The protection of your personal data during the process of elicitation, processing, and utilisation of said data over the course of your visit to our homepage is of utmost importance to us. Your data is safeguarded in accordance with legal regulations. Below, we would like to inform you about the nature and extent to which the processing of personal data via this website, pursuant to Article 13 of the General Data Protection Regulation (GDPR) occurs.
I. Information regarding the relevant bodies
II. Information regarding the Data Protection Supervisor
For questions regarding data protection, please do not hesitate to contact our external representative for operational data protection:
Mr. Arndt Halbach from GINDAT GmbH
Wetterauer Str. 6
Tel.: +49 (0)2191 – 909 – 430
III. Data processing via the website
Your visit to our websites is recorded and logged. Essentially, the following data, which is transmitted via your browser, is recorded:
• the internet protocol (IP) address currently in use by your PC or router
• date and time
• browsertype and version
• the operating system of the PC
• a history of the pages viewed
• name and size of the requested files
• as well as, where appropriate, the URL of the referring website.
This information is collected solely for the purposes of data security, the improvement of our web content, and the fault analysis in accordance with Art 6. (1) f of the GDPR. The IP address of your PC is evaluated only after being anonymized (abbreviated by the last 3 digits). Apart from that, you can visit our website without providing any personal information.
We draw your attention to the fact that the transfer of data in the internet (i.e. by communication via e-mail) may involve gaps in security. It is not possible to protect such data completely from being accessed by third parties. Therefore, you should provide us with confidential information via other means such as i.e. by mail.
The controlling individual responsible for the processing of data collects and processes the personal data of applicants for the purpose of processing the application process. The processing can occur by electronic means. This is the case, if the applicant submits the relevant documents to the controller by electronic means – for example via email, or a web form that is available on the website. If the controller concludes a contract of employment with the applicant, the submitted data will be stored according to the law, for the purpose of processing the employment relationship. However, if no employment contract is concluded between the controller and applicant, the relevant documents will be deleted in accordance with the law and as soon as the position has been filled, provided that the erasure does not conflict any other legitimate interest of the controller. In that sense, a reason for legitimate interest may be the burden of proof in a procedure pursuant to the General Equal Treatment Act (AGG).
Applications can only be processed if they were send to the email address “firstname.lastname@example.org“. If you use any other email registered with our company, our system will unfortunately not be able to recognise your application and thus, it will not be considered. Please keep in mind that email is not a secure medium. However, should your application reach our email server via the above-mentioned email address, we will protect your application through high technical and organisational measures. Nevertheless, we have no influence on your application’s safety during its journey through the public internet and thus, cannot guarantee any level of protection before it reaches our company. Should your sending email server support STARTTLS, our email server will do the same and offer transport encryption through STRATTLS.
Personal data (i.e. your name, address or contact details) that you have provided to us in the course of a request, or in any other way, will be stored and used for correspondence only, as well as for the purpose for which you provided the data for. The processing of this data occurs pursuant to Article 6 (1) a; 6 (1) f of the GDRP.
Secure/safe data transfer
In order to safeguard your data during the transmission process, we utilize state-of-the-art encryption (SSL) via HTTPS.
IV. Recipient of personal data
We may employ service providers by way of order data processing for the implementation and execution of data processing.
Specifically, we employ service providers for sending out newsletters, as well as for the hosting of our website.
The contractual relationship with our service providers is regulated pursuant to the provisions of Article 28 of the GDPR, in which the legally required aspects in regards to data protection and data security are listed.
V. Note regarding the use of Matomo (formerly Piwik)
• Currently, your visit to this particular website is recorded by Matomo web analysis. Click here, if you do not want your visit to be recorded any longer.
This tracking measure is pursuant of Article 6 (1) S.1 lit. f of the GDRP.
