Data protection information

Below are the data protection notices for the website qneurope.com can be found below.

Controller for data processing via the named website:

QN Europe Deutschland GmbH
Neuhofstraße 9
D-64625 Bensheim
Phone: +49 (6251) 98916-40

Our data protection officer is

Thilo Noack
SBS DATA PROTECT GmbH
Hans-Henny-Jahnn-Weg 49
22085 Hamburg

To assert your rights under data protection law or if you have any questions about the use, collection or processing of your personal data, please contact:

dataprotection.qn@qneurope.com

Security and protection of your personal data

We consider it our primary task to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access.

As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the provisions of the German Federal Data Protection Act (BDSG).
We have taken technical and organizational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

Definitions

The legislator requires that personal data be processed lawfully, fairly and in a manner that is comprehensible to the data subject (“lawfulness, fairness and transparency”).
To ensure this, we inform you about the individual legal definitions that are also used in this data protection notice:

1. personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. restriction of processing

“Restriction of processing” is the marking of stored personal data with the aim of restricting its future processing.

4. profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

5. pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. file system

“File system” means any structured collection of personal data that is accessible according to specific criteria, regardless of whether this collection is managed centrally, decentrally or according to functional or geographical aspects.

7. responsible person

“Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

8. processors

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

9th recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. consent

Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of the processing

The processing of personal data is only lawful if there is a legal basis for the processing.
The legal basis for processing may be in accordance with Article 6 para. 1 lit. a) – f) GDPR in particular:

1. The data subject has given their consent to the processing of their personal data for one or more specific purposes;
2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
3. the processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Information on the collection of personal data

In the following, we provide information about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behavior.

Collection of personal data when visiting our website

If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server.
If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

– IP address

– Date and time of the request

– Time zone difference to Greenwich Mean Time (GMT)

– Content of the request (specific page)

– Access status/HTTP status code

– Amount of data transferred in each case

– Website from which the request comes

– Browser

– Operating system and its interface

– Language and version of the browser software

After a technical evaluation, this data is deleted immediately.
This data collection serves in accordance with Art. 6 para. 1 lit. f) GDPR, the protection of our legitimate interests in the correct presentation of our website offer, which predominate in the context of a balancing of interests, as well as compliance with the EU General Data Protection Regulation in terms of security and confidentiality.

Contact us

If you contact us by e-mail or via our contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions.
The legal basis for this is Art. 6 para. 1 lit. a) GDPR.
We delete the data arising in this context after storage is no longer necessary, e.g. when your request has been dealt with.
Otherwise, processing will be restricted if there are statutory retention obligations.
If a contract is initiated as a result of contacting us, we process the data in accordance with the legal basis of Art. 6 para. 1 lit. b) GDPR.

QN Europe Partner Account

When you open a partner account, the data you provide will be stored and processed by us for contractual purposes.
We delete the data arising in this context after storage is no longer required.
Otherwise, processing will be restricted due to statutory retention obligations.

The processing is carried out on the basis of Art. 6 para. 1 lit. b) GDPR

Data collection and processing for the payment method

The controller has integrated components of Novalnet AG (Novalnet AG, Gutenbergstrasse 7, 85748 Garching near Munich (“Novalnet AG”) into the website.

Novalnet is a full payment service provider that handles payment processing, among other things.
If the data subject selects a payment method during the ordering process in the online store, the data subject’s data is automatically transmitted to Novalnet.
By selecting a payment option, the data subject consents to the transfer of personal data for payment processing.
The transmission of your data to Novalnet takes place on the basis of Art. 6 para. 1 lit. a) GDPR (consent) and Art. 6 para. 1 lit. b) GDPR (processing for the performance of a contract).

The personal data transmitted to Novalnet is usually first name, last name, address, gender, e-mail address, IP address and, if applicable, date of birth, telephone number, cell phone number and other data required for payment processing.
The personal data associated with the respective order is also required to process the purchase contract.
In particular, there may be a mutual exchange of payment information, such as bank details, card number, expiry date and CVC code, details of goods and services, prices.

The transmission of data serves in particular to verify identity, process payments and prevent fraud.
The controller will transfer personal data to Novalnet in particular if there is a legitimate interest in the transfer.
The personal data exchanged between Novalnet and the controller may be transmitted by Novalnet to credit agencies.
The purpose of this transfer is to check identity and creditworthiness.

