We are pleased about your visit to our website. In the following, we would like to inform you about the handling of your data according to Art. 13 of the German Data Protection Regulation (GDPR).
2. Body responsible
Responsible for the data processing presented below is the body named in the imprint.
3. Usage Data
When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our web pages. This data record consists of
- the name and address of the requested content,
- the date and time of the request,
- the amount of data transferred
- the access status (content transferred, content not found),
- the description of the web browser and operating system used,
- the referral link, which indicates the page from which you came to ours,
- the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.
The aforementioned log data is only evaluated anonymously.
4. Data security
In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption process on our websites. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.
5.1. Required Cookies
Cookies are small text files that are stored on your device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We do not use these required cookies for analysis, tracking or advertising purposes.
In part, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user guidance, security and implementation of the site.
We use these cookies on the basis of Art. 6 para. 1 p. 1 lit. f GDPR.
5.2. More than required cookies.
When you enter our website, we inform you about the types of cookies we use and give you the option to agree or not to individual types of cookies. We do not load non-essential cookies until you have consented to their use by type.
Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent within the meaning of Art. 6 (1) p. 1 lit. a DSGVO to store certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).
When you access our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the Borlabs cookie provider.
The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
We share your data with service providers who support us in the operation of our websites and related processes as part of order processing pursuant to Art. 28 GDPR. These are, for example, hosting service providers. Our service providers are strictly bound by instructions to us and are contractually obligated accordingly.
7. Google Analytics
We use the web analysis tool “Google Analytics” to design our websites in line with requirements. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your terminal device and read by us. In this way, we are able to recognize returning visitors and count them as such.
In the context of Google Analytics, we are supported by Google Ireland Limited and Google LLC. (USA) as processors according to Art. 28 GDPR. The data processing may therefore also take place outside the EU or the EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or having legal recourse. Please keep this in mind if you decide to give your consent to our use of Google Analytics.
The data processing is based on your consent according to Art. 6 para. 1 p. 1 lit. a GDPR or § 15 para. 3 p. 1 TMG, if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a GDPR.
You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
8. Newsletter registration and mailing
You can order a newsletter on our website. Please note that we need certain data (at least your e-mail address) to subscribe to the newsletter.
The newsletter will only be sent if you have given us your express consent pursuant to Art. 6 (1) p. 1 lit. a GDPR. After placing an order on our websites, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent, for example, by clicking on the unsubscribe link in every newsletter.
As part of the newsletter registration, we store additional data beyond the data already mentioned, insofar as this is necessary for us to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 para. 1 p. 1 lit. f GDPR and is done in the interest of being able to account for the legality of the newsletter dispatch.
We use the following service provider to send our newsletter:
We have concluded an order processing agreement with SendinBlue in accordance with the requirements of Art. 28 GDPR, in which we oblige SendinBlue to protect our customers’ data and not to pass it on to third parties.
9. Map services
On our websites, we embed map services that are not stored on our servers. To ensure that calling up our web pages with embedded map services does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.
Only after a click on the preview image, the content of the third-party provider is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the technically necessary usage data in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider.
The embedding is based on your consent according to Art. 6 para. 1 p. 1 lit. a GDPR or § 15 para. 3 p. 1 TMG, provided that you have previously given your consent by clicking on the preview image.
Please note that the embedding of some map services may result in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and monitoring purposes without informing you or allowing you to seek redress. If we use providers in unsafe third countries and you consent, the transfer to an unsafe third country will be based on Art. 49 (1) lit. a GDPR.
10. Embedded videos
On our websites, we embed videos that are not stored on our servers. To ensure that calling up our web pages with embedded videos does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the videos in a first step. This does not provide the third-party provider with any information.
Only after a click on the preview image, the content of the third-party provider is reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to reload content from the third-party provider. Alternatively, you also have the option to give your consent to the automatic loading of the video content via our consent management tool.
The embedding is based on your consent pursuant to Art. 6 (1) p. 1 lit. a GDPR, provided that you have given your consent by clicking on the preview image or via our consent management tool. Please note that the embedding of many videos leads to your data being processed outside the EU or EEA. In some countries, this poses the risk that authorities may access the data for security and monitoring purposes without informing you or allowing you to seek redress. If we use providers in unsafe third countries and you consent, the transfer to an unsafe third country will be based on Art. 49 (1) lit. a GDPR.
On our pages we embed videos from the following providers:
You have the option of applying for the positions we advertise using the e-mail address provided or our application portal.
For your registration in the application portal, we first need the following information:
- First and last name
- E-Mail address
The legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR. In principle, we store this information for the duration of the use of the application portal. Your registration details will be deleted after six months of inactivity of your profile or if your application is unsuccessful.
In order to consider your application, at least the following information is required:
- Name and address
- E-mail address
- Cover Letter
- Curriculum Vitae
- Certificates and qualifications
These are also marked as mandatory fields in our application portal. We process this information exclusively for the purpose of selecting applicants in accordance with Section 26 (1) BDSG. Data processing for other purposes does not take place.
In addition, you can decide for yourself whether you would like to provide us with further information, such as your telephone number, your leisure interests, a personal picture, etc., for a better assessment of your application or for simplified communication. This information is provided voluntarily and is not mandatory for the application. In our application portal, these fields are marked as voluntary accordingly. We will then process your voluntary information on the basis of your consent pursuant to Art. 6 (1) sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. To do so, please contact the office named in the imprint.
Your information will be treated strictly confidentially. If your application is unsuccessful, your documents will be deleted no later than six months after the rejection notice is sent. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f GDPR in the legitimate interest of defending any legal claims.
In the event that your application is also to be considered for other or future job advertisements, this will only be done on the basis of your consent. We will then process your data on the basis of Art. 6 (1) p. 1 lit. a GDPR and delete your application after two years. You can revoke your consent at any time with effect for the future. Please send your revocation to the office mentioned in the imprint.
12. Storage period
Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legal retention obligations prevent deletion.
13. Your rights as an affected person
When processing your personal data, the GDPR grants you certain rights as a data subject:
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR.
Right to rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data without delay.
Right to deletion (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.
Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the review by the controller.
Right to data portability (Art. 20 GDPR)
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
Right of withdrawal (Art. 7 GDPR)
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
Right of objection (Art. 21 GDPR)
If data is collected on the basis of Art. 6 (1) p. 1 lit. f GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) p. 1 lit. e GDPR (data processing for the protection of public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Right of appeal to a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data relating to you violates data protection provisions. The right of complaint may be asserted in particular before a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.
Enforcement of your rights
Unless otherwise described above, please contact the office mentioned in the imprint to assert your data protection rights.
Contact details of the data privacy officer
Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:
If you contact our data protection officer, please also indicate the responsible office in the imprint.