The protection of your data is important to us

We are pleased about your interest in our company and our products or services and would like you to feel safe when visiting our Internet pages, also with regard to the protection of your personal data. Because we take the protection of your personal data very seriously. It goes without saying that we comply with the provisions of the Basic Data Protection Regulation and the BDSG-New.

We want you to know when we collect which data and how we use them. We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers commissioned by us.

Data collection on this website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. His contact details can be found in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter this website.

How do we use your data?

Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.

Analysis tools and third-party tools

When you visit this website, your surfing behaviour can be statistically evaluated. This is mainly done with cookies and with so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you.

You can object to this analysis or prevent it by not using certain tools. You can find detailed information about these tools and about your options to object to them in the following data protection declaration.

External Hosting

This website is hosted by an external service provider (Hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website. The use of the hoster is for the purpose of fulfilling a contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

Conclusion of a contract on order processing

In order to guarantee data protection compliant processing, we have concluded a contract for order processing with our host.

Personal data

Personal data is information about your identity. This includes information such as name, address, telephone number, e-mail address. This information is always processed in accordance with the requirements of the basic data protection regulation and other data protection regulations applicable to our company.

In principle, it is not necessary for you to disclose personal data in order to use our website. In certain cases, however, it may be necessary to process personal data, for example in order to provide the services you have requested.

The same applies, for example, to the sending of information material and ordered goods or to answer individual questions. Where this is necessary, we will inform you accordingly.

If there is no legal basis for processing this personal data, we will obtain your corresponding consent.

In addition, we only store and process data that you provide us voluntarily and, if applicable, data that we automatically collect when you visit our Internet pages (e.g. your IP address and the names of the pages you visit, the browser and operating system you use, date and time of access, search engines used, names of downloaded files).

If you make use of services, as a rule only such data is collected as we need to provide the services. If we ask you for further data, this information is voluntary. Personal data is processed exclusively for the purpose of providing the requested service and to protect our own legitimate business interests.

Data that can be processed when you visit our website:

  • Master data (names, addresses, etc.)
  • Content data (texts, photos, videos, etc.)
  • Contact data (e-mail, phone numbers, etc.)
  • Metadata (IP addresses, device information, etc.)
  • Usage data (visited contents, access times, etc.)

Affected persons are the users of our online offer.

Name and address of the person responsible

The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the EU member states and other data protection regulations is

Fondsdepot Bank GmbH
Windmühlenweg 12, 9503 Hof, Germany
Phone: +49 (0) 9281 7258 0
e-mail: datenschutz(at)fondsdepotbank.de

Kontaktdaten des Datenschutzbeauftragten

The contact details of our data protection officer are as follows:

Mr. Mario Arndt,
DEUDAT GmbH, Zehntenhofstr. 5b, 65201 Wiesbaden
Phone: +49 611 950008-32
Fax: +49 611 950008-5932
e-mail: kontakt(at)deudat.de

Our data protection officer is available at any time to answer all your questions and suggestions regarding data protection.

Purpose of the personal data

We use the personal data provided by you to answer your inquiries, process your orders or provide you with access to certain information or offers. In order to maintain customer relations, it may also be necessary for us or a service company commissioned by us to use this personal data to inform you about product offers or to conduct online surveys in order to better meet the tasks and requirements of our customers.

Of course, we will respect your wishes if you do not wish to provide us with your personal data to support our customer relationship (especially for direct marketing or market research purposes). We will neither sell your personal data to third parties nor market them in any other way.

Earmarked use

We will collect, process and use the personal data you provide online only for the purposes communicated to you. Your personal data will not be passed on to third parties without your express consent.

Surveys of personal data and their transmission to state institutions and authorities entitled to receive information are only carried out within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to maintain secrecy and to comply with the provisions of the basic data protection regulation.

Data that is automatically collected when you visit our website

When you use our Internet pages, the following data is stored for organisational and technical reasons: the names of the pages you call up, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files and your IP address.