Novalnet also passes on personal data to service providers or subcontractors if this is necessary to fulfill contractual obligations or if the data is to be processed.

The data subject has the option of withdrawing their consent to the processing of personal data from Novalnet at any time.
A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.

http://www.novalnet.de/novalnet-Datenschutz.

Payment methods

Data collection and processing for “payment on account” or “payment by SEPA direct debit” via InfinitePay.

For the payment methods “payment on account” or “SEPA direct debit” processed by InfinitePay, the purchase price claim is assigned to Financial Management Solutions GmbH (trading as “InfinitePay”), Haifa-Allee 28, 55128 Mainz, Germany (hereinafter “InfinitePay”).
The data required for the processing of payments will be transmitted to InfinitePay.
One of the main purposes of the data transfer is to enable InfinitePay to carry out an identity and credit check in order to process your purchase using the means of payment you have selected.

The processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR due to the legitimate interest in offering various payment methods and the legitimate interest in protecting against payment defaults.
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6 (1) GDPR. 1 lit. f) GDPR by notifying us.

You can find InfinitePay’s privacy policy here: https://www.infinitepay.de/datenschutzhinweise

If you would like information about the use of your personal data, you can contact datenschutz@fms-mainz.de at any time.

The provision of the data is necessary for the conclusion of the contract with the payment methods you have selected.
Failure to provide the data means that the contract cannot be concluded with the payment methods you have requested.

Cookie Consent Tool

We use the Borlabs cookie consent tool to obtain effective user consent for cookies and cookie-based applications that require consent.
By integrating this tool, a banner is displayed to users when they access the page, in which consent for certain cookies and/or cookie-based applications can be given by ticking the box.
The tool blocks the setting of all cookies requiring consent until the respective user gives their consent by ticking the box.
This ensures that such cookies are only set on your end device if you have given your consent.
So that the cookie consent tool can clearly assign page views to individual users and individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our website is accessed by the cookie consent tool, transmitted to the server of the cookie consent tool provider and stored there.
This data processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and therefore in the legally compliant design of our website.
Another legal basis for the data processing described is Art. 6 para. 1 lit. c) GDPR.
As the controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

By using our website, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices.
This access or storage may involve further processing of personal data within the meaning of the GDPR.

Telecommunications Telemedia Data Protection Act (TTDSG)

The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, in accordance with Section 25 para.
1 P. 1 TTDSG.
This consent is requested when the website is accessed.

According to § 25 para.
2 No. 2 TTDSG, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user.
You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption rule of Section 25 para.
2 TTDSG and therefore do not require consent.

Please note that the legal basis for the downstream processing of personal data then results from the GDPR.
The relevant legal bases for the processing of personal data on this website can be found further on in this privacy policy.

Use of cookies

In addition to the aforementioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as “cookies”) are used on your computer when you use and visit our website.
Cookies are either small databases that are stored by your browser on your end device to store certain information, or image files such as pixels.
The next time you visit our website with the same end device, the information stored in cookies is subsequently sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”).

The stored and returned information enables the respective website to recognize that you have already accessed and visited it with the browser of your end device.
We use this information to optimize the design and display of the website according to your preferences.
Only the cookie itself is identified on your end device.
Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.

This website uses the following types of cookies, the scope and function of which are explained below:

– Strictly necessary cookies (type a)

– Functional and performance cookies (type b)

– Cookies requiring consent (type c)

Strictly necessary cookies (type a)

Strictly necessary cookies guarantee functions without which you cannot use our websites as intended.
These cookies are used exclusively by us and are therefore first party cookies.
This means that all information stored in the cookies is sent back to our website.

Strictly necessary cookies are used, for example, to ensure that you as a registered user always remain logged in when accessing various subpages of our website and thus do not have to re-enter your login data each time you access a new page.

The use of strictly necessary cookies on our website is possible without your consent.
For this reason, strictly necessary cookies cannot be deactivated or activated individually.
However, you have the option of generally deactivating cookies in your browser at any time (see below).

Functional and performance cookies (type b)

Functional cookies enable our website to save information you have already entered (such as registered name or language selection) and to offer you improved and more personalized functions based on this.
These cookies only collect and store anonymized information so that they cannot track your movements on other websites.

Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality.
These cookies help us, for example, to determine whether and which subpages of our website are visited and what content users are particularly interested in.
In particular, we record the number of visits to a page, the number of subpages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which the access is made, as well as the proportion of mobile devices that access our websites.
We also record movements, “clicks” and scrolling with the computer mouse in order to understand which areas of our website are of particular interest to users.
As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offering.
The IP address of your computer transmitted for technical reasons is automatically anonymized and does not allow us to draw any conclusions about the individual user.

You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Legal basis: Art. 6 para. 1 lit. f) GDPR

Cookies requiring consent (type c)

Cookies that are neither strictly necessary (type
a) or functional or performance cookies (type
b) are only used after you have given your consent.

We also reserve the right to use information that we have obtained by means of cookies from an anonymized analysis of the usage behavior of visitors to our websites in order to show you specific advertising for certain of our products on our own websites.
We believe that you as a user benefit from this because we display advertising or content that we assume, based on your surfing behavior, matches your interests and you are thus shown less random advertising or certain content that may be of less interest to you.

Marketing cookies originate from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.

Legal basis: Art. 6 para. 1 lit. a) GDPR

Opt-out for marketing cookies

You can also manage cookies used for online advertising via the tools developed in many countries as part of self-regulatory programs, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.

Legal basis: Art. 6 para. 1 lit. a) GDPR

Management and deletion of all cookies

In addition, you can set your Internet browser so that the storage of cookies is generally prevented on your end device or you are asked each time whether you agree to the setting of cookies.
Once cookies have been set, you can also delete them at any time.
You can find out how all this works in detail in the help function of your browser.

We use the following cookies described here for the following purposes:

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc.
(“Google”).
Google Analytics uses so-called “cookies”, small databases which are stored on your computer and which enable your use of the website to be analyzed.
The information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will first be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”.
This means that IP addresses are further processed in abbreviated form, thus excluding the possibility of personal references.
If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately.

We use Google Analytics to analyze and regularly improve the use of our website.
We can use the statistics obtained to improve our offering and make it more interesting for you as a user.
This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID.
You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

The provider has signed the standard contractual clauses of the prevailing EU data protection regulations (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).

Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. user conditions:

http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the data protection information: http://www.google.de/intl/de/policies/privacy

Legal basis: Art. 6 para. 1 lit. a) GDPR

Google Tag Manager

Google Tag Manager allows marketers to manage website tags via an interface.
However, the Tag Manager itself, which uses the tags, works without cookies and does not collect any personal data.
The Tag Manager merely triggers other tags.
Corresponding explanations for these respective third-party providers can be found in this privacy policy.
However, the Google Tag Manager does not use this data.
If you have set or otherwise deactivated cookies, this will be taken into account for all tracking tags used with Google Tag Manager, i.e. the tool will not change your cookie settings.

The legal basis is Art. 6 para. 1 lit.
a) GDPR

Google Fonts

The controller has integrated Google fonts on this website.
Google provides free fonts that can be used in the design of websites.

This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When a page is accessed, the data subject’s browser loads the required web fonts into the browser cache in order to display texts and fonts correctly.

For this purpose, the browser used by a data subject must connect to Google’s servers.
This informs Google that the corresponding website has been accessed via the IP address of the data subject.
The use of Google Web Fonts is in the interest of a uniform and attractive presentation of the online offers.
If the data subject’s browser does not support web fonts, a standard font is used by the data subject’s computer.

The provider has signed the standard contractual clauses of the prevailing EU data protection regulations(https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).
If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may be revoked in accordance with Art. 49 para. 1 lit. a) GDPR serve as the legal basis for the transfer to third countries.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy.

The legal basis here is Art. 6 para. 1 lit. a) GDPR.

Gstatic

Our website uses a web service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic).
Gstatic is a service used by Google to retrieve static content in order to reduce bandwidth usage and load required catalog files in advance.
We use this data to ensure the full functionality of our website.
In this context, your browser may transmit personal data to Gstatic.
The legitimate interest lies in the error-free functioning of the website.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled.

Further information on the handling of the transferred data can be found in Gstatic’s privacy policy: https://policies.google.com/privacy. You can prevent the collection and processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser (you can find this at www.noscript.net or www.ghostery.com, for example).

