The protection of your data is important to us

We are pleased about your interest in our company and our products or services and would like you to feel safe when visiting our Internet pages, also with regard to the protection of your personal data. Because we take the protection of your personal data very seriously. It goes without saying that we comply with the provisions of the Basic Data Protection Regulation and the BDSG-New.

We want you to know when we collect which data and how we use them. We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by external service providers commissioned by us.

Data collection on this website

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter this website.

How do we use your data?

Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyse your user behaviour.

External Hosting

This website is hosted by an external service provider (Hoster). The personal data collected on this website is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website. The use of the hoster is for the purpose of fulfilling a contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

Conclusion of a contract on order processing

In order to guarantee data protection compliant processing, we have concluded a contract for order processing with our host.

Personal data

Personal data is information about your identity. This includes information such as name, address, telephone number, e-mail address. This information is always processed in accordance with the requirements of the basic data protection regulation and other data protection regulations applicable to our company.

In principle, it is not necessary for you to disclose personal data in order to use our website. In certain cases, however, it may be necessary to process personal data, for example in order to provide the services you have requested.

The same applies, for example, to the sending of information material and ordered goods or to answer individual questions. Where this is necessary, we will inform you accordingly.

If there is no legal basis for processing this personal data, we will obtain your corresponding consent.

In addition, we only store and process data that you provide us voluntarily and, if applicable, data that we automatically collect when you visit our Internet pages (e.g. your IP address and the names of the pages you visit, the browser and operating system you use, date and time of access, search engines used, names of downloaded files).

If you make use of services, as a rule only such data is collected as we need to provide the services. If we ask you for further data, this information is voluntary. Personal data is processed exclusively for the purpose of providing the requested service and to protect our own legitimate business interests.

Data that can be processed when you visit our website:

  • Master data (names, addresses, etc.)
  • Content data (texts, photos, videos, etc.)
  • Contact data (e-mail, phone numbers, etc.)
  • Metadata (IP addresses, device information, etc.)
  • Usage data (visited contents, access times, etc.)

Affected persons are the users of our online offer.

Name and address of the person responsible

The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the EU member states and other data protection regulations is

Fondsdepot Bank GmbH
Windmühlenweg 12, 9503 Hof, Germany
Phone: +49 (0) 9281 7258 0
e-mail: info(at)fondsdepotbank.de

Designation of a data protection officer

The contact details of our data protection officer are as follows:

Mr. Mario Arndt,
DEUDAT GmbH, Zehntenhofstr. 5b, 65201 Wiesbaden
Phone: +49 611 950008-40
Fax: +49 611 950008-59
e-mail: datenschutz(at)fondsdepotbank.de

Our data protection officer is available at any time to answer all your questions and suggestions regarding data protection.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

Earmarked use

We will collect, process and use the personal data you provide online only for the purposes communicated to you. Your personal data will not be passed on to third parties without your express consent.

Surveys of personal data and their transmission to state institutions and authorities entitled to receive information are only carried out within the framework of the relevant laws or if we are obliged to do so by a court decision. Our employees and the service companies commissioned by us are obliged by us to maintain secrecy and to comply with the provisions of the basic data protection regulation.

Data that is automatically collected when you visit our website

When you use our Internet pages, the following data is stored for organisational and technical reasons: the names of the pages you call up, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files and your IP address.

The information collected is needed to deliver the contents of our website correctly. In addition, we evaluate this technical data anonymously and only for statistical purposes in order to continuously optimize our Internet presence and to make our Internet offers even more attractive, as well as to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This data is stored separately from other personal information on secure systems. Conclusions about individual persons are not drawn. Information from log files is stored for a period of seven days and deleted immediately after the storage period has expired. Should storage beyond this period become necessary, for example for reasons of evidence, this data is excluded from deletion until the respective matter has been settled. The processing is based on our legitimate interest in an efficient and secure provision of our website in accordance with Art. 6 para. 1 lit. f. in conjunction with Art. 28 DSGVO.

Contact details

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Rights of data subjects

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

  • In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
  • If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data
  • If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication
  • If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
  • If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Automated decision making

As a responsible company, we do not carry out automated decision making or profiling.