The information collected is needed to deliver the contents of our website correctly. In addition, we evaluate this technical data anonymously and only for statistical purposes in order to continuously optimize our Internet presence and to make our Internet offers even more attractive, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This data is stored separately from other personal information on secure systems. Conclusions about individual persons are not drawn. Information from log files is stored for a period of seven days and deleted immediately after the storage period has expired. Should storage beyond this period become necessary, for example for reasons of evidence, this data is excluded from deletion until the respective matter has been settled. The processing is based on our legitimate interest in an efficient and secure provision of our website in accordance with Art. 6 para. 1 lit. f. in conjunction with Art. 28 DSGVO.

Contact details

Due to legal regulations, our website contains information that enables rapid electronic contact with us and direct communication with us. This includes the indication of an e-mail address as well as a contact form if necessary. The user's details are processed in accordance with Art. 6 Para. 1 lit. b DSGVO.

If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically. This data, which you have voluntarily provided to us, is stored for the purpose of processing your request or contacting you, and then deleted immediately. The data will not be passed on to third parties.

Deletion and limitation of processing of personal data

We process personal data of data subjects in accordance with Art. 17 and 18 DSGVO only as long as it is necessary to achieve the underlying purpose or as long as it is provided for by legal regulations to which our company is subject. If the purpose of storage is no longer applicable or if a statutory storage period is provided for, for example due to commercial or tax law requirements of the AO or the HGB, personal data will be deleted in accordance with the statutory provisions. Unless we are still legally obliged to store this data. In these cases, the processing of personal data is restricted.

Rights of data subjects

Right to information

In accordance with Art. 15 DSGVO, you can obtain information and a copy of the personal data stored about you and processed by us free of charge at any time.

This right of access includes information on the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, if possible the planned duration for which the personal data will be stored or if not possible, the criteria for determining this duration, the existence of the right to rectify or erase the personal data concerning you or to limit processing by us or to object to such processing, the existence of a right of appeal to a supervisory authority and, if the data have not been collected from you, all available information on the origin of the data and the existence of automated decision-making, including profiling in accordance with Art. 22, paragraphs 1 and 4 of the DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing.

Furthermore, you have the right to request information as to whether your personal data has been transferred to a third country or an international organisation and what appropriate guarantees exist for the transfer.

Right of rectification

Furthermore, in accordance with Art. 16 DSGVO, you have the right to demand the immediate correction of incorrect personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

Right of cancellation

In accordance with Art. 17 DSGVO, you also have the right to demand that the data stored by us about you be deleted immediately if one of the following reasons applies: The personal data has been collected for purposes for which it is no longer necessary; you revoke your consent on which the processing was based in accordance with Art. 6 para. 1 a DSGVO or Art. 9 para. 2 DSGVO and there is no other legal basis for the processing; you object to the processing in accordance with Art. 21 para. 1 DSGVO and there are no overriding legitimate reasons for the processing, or you submit an objection in accordance with Art. 17 DSGVO. You object to the processing pursuant to Article 21(2) of the DPA; the personal data have been processed unlawfully; the deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which we are subject; the personal data have been collected in relation to information society services provided pursuant to Article 8(1).

If personal data have been made public by us and we are obliged to delete them in accordance with Article 17(1) of the DSGVO, we shall take reasonable steps to inform other responsible persons who process the published personal data that you have requested the deletion of all links to these personal data or of copies or replications of these data.

Right to restrict processing

In accordance with Art. 18 DSGVO, you have the right to request that the processing of your personal data be restricted, provided that one of the following conditions is met: You contest the accuracy of your personal data, for a period of time that allows us to verify the accuracy of the personal data;

the processing is unlawful and you object to the deletion of the personal data and instead request the restriction of the use of the personal data; we no longer need the personal data for the purposes of the processing, but you need them for the purpose of asserting, exercising or defending legal claims, or you have objected to the processing in accordance with Article 21 paragraph 1, as long as it is not yet clear whether the legitimate reasons of our company outweigh yours.

Right to data portability

In accordance with Art. 20 DSGVO, you may at any time request the release of the data concerning you which you have provided to us in a common and machine-readable format. Furthermore, you have the right to transfer this data to another person responsible without hindrance from us, provided that the processing is based on a consent pursuant to Art. 6 para. 1 a DSGVO or Art. 9 para. 2 a DSGVO or on a contract pursuant to Art. 6 para. 1 b DSGVO and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority that has been assigned to us.