If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may be revoked in accordance with Art. 49 para. 1 lit. a) GDPR serve as the legal basis for the transfer to third countries.

The legal basis here is Art. 6 para. 1 lit. a) GDPR.

Facebook fan page

We have integrated a component of the Facebook service on our website, which is a link to our Facebook fan page.
We use the technical platform of Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Facebook) for the information service offered here.

According to the ECJ, there is joint responsibility within the meaning of Art. 26 GDPR between Facebook and the operator of a Facebook fan page for the personal data processed via the Facebook fan page.
For this reason, Facebook and we have concluded an agreement on joint responsibility, which you can access here.
We provide you with the following information on data processing on our Facebook fan page:

The processing of your personal data on the Facebook fan page is carried out under joint responsibility with Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland

When you access a Facebook fan page, the IP address of your end device is transmitted to Facebook.
According to Facebook, this IP address is anonymized and deleted after 90 days, at least if it is a German IP address.
In addition, Facebook stores further information about the end devices of its users, e.g. the Internet browser used.
This may enable Facebook to assign IP addresses to individual users.
If you are logged into your Facebook account while visiting our fan page, a cookie with your Facebook ID will be stored on your device.
This cookie enables Facebook to understand that you have visited our fan page and how you have used it.
Facebook uses this information to present you with customized content or advertising.
If you do not want this, you should log out of your Facebook account or deactivate the “stay logged in” function.
We also recommend deleting the cookies on your device and closing and restarting your browser.
This process deletes Facebook information that Facebook can use to establish a link to you.
However, if you wish to use the interactive functions of our fan page, you will have to log in to Facebook again using your Facebook login information.
This will also allow Facebook to create a link to you again.
How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.
In this respect, we can only refer you as a user of our fan page to Facebook’s privacy policy.
The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union.

Facebook describes in general terms what information Facebook receives and how it is used in its data usage guidelines.
There you will also find information on how to contact Facebook and the settings options for advertisements.
The data usage guidelines are available at the following link: http://de-de.facebook.com/about/privacy. You can find Facebook’s complete data policy here: https://de-de.facebook.com/full_data_use_policy. Facebook’s privacy policy contains further information on data processing: https://www.facebook.com/about/privacy/ Opt-out options can be set here: https://www.facebook.com/settings?tab=ads and here http://www.youronlinechoices.com

The transfer and further processing of users’ personal data to third countries, such as the USA, and the associated potential risks for you as a user cannot be assessed by us as the operator of the Facebook fan page.

Instagram

We have integrated a component of the Instagram service on our website.
Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to redistribute such data in other social networks.

The operating company of the Instagram services is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram.
During the course of this technical procedure, Instagram is made aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram recognizes with each call-up to our website by the data subject and for the entire duration of their stay on our Internet site, which specific sub-page of our Internet page was visited by the data subject.
This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject.
If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not.
If the data subject does not want this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Other processing purposes

Some laws and regulations may require the collection and processing of personal data (e.g. tax laws, commercial laws, trade and export regulations, anti-money laundering laws, other compliance obligations).
If such legal obligations are based on laws and regulations of the EU or EU member states, the legal basis for the processing of personal data is Article 6 para.
1 sentence 1 lit.
c) GDPR.
If such legal obligations are based on laws and regulations of third countries (non-EU), compliance with these legal obligations may constitute a legitimate interest.
In this case, the legal basis for the processing of personal data is Article 6 para.
1 sentence 1 lit.
f) GDPR.
The latter also applies to the processing of personal data for the purpose of complying with our guidelines, codes of conduct and regulations.

Enforcement: We also process your personal data in order to assert our rights and enforce our legal claims.
We also process your personal data in order to be able to defend ourselves against legal claims.
Finally, we process your personal data insofar as this is necessary to prevent or prosecute criminal offenses.
In this context, we process your personal data to protect our legitimate interests in accordance with Article 6 para.
1 sentence 1 lit.
f) GDPR (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offenses (legitimate interest).

Consent: If you have given us your consent to process personal data for specific purposes (e.g. sending information material and offers, support with payment processing), the lawfulness of this processing is based on your consent in accordance with Art. 6 para.
1 sentence 1 lit.
a) GDPR (legal basis).
You can withdraw your consent at any time.
Please note that the revocation is only effective for the future and does not affect the processing until then.