Duration of storage

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Legal basis of the processing

If you have given us your consent to process your personal data for a specific purpose, the processing is carried out on the basis of Art. 6 Para. 1 a DSGVO. If such processing is necessary to fulfil a contract with you or to initiate such a contract, the processing is based on Art. 6 para. 1 b DSGVO. In some cases, e.g. to fulfil tax obligations, we may be subject to a legal obligation to process personal data; the legal basis for this in such cases is Art. 6 para. 1 c DSGVO. In rare cases, processing may also take place to protect vital interests of you or another natural person. In this exceptional case, processing takes place on the basis of Art. 6 para. 1 d DSGVO. Finally, processing may also be based on Art. 6 para. 1 f DSGVO. This is the case if the processing is carried out to protect a legitimate interest of our company or of a third party, provided that your interests, fundamental rights and freedoms do not prevail. Such a legitimate interest can already be assumed if you are a customer of ours. If the processing of personal data is based on Art. 6 para. 1 f DSGVO, our legitimate interest is the performance of our business activities.

Provision of personal data

In some cases, the provision of personal data is required by law or contract. For this reason, it may be necessary, for example, for the conclusion of a contract, for you to provide us with personal data which must be processed by us. For example, you are obliged to provide personal data in order to conclude a contract. Failure to do so would mean that the contract cannot be concluded.

Before providing personal data, you can contact our data protection officer. He will inform you whether the provision of personal data is required by law or by contract in each individual case and what the consequences would be if the data were not provided.

Security

As the data controller, we have taken technical and organisational security measures in accordance with Art. 32 DSGVO. These include in particular measures to ensure the confidentiality, integrity and availability of data. In addition, we have established processes to ensure the rights of data subjects, the deletion of personal data and an immediate response to any threat to such data. In addition, we ensure the protection of personal data already during the development and selection of hardware and software in accordance with the principles of Art. 25 DSGVO. All our employees and all persons involved in data processing are obliged to comply with the basic data protection regulation and other laws relevant to data protection and to handle personal data confidentially.

In the case of the collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.

Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

Changes to our privacy policy

We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments. In these cases we will also adapt our data protection information accordingly. Therefore, please note the current version of our data protection declaration.

Links

If you use external links that are offered within the framework of our Internet pages, this data protection declaration does not extend to these links. Insofar as we offer links, we assure you that at the time of setting the link, no violations of applicable law were discernible on the linked Internet pages. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please inform yourself on the websites of the other providers about the data protection declarations provided there.

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

In some cases, it is possible that third-party cookies are stored on your device once you enter our site (thirdparty cookies).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g., the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g., for the shopping cart function) or those that are necessary for the optimization of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third-party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this consent in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: usercentrics.com/de/ (hereinafter "Usercentrics").
When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s).
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 lit. c DSGVO.

Order processing
We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources. These data are recorded on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website - for this purpose the server log files must be recorded.

Children and young people

Persons under 16 years of age should not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect such data and do not pass it on to third parties.

Applications

You can send us your data, as far as available on our online offer, via contact form. This is done, in cooperation with "softgarden e-recruiting GmbH", by means of a state-of-the-art encryption procedure. If you send us your applicant data via e-mail, we ask you to note that e-mails are not sent encrypted and that you as applicant have to take care of encryption yourself. For this reason, we cannot assume any responsibility for the transmission of your data in this way and therefore recommend that you use the postal service, as in addition to sending the documents by e-mail or online form, there is also the possibility of sending us documents in this way.

If the application for one of our job offers is not successful, your data will be deleted after six months, unless you have declared a justified revocation before the end of this period or have given us your consent to store the data for a period exceeding this period. This is necessary in order to be able to fulfil our obligation to provide evidence under the General Equal Treatment Act if necessary. If you have submitted invoices for the reimbursement of travel expenses to us, these will be stored in accordance with the statutory provisions and deleted after the expiry of statutory storage periods.

We will process the data you have made available to us exclusively for the purpose of processing the application procedure. This takes place on the basis of Art. 6 Para. 1 lit. b) DSGVO, or if processing in legal proceedings becomes necessary, on the basis of Art. 6 Para. 1 lit. f) DSGVO and § 26 BDSG. Should you also voluntarily provide us with special personal data, such as health data, we process this data on the basis of Art. 9 Para. 2 lit. a) DSGVO. If this is necessary for the intended exercise of the profession, we request special categories of personal data on the basis of Art. 9 Para. 2 lit. b) DSGVO.

pushTAN app of Fondsdepot Bank GmbH

As of August 2019

1 The application

Fondsdepot Bank GmbH is the provider of the mobile application "PushTAN-App" or "App".

The PushTAN app is an app for iOS and Android devices, which offers comprehensive services for the authorisation of orders requiring TANs on mobile devices. Fondsdepot Bank provides the app in this context. This functionality and the associated data are collected and processed by Fondsdepot Bank. The app enables you to place certain orders as part of the business relationship with the bank (e.g. transfers, whereby order data is transmitted to your bank via a secure Internet connection).