Furthermore, you can demand that personal data stored by you be transferred directly by us to another responsible party, insofar as this is technically feasible and does not affect the rights and freedoms of other persons.

Right of appeal

In accordance with Art. 20 DPA, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6, paragraph 1 e or f DPA. This also applies to profiling based on these provisions.

In the event of an objection, we will no longer process the personal data unless we can prove that there are legitimate reasons for processing that outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

Where we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for those purposes.

You have the right to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes in accordance with Article 89 paragraph 1 DPA, unless such processing is necessary for the performance of a task carried out in the public interest.

You are free to exercise your right of objection in connection with the use of information society services and notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Right of revocation

You may at any time revoke your consent to the processing of your personal data in accordance with Art. 7 para. 3 DSGVO with effect for the future.

Right to confirmation

You have the right to obtain confirmation as to whether personal data concerning you are being processed.

To exercise any of the aforementioned rights, you may contact our data protection officer directly at datenschutz(at)fondsdepotbank.de.

Right of appeal

You also have the right to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

Automated decision making

As a responsible company, we do not carry out automated decision making or profiling.

Duration of storage

Personal data will be deleted after expiry of the legal retention period if they are no longer necessary to achieve the underlying purpose.

Legal basis of the processing

If you have given us your consent to process your personal data for a specific purpose, the processing is carried out on the basis of Art. 6 Para. 1 a DSGVO. If such processing is necessary to fulfil a contract with you or to initiate such a contract, the processing is based on Art. 6 para. 1 b DSGVO. In some cases, e.g. to fulfil tax obligations, we may be subject to a legal obligation to process personal data; the legal basis for this in such cases is Art. 6 para. 1 c DSGVO. In rare cases, processing may also take place to protect vital interests of you or another natural person. In this exceptional case, processing takes place on the basis of Art. 6 para. 1 d DSGVO. Finally, processing may also be based on Art. 6 para. 1 f DSGVO. This is the case if the processing is carried out to protect a legitimate interest of our company or of a third party, provided that your interests, fundamental rights and freedoms do not prevail. Such a legitimate interest can already be assumed if you are a customer of ours. If the processing of personal data is based on Art. 6 para. 1 f DSGVO, our legitimate interest is the performance of our business activities.

Provision of personal data

In some cases, the provision of personal data is required by law or contract. For this reason, it may be necessary, for example, for the conclusion of a contract, for you to provide us with personal data which must be processed by us. For example, you are obliged to provide personal data in order to conclude a contract. Failure to do so would mean that the contract cannot be concluded.

Before providing personal data, you can contact our data protection officer. He will inform you whether the provision of personal data is required by law or by contract in each individual case and what the consequences would be if the data were not provided.

Security

As the data controller, we have taken technical and organisational security measures in accordance with Art. 32 DSGVO. These include in particular measures to ensure the confidentiality, integrity and availability of data. In addition, we have established processes to ensure the rights of data subjects, the deletion of personal data and an immediate response to any threat to such data. In addition, we ensure the protection of personal data already during the development and selection of hardware and software in accordance with the principles of Art. 25 DSGVO. All our employees and all persons involved in data processing are obliged to comply with the basic data protection regulation and other laws relevant to data protection and to handle personal data confidentially.

In the case of the collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

Changes to our privacy policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In these cases we will also adapt our data protection information accordingly. Therefore, please note the current version of our data protection declaration.

Links

If you use external links that are offered within the framework of our Internet pages, this data protection declaration does not extend to these links. Insofar as we offer links, we assure you that at the time of setting the link, no violations of applicable law were discernible on the linked Internet pages. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please inform yourself on the websites of the other providers about the data protection declarations provided there.

Cookies

When you visit one of our websites, we may store information on your computer in the form of a cookie. Cookies are small text files that are sent to your browser from a web server and stored on your computer's hard drive.

Apart from the Internet Protocol address, no personal data of the user is stored. This information is used to automatically recognize you the next time you visit our websites and to make navigation easier for you. Cookies allow us, for example, to adapt a website to your interests or to store your password so that you do not have to enter it again each time.