Duration of processing

We only process your data for as long as is necessary to fulfill our contract or applicable legal provisions and to maintain our relationship with you.
We will inform you about the specific storage period of the data in the respective description of the individual data processing.
If you do not find any specific information on the storage period there, it is not possible for us to specify one because it depends on various individual factors (e.g. the term of the contract, assertion of claims, etc.).
In these cases, we base the duration of storage on the principle of data minimization and proportionality.

Business documents are stored for a maximum of 6 and 10 years in accordance with the requirements of the German Commercial Code and the German Fiscal Code.

As long as you do not object or revoke your consent, we will use your data to maintain and intensify our trusting business relationship for our mutual benefit.

If you wish your data to be deleted, we will delete your data immediately, provided that there are no legal retention obligations to the contrary.

Rights of the data subject

1. revocation of consent

If the processing of personal data is based on consent, you have the right to withdraw your consent at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

2. right to confirmation

You have the right to request confirmation from the controller as to whether we are processing personal data concerning you.
You can request confirmation at any time using the contact details above.

3. right to information

If personal data is processed, you can request information about this personal data and the following information at any time:

a) the purposes of the processing;

b) the categories of personal data that are processed;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

e) the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by the controller or a right to object to such processing;

f) the existence of a right of appeal to a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

i) If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.
We will provide you with a copy of the personal data that is the subject of the processing.
For any further copies that you request as an individual, we may charge a reasonable fee based on administrative costs.
If you make the request electronically, the information shall be provided in a commonly used electronic format, unless it specifies otherwise.
The right to receive a copy in accordance with Article 20 must not adversely affect the rights and freedoms of others.

4. right to rectification and completion

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

5. right to erasure (“right to be forgotten”)

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and we are obliged to erase personal data without undue delay where one of the following grounds applies:

a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

b) The data subject withdraws consent to which the processing is based according to Article 6(1) of the GDPR, or 1 lit. a) or Article 9 para.
2 lit.
a) GDPR and there is no other legal basis for the processing.

c) The data subject objects to the processing pursuant to Article 21 para.
1 GDPR, objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 para.
2 GDPR, objects to the processing.

d) The personal data was processed unlawfully.

e) The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

Where the controller has made the personal data public and is obliged pursuant to para.
1, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The right to erasure (“right to be forgotten”) does not exist if the processing is necessary:

– to exercise the right to freedom of expression and information;

– for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

– for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;

– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

– for the assertion, exercise or defense of legal claims.

6. right to restriction of processing

You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims, or

d) the data subject has objected to processing pursuant to Article 21 para.
1 GDPR, as long as it has not yet been established whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted in accordance with the above conditions, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7. right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where one of the following applies

a) the processing is based on consent pursuant to Article 6 para. 1 lit. a) or Article 9 para.
2 lit.
a) or on a contract pursuant to Article 6 para. 1 lit. b) GDPR is based and

b) the processing is carried out by automated means.

When exercising the right to data portability pursuant to para.
1, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible.
The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”).
This right does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

8. right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) GDPR. 1 lit. e) or
f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
1, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You can exercise your right to object at any time by contacting the respective controller.

9. right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

10. Right to effective judicial remedy

Without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.

Children

Our services are generally aimed at adults.
Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.

Data protection information for applicants

We are pleased that you are interested in us and that you are applying or have applied for a position in our company.
We would like to provide you with the following information on the processing of your personal data in connection with your application.

Which of your data do we process?
And for what purposes?

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our company) and to carry out the application process.

What is the legal basis for this?

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG.
This permits the processing of data required in connection with the decision on the establishment of an employment relationship.

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR can take place.
Our interest then lies in the assertion of or defense against claims.

How long will the data be stored?

Applicants’ data will be deleted after 6 months in the event of rejection.

In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool.
There the data will be deleted after two years.

If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.

To which recipients is the data forwarded?

Your application data will be reviewed by the HR department after receipt of your application.
Suitable applications are then forwarded internally to the department managers responsible for the respective open position.
The next steps are then agreed.
Within the company, only those persons have access to your data who need it for the proper course of our application procedure.

Where is the data processed?

The data is processed exclusively in data centers in the Federal Republic of Germany.

Legal effectiveness

If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.

Status of the data protection information: 03.07.2023