It is generally possible to use our websites without providing any personal data. However, if a data subject wishes to use particular services provided by our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the data subject’s consent.
We treat your personal data, for example your name, address, e-mail address or telephone number, confidentially and in accordance with the statutory General Data Protection Regulation and country-specific data protection regulations that apply to us.
1. Who is responsible for data processing on this website?
are the controller for the collection, processing and storage of your personal data in accordance with the General Data Protection Regulation. We have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as thoroughly as possible. Nevertheless, there is the generally possibility of there being security gaps in web-based data transmission, meaning absolute protection cannot be guaranteed. For this reason, each data subject is free to also send personal data to us via alternative means, for example by telephone.
2. Who can you contact if you have questions about data processing?
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Controller or controller responsible for the processing
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
i) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
4. External hosting
This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the hoster’s servers. This may particularly include your IP addresses (anonymised), contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
The hoster is used for the purpose of fulfilling a contract with our potential and existing customers (Article 6  [b] of the GDPR) and in the interest of providing our online offering securely, quickly and efficiently via a professional provider (Article 6  [f] of the GDPR).
Our hoster will only process your data to the extent required to fulfil its performance obligations and follow our instructions with regard to this data. We have a contract for processing in place with our hoster in order to guarantee processing in a way that complies with data protection.
5. Data collection on this website
The web pages partly use ‘cookies’. Cookies are not harmful for your computer and do not contain viruses. By using cookies, we can provide users of this website with more user-friendly services that would otherwise be impossible. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain on your end device until you delete them. These cookies allow us to recognise your browser on your next visit.
You can change your browser settings so that you are notified when cookies are used and so that only allow cookies in specific cases, do not accept cookies for certain cases or in general and enable the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be restricted.
Cookies which are required for the electronic communication process or to provide certain functions you have requested (e.g. shopping basket function), are stored on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in saving cookies to provide its services in a way that is free from technical errors and functions optimally. If corresponding consent has been requested (e.g. consent to saving cookies), processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR. Consent can be revoked at any time.
b) Cookie consent with Borlabs cookie
Our website uses cookie consent technology from Borlabs – Benjamin A. Bornschein to obtain your consent to saving certain cookies in your browser and to document these in accordance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter ‘Borlabs’).
When you access our website, a Borlabs cookie is saved in your browser, which saves any consent you have given or the withdrawal of such consent. This data is not shared with the provider of Borlabs.
The data collected will be stored until you request that we erase it or until you delete the Borlabs cookie yourself or until the purpose for which the data is stored no longer applies. Mandatory statutory retention periods remain unaffected. Details relating to data processing by Borlabs can be found here.
c) Server log files
The provider of the sites automatically collects and stores information in ‘server log files’, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP adress
This data is not merged with other data sources.
This data is collected on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in presenting and optimising its website in a way that is free from technical errors. For this purpose, server log files must be collected.
Server log files are currently stored for a maximum of 2 months and are then erased. The data is stored for security reasons in order to trace and prevent unauthorised access to the web server and improper use of the web pages and to secure our information technology systems.
d) Contact details
Based on legal regulations, our website contains information that allows you to get in touch our company quickly and electronically and to directly communicate with us, which also includes a general address for ‘electronic mail’ (e-mail address).
If you contact us by e-mail or telephone, the personal data you provide (e.g. name, e-mail address, etc.) will be stored and processed by us for the purpose of processing your request. Your data will not be shared without your consent.
This data is processed on the basis of Article 6 (1) (b) of the GDPR, provided that your enquiry relates to the fulfilment of a contract or is required to implement pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of any enquiries sent to us (Article 6  [f] of the GDPR) or your consent (Article 6  [f] of the GDPR), provided that this consent has been requested.
We will keep any data you have transmitted to us until you request that we erase it, until you withdraw your consent to storage or until the purpose for which the data was stored ceases to apply (e.g. after you enquiry has been processed). Mandatory legal provisions – with particular reference to retention periods – remain unaffected.
e) Application via web form from Microsoft Forms
We have expanded our use of Microsoft 365, and in particular Microsoft Forms, in order to achieve a smooth and productive collaboration with employees and customers.
