing). When you visit our profiles, the providers of the social media platforms collect, among other things, your IP address and other information that is present in the form of cookies on your terminal equipment. This information is used to provide us, as the operator of the social media profile, with anonymized statistical information about the interaction with our profile. We use the statistics to improve your experience when visiting our social media presence. However, we do not have access to the usage data that the social network provider collects to create these statistics.
When visiting our profiles, your data will be collected, used and stored not only by us, but also by the operators of the respective social network due to joint responsibility. This happens even if you yourself do not maintain a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network. If you are logged into the platform in your profile, it is possible to regularly track how you have moved around the Internet via a cookie on your terminal equipment. Via social media plugins integrated into websites (for example, a Like button), it is also possible for the platforms to record your visits to these websites and assign them to your respective profile. Based on this data, user profiles can be created and content tailored to you or advertising content relevant to you can be offered by the platform operators. If you wish to avoid this, you should log out or deactivate the “stay logged in” function, delete the cookies present on your terminal equipment and restart your browser. We do not know in detail how the social media platforms use the data for their own purposes, how long this data is stored and whether data is passed on to third parties. To our knowledge, the platform providers will primarily use the data obtained to improve the platform’s own advertising system. Data processing may differ depending on whether you are registered and logged in to the social network or visit our profile as a non-registered and/or non-logged-in user. Details about the collection and storage of your data as well as the type, scope and purpose of its use by the operator are described by the providers in their own privacy statements (see below). Furthermore, you will also find information there about contact options as well as about the settings options for advertisements.
The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the United States of America (USA). The providers listed below – insofar as they are not originally European companies – maintain an appropriate level of data protection according to their own statements. We have concluded the standard data protection clauses with the companies for this purpose. However, it cannot be ruled out that U.S. authorities may access the data stored by the platform providers. The United States of America is currently considered a third country from a data protection perspective. You do not have the same rights there as within the European Union. You may not have any legal remedies against access by authorities.
In contrast, we as a user of a social media profile only process – apart from the anonymized statistical evaluation of profile visits (see already above for this) – the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by e-mail or via the social network messaging system, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for processing your data on the social media platform is – depending on the facts and context – Article 6 (1) (1) (a), (b) or (f) GDPR. Our legitimate interest lies in particular in presenting our products and services in a promotionally effective manner and communicating effectively and efficiently with you. The data processing operations carried out by the social networks may be based on different legal bases. These must be disclosed to you separately by the respective operator. Access to your terminal equipment – in particular through the use of cookies – is governed by Paragraph 25 (1) or (2) No. 2 TTDSG. You can find more details about the cookies or comparable technologies used in the privacy policy or cookie policy of the respective providers of the social networks (see below). You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks (for example, to respond to your inquiry). These functionalities will not be available to you or only to a limited extent if you do not provide us with your data.
To exercise your data subject rights, you can contact both us or the provider of the social media platform. To the extent that one party is not responsible for responding or must receive the information from the other party, we or the provider will forward your request to the respective partner. Please contact the social media platform provider directly for questions about profiling, processing of your data when using the social network. For questions about the processing of your interaction with us, write to the contact details we provide. Please note that despite the joint responsibility, we do not have full influence on the data processing procedures of the operators of the social networks.
For more information on social networks and how you can protect your data, visit www.youngdata.de. Youngdata is the youth portal of the independent data protection authorities of the federal and state governments, as well as the canton of Zurich.
In the following, we would like to explain which profiles we maintain with which providers. If you would like to visit our social media profiles, you can find the exact locations in the imprint of our website. We have linked the social media profiles there accordingly.
16.1 Facebook
We use the social network “Facebook”.
“Facebook” is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (https://www.facebook.com/).
You can find more information on the social network “Facebook” at
- https://www.facebook.com/policies/cookies (Cookie Policy)
- https://www.facebook.com/privacy/policy (Privacy Policy)
- https://www.facebook.com/adpreferences (setting options)
- https://www.facebook.com/help/contact/540977946302970 (contact possibility of the contact person for data protection)
- https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 (EU standard contractual clauses)
- https://www.facebook.com/legal/terms/page_controller_addendum (Joint Processing Agreement)
16.2 Instagram
We use the social network “Instagram”.
“Instagram” is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (https://www.instagram.com/).
You can find more information on the social network “Instagram” at
- https://help.instagram.com/155833707900388 (Data Policy)
- https://privacycenter.instagram.com/policy (Privacy Policy)
- https://help.instagram.com/811572406418223/?helpref=uf_share (setting options)
- https://help.instagram.com/contact/713679366292426 (contact possibility of the contact person for data protection)
- https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381 (EU standard contractual clauses)
- https://www.facebook.com/legal/terms/page_controller_addendum (Joint Processing Agreement)
16.3 LinkedIn
We use the social network “LinkedIn”.
“LinkedIn” is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/).
