Data protection declaration

Data protection declaration

We are very pleased that you are interested in our company.

Data protection is of particular importance to the management of the brandgroup. It is generally possible to use our website without providing personal information. However, if the data subject wishes to use our company's special services via our website, it may be necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, for example the name, address, e-mail address or telephone number of the data subject, is always done in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to the brandgroup. With this data protection declaration, our company's intention is to inform the public about the type, scope and purpose of the personal data that we collect, use and process Furthermore, this data protection declaration informs the data subjects about their rights.

As the controller, the brandgroup has implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, internet-based data transfers can generally have security vulnerabilities, which means that absolute protection cannot be guaranteed. For this reason, all data subjects are free to send personal data to us in alternative ways, for example by telephone.

I. Definitions of terms

The brandgroup's data protection declaration is based on the terminology used by the European guidelines and regulators when the General Data Protection Regulation (GDPR) was adopted. Our data protection declaration is intended to be easy to read and understand both for the general public and for our customers and business partners. To ensure this, we would first like to explain to you the terms used.

The following terms (among others) are used in this data protection declaration:

1. Personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). An identifiable person is a natural person who can be identified either directly or indirectly and in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics, that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

2. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

3. Processing

Processing is any operation or series of operations carried out either with or without the help of automated processes in connection with personal data, such as collection, acquisition, organization, sorting, storage, adaptation or modification, reading, querying, use, disclosure by transfer, dissemination or other form of provision, comparison or linking, restriction, deletion or destruction.

4. Restriction of processing

Restriction of processing is the marking of saved personal data for the purpose of restricting its future processing.

5. Profiling

Profiling is any type of automated processing of personal data that involves using this personal data to evaluate certain personal aspects that relate to a natural person, in particular for the purpose of predicting aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.

6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subjected to technical and organisational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.

7. Controller

The controller is the natural or legal person, public authority, agency or other body that, either alone or together with others, decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the controller or the specific criteria for naming the controller can be provided according to Union law or the law of the member states.

8. Processor

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

9. Recipient

The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may possibly receive personal data as part of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.

10. Third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or processor.

 

11. Consent

Consent is any informed and unequivocal expression of will voluntarily given by the data subject for the case in question in the form of a declaration or other clear confirmatory act, with which the data subject indicates that they consent to the processing of their personal data.

12. Main establishment

a) In the case of a controller with establishments in more than one member state, the main establishment is the place of its central administration within the Union, unless the decisions regarding the purposes and means of processing personal data are taken in another of the controller's establishments within the Union and this latter establishment is authorised to have such decisions implemented. In these cases the establishment making these decisions is considered the main establishment.

b) In the case of a processor with establishments in more than one member state, the main establishment is the place of its central administration within the Union or, if the processor has no central administration in the Union, the processor's establishment within the Union where the main processing activities in the context of the activities of an establishment of the processor take place insofar as the processor has specific obligations under this regulation.

13. Enterprise

Irrespective of its legal form, an enterprise is a natural or legal person engaged in an economic activity, including partnerships or associations regularly engaged in an economic activity.

14. Group of undertakings

A group of undertakings means a controlling undertaking and its controlled undertakings.

15. Supervisory authority

A supervisory authority is an independent public authority established by a member state pursuant to Article 51 of the GDPR.

II. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Brand KG

Personally liable partner Schroer & Brand OHG

represented by the Managing Directors Sven Schroer and Björn Schroer


Völlinghauser Str. 44

59609 Anröchte, Germany

Phone.:                +49 (0) 2947 889-0

E-mail:             contact@brand-group.com

Website:          www.brand-group.com

III. Name and address of the data protection officer

The controller's data protection officer is:

Thomas Ollech, Brand KG

Völlinghauser Straße 44

59609 Anröchte, Germany

Phone:             +49 (0) 2947 889-166

Fax:                 +49 (0) 2947 889-44166

E-mail:            dataprotection@brand-group.com

Website:          www.brand-group.com

IV. General information on data processing

1. Scope of the processing of personal data

We generally only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. In almost all cases, our users' personal data is processed only with the user's consent. An exception applies to cases in which prior consent cannot be obtained for practical reasons and processing of the data is permitted by law.