Of course you can also view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookies from being stored on your hard drive by selecting "do not accept cookies" in your browser settings. Cookies already set can also be deleted via your browser. Please refer to the instructions of your browser manufacturer for details of how this works. If you do not accept cookies, however, this may lead to functional restrictions of our offers.

Cookies, which are required for the electronic communication process or for the provision of certain functions you require (e.g. shopping basket function), are stored on the basis of Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services.

If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. These data are recorded on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website - for this purpose the server log files must be recorded.

Children and young people

Persons under 16 years of age should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect such data and do not pass it on to third parties.

Applications

You can send us your data, as far as available on our online offer, via contact form. This is done, in cooperation with "softgarden e-recruiting GmbH", by means of a state-of-the-art encryption procedure. If you send us your applicant data via e-mail, we ask you to note that e-mails are not sent encrypted and that you as applicant have to take care of encryption yourself. For this reason, we cannot assume any responsibility for the transmission of your data in this way and therefore recommend that you use the postal service, as in addition to sending the documents by e-mail or online form, there is also the possibility of sending us documents in this way.

If the application for one of our job offers is not successful, your data will be deleted after six months, unless you have declared a justified revocation before the end of this period or have given us your consent to store the data for a period exceeding this period. This is necessary in order to be able to fulfil our obligation to provide evidence under the General Equal Treatment Act if necessary. If you have submitted invoices for the reimbursement of travel expenses to us, these will be stored in accordance with the statutory provisions and deleted after the expiry of statutory storage periods.

We will process the data you have made available to us exclusively for the purpose of processing the application procedure. This takes place on the basis of Art. 6 Para. 1 lit. b) DSGVO, or if processing in legal proceedings becomes necessary, on the basis of Art. 6 Para. 1 lit. f) DSGVO and § 26 BDSG. Should you also voluntarily provide us with special personal data, such as health data, we process this data on the basis of Art. 9 Para. 2 lit. a) DSGVO. If this is necessary for the intended exercise of the profession, we request special categories of personal data on the basis of Art. 9 Para. 2 lit. b) DSGVO.

pushTAN app of Fondsdepot Bank GmbH

As ofAugust 2019

1 The application

Fondsdepot Bank GmbH is the provider of the mobile application "PushTAN-App" or "App".

The PushTAN app is an app for iOS and Android devices, which offers comprehensive services for the authorisation of orders requiring TANs on mobile devices. Fondsdepot Bank provides the app in this context. This functionality and the associated data are collected and processed by Fondsdepot Bank. The app enables you to place certain orders as part of the business relationship with the bank (e.g. transfers, whereby order data is transmitted to your bank via a secure Internet connection).

2 Data processing

Within the framework of the use of our app, we process your data for the purposes described in more detail below on the basis of the legal bases listed below.

2.1 General information on use

After initial setup of the app (details under point 2.2 a), a connection to the servers of the Fondsdepot Bank is established to display your bank data in the app.

Afterwards, the entire data traffic (data on the transaction) is processed under the responsibility of the Fondsdepot Bank.

2.2 Data processing purposes and legal basis

Unless otherwise described in the following sections, the legal basis for data processing in the context of the use of the App follows from Art. 6 para. 1 lit. (b DSGVO. In this case, the processing of your data is necessary to execute the PushTAN app usage contract with you and to provide you with the functionality of the app.

a. Initial setup of the app

For the initial registration in the app you have to provide the following information, which is necessary for the use:

Only after entering the access number and activation code, you will be asked to enter a self-selected PIN. Depending on the device you are using (iOS or Android) as well as when using only one access number, you can also activate additional biometric data (TouchID and/or FaceID). The biometric data you have activated will not be transmitted to Fondsdepot Bank.

The processing of this data, in particular its storage on your device, is necessary to enable you to use the app without restrictions.

The PIN assigned by the user in the app is stored in encrypted form locally in the app and is forwarded to Fondsdepot Bank in encrypted form for authentication purposes and stored there.

b. Storage of your IP address and the date of registration

To register the application, your device must process the authorization data from online banking (access number) to prevent unauthorized logins. The processing of this data is necessary in order to provide you with unrestricted use of the app.

c. Push notifications

You have the possibility to receive so-called push messages when using this app, if you give your consent in the mobile operating system. Push notifications are messages that appear on your smartphone without opening the respective app. A push ID is stored and processed for this purpose. The purpose of push notifications is to inform the user about transactions requiring TANs. The information itself is not included in the push notification, but can only be retrieved in the app after authentication. The authorization for push messages can be withdrawn at any time in the system settings.

d. Display of transactions requiring TANs in the App

If you use the app's function within the framework of Fondsdepot Bank's online banking, a selection of your most recent TAN-liable transactions will be displayed and stored locally in the app. The storage of your data is necessary to provide you with the functionality of the app.