You can find more information about the social network “LinkedIn” at
- https://www.linkedin.com/legal/cookie_policy (Cookie Policy)
- https://www.linkedin.com/legal/privacy-policy (Privacy Policy)
- https://www.linkedin.com/help/linkedin/answer/a1342443/manage-advertising-preferences?lang=en (Setting options)
- https://www.linkedin.com/help/linkedin/ask/TSO-DPO (contact possibility of the contact person for data protection)
- https://de.linkedin.com/legal/l/dpa (EU standard contractual clauses)
- https://de.linkedin.com/legal/l/dpa (Shared Responsibility Agreement)
16.4 YouTube
We use the social network “YouTube”.
“YouTube” is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (https://www.youtube.com/).
You can find more information on the social network “YouTube” at
- https://policies.google.com/privacy?hl=de (Privacy Policy)
- https://policies.google.com/technologies/cookies?hl=de (Cookie Policy)
- https://safety.google/privacy/privacy-controls/ (setting options)
- https://support.google.com/policies/contact/general_privacy_form (contact possibility of the contact person for data protection)
- https://policies.google.com/privacy/frameworks?hl=de (EU standard contractual clauses)
16.5 XING
We use the social network “XING”.
“XING” is operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (https://www.xing.com/).
You can find more information about the social network “XING” at
- https://privacy.xing.com/de/datenschutzerklaerung/druckversion (Privacy Policy)
- https://privacy.xing.com/de/ihre-privatsphaere (Setting options)
- https://www.xing.com/support/contact (contact possibility of the contact person for data protection)
- https://privacy.xing.com/ (Shared Responsibility Agreement)
17. Children and teenagers
Our website is aimed exclusively at potential applicants, customers, interested parties as well as business partners and representatives of the press.
Persons under the age of 16 should not transmit any data to us without the consent of their legal representatives (usually parents or guardians). We do not request data from children and young people who have not yet reached the age of 16. We do not collect these and do not pass them on to third parties.
18. Security of your data
We have taken technical and organizational security measures in accordance with legal requirements to protect your data from loss, destruction, manipulation and unauthorized access.
The security measures include in particular the encrypted transmission of data between your browser and our server. This website uses TLS encryption for security reasons and to protect the transmission of confidential content such as requests that you send to us as the site operator. You can recognize an encrypted connection in particular by the fact that the address line of your browser changes from “http://” to “https://” and by the padlock symbol. If TLS encryption is activated, data that you transmit to us cannot be read by third parties.
All of our employees and all persons involved in data processing, as well as the service companies commissioned by us, are obligated to comply with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other laws relevant to data protection, as well as to handle data confidentially.
Our security measures are regularly reviewed and continuously revised in line with technological developments.
19. Existence of automated decision making
As a responsible company, we do not use automatic decision-making or profiling.
20. Data subject rights
If we process your data, you have extensive rights as a data subject. You can assert these against us at any time. You will find the necessary contact details at the beginning of our data protection declaration. In the following, we would like to present your data subject rights to you in detail.
20.1 Revocation of consents
If you have given us your consent to the processing of your data, you can revoke your consent at any time with effect for the future in accordance with Article 7 (3) (1) GDPR. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
These statements also apply to consent pursuant to Paragraph 25 (1) TTDSG.
20.2 Right to information
You can obtain information about your data processed by us at any time within the scope of Article 15 GDPR. In particular, you can request information about the purposes of processing, the categories of data processed, categories of possible recipients and the planned storage period.
20.3 Right to rectification
You are entitled to request a correction or completion of your data stored by us in case of inaccuracy of the data within the scope of Article 16 GDPR.
20.4 Right to deletion
Within the scope of Article 17 GDPR, you can demand the erasure of the data if the storage of the data is no longer necessary and there is no other legal basis for the processing. In addition, you may request erasure if you have objected to the processing and there are no overriding legitimate grounds for further processing of your data and if your data has been processed unlawfully or if there is a legal obligation to erase it under European or national law.
20.5 Right to restriction of processing
In addition, you have a right to restriction of processing within the scope of Article 18 GDPR,
- if you dispute the accuracy of the data for a period of time that allows the data controller to verify the accuracy of the data,
- if the processing is unlawful but you refuse to erase the data,
- the purpose of the processing has ceased to exist, but the data are necessary to assert your legal claims, or
- if you have objected in accordance with Article 21 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your interests.
20.6 Right to data portability
Within the scope of Article 20 GDPR, you have the right to receive the data concerning you in a common, structured and machine-readable format (data portability). In addition, you can, under certain conditions, obtain that your data is transferred directly from a responsible party, insofar as this is technically possible.
20.7 Right of objection
You have the right to object to the use of your data for the above-mentioned purposes at any time (Article 21 GDPR). This is possible insofar as the objection is directed against direct advertising or there are reasons for this that arise from your particular situation. In the case of objection to direct advertising, you have a general right of objection, which is implemented by us without specifying a particular situation.
20.8 Right of complaint to the supervisory authority
In addition, we would like to point out that – without prejudice to any other administrative or judicial remedy – you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you consider that the processing of data relating to you infringes the GDPR.