2. Legal basis for processing personal data

Art. 6 Para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis insofar as we obtain the data subject's consent for the processing of personal data.

Art. 6 Para. 1 lit. b of the GDPR serves as the legal basis when processing personal data that is necessary for the performance of a contract to which the data subject is a party. This also applies to processing actions that are necessary to carry out pre-contractual measures.

Art. 6 Para. 1 lit. c of the GDPR serves as the legal basis insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject.

Art. 6 Para. 1 lit. d of the GDPR serves as the legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data.

Art. 6 (1) lit. f of the GDPR serves as the legal basis for processing if processing is necessary in order to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest.

3. Data deletion and duration of storage

The data subject's personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage is also possible if this has been provided for by European or national legislation in EU regulations, laws or other regulations to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for continued storage of the data in order to conclude or fulfil a contract.

V. Provision of the website and creation of log files

1. Description and scope of the data processing

Every time our web site is accessed, our system automatically acquires data and information from the accessing computer's system.

The following data is acquired here:

  1. Information about the browser type and the version used
  2. The user's operating system
  3. The user's Internet service provider
  4. The user's IP address
  5. Date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites that are called up by the user's system via our website

The data is also saved in the log files of our system. This data is not saved together with other personal data of the user.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and log files is Art. 6 Para. 1 lit. f GDPR.

3. Data processing purpose

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. This requires the user's IP address to remain stored for the duration of the session.

The saving in log files ensures the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f of the GDPR also lies in these purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. As far as data collection for the provision of the website is concerned, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the users' IP addresses are deleted or scrambled so that it is no longer possible to assign the calling client.

5. Objection and removal option

The collection of the data for the provision of the website and storage of the data in log files are essential for the operation of the website. Consequently, there is no possibility for the user to object.

IV. Use of cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. This means that a cookie can be stored on the user's operating system if a user calls up a website. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is called up again.

We use cookies in order to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a site change.

The following data is saved and transferred in the cookies:

Language settings

We also use cookies on our website that enable an analysis of users' surfing behaviour.

The following data can be transferred in this way:

  • Search terms entered
  • Frequency of site visits
  • Using website functions

When our website is visited, users are informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, there is also a reference to this data protection declaration.

2. Legal basis for the data processing

Art. 6 Para. 1 lit. f of the GDPR is the legal basis for the processing of personal data using technically necessary cookies.

With the user's relevant consent, Art. 6 Para. 1 lit. a of the GDPR is the legal basis for the processing of personal data using cookies for analysis purposes.

3. Data processing purpose

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary for the browser to be recognised even after a page change.

The user data collected via technically necessary cookies is not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and this in turn enables us to continuously optimise what we offer.

Our legitimate interest in processing personal data in accordance with Art. 6 Para. 1 lit. f of the GDPR also lies in these purposes.

4. Duration of storage, objection and removal option

Cookies are stored on the user's computer and are transmitted from there to our website. This means that as the user, you also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it might not be possible to use all of its functions to their full extent.

The transfer of flash cookies cannot be prevented via the browser settings, but it can be prevented by changing the settings of the flash player.

VII. Contact form and e-mail contact

1. Description and scope of the data processing

There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be sent to us and saved. This data is:

  • Title
  • Name, first name
  • Organisation / company
  • Street, house number
  • Postal/ZIP code, town/city
  • Phone number
  • E-mail address
  • Your message to us

The data relating to the first name, last name and e-mail address is mandatory.

When the message is sent, the following data is also stored:

  • The user's IP address
  • Date and time of registration

For processing the data, your consent is obtained as part of the sending procedure and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data sent with the e-mail will be saved.

In this context, the data is not passed on to third parties. The data is only used to process the conversation.

