Privacy Policy
We build digital solutions – so we know exactly how important privacy is. Here, we’ll give you a clear and open explanation of what data we collect, why we do it, and what your rights are.
1. Privacy at a Glance
General Information
The following info gives you a quick overview of what happens to your personal data when you visit our website. Personal data means any data that can be used to identify you. For full details, check out our privacy notice below.
The following info gives you a quick overview of what happens to your personal data when you visit our website. Personal data means any data that can be used to identify you. For full details, check out our privacy notice below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is handled by the website operator. You’ll find their contact details in the “Information About the Responsible Party” section of this privacy notice.
How do we collect your data?
Some data is collected when you provide it to us, for example, by filling out a contact form.
Other data is collected automatically or after your consent when you visit the website. This mainly includes technical data (e.g., browser, operating system, time of page view). This data is collected automatically as soon as you enter our website.
Why do we use your data?
Some data is collected to ensure the website runs smoothly. Other data may be used to analyze your usage behavior.
What rights do you have regarding your data?
You have the right to get free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you’ve given consent to data processing, you can revoke it at any time for the future. In certain cases, you can also request the restriction of processing your personal data. Plus, you have the right to lodge a complaint with the relevant supervisory authority.
If you have questions about privacy or your data, you can always reach out to us.
Analytics Tools and Third-Party Tools
When you visit this website, your browsing behavior may be analyzed statistically, mainly with analytics programs. You’ll find more details about these programs in this privacy notice.
Who is responsible for data collection on this website?
Data processing on this website is handled by the website operator. You’ll find their contact details in the “Information About the Responsible Party” section of this privacy notice.
How do we collect your data?
Some data is collected when you provide it to us, for example, by filling out a contact form.
Other data is collected automatically or after your consent when you visit the website. This mainly includes technical data (e.g., browser, operating system, time of page view). This data is collected automatically as soon as you enter our website.
Why do we use your data?
Some data is collected to ensure the website runs smoothly. Other data may be used to analyze your usage behavior.
What rights do you have regarding your data?
You have the right to get free information at any time about the origin, recipient, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you’ve given consent to data processing, you can revoke it at any time for the future. In certain cases, you can also request the restriction of processing your personal data. Plus, you have the right to lodge a complaint with the relevant supervisory authority.
If you have questions about privacy or your data, you can always reach out to us.
Analytics Tools and Third-Party Tools
When you visit this website, your browsing behavior may be analyzed statistically, mainly with analytics programs. You’ll find more details about these programs in this privacy notice.
2. Hosting
External Hosting
This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via the website.
We use the host to fulfill contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data as necessary to fulfill its obligations and follow our instructions regarding this data.
We use the following host:
PlusServer GmbH
Hohenzollernring 72
50672 Cologne
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
We take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy notice.
When you use this website, various personal data is collected. Personal data is any data that can be used to identify you. This privacy notice explains what data we collect and what we use it for. It also explains how and why we do this.
Please note that data transmission over the internet (e.g., email communication) can have security gaps. Complete protection of data from access by third parties is not possible.
Information About the Responsible Party
The party responsible for data processing on this website is:
dc AG
Von-Linde-Straße 11
95326 Kulmbach
Phone: +49 9221 9652-100
Email: info@dc.ag
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a specific storage period is mentioned in this privacy notice, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate deletion request or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion occurs after these reasons cease to apply.
Data Protection Officer
We have appointed a data protection officer for our company.
ITs Hein GmbH
Kulmbacher Straße 27b
95460 Bad Berneck i. Fichtelgebirge
Phone: +49 9273 501390
Email: info@its-datenschutz.de
Note on Data Transfer to the USA and Other Third Countries
We use tools from companies based in the USA or other countries outside the EU that are not considered safe under data protection law. If these tools are active, your personal data may be transferred to these countries and processed there. Please note that these countries may not guarantee a level of data protection comparable to the EU. For example, US companies are required to hand over personal data to security authorities without you being able to take legal action. So, it’s possible that US authorities (e.g., intelligence services) process, analyze, and store your data on US servers for surveillance purposes. We have no influence over these processing activities.
Revoking Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent at any time. The legality of data processing carried out before the revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY NOTICE. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).
Right to Lodge a Complaint with the Supervisory Authority
If there are violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, place of work, or the place of the alleged violation. This right exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as it is technically feasible.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser bar.
When SSL or TLS encryption is enabled, the data you transmit to us can’t be read by third parties.