2 Data processing

Within the framework of the use of our app, we process your data for the purposes described in more detail below on the basis of the legal bases listed below.

2.1 General information on use

After initial setup of the app (details under point 2.2 a), a connection to the servers of the Fondsdepot Bank is established to display your bank data in the app.

Afterwards, the entire data traffic (data on the transaction) is processed under the responsibility of the Fondsdepot Bank.

2.2 Data processing purposes and legal basis

Unless otherwise described in the following sections, the legal basis for data processing in the context of the use of the App follows from Art. 6 para. 1 lit. (b DSGVO. In this case, the processing of your data is necessary to execute the PushTAN app usage contract with you and to provide you with the functionality of the app.

a. Initial setup of the app

For the initial registration in the app you have to provide the following information, which is necessary for the use:

Only after entering the access number and activation code, you will be asked to enter a self-selected PIN. Depending on the device you are using (iOS or Android) as well as when using only one access number, you can also activate additional biometric data (TouchID and/or FaceID). The biometric data you have activated will not be transmitted to Fondsdepot Bank.

The processing of this data, in particular its storage on your device, is necessary to enable you to use the app without restrictions.

The PIN assigned by the user in the app is stored in encrypted form locally in the app and is forwarded to Fondsdepot Bank in encrypted form for authentication purposes and stored there.

b. Storage of your IP address and the date of registration

To register the application, your device must process the authorization data from online banking (access number) to prevent unauthorized logins. The processing of this data is necessary in order to provide you with unrestricted use of the app.

c. Push notifications

You have the possibility to receive so-called push messages when using this app, if you give your consent in the mobile operating system. Push notifications are messages that appear on your smartphone without opening the respective app. A push ID is stored and processed for this purpose. The purpose of push notifications is to inform the user about transactions requiring TANs. The information itself is not included in the push notification, but can only be retrieved in the app after authentication. The authorization for push messages can be withdrawn at any time in the system settings.

d. Display of transactions requiring TANs in the App

If you use the app's function within the framework of Fondsdepot Bank's online banking, a selection of your most recent TAN-liable transactions will be displayed and stored locally in the app. The storage of your data is necessary to provide you with the functionality of the app.

2.3 Data security

We maintain current technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of them. These measures are adapted to the current state of the art. The data transfers are carried out via SSL-encoded connections.

2.4 Data receiver

As a matter of principle, your data will only be forwarded at your instigation by using the PushTAN app function. The recipient of your data is the Fondsdepot Bank.

In addition, we will only transfer your personal data if there is a legal obligation to do so. The transmission is based on Art. 6 para. 1 lit. (c) DSGVO (e.g. to the police authorities in connection with criminal investigations or to the data protection supervisory authorities).

2.5 Storage period of personal data

If your personal data is required for the assertion and processing of civil law claims, it will be stored in accordance with the general limitation periods for 3 years from the end of the year in which the claim arose and you have gained knowledge of the facts substantiating the claim or should have gained knowledge without gross negligence (§§ 195, 199 German Civil Code).

If, in addition, there are special statutory storage obligations, we will store your personal data until the fulfilment of this obligation. After these periods have expired, the data concerned are routinely deleted.

Login area

You have the possibility to log into a protected area on our website. Your access number as well as the PIN previously given to you by your consultant, or your user name and the corresponding password are processed. This data is processed for the purpose of using the user account and its purpose on the basis of Art. 6 Para. 1 lit. b) DSGVO.

When using the registration function and the user account, we also store the time of your registration and other user actions as well as your IP address. This will be anonymised or deleted after seven days at the latest. We store this data on the basis of our legitimate interests to protect users from misuse and unauthorised use in accordance with Art. 6 Para. 1 lit. f) DSGVO. The stored data will not be passed on to third parties, unless we are obliged to do so by a legal provision according to Art. 6 Para. 1 lit. c) DSGVO or this is necessary to pursue our claims.

virtualQ - Callback Service

In order to answer your questions in the best possible and most convenient way, we offer you the callback service with appointment of VirtualQ GmbH, Spittastraße 2, 70193 Stuttgart, Germany (in the following: VirtualQ). You can use the form to make a personal callback appointment with our customer service, specifying your preferred date and time and your telephone number. Your telephone number and IP address will be transmitted to VirtualQ for this purpose. The IP address is automatically transmitted but not stored. The telephone number will only be used to call you back.

Your telephone number will be stored until the service has been provided to you and will be deleted after 30 days at the latest.