 

2. Legal basis for the data processing

With the user's consent, Art. 6 Para. 1 lit. a of the GDPR is the legal basis for processing the data.

Art. 6 Para. 1 lit. f of the GDPR is the legal basis for the processing of data transferred in the course of sending an e-mail. If the aim of the e-mail contact is to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 lit. b of the GDPR.

3. Data processing purpose

The processing of personal data from the input mask serves us only to process the contact. If you contact us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and the data that was sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Objection and removal option

The user has the possibility to revoke his/her consent to the processing of personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of their personal data at any time. The conversation cannot be continued in such an instance.

To revoke consent and to object to storage, the user must send a declaration to the above-mentioned controller via one of the communication channels provided by the controller.

In this case, all personal data saved during the course of contact with us will be deleted.

VIII. Web analysis through Google Analytics

1. Scope of the processing of personal data

To analyse the surfing behaviour of our users, we use Google Analytics on our website. This is a web analysis service from Google Inc. ("Google"). The software places a cookie on the user's computer (for information on cookies, see above).

The information generated by the cookie about your use of this website is normally sent to and stored on a Google server in the United States. If IP anonymisation is activated on this website, your IP address will be truncated by Google prior to transmission within member states of the European Union or other parties to the agreement on the European Economic Area. The full IP address will be sent to and stored on a Google server in the USA in truncated form only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services related to website and internet use to the website operator.

Google will not correlate the IP address obtained from your browser by Google Analytics with other data obtained by Google.

You can prevent the saving of cookies by selecting the appropriate settings on your browser. However please note that if you do this, you might not be able to use the full functionality of this website. By downloading and installing the browser plug-in available under the following link, you can also prevent Google from collecting the data generated by the copying and relating to your use of the website (including your IP address), as well as preventing Google from processing this data: tools.google.com/dlpage/gaoptout.

The software runs only on our website's servers. Users' personal data is stored only there. It is not passed on to third parties.

2. Legal basis for processing personal data

The legal basis for processing users' personal data is Art. 6 Para. 1 lit. f of the GDPR.

3. Data processing purpose

Processing users' personal data enables us to analyse our users' surfing behaviour. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its ease of use. Our legitimate interest in processing the data in accordance with Art. 6 Para. 1 lit. f of the GDPR also lies in these purposes. Users' interests in protecting their personal data are sufficiently taken into account by anonymising the IP address For the exceptional cases in which personal data is transferred to the USA, Google is governed by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4. Duration of storage

This website uses Google Analytics with the "_anonymizeIp()" extension. As a result, IP addresses are further processed in abbreviated form, meaning that reference to a specific person can be excluded. Insofar as the data collected about them is personal, this is immediately excluded and the personal data is thereby deleted immediately.

The latest time at which the data is deleted is as soon as it is no longer required for our recording purposes.

5. Objection and removal option

Cookies are stored on the user's computer and are transmitted from there to our website. This means that as the user, you also have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your internet browser Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it might not be possible to use all of its functions to their full extent.

6. Third-party information

Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: + 353 (1) 436 1001, user conditions: http://www.google.com/analytics/terms/de.html, data protection overview: http://google.com/intl/de/analytics/learn/privacy.html, and the data protection declaration: http://www.google.de/intl/de/policies/privacy.

IX. Use of social media plug-ins

1. Scope of the processing of personal data

We currently use the following social media plug-ins: Facebook, LinkedIn, Xing and YouTube. For this we use what is known as the two-click solution. This means that when you visit our website, no personal data is initially passed on to the plug-in providers. You can recognise the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in by using the button. The plug-in provider only receives the information that you have called up the corresponding website of our online offer if you click on the marked field and thereby activate it. In addition, the data mentioned under V. of this declaration will be transferred. In the case of Facebook, according to the respective provider in Germany, the IP address is anonymised immediately after collection. By activating the plug-in, personal data is transferred from you to the respective plug-in provider and is stored there (for U.S. providers in the USA). Since the plug-in provider collects data using cookies in particular, we recommend that you delete all cookies via the security settings of your browser before clicking on the greyed-out box.