Access, Deletion, and Correction
Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. If you have questions about personal data, you can always contact us.
Right to Restrict Processing
You have the right to request the restriction of processing your personal data. You can contact us at any time about this. The right to restrict processing applies in the following cases:
Objection to Promotional Emails
We hereby object to the use of contact data published as part of the legal notice obligation for sending unsolicited advertising and information materials. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
Hubspot CRM
We use Hubspot CRM on this website. Provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only manages and deploys the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and easy integration and management of various tools on their website. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Google Analytics
This website uses features of the Google Analytics web analytics service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used, and user origin. Google may combine this data into a profile assigned to the respective user or their device.
We can also use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to supplement the collected data and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analytics tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information on how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Storage Period
Data stored by Google at the user and event level that is linked to cookies, user IDs, or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. Details can be found here: https://support.google.com/analytics/answer/7667196?hl=de
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Targeted ads can also be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data, for example, by analyzing which search terms led to the display of our ads and how many ads led to corresponding clicks.
The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its services and products.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Remarketing
This website uses Google Analytics Remarketing features. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g., clicks on specific products) to assign you to certain advertising audiences and then display relevant advertising messages to you when you visit other online offerings (remarketing or retargeting).
The advertising audiences created with Google Remarketing can also be linked to Google’s cross-device functions. This allows interest-based, personalized advertising messages that have been customized based on your previous usage and browsing behavior on one device (e.g., cell phone) to be displayed on another of your devices (e.g., tablet or PC).
If you have a Google account, you can opt out of personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its products. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information and the privacy policy, see Google’s privacy policy: https://policies.google.com/technologies/ads?hl=de.
Audience Building with Customer Match
For audience building, we use Google Remarketing’s Customer Match. We transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the relevant customers are Google users and logged into their Google account, they will see relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).
Facebook Pixel
This website uses Facebook’s visitor action pixel for conversion measurement. Provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the website operator; we cannot draw any conclusions about the identity of users. However, Facebook stores and processes the data, so a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy. This allows Facebook to display ads on Facebook pages as well as outside of Facebook. We as the site operator have no influence on this data processing.
The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited to the collection of data and its transfer to Facebook. The processing by Facebook after forwarding is not part of the joint responsibility. The obligations we share have been set out in a joint processing agreement. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Facebook tool and for the privacy-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
For more information on protecting your privacy, see Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
LinkedIn Insight Tag
This website uses the LinkedIn Insight Tag. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data Processing by LinkedIn Insight Tag
With the LinkedIn Insight Tag, we get information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze, among other things, the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and better tailor our site to target audiences. We can also use LinkedIn Insight Tags to measure whether visitors to our websites take a purchase or other action (conversion measurement). Conversion measurement can also take place across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to show visitors to our website targeted advertising outside the website, with LinkedIn stating that no identification of the ad recipient takes place.
LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes. For details, see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Objecting to the Use of LinkedIn Insight Tag
You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Newsletter Data
If you want to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use newsletter service providers described below to handle the newsletter.
YouTube with Enhanced Privacy Mode
This website embeds videos from YouTube. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means YouTube does not store information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by the enhanced privacy mode. So, YouTube connects to the Google DoubleClick network whether you watch a video or not.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube may also store cookies on your device or use similar recognition technologies (e.g., device fingerprinting) after you start a video. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud.
Further data processing operations may be triggered after starting a YouTube video, over which we have no control.
The use of YouTube is in the interest of an attractive presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information about privacy at YouTube, see their privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the Google Maps map service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps features, your IP address must be stored. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. When Google Maps is activated, Google may use Google Web Fonts for uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
The use of Google Maps is in the interest of an attractive presentation of our online offerings and easy location of the places we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how Google handles user data, see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether data entry on this website (e.g., in a contact form) is done by a human or by an automated program. reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information about Google reCAPTCHA, see Google’s privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
Spotify
This website includes features from the music service Spotify. Provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize Spotify plugins by the green logo on this website. An overview of Spotify plugins can be found at: https://developer.spotify.com.
When you visit this website, a direct connection between your browser and the Spotify server can be established via the plugin. Spotify thereby receives the information that you have visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate your visit to this website with your user account.
Please note that when using Spotify, cookies from Google Analytics are used, so your usage data may also be passed on to Google when using Spotify. Google Analytics is a tool from the Google Group for analyzing user behavior with headquarters in the USA. Spotify alone is responsible for this integration. We as the website operator have no influence on this processing.
