Information according to GDPR
The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to all data that can be used to identify you personally. For detailed information on data protection, please refer to our Privacy Policy listed below this text.
Data processing on this website is carried out by the website operator. You can find their contact details in the “Information on the Responsible Party” section of this Privacy Policy.
Your data is collected, on the one hand, by you providing it to us. This may include, for example, data you enter into a contact form.
Other data is collected automatically by our IT systems when you visit the website, or with your explicit consent. This primarily encompasses technical data (e.g., internet browser, operating system, or time of page access). The collection of this data commences automatically upon your initial access to this website.
A portion of the data is collected to ensure the flawless provision of the website. Other data may be utilized for analyzing your user behavior. Should contracts be concluded or initiated through the website, the transmitted data will also be processed for contractual offers, orders, or other service requests.
You retain the right at any time to receive, free of charge, information regarding the origin, recipients, and purpose of your stored personal data. Furthermore, you have the right to demand the rectification or erasure of this data. If you have provided consent for data processing, you may revoke this consent at any time with future effect. Additionally, you are entitled, under specific circumstances, to request the restriction of the processing of your personal data. Moreover, you possess the right to lodge a complaint with the relevant supervisory authority.
For inquiries pertaining to this matter and other questions concerning data protection, you may contact us at any time.
When you visit this website, your browsing behavior may be statistically analyzed. This is primarily accomplished through the use of so-called analytics programs.
Detailed information regarding these analytics programs can be found within the subsequent privacy policy.
We host the content of our website with the following provider:
The provider is ALL-INKL.COM - Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as All-Inkl). For details, please refer to All-Inkl's privacy policy: https://all-inkl.com/datenschutzinformationen/.
The use of All-Inkl is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website possible. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
We have entered into a data processing agreement (DPA) for the utilization of the aforementioned service. This constitutes a legally mandated data protection contract, which ensures that personal data of our website visitors is processed strictly according to our instructions and in full compliance with the GDPR.
The operators of this website regard the protection of your personal data with utmost seriousness. We process your personal data confidentially and in strict adherence to statutory data protection regulations, as well as the provisions of this privacy policy.
When you utilize this website, various personal data are collected. Personal data refers to information that can be used to personally identify you. This privacy policy elucidates which data we collect and for what purposes we use it. It also details the methods and objectives of such data collection.
We wish to emphasize that data transmission over the internet (e.g., during email communication) may exhibit security vulnerabilities. Absolute protection of data from third-party access cannot be guaranteed.
The controller responsible for data processing on this website is:
Infravadis GmbH
Alte Landstrasse 21a
85521 Ottobrunn
Telefon: 089 64954681
E-Mail: datenschutz@infravadis.com
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data (e.g., names, email addresses, or similar).
Unless a more specific retention period is stipulated within this privacy policy, your personal data will be retained by us until the purpose for its processing no longer applies. Should you submit a legitimate request for erasure or revoke your consent for data processing, your data will be deleted, provided no other legally permissible grounds for retaining your personal data exist (e.g., statutory retention periods under tax or commercial law); in the latter instance, deletion will occur upon the cessation of these grounds.
Should you have provided consent for data processing, we process your personal data based on Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, provided special categories of data as defined by Art. 9 para. 1 GDPR are processed. In instances of explicit consent for the transfer of personal data to third countries, data processing also occurs based on Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or access to information on your terminal device (e.g., via device fingerprinting), data processing is additionally carried out based on § 25 para. 1 TDDDG. Consent may be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data based on Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data, if necessary for compliance with a legal obligation, based on Art. 6 para. 1 lit. c GDPR. Data processing may also be conducted based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Information regarding the specific legal bases applicable in each individual case will be provided in the subsequent sections of this privacy policy.
We utilize, among other resources, tools from companies domiciled in third countries not considered secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We wish to highlight that in third countries not deemed secure under data protection law, a level of data protection comparable to that of the EU cannot be assured.
We note that the USA, as a secure third country, generally maintains a level of data protection comparable to that of the EU. Consequently, data transfer to the USA is permissible if the recipient holds a certification under the 'EU-US Data Privacy Framework' (DPF) or possesses suitable additional safeguards. Information regarding transfers to third countries, including the data recipients, can be found within this privacy policy.