The data is forwarded regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged into the plug-in provider, this data that we collect will be assigned directly to your account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and publicly informs your contacts. We recommend that you log out regularly after using a social network, but especially before pressing the button, as in this way you can avoid the plug-in provider making an assignment to your profile.

2. Legal basis for processing personal data

Art. 6 Para. 1 S. 1 lit. f of the GDPR  is the legal basis for using the plug-in.

3. Purpose and duration of the data processing

With the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The plug-in provider saves the data collected about users as usage profiles and utilises it for the purposes of advertising, market research and / or to design their website to meet their needs. Such an evaluation is carried out in particular (and also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about their activities on our website.

We have no influence on the data collected and data processing operations, nor are we aware of the full scope of the data collection, the other purposes of the processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers given below. There you will also find further information about your rights in this regard, and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection information:

4. Objection and removal option

You have the right to object to the creation of these user profiles, and you must contact the respective plug-in provider in order to exercise this right.

X. Embedding of YouTube videos

1. Scope of the processing of personal data

We have embedded YouTube videos into our website. These are stored on www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Your data will only be transferred when you play the videos. We have no influence over this data transfer.

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. The data mentioned under V. of this declaration will also be transferred. This occurs regardless of whether YouTube provides a user account via which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want assignment with your YouTube profile, you must log out before activating the button.

2. Legal basis for processing personal data

Art. 6 Para. 1 S. 1 lit. f of the GDPR  is the legal basis for use.

3. Purpose and duration of the data processing

YouTube saves your data as usage profiles and utilises it for the purposes of advertising, market research and / or to design their website to meet their needs. Such an evaluation is carried out in particular (and also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about their activities on our website.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the data protection declaration. There you will also find further information about your rights and setting options to protect your privacy. www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is governed by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

4. Objection and removal option

You have the right to object to the creation of these user profiles, although you must contact YouTube to exercise them.

XI. Embedding of Google Maps

We now use Google Maps on this website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function.

When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. The data mentioned under V. of this declaration will also be transferred. This occurs regardless of whether Google provides a user account via which you are logged in, or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want assignment with your Google profile, you must log out before activating the button. Google saves your data as usage profiles and utilises it for the purposes of advertising, market research and / or to design their website to meet their needs. Such an evaluation is carried out in particular (and also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about their activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise them.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations the provider. There you will also find further information about your rights in this regard, and setting options to protect your privacy. www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is governed by the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

XII. Use of Google Ads (previously Google Adwords), Google Ads Remarketing

1. Scope of the processing of personal data

If necessary and for a limited time, we use the offer of Google Ads Conversion to draw attention to our attractive offers with the help of advertising materials (known as Google Adwords) on external websites. These advertising materials are delivered by Google via what are known as "ad servers". For this we use ad server cookies, through which certain parameters for measuring success - such as the display of adverts or clicks by users - can be measured.

If you access our website via a Google ad, Google Ads stores a cookie on your PC. These cookies usually lose their validity after 30 days and should not be used to identify you personally. As a rule, the

  1. unique cookie ID
  2. number of Ad Impressions per placement (frequency)
  3. last impression (relevant to post-view conversions)
  4. opt-out information (marking that the user no longer wishes to be contacted)

are saved as analysis values for this cookie.

These cookies enable Google to recognise your internet browser again. If a user visits certain pages of the website of an Ads customer and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies therefore cannot be tracked via the websites of Ads customers.

We ourselves do not collect and process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users based on this information.

Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge: By integrating Ads Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and save your IP address.

Besides Ads Conversion, we also use the Google Remarketing application. This is a procedure with which we would like to address you again. This application allows you to see our advertisements when you continue to use the Internet after visiting our website. This is done by means of cookies saved in your browser, via which Google records and evaluates your usage behaviour when you visit various websites. This allows Google to determine your previous visit to our website. According to its own statements, Google does not combine the data collected as part of the remarketing with your personal data, which might be stored by Google. According to Google, pseudonymisation is used in remarketing in particular.