The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the attractive acoustic design of its website. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information, see Spotify’s privacy policy: https://www.spotify.com/de/legal/privacy-policy/.
If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify user account.
We offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) as far as necessary to decide on establishing an employment relationship. The legal basis is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with people involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.
Retention Period of Data
If we cannot offer you a position, you reject an offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). After that, the data will be deleted and physical application documents destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is clear that the data will be required after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place when the purpose for further retention no longer applies.
Longer retention can also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we do not offer you a position, you may be included in our applicant pool. If you are included, all documents and information from the application will be transferred to the applicant pool so we can contact you in case of suitable vacancies. Inclusion in the applicant pool is based solely on your explicit consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and has no relation to the ongoing application process. You can revoke your consent at any time. In this case, the data from the applicant pool will be permanently deleted, provided there are no legal reasons for retention.
Data from the applicant pool will be permanently deleted no later than two years after consent is given.
We use the host to fulfill contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data as necessary to fulfill its obligations and follow our instructions regarding this data.
We use the following host:
PlusServer GmbH
Hohenzollernring 72
50672 Cologne
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General Information and Mandatory Details
PrivacyWe take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy notice.
When you use this website, various personal data is collected. Personal data is any data that can be used to identify you. This privacy notice explains what data we collect and what we use it for. It also explains how and why we do this.
Please note that data transmission over the internet (e.g., email communication) can have security gaps. Complete protection of data from access by third parties is not possible.
Information About the Responsible Party
The party responsible for data processing on this website is:
dc AG
Von-Linde-Straße 11
95326 Kulmbach
Phone: +49 9221 9652-100
Email: info@dc.ag
The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).
Storage Period
Unless a specific storage period is mentioned in this privacy notice, your personal data will remain with us until the purpose for data processing no longer applies. If you make a legitimate deletion request or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion occurs after these reasons cease to apply.
Data Protection Officer
We have appointed a data protection officer for our company.
ITs Hein GmbH
Kulmbacher Straße 27b
95460 Bad Berneck i. Fichtelgebirge
Phone: +49 9273 501390
Email: info@its-datenschutz.de
Note on Data Transfer to the USA and Other Third Countries
We use tools from companies based in the USA or other countries outside the EU that are not considered safe under data protection law. If these tools are active, your personal data may be transferred to these countries and processed there. Please note that these countries may not guarantee a level of data protection comparable to the EU. For example, US companies are required to hand over personal data to security authorities without you being able to take legal action. So, it’s possible that US authorities (e.g., intelligence services) process, analyze, and store your data on US servers for surveillance purposes. We have no influence over these processing activities.
Revoking Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You can revoke consent at any time. The legality of data processing carried out before the revocation remains unaffected.
Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY NOTICE. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 PARA. 1 GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 PARA. 2 GDPR).
Right to Lodge a Complaint with the Supervisory Authority
If there are violations of the GDPR, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, place of work, or the place of the alleged violation. This right exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done as far as it is technically feasible.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser bar.
When SSL or TLS encryption is enabled, the data you transmit to us can’t be read by third parties.
Access, Deletion, and Correction
Within the framework of applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient, and the purpose of data processing, and, if applicable, a right to correction or deletion of this data. If you have questions about personal data, you can always contact us.
Right to Restrict Processing
You have the right to request the restriction of processing your personal data. You can contact us at any time about this. The right to restrict processing applies in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to check this. For the duration of the review, you have the right to request the restriction of processing your personal data.
- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to request the restriction of processing your personal data instead of deletion.
- If you have objected under Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of processing your personal data.
Objection to Promotional Emails
We hereby object to the use of contact data published as part of the legal notice obligation for sending unsolicited advertising and information materials. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
4. Data Collection on This Website
Cookies
Our websites use “cookies.” Cookies are small text files that do no harm to your device. They are either temporary for the duration of a session (session cookies) or permanently (persistent cookies) stored on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.
Sometimes, cookies from third-party companies may be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g., cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary because certain website functions wouldn’t work without them (e.g., shopping cart or video display). Other cookies are used to analyze user behavior or display advertising.
Cookies required to carry out electronic communication (necessary cookies), to provide certain functions you want (functional cookies, e.g., for the shopping cart), or to optimize the website (e.g., cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to store cookies has been requested, the storage of the relevant cookies is based solely on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
If cookies from third-party companies or for analytics purposes are used, we will inform you separately in this privacy notice and, if necessary, request your consent.