In the course of our business operations, we collaborate with various external entities. In some instances, the transfer of personal data to these external entities is necessary. We only disclose personal data to external entities when required for contract fulfillment, when legally obligated (e.g., disclosure of data to tax authorities), when we have a legitimate interest in such disclosure pursuant to Art. 6 para. 1 lit. f GDPR, or when another legal basis permits the data transfer. When engaging processors, we only transfer our customers' personal data based on a valid data processing agreement. In the event of joint processing, a joint processing agreement is concluded.
Many data processing operations are only possible with your explicit consent. You may revoke any consent previously granted at any time. The legality of data processing carried out prior to the revocation remains unaffected by the withdrawal.
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
In the event of GDPR violations, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract, in a commonly used, machine-readable format, either for yourself or for transmission to a third party. If you request the direct transfer of data to another controller, this will only be carried out if technically feasible.
Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, the purpose of data processing, and, if applicable, a right to rectification or erasure of this data. For this purpose, and for further questions regarding personal data, you may contact us at any time.
You have the right to request the restriction of processing of your personal data. For this, you may contact us at any time. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser's address bar changing from "http://" to "https://" and by the padlock symbol in your browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Our websites use so-called "cookies." Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted after the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or an automatic deletion occurs through your web browser.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g., cookies for processing payment services).
Cookies serve various functions. Numerous cookies are technically essential, as certain website functionalities, such as the shopping cart feature or video display, would not operate without them. Other cookies may be utilized for analyzing user behavior or for advertising purposes.
Cookies required for facilitating electronic communication, providing specific requested functionalities (e.g., the shopping cart function), or optimizing the website (e.g., cookies for web audience measurement) (essential cookies) are stored pursuant to Art. 6 para. 1 lit. f GDPR, unless an alternative legal basis is provided. The website operator maintains a legitimate interest in storing essential cookies to ensure the technically flawless and optimized provision of its services. Should consent for the storage of cookies and similar recognition technologies have been solicited, processing is conducted solely on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent may be withdrawn at any time.
You have the option to configure your browser to receive notifications regarding cookie placement, to permit cookies only in specific instances, to generally exclude the acceptance of cookies, or to enable the automatic deletion of cookies upon browser closure. Deactivating cookies may restrict the functionality of this website.
Should additional cookies and services be employed on this website, details can be found within this privacy policy.
Our website employs Borlabs Cookie's consent technology to obtain and legally document your consent for the storage of specific cookies in your browser or the deployment of certain technologies. The provider of this technology is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg (hereinafter referred to as Borlabs).
Upon accessing our website, a Borlabs cookie is stored in your browser, recording your granted consents or their revocation. This data is not transmitted to the Borlabs Cookie provider.
The collected data is retained until you request its deletion, or you delete the Borlabs cookie yourself, or the purpose for data storage is no longer applicable. Mandatory statutory retention periods remain unaffected. Further details on Borlabs Cookie data processing are available at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
The Borlabs Cookie consent technology is deployed to secure the legally mandated consents for cookie usage. The legal basis for this processing is Art. 6 para. 1 lit. c GDPR.
Should you submit inquiries to us via the contact form, your provided information, including contact details, will be stored for the purpose of processing your request and addressing any subsequent queries. We do not disclose this data without your explicit consent.
The processing of this data is conducted pursuant to Art. 6 para. 1 lit. b GDPR, provided your inquiry pertains to the performance of a contract or is necessary for pre-contractual measures. In all other instances, processing is based on our legitimate interest in the efficient handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if such consent was solicited; consent may be withdrawn at any time.
The data you provide via the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage is no longer applicable (e.g., after your inquiry has been fully processed). Mandatory statutory provisions, particularly retention periods, remain unaffected.
Should you contact us via email, telephone, or fax, your inquiry, including all associated personal data (name, request), will be stored and processed by us for the purpose of addressing your concern. We do not disclose this data without your explicit consent.
The processing of this data is conducted pursuant to Art. 6 para. 1 lit. b GDPR, provided your inquiry pertains to the performance of a contract or is necessary for pre-contractual measures. In all other instances, processing is based on our legitimate interest in the efficient handling of inquiries directed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if such consent was solicited; consent may be withdrawn at any time.
