This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and contents connected with it as well as external online presences, such as our Social Media Profile (hereinafter referred to collectively as "online offer"). Regarding to the terms used, e.g. "processing" or "responsible person", we refer to the definitions in Art. 4 of the Basic Data Protection Regulation (DSGVO).
Types of data processed:
- Inventory data (e.g., names, addresses)
- Contact details (e.g., e-mail, telephone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., web pages visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of data subjects
Visitors and users of the online offer (in the following we will refer to the persons concerned collectively as "users").
Purpose of the processing:
- Provision of the online offer, its functions, and contents
- Responding to contact requests and communication with users
- Security measures
- Reach Measurement/Marketing
Relevant legal bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis of our data processing. If the legal basis is not stated in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 Para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 Para. 1 lit. c DSGVO, and the legal basis for processing for the purpose of safeguarding our legitimate interests is Art. 6 Para. 1 lit. f DSGVO. If vital interests of the data subject or another natural person require the processing of personal data, Article 6 paragraph 1 letter d DSGVO serves as the legal basis.
In accordance with Art. 32 DSGVO and considering the state of the art, the implementation costs and the nature, scope, circumstances, and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk. Such measures shall include safeguarding the confidentiality, integrity, and availability of data by controlling physical access to data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. Furthermore, we have established procedures to ensure that data subjects' rights are exercised, data is deleted, and we respond to any threats to the data. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through the design of technology and through data protection-friendly default settings (Art. 25 DSGVO).
Rights of data subjects
You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information about this data and to receive further information and a copy of the data in accordance with Art. 15 DSGVO. You have the right to request the completion of data concerning you or the correction of incorrect data concerning you, in accordance with art. 16 of the DPA. In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted immediately, or alternatively, in accordance with Art. 18 DSGVO, to demand that the processing of the data be restricted. You have the right to demand that the data concerning you which you have made available to us be received in accordance with Art. 20 DSGVO and to demand that it be passed on to other responsible parties. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 DSGVO.
Right of withdrawal
You have the right to revoke consents granted in accordance with Art. 7 Para. 3 DSGVO with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 DSGVO. The objection may be made against processing for the purposes of direct advertising.
Deletion of data
The data processed by us will be deleted or restricted in their processing in accordance with articles 17 and 18 DSGVO. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory storage obligations. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, the storage is for 10 years according to §§ 147 para. 1 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, trading books, documents relevant for taxation, etc.) and 6 years according to § 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters). We process inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, duration), payment data (e.g., bank details, payment history), usage and meta data (e.g., in the context of the evaluation and performance measurement of marketing measures). As a matter of principle, we do not process special categories of personal data, unless they are part of a commissioned processing. Those affected include our customers, interested parties and their customers, users, website visitors or employees as well as third parties. The purpose of processing is to provide contractual services, billing, and our customer service. The legal basis of the processing is derived from Art. 6 para. 1 lit. b DSGVO (contractual services), Art. 6 para. 1 lit. f DSGVO (analysis, statistics, optimisation, security measures).
We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their disclosure. Disclosure to external parties is only made if it is necessary within the scope of an order. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 DSGVO and do not process the data for any other purposes than those specified in the order.
We delete the data after the expiry of legal warranty and comparable obligations. The necessity of keeping the data is reviewed every three years; in the case of legal archiving obligations, the deletion is carried out after the expiry of these obligations (6 years, according to § 257 para. 1 HGB, 10 years, according to § 147 para. 1 AO). In the case of data that has been disclosed to us by the client in the context of an order, we delete the data in accordance with the requirements of the order, in principle after the end of the order.
Administration, financial accounting, office organization, contact management
We process data within the framework of administrative tasks as well as the organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process within the scope of providing our contractual services. The basis for processing is Art. 6 Par. 1 lit. c. DSGVO, Art. 6 para. 1 lit. f. DSGVO. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks which serve to maintain our business activities, perform our tasks, and provide our services. The deletion of the data regarding contractual services and contractual communication corresponds to the data mentioned in these processing activities. We disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee agencies and payment service providers. Furthermore, we store information on suppliers, event organisers and other business partners based on our business interests, e.g. for the purpose of contacting them later. We store these mostly company-related data permanently.
To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
Collection of access data and log files
Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited site), IP address and the requesting provider.
For security reasons (e.g. to clarify misuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
We reserve the right to adapt this data protection declaration so that it always meets the current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.
Questions to the Data Protection Officer
If you have any questions regarding data protection, please send us an e-mail or contact the person responsible for data protection in our organization directly:
Alt Moabit 90 B
Data protection information in the application procedure
We process the applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. The applicant data is processed for the purpose of fulfilling our (pre-)contractual obligations within the framework of the application procedure in accordance with Art. 6 Para. 1 lit. b. DSGVO Art. 6 para. 1 lit. f. DSGVO if the data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany, § 26 BDSG applies additionally).
The application procedure requires that applicants provide us with their application data. The necessary applicant data, marked in the online form, otherwise results from the job descriptions, and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.
By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope described in this data protection declaration. Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO are voluntarily communicated as part of the application procedure, their processing is also carried out in accordance with Art. 9 Para. 2 letter b DSGVO (e.g. health data, such as severely disabled status or ethnic origin).
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 letter a DSGVO (e.g. health data if this is necessary for the exercise of the profession).
If provided, applicants can send us their applications using an online form on our website. The data will be transferred to us according to the state of the art.
Applicants can also send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not assume any responsibility for the transmission path of the application between the sender and receipt on our server. In addition to the application via the online form and e-mail, applicants can still send us their application by post.
The data provided by the applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. The retention period in the direct application procedure is usually six months.
Subject to a justified revocation by the applicants, the deletion will take place after the expiry of a period of six months in the direct application procedure, so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.
In an indirect application procedure via personnel consultants and recruiters, the retention period is extended by the time stipulated in the contract to avoid mediation conflicts or contractual penalties between several parties (double mediation). After these periods have expired, the corresponding data is routinely deleted if it is no longer required for the fulfilment of the contract. The applicant will be informed about the deletion.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the user's details are processed for the purpose of handling the contact request and its processing in accordance with Art. 6 Para. 1 lit. b) DSGVO. The user's details may be stored in a customer relationship management system ("CRM system") or comparable enquiry organisation. We delete the enquiries if they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.
Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal user data. Regarding the processing of users' personal data, we refer to the following information on Google services. Usage guidelines: www.google.com/intl/de/tagmanager/use-policy.html
Data collection through use of Google Analytics This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). The use is based on Art. 6 para. 1 sentence 1 lit. f. DSGVO. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website such as
- Browser type/version,
- The operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of the server request,
are usually transferred to a Google server in the USA and stored there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google. We have also added the code "anonymizeIP" to Google Analytics on this website. This guarantees the masking of your IP address so that all data is collected anonymously. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide further services to the website operator in connection with website and internet use.
Social media online presence
We maintain online presences within social networks and platforms to be able to communicate with the customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within social networks and platforms, e.g. write articles on our online presences or send us messages.
Use of Facebook Social Plugins
Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The Plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white "f" on blue tile, the words "Like", "Like" or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook Social Plugins can be viewed here: developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
When a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated into the online offering by the user. User profiles can be created from the processed data. We therefore have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform the users according to our state of knowledge.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. When users interact with the plugins, for example, by pressing the Like button or posting a comment, the corresponding information is transmitted directly from your device to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his or her IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.