VI. Google web fonts
This website uses so-called web fonts provided by Google in order to offer a uniform presentation of fonts. When first accessing a page, all web fonts necessary for the correct display of texts and fonts are loaded into your browser’s cache. Thus, the browser you use must connect to Google’s servers. As a result, Google gains the knowledge that your IP address has accessed our website. The use of Google web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes legitimate interest pursuant to Article 6 (1) lit. f of the GDPR. If your browser does not support web fonts, your computer will use a default font.
Additional information regarding Google web fonts can be found at:
In order to protect your requests via internet form we utilise the service reCAPTCHA by Google Inc. (Google). This query distinguishes between a request being made by a human, or improperly made by automated and mechanical processing. The transmission of the IP address and other data required by Google’s reCAPTCHA service is included in this request. Therefore, your input will be transmitted to, and processed by Google. Nevertheless, Google will shorten your IP addresses within member states of the European Union and countries that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases, will the full IP address be transmitted to Google’s servers in the US, and shortened there. Google will utilise this information on behalf of the operator of this website in order to evaluate your use of this service. The IP address, which was sent by your browser via reCAPTCHA, will not be merged with other data collected by Google.
This service is pursuant to Art. 6 (1) S.1 lit. f of the GDRP.
VIII. Google Maps
This site uses the map service of Google Maps via API. Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US, provides this service.
In order to use the features provided by Google Maps it is necessary to save your IP address. As a rule, this data is transmitted and saved on Google’s servers in the US. The provider of this site has no influence on this data transmission.
In the interest of an attractive presentation of our online offers, Google Maps is utilised to ensure the easy retrievability of the locations indicated on the website. This constitutes legitimate interest pursuant to Article 6 (1) lit. f of the GDPR.
If you disagree with the processing of your data, you may disable the “Google Maps“ service and thus, prevent the transmission of your data to Google. For that purpose, you will have to deactivate the Java script feature in your browser. We would like to point out that in this case you will not be able to use “Google Maps” to its full extent, or at all. Additional information regarding the handling of user data can be found in Google’s privacy notice:
IX. Newsletter data
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter . Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocati
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. This does not affect data that we have stored for other purposes.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving the newsletter (e.g. email address) will be stored on CleverReach’s servers in Germany or Ireland.
Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Here, inter alia It analyzes how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. Further information on data analysis by the CleverReach newsletter is available at: https://www.cleverreach.com/de/funktion/reporting-und-tracking/.
The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
If you do not want an analysis by CleverReach, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the CleverReach servers after you unsubscribe from the newsletter. This does not affect data that we have stored for other purposes.
For more information, see the CleverReach data protection provisions at: https://www.cleverreach.com/de/datenschutz/.
X. Multimedia-Plugin: Spotify
Functions of the music service Spotify are integrated on our website.
The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm in Sweden. You can recognize the Spotify plugins by the notice “Klicken Sie auf den unteren Button, um den Inhalt von open.spotify.com zu laden.” (“Click on the button below to load the content of open.spotify.com.”). You activate the plug-in by confirming with the “Inhalte laden” (“Load content”) button.
You can find an overview of the Spotify plugins at: https://developer.spotify.com.
The use of the plug-in enables a direct connection to be established between your browser and the Spotify server via the plug-in when you visit our website. Spotify receives the information that you have visited our site with your IP address. If you click the Spotify button while you are logged into your Spotify account, you can link the content of our pages to your Spotify profile. This enables Spotify to assign your visit to our website to your user account.
The data processing takes place on the basis of Art. 6 Para. 1 lit.f DSGVO. The website operator has a legitimate interest in the appealing acoustic design of his website.
If you do not want Spotify to be able to assign your visit to our website to your Spotify user account, please log out of your Spotify user account.
Our internet offer utilises so-called cookies. The cookies are small text files, which are downloaded by your browser, and stored by your computer. Cookies are used in order to make the internet offer more user-friendly. For example, it is possible to recognise the user for the duration of a session that way, making it obsolete to re-enter the user name and password constantly. These cookies will not harm your computer and are deleted when you are closing your session. The basis for this part of data processing is Article 6 (1) f of the GDPR.