2.3 Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of them. These measures are adapted to the current state of the art. The data transfers are carried out via SSL-encoded connections.

2.4 Data receiver

As a matter of principle, your data will only be forwarded at your instigation by using the PushTAN app function. The recipient of your data is the Fondsdepot Bank.

In addition, we will only transfer your personal data if there is a legal obligation to do so. The transmission is based on Art. 6 para. 1 lit. (c) DSGVO (e.g. to the police authorities in connection with criminal investigations or to the data protection supervisory authorities).

2.5 Storage period of personal data

If your personal data is required for the assertion and processing of civil law claims, it will be stored in accordance with the general limitation periods for 3 years from the end of the year in which the claim arose and you have gained knowledge of the facts substantiating the claim or should have gained knowledge without gross negligence (§§ 195, 199 German Civil Code).

If, in addition, there are special statutory storage obligations, we will store your personal data until the fulfilment of this obligation. After these periods have expired, the data concerned are routinely deleted.

Login area

You have the possibility to log into a protected area on our website. Your access number as well as the PIN previously given to you by your consultant, or your user name and the corresponding password are processed. This data is processed for the purpose of using the user account and its purpose on the basis of Art. 6 Para. 1 lit. b) DSGVO.

When using the registration function and the user account, we also store the time of your registration and other user actions as well as your IP address. This will be anonymised or deleted after seven days at the latest. We store this data on the basis of our legitimate interests to protect users from misuse and unauthorised use in accordance with Art. 6 Para. 1 lit. f) DSGVO. The stored data will not be passed on to third parties, unless we are obliged to do so by a legal provision according to Art. 6 Para. 1 lit. c) DSGVO or this is necessary to pursue our claims.

Google Analytics

If you have given your consent, this website uses Google Analytics, a web analysis service of Google LLC (Google). The use includes the operating mode Universal Analytics; this makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyze the activities of a user across devices.

Google Analytics uses so-called cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended by an IP-anonymization to ensure an anonymized collection of IP addresses (so-called IP-Masking). The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data. Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or https://policies.google.com/?hl=de.

On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and to provide further services to us, the website operator, in connection with website and internet usage.

The processing is carried out in accordance with Art. 6 Para. 1 S. 1 lit. a) DSGVO on the basis of the consent you have given us.

The recipient of the processed data is Google.

The personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission. The certificate can be accessed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.

Data sent by us and linked to cookies, user IDs (e.g. User ID) or advertising IDs are automatically deleted after 38 months. Data whose retention period has been reached is automatically deleted once a month.

You can revoke your consent at any time with effect for the future by preventing the storage of cookies through a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can also use opt-out cookies to prevent the future collection of your data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use.

Click here to set the opt-out cookie: 

Corporate presences on social media platforms

Due to our legitimate interests in accordance with Art. 6 para. 1 lit. f) DSGVO in communication with and information of users and interested parties of our services, we maintain various presences in social networks. Insofar as the providers of the respective platform obtain the users' consent to the processing of personal data, this is done on the basis of Art. 6 Para. 1 lit. a), Art. 7 DSGVO.

It is not excluded that personal data of users may be processed outside the European Union or the European Economic Area. This may make it more difficult for data subjects to enforce their rights. Some social media platform providers are certified according to the EU US Privacy-Shield, which obliges them to comply with European data protection standards.

Personal user data is regularly processed for market research and advertising purposes. The user data is used to create profiles that make it possible, for example, to display advertising that corresponds to the presumed interests of the respective user. This is regularly done by placing cookies on the device used by the user.

Requests for information and the assertion of your rights should be made directly to the respective providers listed below, as only these providers have access to the personal data of the users and can take appropriate measures and provide information.