Consent with Usercentrics
This website uses Usercentrics’ consent technology to obtain your consent to store certain cookies on your device or to use certain technologies, and to document this in a privacy-compliant manner. Provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you visit our website, the following personal data is transferred to Usercentrics:
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this, the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested.
The data you send to us via contact inquiries will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
Our websites use “cookies.” Cookies are small text files that do no harm to your device. They are either temporary for the duration of a session (session cookies) or permanently (persistent cookies) stored on your device. Session cookies are automatically deleted after your visit. Persistent cookies remain stored on your device until you delete them or your web browser deletes them automatically.
Sometimes, cookies from third-party companies may be stored on your device when you enter our site (third-party cookies). These allow us or you to use certain services of the third-party company (e.g., cookies for processing payment services).
Cookies have different functions. Many cookies are technically necessary because certain website functions wouldn’t work without them (e.g., shopping cart or video display). Other cookies are used to analyze user behavior or display advertising.
Cookies required to carry out electronic communication (necessary cookies), to provide certain functions you want (functional cookies, e.g., for the shopping cart), or to optimize the website (e.g., cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to store cookies has been requested, the storage of the relevant cookies is based solely on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.
You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
If cookies from third-party companies or for analytics purposes are used, we will inform you separately in this privacy notice and, if necessary, request your consent.
Consent with Usercentrics
This website uses Usercentrics’ consent technology to obtain your consent to store certain cookies on your device or to use certain technologies, and to document this in a privacy-compliant manner. Provider is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you visit our website, the following personal data is transferred to Usercentrics:
- Your consent(s) or withdrawal of your consent(s)
- Your IP address
- Information about your browser
- Information about your device
- Time of your visit to the website
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Hostname of the accessing computer
- Time of the server request
- IP address
The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this, the server log files must be collected.
Contact Form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested.
The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially retention periods – remain unaffected.
Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if requested.
The data you send to us via contact inquiries will remain with us until you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
Hubspot CRM
We use Hubspot CRM on this website. Provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter Hubspot CRM).
Hubspot CRM allows us to manage existing and potential customers and customer contacts. With Hubspot CRM, we can capture, sort, and analyze customer interactions via email, social media, or phone across various channels. The personal data collected can be analyzed and used for communication with potential customers or for marketing activities (e.g., newsletter mailings). Hubspot CRM also enables us to track and analyze the behavior of our contacts on our website.
The use of Hubspot CRM is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in efficient customer management and communication. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, as far as consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
For details, see Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
5. Analytics Tools and Advertising
Google Tag ManagerWe use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only manages and deploys the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and easy integration and management of various tools on their website. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Google Analytics
This website uses features of the Google Analytics web analytics service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used, and user origin. Google may combine this data into a profile assigned to the respective user or their device.
We can also use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to supplement the collected data and employs machine learning technologies in data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about your use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analytics tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser Plugin
You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information on how Google Analytics handles user data, see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Data Processing Agreement
We have a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Storage Period
Data stored by Google at the user and event level that is linked to cookies, user IDs, or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. Details can be found here: https://support.google.com/analytics/answer/7667196?hl=de
Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Targeted ads can also be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data, for example, by analyzing which search terms led to the display of our ads and how many ads led to corresponding clicks.
The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its services and products.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Remarketing
This website uses Google Analytics Remarketing features. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g., clicks on specific products) to assign you to certain advertising audiences and then display relevant advertising messages to you when you visit other online offerings (remarketing or retargeting).
The advertising audiences created with Google Remarketing can also be linked to Google’s cross-device functions. This allows interest-based, personalized advertising messages that have been customized based on your previous usage and browsing behavior on one device (e.g., cell phone) to be displayed on another of your devices (e.g., tablet or PC).
If you have a Google account, you can opt out of personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of its products. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information and the privacy policy, see Google’s privacy policy: https://policies.google.com/technologies/ads?hl=de.
Audience Building with Customer Match
For audience building, we use Google Remarketing’s Customer Match. We transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the relevant customers are Google users and logged into their Google account, they will see relevant advertising messages within the Google network (e.g., on YouTube, Gmail, or in the search engine).
Facebook Pixel
This website uses Facebook’s visitor action pixel for conversion measurement. Provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The data collected is anonymous to us as the website operator; we cannot draw any conclusions about the identity of users. However, Facebook stores and processes the data, so a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy. This allows Facebook to display ads on Facebook pages as well as outside of Facebook. We as the site operator have no influence on this data processing.