Data transmitted to us via contact inquiries will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage is no longer applicable (e.g., after your concern has been fully processed). Mandatory statutory provisions, particularly legal retention periods, remain unaffected.
This website integrates functionalities of the Instagram service. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
When the social media element is active, a direct connection is established between your end device and the Instagram server. This enables Instagram to receive information regarding your visit to this website.
If you are logged into your Instagram account, clicking the Instagram button allows you to link the content of this website with your Instagram profile. This enables Instagram to associate your visit to this website with your user account. We wish to emphasize that, as the website provider, we do not receive any knowledge of the content of the transmitted data or its subsequent use by Instagram.
The utilization of this service is based on your consent, in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent may be withdrawn at any time.
To the extent that personal data is collected on our website and transmitted to Facebook or Instagram using the tool described herein, we and Meta Platforms Ireland Limited, Merrion Road Dublin 4, Dublin, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is strictly limited to the collection of data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram after data transfer is not encompassed by this joint responsibility. Our shared obligations have been formalized in a joint processing agreement. The full text of this agreement is available at: https://www.facebook.com/legal/controller_addendum. Pursuant to this agreement, we are responsible for providing data protection information when deploying the Facebook or Instagram tool and for ensuring its data protection-compliant implementation on our website. Facebook is solely responsible for the data security of Facebook and Instagram products. Data subject rights (e.g., requests for access) concerning data processed by Facebook or Instagram can be asserted directly with Facebook. Should you assert such rights with us, we are obligated to forward them to Facebook.
Data transfers to the USA are underpinned by the Standard Contractual Clauses of the EU Commission. Further details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381.
Additional information on this topic can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.
The company possesses a certification under the "EU-US Data Privacy Framework" (DPF). The DPF represents an agreement between the European Union and the USA, designed to ensure adherence to European data protection standards for data processing conducted in the USA. Every company certified under the DPF commits to upholding these data protection standards. Additional information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452.
We utilize Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. Its sole purpose is the management and deployment of the tools integrated through it. However, Google Tag Manager does record your IP address, which may also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.
This website utilizes functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, duration of visit, operating systems used, and user origin. This data is assigned to the respective end device of the user. No assignment to a user ID occurs.
Furthermore, with Google Analytics, we can record your mouse and scroll movements and clicks, among other things. Google Analytics also employs various modeling approaches to augment the collected data sets and utilizes machine learning technologies for data analysis.
Google Analytics employs technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google regarding the use of this website is typically transmitted to a Google server in the USA and stored there.
The utilization of this service is based on your consent, in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent may be withdrawn at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/.
The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics IP anonymization is activated. This means that your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Further information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This site uses Google Fonts, provided by Google, for the consistent display of typefaces. The Google Fonts are installed locally. No connection to Google servers is established in this process.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de.
This site utilizes the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This service enables us to integrate map material onto our website.
To use the functions of Google Maps, it is necessary to store your IP address. This information is typically transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. When Google Maps is activated, Google may use Google Fonts for the consistent display of typefaces. Upon accessing Google Maps, your browser loads the necessary web fonts into its browser cache to display texts and fonts correctly.
The use of Google Maps is in the interest of presenting our online offerings attractively and facilitating the easy location of places indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de.
The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA, designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780.
We utilize hCaptcha (hereinafter "hCaptcha") on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter "IMI").
hCaptcha is employed to verify whether data input on this website (e.g., in a contact form) originates from a human or an automated program. To achieve this, hCaptcha analyzes the website visitor's behavior based on various characteristics.
This analysis commences automatically as soon as the website visitor accesses a website with hCaptcha enabled. For analysis, hCaptcha evaluates various pieces of information (e.g., IP address, duration of the website visitor's stay on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is utilized in "invisible mode," the analyses operate entirely in the background. Website visitors are not explicitly informed that an analysis is occurring.
The storage and analysis of data are conducted based on Art. 6 para. 1 lit. f GDPR. The website operator maintains a legitimate interest in safeguarding its web services against abusive automated surveillance and SPAM. Should explicit consent have been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, provided that the consent encompasses the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) as defined by the TDDDG. Consent may be revoked at any time.