The legal basis for this data processing is Art. 6 para. 1 lit. b) DSGVO, insofar as you are interested in information in the run-up to the conclusion of a contract or in topics relating to an already existing contract.

Otherwise, the legal basis for the processing of your data is Art. 6 (1) (f) DSGVO, as we pursue our interest in improving our accessibility and our service by involving the service provider and the associated data processing.

You can find the data protection information of our service provider virtualQ at: https://virtualq.io/datenschutz/.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

Archiving period

Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For details, please click the following link: support.google.com/analytics/answer/7667196

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

Google DoubleClick

This website uses features of Google DoubleClick. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter “DoubleClick”).

DoubleClick is used to show you interest-based ads across the Google Network. Advertisements can be tailored to the interests of the viewer using DoubleClick. For example, our ads may appear in Google search results or in banners associated with DoubleClick.

To be able to display interest adequate promotional content to users, DoubleClick must recognize the respective visitor so that it can allocate the websites visited, the clicks and other user pattern information to the user. To do this, DoubleClick deploys cookies or comparable recognition technologies (e.g., device fingerprinting). The recorded information is consolidated into a pseudonym user profile so that the respective user can be shown interest adequate advertising.

The use of Google DoubleClick takes place in the interest of targeted advertising measures. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.

For further information on how to object to the advertisements displayed by Google, please see the following links: policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.

reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If a respective declaration of consent has been obtained, the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.

For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: policies.google.com/privacy and policies.google.com/terms.

Corporate presences on social media platforms

Data processing through social networks

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

KUNUNU

As the provider of our Kununu site, we can see, for example, when and with what content ratings were given for our company. The corresponding ratings are displayed on our Kununu site pseudonymously and we have no possibility to relate them to a specific person. Furthermore, you have the possibility to send a request to the Kununu community via the Kununu page. Such requests are also made pseudonymously. If we answer such a question, the data, especially the content of the question, will be processed by us in order to process your request. We process the data on the basis of the legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

Kununu also displays unsolicited anonymous - i.e. non-personal - data relating to profile visits to our Kununu site and also graphically evaluates the ratings given on our Kununu site. It is not possible for us to assign the corresponding information to you without further additional information.

Further information on the processing of your data by Xing, which operates the website of kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Vienna (hereinafter "Kununu"), can be found in the data protection declaration available at https://privacy.xing.com/de/datenschutzerklaerung.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

This website incorporates videos from the YouTube website.

When you visit one of our websites where YouTube is embedded, a connection to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited.

YouTube may also store various cookies on your device. These cookies enable YouTube to obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud. The cookies remain on your device until you delete them.

If you are logged in to your YouTube account, you allow YouTube to associate your browsing habits directly with your personal profile. You can prevent this by logging out of your YouTube account.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is exclusively based on Art. 6 para. 1 lit. a

DSGVO; the consent may be revoked at any time.

Further information on the handling of user data and details on how they handle your personal data can be found in the YouTube privacy policy at: https://policies.google.com/privacy?hl=de.

Google Web Fonts

To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.

To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g., consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.

If your browser should not support Web Fonts, a standard font installed on your computer will be used. For more information on Google Web Fonts, please follow this link: developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: policies.google.com/privacy.

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there.

The provider of this site has no influence on this data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO. . If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in the Google data protection declaration: https://policies.google.com/privacy?hl=de.

Google My business

On this website we use the Google My business function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google My Business is one of Google platform that bundles various services of the Google Group and gives users direct access to them via a dashboard. This includes, but is not limited to Google Analytics, Google Maps and YouTube. With the product Google My Business companies can present themselves in Google-Search and Google Maps.

Google My business can recognize the location of a user by means of the IP-Adresse. This data processing is carried out in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of the legitimate interests of Google.

For the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to Google's data protection information: https://www.google.com/intl/de/policies/privacy/

Audio and video conferencing

Data processing

Among other things, we use online conference tools for communication with our customers. The tools we use in detail are listed below. If you communicate with us by video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool. The conferencing tools collect all the data you provide/use to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, Start and end (time) of participation in the conference, number of participants and other "contextual information" related to the communication process (metadata). Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, it is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards and other information shared while using the Service. Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b DSGVO). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the sense of Art. 6 Para. 1 lit. f DSGVO). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools will be deleted by our systems as soon as you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used conference tools

We use the following conference tools:

Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to the Microsoft Teams privacy policy: privacy.microsoft.com/de-de/privacystatement.

Conclusion of a contract for order processing
We have concluded an order processing contract with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.

Stand 10/21