The use of Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
If personal data is collected on our website using the tool described here and forwarded to Facebook, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited to the collection of data and its transfer to Facebook. The processing by Facebook after forwarding is not part of the joint responsibility. The obligations we share have been set out in a joint processing agreement. The wording of the agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing privacy information when using the Facebook tool and for the privacy-safe implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.
For more information on protecting your privacy, see Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
LinkedIn Insight Tag
This website uses the LinkedIn Insight Tag. Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Data Processing by LinkedIn Insight Tag
With the LinkedIn Insight Tag, we get information about visitors to our website. If a website visitor is registered with LinkedIn, we can analyze, among other things, the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and better tailor our site to target audiences. We can also use LinkedIn Insight Tags to measure whether visitors to our websites take a purchase or other action (conversion measurement). Conversion measurement can also take place across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to show visitors to our website targeted advertising outside the website, with LinkedIn stating that no identification of the ad recipient takes place.
LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser characteristics, and time of access). IP addresses are truncated or (if used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes. For details, see LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal Basis
The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objecting to the Use of LinkedIn Insight Tag
You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Data Processing Agreement
We have a data processing agreement (DPA) with the provider above. This is a contract required by data privacy law, ensuring that the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
6. Newsletter
If you want to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use newsletter service providers described below to handle the newsletter.
7. Plugins and Tools
YouTube with Enhanced Privacy Mode
This website embeds videos from YouTube. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means YouTube does not store information about visitors to this website before they watch the video. However, data transfer to YouTube partners is not necessarily excluded by the enhanced privacy mode. So, YouTube connects to the Google DoubleClick network whether you watch a video or not.
As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube may also store cookies on your device or use similar recognition technologies (e.g., device fingerprinting) after you start a video. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user experience, and prevent fraud.
Further data processing operations may be triggered after starting a YouTube video, over which we have no control.
The use of YouTube is in the interest of an attractive presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information about privacy at YouTube, see their privacy policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the Google Maps map service. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use Google Maps features, your IP address must be stored. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. When Google Maps is activated, Google may use Google Web Fonts for uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
The use of Google Maps is in the interest of an attractive presentation of our online offerings and easy location of the places we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how Google handles user data, see Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether data entry on this website (e.g., in a contact form) is done by a human or by an automated program. reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information about Google reCAPTCHA, see Google’s privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
Spotify
This website includes features from the music service Spotify. Provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You can recognize Spotify plugins by the green logo on this website. An overview of Spotify plugins can be found at: https://developer.spotify.com.
When you visit this website, a direct connection between your browser and the Spotify server can be established via the plugin. Spotify thereby receives the information that you have visited this website with your IP address. If you click the Spotify button while logged into your Spotify account, you can link the content of this website to your Spotify profile. This allows Spotify to associate your visit to this website with your user account.
Please note that when using Spotify, cookies from Google Analytics are used, so your usage data may also be passed on to Google when using Spotify. Google Analytics is a tool from the Google Group for analyzing user behavior with headquarters in the USA. Spotify alone is responsible for this integration. We as the website operator have no influence on this processing.
The storage and analysis of data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the attractive acoustic design of its website. If consent has been requested (e.g., consent to store cookies), processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.
For more information, see Spotify’s privacy policy: https://www.spotify.com/de/legal/privacy-policy/.
If you do not want Spotify to associate your visit to this website with your Spotify user account, please log out of your Spotify user account.
8. Our Own Services
Handling Applicant DataWe offer you the opportunity to apply to us (e.g., by email, post, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) as far as necessary to decide on establishing an employment relationship. The legal basis is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and – if you have given consent – Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with people involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.
Retention Period of Data
If we cannot offer you a position, you reject an offer, or withdraw your application, we reserve the right to retain the data you submitted based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application). After that, the data will be deleted and physical application documents destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is clear that the data will be required after the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place when the purpose for further retention no longer applies.
Longer retention can also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the Applicant Pool
If we do not offer you a position, you may be included in our applicant pool. If you are included, all documents and information from the application will be transferred to the applicant pool so we can contact you in case of suitable vacancies. Inclusion in the applicant pool is based solely on your explicit consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and has no relation to the ongoing application process. You can revoke your consent at any time. In this case, the data from the applicant pool will be permanently deleted, provided there are no legal reasons for retention.
Data from the applicant pool will be permanently deleted no later than two years after consent is given.