A current list of supervisory authorities (for the non-public sector) with address can be found at www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The supervisory authority for data protection responsible for us is:
Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht)
Promenade 18
91522 Ansbach
Phone: +49 981 180093-0
E-mail: poststelle@lda.bayern.de
Website: lda.bayern.de
21. Whistleblowing system
21.1 External service provider, technical execution
The external service provider Formalize ApS, Kannikegade 4, 1., DK-8000 Aarhus C, Denmark handles the technical implementation of the whistleblowing system for us.
21.2 Processing of personal data
The whistleblower system Formalize ApS can generally be used without you providing your personal data, insofar as this is legally permissible. However, you can voluntarily disclose your personal data as part of the whistleblowing procedure. The disclosure of your personal data relates to information about your identity, e.g. your first name and surname, your country of residence, your telephone number and e-mail address.
In general, we do not process any special categories of personal data. These are also referred to as sensitive data or data requiring special protection, e.g. information about your ancestry or ethical background, your religious and/or ideological beliefs, your membership of trade unions or your sexual orientation. However, you can voluntarily disclose the aforementioned sensitive data in the free text fields of the registration form.
Your report via the whistleblower system may contain personal data of third parties if you refer to them. The data subjects will be given the opportunity to comment on this information. In this case, we will inform the data subjects of your statement within the report. However, we will ensure confidentiality, as the data subject will not receive any information about your identity, to the extent permitted by law. Your details will therefore be used while maintaining your anonymity.
21.3 Purpose and legal basis of the processing
You can contact us via the whistleblower system Formalize ApS to report compliance and legal violations. We process your personal data to review your report via the whistleblower system Formalize ApS and to investigate suspected compliance and legal violations. In this context, we may have questions for you. For this purpose, we will only communicate with you via the whistleblower system Formalize ApS – unless you have expressly consented to other communication platforms. The confidentiality of the information you provide is a top priority for us and is therefore guaranteed.
Your personal data will be processed in accordance with and based on your consent when reporting via the whistleblower system Formalize ApS Art. 6 para. 1 lit. a) GDPR. Furthermore, we process personal data insofar as this is necessary to fulfill our legal obligations, Art. 6 para. 1 lit. c) GDPR. This applies to the reporting of matters relevant under criminal law, competition law and labor law. Your personal data will also be processed if the processing is necessary to protect the legitimate interests of the controller, Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the processing of personal data to prevent and detect breaches within the controller, to check the legality of internal procedures and to protect our integrity.
If you, as a user of the whistleblowing system Formalize ApS, provide us with special categories of personal data (e.g. sensitive data), we process these based on your consent, Art. 6 para. 1 lit. a) GDPR. In addition, we use your personal data anonymously for statistical purposes.
We intend to use your personal data only for the aforementioned purposes. Otherwise, we will obtain your consent before processing your personal data.
21.4 Technical design and data security
The whistleblower system Formalize ApS offers the possibility of confidential communication via an encrypted connection. Your IP address and your current location will not be stored at any time when you use the whistleblowing system. After sending a message, e.g. an initial report, you will receive access data to the electronic mailbox of the whistleblower system Formalize ApS so that you can continue to communicate with us in a secure manner.
We take appropriate technical and organizational measures to ensure data protection and confidentiality and we continuously adapt these to ongoing technical developments. The data you provide is also stored in a specially secured database at Formalize ApS. Formalize ApS encrypts all data stored in the database in accordance with the current state of the art.
21.5 Disclosure of personal data
The stored data can only be processed by specially authorized persons within the responsible body. A responsible body can be a company. All persons authorized to examine data expressly undertake to maintain confidentiality.
To fulfill the aforementioned purpose, it may be necessary for us to share your personal data with external entities within or outside the European Union, such as law firms or law enforcement or competition authorities.
If we pass on your personal data within the controller or externally, internal data protection regulations and/or corresponding contractual agreements ensure a uniform level of data protection. In such a case, we remain responsible for the data processing.
We also pass on your personal data to Formalize ApS to the extent described above as part of the technical execution. To legitimize this data transfer and ensure data protection, we have concluded the necessary contract for order processing with the service providers concerned in accordance with Art. 28 GDPR. If you have any questions about this, please contact the email address below and our external data protection officer.
21.6 Duration of storage
We store personal data for as long as this is necessary for the processing of the notification or for as long as we have a legitimate interest in storing your personal data. Data may also be stored to comply with legal obligations, e.g. to fulfill storage obligations, if this is provided for under European or national law. All personal data will then be deleted, blocked or anonymized.
22. Questions, suggestions, complaints to the data protection officer
If you have any questions about our privacy policy or the processing of your data, you can contact our data protection officer directly:
Costard Law Office
Law firm for IT law and data protection
Attorney at Law Thomas P. Costard
EUROCOM Business Park
Lina-Ammon-Straße 9
90471 Nuremberg
Phone: +49 911 7903034
Fax: +49 911 7903035
E-mail: info@it-rechtsberater.de
Website: www.it-rechtsberater.de
He is also available as a contact person in the event of requests for information, suggestions or complaints.
23. Change to our privacy policy
We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In these cases, we will also adapt our data protection notices accordingly. Therefore, please note the respective current version of our data protection declaration. The current status is August 2024.