Some of the cookies we use, will be deleted immediately when you are closing your browser (so-called session cookies).
Other cookies will remain on your device thus, enabling the recognition of your browser during the next visit (persistent cookies).
The processing of data in connection with cookies serves to achieve the desired functionality of our online offers, and is based on the legitimate interest pursuant to Article 6 I f of the GDPR.
XII. Legal rights
In case the prerequisites pursuant to §§ 15-21 of the GDRP apply, you may assert the following rights in regards to the personal data processed by us.
Right of access
You have the right to demand disclosure in regards to your personal data, which is processed by us.
Right of rectification
You may request the rectification of incomplete or incorrectly processed personal data.
Right of erasure
You have the right to demand the erasure of your personal data, especially, if one of the following reasons apply:
• Your personal data is no longer required for the purposes, for which it was collected and otherwise processed.
• You revoke the explicit consent given to the processing of your data.
• You have asserted the right to object to the processing of your data.
• Your data was processed unlawfully.
However, the right to erasure does not exist, if processing is necessary for the purpose of the legitimate interests pursued by the responsible person. This could be the case, if for example:
• Personal data is required in order to assert, exercise, or defend legal claims.
• The erasure is not possible due to storage requirements.
If data cannot be deleted, a right of restriction in regards to data processing can exist (see below).
Right of restriction in regards to data processing
You have the right to demand the limitation of the processing of your personal data, if:
• You deny the accuracy of the data and thus, force us to verify the accuracy.
• The processing is unlawful, you refuse the erasure of your data, and demand the restriction of use instead.
• We no longer need the data, but you need it to assert, exercise, or defend legal claims.
• You objected the processing of your data and ist has not been determined yet whether our legitimate interest outweighs your reasons.
Right of data transmission
You have the right to receive the personal data, which was provided by you and relates to you, in a structured, common, and machine-readable format. Furthermore, you have the right to transfer this data without any hindrance from our side, if the processing is based on consent, or a contract, and can be processed by means of automated procedures.
Right of revocation
The individual involved has the right to object to the processing of personal data relating to him/her – pursuant to Article 6 (1) e or f – at any time due to a particular situation; This also applies to profiling which is based on these provisions. If the processing of your personal data is based on your consent, you have the right of revocation at any time.
XIII. Statutory standard periods for deletion of the data
Provided that a legal retention regulation does not exist, data will be deleted, or destroyed, if it is no longer necessary for the purpose of data processing. There are various time limits regarding the retention period of personal data. This means that data with tax relevance will ordinarily be kept for 10 years, while other data will be kept for 6 years in accordance with the commercial law. Ultimately, the retention period can be based on the statutes of limitations, for instance according to §§ 195 ff. of the Civil Code (BGB), and can ordinarily amount to three years, or in some cases up to thirty years.
XIV. Right of complaint to a supervisory authority
Any person concerned has the right to appeal to a supervisory authority pursuant to Article 77 of the GDRP, if the individual involved considers that the processing of personal data relating to him/her infringes on the GDRP. The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based.
Liability for the contents
As a service provider, we are responsible for the proprietary content on these pages in accordance tot he general law (pursuant § 7 (1) TMG). However, as a service provider, we are not obliged to monitor transmitted and/or stored third party information, or to investigate circumstances that indicate illegal activity (pursuant §8 to §10 TMG). This does not affect obligations to remove, or block the use of information according to the general law. Any liability for damages resulting therefrom applies only after such a time that a concrete knowledge of the legal infringement exists. Upon being notified of legal violations, we will remove the content immediately.
Liability for links
Our offer contains links to external websites of third parties, over whose content we have no influence. Due to this fact, we cannot assume liability for these foreign contents. The content of these linked pages falls under the jurisdiction of the respective provider, or operator. The linked pages were thoroughly checked at the time that the linking occurred. At the time of the linking, the corresponding pages were free of illegal contents. Moreover, a constant and permanent control of a linked page is not possible without concrete evidence of an infringement. Upon being notified of legal violations, we will remove such links immediately.