2. Legal basis for processing personal data

If the processing is done with your consent, the legal basis is Art. 6 Para. 1 S. 1 lit. a of the GDPR. Otherwise, Art. 6 Para. 1 S. 1 lit. f of the GDPR  is the legal basis for processing your data.

3. Purpose and duration of the data processing

In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. We are therefore interested in showing you advertising that is of interest to you, that will make our website more interesting for you, and in achieving a fair calculation of advertising costs.

4. Objection and removal option

You can prevent participation in this tracking process in several ways:

  • By setting your browser software accordingly, in particular suppressing third-party cookies means that you will not receive any advertisements from third-party providers;
  • By deactivating cookies for conversion tracking when you set your browser so that cookies from the domain "www.googleadservices.com" are blocked, www.google.de/settings/ads, this setting being deleted when you delete your cookies;
  • By deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" via the link www.aboutads.info/choices, this setting being deleted when you delete your cookies;
  • By permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers via the link www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

You can find more information about data protection at Google here: www.google.com/intl/de/policies/privacy and services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org. Google is governed by the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

XIII. Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (that implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn might collect files. Google Tag Manager does not access this data. If deactivation was done on a domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

XIV. Links to other websites

Our site contains links to external third-party websites, the content of which we have no influence over. We therefore also cannot provide any guarantee regarding this third-party content. The content of linked sites is exclusively the responsibility of the respective providers or operators. The linked sites were checked for possible violations of the law at the time when the links were created. There was no evidence of illegal content at the time when the links were created. However, permanent checking of the content of the linked sites is not possible without a clear indication of the law being broken. We will remove such links immediately if we become aware of the law being broken.

XV. Data protection for applications and application procedures

The controller collects and processes the personal data of applicants for the purpose of completing the application process. Processing can also be done electronically. This is particularly the case if an applicant sends the relevant application documents electronically (for example by e-mail or via a web form on the website) to the controller. If the controller concludes an employment contract with an applicant, the data transferred will be stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after the announcement of the rejection decision, provided that there are no other legitimate interests of the controller that conflict with deletion. Other legitimate interest in this sense is, for example, an obligation to provide evidence in proceedings under the equality legislation.

XVI. Rights of the data subject

If your personal data is processed, you are the data subject as defined under the GDPR and you have the following rights with respect to the controller:

1. Right of access

You can ask the controller to confirm whether we process personal data relating to you.

If such processing occurs, you can request the following information from the controller:

  1. The purposes for which the personal data is processed;
  2. The categories of personal data that are processed;
  3. The recipients or the categories of recipients to whom the personal data relating to you has been or will be disclosed;
  4. The planned duration of the storage of your personal data or, if specific information about this is not possible, criteria for determining the storage duration;
  5. The existence of a right to correction or deletion of your personal data, a right to restriction of processing by the controller or a right to object to this processing;
  6. The right to lodge a complaint with a supervisory authority;
  7. All available information about the origin of the data if the personal data is not collected from the data subject;
  8. The existence of automated decision-making, including profiling in accordance with Art. 22 Para. 1 and 4 of the GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you can request the appropriate guarantees in accordance with Art. 46 of the GDPR to be informed in relation to such a transfer.

2. Right to rectification

You have the right to rectification and/or completion with respect to the controller if the processed personal data relating to you is incorrect or incomplete. The controller must perform this rectification immediately.

3. Right to restriction of processing

You can demand that the processing of your personal data be restricted under the following conditions:

a) if you contest the accuracy of your personal data for a period of time that enables the controller to check the accuracy of the personal data;

b) the processing is unlawful and you decline deletion of the personal data and instead request that the use of the personal data be restricted;

c) the controller no longer needs the personal data for processing purposes, but you need it in order to assert, exercise or defend against legal claims, or

d) if you have objected to processing in accordance with Art. 21 Para. 1 of the GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be obtained with your consent or in order to assert, exercise or defend against legal claims or to protect the rights of another natural or legal person or for reasons of important public interest to the Union or a member state.