If you are using our web form for the application process, we will collect personal data via Microsoft Forms. This includes, in particular, your contact details such as your first and last name, telephone number and e-mail address.
We cannot guarantee that in particular case in addition to the data collected with the web form, further personal data may be transmitted to Microsoft and processed there, the processing of which we have not commissioned, such as the applicant’s IP address and location data. Further information on the processing of personal data by Microsoft can be found at https://privacy.microsoft.com/en-us/privacystatement.
6. Note on data transfer to the USA
Among other things, our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of these companies. We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obliged to release personal data to security authorities without you as the affected party being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
7. Obligation to provide personal data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also arise from contractual regulations (e.g. information about the contractual partner).
Sometimes, to conclude a contract, it may be necessary for a data subject to provide us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them.
Failure to provide personal data would make it impossible to conclude the contract with the data subject.
8. Data protection for applications and the application process
If a data subject sends us an application, we process the associated personal data (e.g. contact and communication details, application documents, etc.) to the extent required to make a decision with respect to establishing an employment relationship. The legal basis for this is Section 26 of the new Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) under German law (initiation of an employment relationship), Article 6 (1) (b) of the GDPR (general initiation of contracts) and, if consent has been given, Article 6 (1) (a) of the GDPR. Consent can be withdrawn at any time. Within our company, personal data will only be shared with persons who are involved in processing the application.
If the application is successful, the submitted data will be stored in our data processing systems on the basis of Section 26 of the New Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Article 6 (1) (b) of the GDPR for the purpose of the employment relationship.
We use Microsoft 365 and Microsoft Teams to conduct our usual office communications and for online meetings and/or video conferencing, including virtual interviews with potential employees. Microsoft 365 and Microsoft Teams are a service of Microsoft Ireland Operations, Ltd.
When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in the ‘online meeting’. The following personal data are subject of the processing: user details such as display name, e-mail address, profile picture (optional), preferred language, meeting metadata: e.g. date, time, meeting ID, phone number, location, text, audio and video data. You may have the option to use the chat function in an online meeting. In this case, the text entries you make are processed in order to display them in the online meeting.
In order to enable the display of video and the playback of audio, data from the microphone of your end device and from a video camera of the end device are processed during the meeting. You can turn off or mute the camera or microphone by yourself at any time via the Microsoft Teams apps.
If we are unable to make the data subject a job offer, or if the data subject rejects the job offer or withdraws the application, we reserve the right to retain the submitted data for up to 3 months from the end of the application procedure (rejection or withdrawal of the application) on the basis of our legitimate interests (Article 6  [f] of the GDPR). The data is then erased and the physical application documents destroyed. Storage particularly serves as evidence in the event of a legal dispute. If it is clear that the data will be required after the 3-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be erased once the purpose for further storage ceases to apply.
A longer storage period of up to 6 months may also apply if the data subject has given their consent (Article 6  [a] of the GDPR) or if legal retention requirements prevent erasure.
9. SSL or TLS encryption
This website uses SSL and TLS encryption for security reasons and in order to protect confidential content, such as enquiries sent to us as the site operator. You can tell that the connection is encrypted if the browser address changes from ‘http://’ to ‘https://’ and a padlock symbol is shown in the browser’s address bar.
If the SSL or TLS encryption is enabled, the data that you transmit to us cannot be read by third parties.
10. Use of Google Analytics
Provided that you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses ‘cookies’. As described above, cookies are text files that are saved on your computer and allow your use of the website to be analysed. Information collected by the cookie about your use of this website is generally sent to a Google server in the USA and saved there.
Google Analytics cookies are saved and this analysis tool used on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise its website and advertising. If corresponding consent has been requested (e.g. consent to saving cookies), processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR. Consent can be revoked at any time.
We have enabled the IP anonymisation function on this website. This means that your IP address is truncated by Google within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is sent to the USA. A full IP address is only sent to a Google server in the USA and truncated there in exceptional cases. By order of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports about website activities and to provide other services to the website operator that relate to website and internet use. The IP address sent from your browser as part of Google Analytics will not be merged with other Google data.
You can prevent cookies from being saved by changing your browser settings. Please note that in this case, you may be unable to use all of this website’s functions properly. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing the browser plug-in available via the following link.