Data processing is underpinned by standard contractual clauses, which are incorporated into the data processing addendum to IMI's General Terms and Conditions or the respective data processing agreements.
Further information regarding hCaptcha can be found in the privacy policy and terms of use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.
The company holds a certification under the "EU-US Data Privacy Framework" (DPF). The DPF represents an agreement between the European Union and the USA, intended to ensure adherence to European data protection standards for data processing operations within the USA. Every company certified under the DPF commits to upholding these data protection standards. Additional information on this can be accessed from the provider via the following link: https://www.dataprivacyframework.gov/participant/6388.
We have integrated Wordfence into this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter "Wordfence").
Wordfence is utilized to safeguard our website against unauthorized access and malicious cyberattacks. To achieve this, our website establishes a continuous connection with Wordfence's servers, allowing Wordfence to cross-reference its databases with access attempts made on our site and, if necessary, to block them.
The deployment of Wordfence is based on Art. 6 para. 1 lit. f GDPR. The website operator possesses a legitimate interest in ensuring the most effective possible protection of its website against cyberattacks. Should explicit consent have been obtained, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, provided that the consent encompasses the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) as defined by the TDDDG. Consent may be revoked at any time.
Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details are available here: https://www.wordfence.com/help/general-data-protection-regulation/.
We have entered into a data processing agreement (DPA) for the utilization of the aforementioned service. This constitutes a legally mandated data protection contract, which ensures that personal data of our website visitors is processed strictly according to our instructions and in full compliance with the GDPR.
We collect, process, and utilize personal customer and contract data for the establishment, substantive structuring, and modification of our contractual relationships. Personal data pertaining to the use of this website (usage data) is collected, processed, and utilized only to the extent necessary to facilitate the user's access to the service or for billing purposes. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR.
The collected customer data will be deleted upon completion of the order or termination of the business relationship, and after the expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.
We provide the opportunity to submit applications to us (e.g., via email, postal service, or online application form). The following outlines the scope, purpose, and utilization of your personal data collected during the application process. We assure you that the collection, processing, and use of your data adhere to applicable data protection law and all other legal provisions, and that your data will be treated with the utmost confidentiality.
When you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) to the extent necessary for making a decision regarding the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and – if you have provided consent – Art. 6 para. 1 lit. a GDPR. Consent may be revoked at any time. Your personal data will be disclosed within our company exclusively to individuals involved in the processing of your application.
Should the application be successful, the data you have submitted will be stored in our data processing systems based on § 26 BDSG and Art. 6 para. 1 lit. b GDPR, for the purpose of establishing and managing the employment relationship.
Im Rahmen des Bewerbungsverfahrens führen wir unter Umständen auch eine Internetrecherche Ihrer Person durch. Dies umfasst vor allem die Google-Suche, Linkedin und Xing. Rechtsgrundlage für diese Art der Verarbeitung ist unser berechtigtes Interesse uns ein Gesamteindruck von öffentlich zugänglichen Informationen gemäß Art. 6 Abs. 1 lit. f DSGVO über Sie zu verschaffen.
Should we be unable to offer you employment, or if you decline a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the conclusion of the application process (rejection or withdrawal of application), based on our legitimate interests (Art. 6 para. 1 lit. f GDPR). Subsequently, the data will be deleted, and physical application documents will be destroyed. This retention primarily serves as evidence in the event of legal disputes. If it becomes apparent that the data will be required beyond the 6-month period (e.g., due to impending or ongoing legal proceedings), deletion will only occur once the purpose for further retention ceases to exist.
Extended retention may also occur if you have provided corresponding consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations preclude deletion.
Should we not make you a job offer, there may be an option to include you in our applicant pool. If included, all documents and information from your application will be transferred to the applicant pool to contact you regarding suitable vacancies.
Inclusion in the applicant pool is solely based on your explicit consent (Art. 6 para. 1 lit. a GDPR). Providing consent is voluntary and unrelated to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided no statutory retention grounds exist.
Data from the applicant pool will be irrevocably deleted no later than two years after consent is granted.