If the restriction of processing was limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Erasure obligation

You can request the controller to delete your personal data immediately, and the controller is obligated to delete this data immediately if one of the following reasons applies:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a of the GDPR, and there is no other legal basis for the processing.
  3. In accordance with Art. 21 Para. 1 of the GDPR, you file an objection to the processing and there is no overriding legitimate reason for the processing, or you file an objection to the processing in accordance with Art. 21 Para. 2 of the GDPR.
  4. Your personal data has been unlawfully processed.
  5. The deletion of your personal data is necessary in order to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject.
  6. Your personal data was collected in relation to information society services offered in accordance with Article 8 Para. 1 of the GDPR.

b) Information to third parties

If the controller has made your personal data public and, according to Article 17 Para. 1 of the GDPR, is obligated to delete it, taking into account the available technology and the implementation costs, he takes appropriate measures, (including technical ones), to inform those responsible for processing and who process the personal data that you, as the data subject, have requested from them 

the deletion of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

There is no right of erasure if the processing is necessary

  1. in order to exercise the right to freedom of expression and information;
  2. in order to fulfil a legal obligation that requires processing in accordance with the law of the Union or the member states to which the controller is subject, or to perform a task that is in the public interest or to exercise official power that has been vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 of the GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 of the GDPR, insofar as the right mentioned under Section a) is likely to render impossible or seriously impair achievement of the objectives of this processing, or
  5. in order to assert, exercise or defend against legal claims.

5. Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the latter is obliged to inform all recipients to whom your personal data has been disclosed about this rectification, erasure or restriction of processing unless this proves to be impossible or involves a disproportionate effort.

With respect to the controller, you have the right to be informed about these recipients.

6. Right to data portability

You have the right to receive your personal data that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data had been provided, provided that

a) the processing is based on consent in accordance with Art. 6 Para. 1 lit. a of the GDPR or Art. 9 Para. 2 lit. a of the GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b of the GDPR and

b) the processing is done with the aid of automated methods.

In exercising this right, you also have the right to have your personal data transferred directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or for the exercising of official power that has been vested in the controller.

7. Right to object

For reasons that arise from your particular situation, you have the right to object at any time to the processing of your personal data that is done in accordance with Art. 6 Para. 1 lit. e or f of the GDPR. This also applies to profiling based on these provisions.

The controller will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending against legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected to such direct advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 /EC, in connection with the use of information society services you have the option of exercising your right to object by using automated procedures that use technical specifications.

For reasons arising from your particular situation, you also have the right to object to the processing of your personal data for scientific, historical research or statistical purposes in accordance with Art. 89 Para. 1 of the GDPR.

Your right to object can be restricted to the extent that it is likely to render impossible or seriously impair the research or statistical purposes and the restriction is necessary for the fulfilment of the research or statistical purposes.

8. Right to withdraw the data protection declaration of consent

You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent does not affect the lawfulness of the processing done on the basis of this consent before its withdrawal.

 

9. Automated decision in an individual case, including profiling

You have the right not to be subjected to a decision based solely on automated processing - including profiling - that has a legal effect on you or that affects you in a similarly significantly manner. This does not apply if the decision

a) is necessary to conclude or to fulfil a contract between you and the controller,

b) is permissible on the basis of Union or member state legislation to which the controller is subject and this legislation contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or

c) is made with your express consent.

However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 of the GDPR, unless Art. 9 Para. 2 lit. a or g of the GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.

With regard to the cases mentioned in a) and c), the controller takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to state your own position and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or legal remedy, if you believe that your personal data has been processed in violation of the GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a legal remedy in accordance with Art. 78 of the GDPR.