Should you nevertheless need help in asserting your rights, you can of course also contact us.

YouTube

This website incorporates videos from the YouTube website. The website is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites where YouTube is embedded, a connection to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited.

YouTube may also store various cookies on your device. These cookies enable YouTube to obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your device until you delete them.

If you are logged in to your YouTube account, you allow YouTube to associate your browsing habits directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is exclusively based on Art. 6 para. 1 lit. a

DSGVO; the consent may be revoked at any time.

Further information on the handling of user data can be found in the YouTube privacy policy at: https://policies.google.com/privacy?hl=de.

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there.

The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

More information on the handling of user data can be found in the Google data protection declaration: https://policies.google.com/privacy?hl=de.

Facebook Plugins (Like & Share-Button)

On this website plugins of the social network Facebook are integrated. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the "Like-Button" ("Like") on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When you visit this website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of this website on your Facebook profile. This allows Facebook to associate the visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. You can find further information on this in the Facebook privacy policy at: https://de-de.facebook.com/privacy/explanation.

If you do not want Facebook to be able to assign visits to this website to your Facebook user account, please log out of your Facebook user account. The use of the Facebook plugins is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

Instagram Plugin

On this website, functions of the Instagram service are integrated. These functions are offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA 94025, USA integrated.

If you are logged in to your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your account. We would like to point out that we, as the provider of the sites, have no knowledge of the content of the transmitted data or its use by Instagram.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media. If the appropriate consent has been requested, the data will be processed exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

For further information, please refer to the Instagram privacy policy: instagram.com/about/legal/privacy/.

LinkedIn Plugin

This website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time you access a page on this site that contains LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is notified that you have visited this site using your IP address. When you click on LinkedIn's "Recommend" button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to this site with you and your account. We would like to point out that we, as the provider of these pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

The LinkedIn plugin is used on the basis of Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.

For further information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy.

XING Plugin

This website uses functions of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is stored. In particular, no IP addresses are stored or the usage behavior is evaluated.

The storage and analysis of data is based on Art. 6 Para. 1 lit. f DSGVO. The website operator has a legitimate interest in the widest possible visibility in the social media. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO; the consent can be revoked at any time.

Further information on data protection and the XING Share button can be found in the XING Privacy Policy at: https://www.xing.com/app/share?op=data_protection.

KUNUNU

As the provider of our Kununu site, we can see, for example, when and with what content ratings were given for our company. The corresponding ratings are displayed on our Kununu site pseudonymously and we have no possibility to relate them to a specific person. Furthermore, you have the possibility to send a request to the Kununu community via the Kununu page. Such requests are also made pseudonymously. If we answer such a question, the data, especially the content of the question, will be processed by us in order to process your request. We process the data on the basis of the legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

Kununu also displays unsolicited anonymous - i.e. non-personal - data relating to profile visits to our Kununu site and also graphically evaluates the ratings given on our Kununu site. It is not possible for us to assign the corresponding information to you without further additional information.

Further information on the processing of your data by Xing, which operates the website of kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Vienna (hereinafter "Kununu"), can be found in the data protection declaration available at https://privacy.xing.com/de/datenschutzerklaerung.

Google My business

On this website we use the Google My business function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google My Business is one of Google platform that bundles various services of the Google Group and gives users direct access to them via a dashboard. This includes, but is not limited to Google Analytics, Google Maps and YouTube. With the product Google My Business companies can present themselves in Google-Search and Google Maps.

Google My business can recognize the location of a user by means of the IP-Adresse. This data processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of the legitimate interests of Google.

For the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's data protection information: https://www.google.com/intl/de/policies/privacy/

Audio and video conferencing

Data processing

Among other things, we use online conference tools for communication with our customers. The tools we use in detail are listed below. If you communicate with us by video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool. The conferencing tools collect all the data you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, Start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata). Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the Service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b DSGVO). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools will be deleted by our systems as soon as you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used conference tools

We use the following conference tools:

Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Teams is certified according to the EU-US Privacy Shield. For details on data processing, please refer to the Microsoft Teams privacy policy: privacy.microsoft.com/de-de/privacystatement.

Conclusion of a contract for order processing
We have concluded an order processing contract with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.

Stand 06/20