We have concluded a contract with Google for processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Data stored by Google at a user and event level that is linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or erased after 14 months. Details can be found here.
11. Google Web Fonts
This page uses ‘web fonts’, which are provided by Google, to uniformly display fonts. Google Fonts are installed locally. No connection is established with Google servers.
12. External linking
a) Links to other websites
Our website contains links to external websites of third parties and we have no influence on their content. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the websites is always responsible for the contents of the linked websites. After clicking on the integrated text/image link, you will be redirected to the website of the respective provider. User information is only transmitted to the respective provider after it has been forwarded.
Please note the privacy policies of third parties to whose websites the links lead.
b) Social media links
Our website contains links to our online presence on Facebook and XING. These links are not social plugins. (Social plugins are buttons that allow the operator providing the corresponding site to collect information about the users of our website as soon as they access our website).
However, please note that when accessing this other website, information (which may include personal data) about your visit may be collected by the operator of this site.
c) Google Maps
We have included a button on our website with a link to Google Maps so that you can better determine our location on a map. We have marked this link with a ‘location icon’.
Please note that after clicking the integrated icon link you will be redirected to the website of the other provider (Google), whereby user information is transmitted to this provider.
13. Objection to advertising e-mails
We hereby expressly prohibit the use of contact details, published as part of our legal notice obligation, to send unsolicited advertisements and informational material. The site operator expressly reserves the right to take legal action in the case of unsolicited advertising, e.g. through spam e-mails.
14. What are your rights?
a) Right of access, right to rectification and erasure
Within the scope of applicable legal provisions, you have the right to request information about the personal data stored about you, its origin and the recipient and purposes of data processing at any time for free, in accordance with Article 15 of the GDPR.
You also have the right to have any of your personal data, which is incorrectly stored, rectified, in accordance with Article 16 of the GDPR.
In accordance with Article 17 of the GDPR, you also have the right to request that your data is erased, provided your request does not conflict with a legal obligation to retain data (e.g. data retention). Data we store will be erased if it is no longer required for its intended purpose and if there are no legal retention periods. If data cannot be erased because it is required for permissible legal purposes, data processing will be restricted. In this case, the data will be suppressed and not processed for other purposes.
If you wish to obtain access to, or rectification, erasure or suppression of personal data stored that concerns you, or if you have questions regarding the collection, processing or use of your personal data, or if you wish to withdraw your consent, please contact our data protection officer.
b) Right to restrict processing
In accordance with Article 18 of the GDPR, you have the right to request that the processing of your personal data is restricted. To do so, you can contact the controller of this website at any time. You have the right to restrict processing in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the period of review, you have the right to request that the processing of your personal data is restricted.
- If the processing of your personal data was/is unlawful, you can request restriction of data processing instead of erasure.
- If we no longer need your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request that we restrict the processing of your personal data instead of erasing it.
- If you have lodged an objection under Article 21 (1) of the GDPR, there must be a balance between your interests and ours. You have the right to request that the processing of your personal data is restricted for as long as the overriding interests are unclear.
If you have restricted the processing of your personal data, such data – with the exception of the storage of such data – may only be processed with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
c) Right to data portability
In accordance with Article 20 of the GDPR, you have the right to have personal data, which we process automatically on the basis of your consent or to fulfil a contract, made available to you or to a third party in a commonly used, machine-readable format. If you have requested that the data is directly transferred to another controller, this is only done if it is technically feasible.
d) Right to object
If the personal data relating to you is processed for direct marketing, you have the right to object to the processing of the personal data relating to you for such marketing at any time. This also applies to profiling if it relates to such direct marketing. If you exercise your right of objection, your personal data will no longer be used for the purpose of direct marketing. We consider writing to potential applicants who have given us their consent to do so (e.g. for new job offers) to be direct marketing.
e) Right to withdraw your consent to data processing
Many data processing operations are only possible with your express consent. You have the right to withdraw any consent you have already given us at any time in accordance with Article 7 (3) of the GDPR. All you need to do is send an informal e-mail message to the controller of this website. The legality of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.
f) Right to lodge a complaint
If the GDPR is violated, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. You can contact the data protection supervisory authority responsible for your place of residence or your federal state at any time.