Data protection information
Below is the privacy notice for the qneurope.com website.
The data controller for data processing via the designated website is:
QN Europe Deutschland GmbH
Phone: +49 (6251) 98916-40
Our data protection officer is
SBS DATA PROTECT GmbH
For the assertion of rights within the framework of data protection or for questions regarding the use, collection or processing of your personal data, please contact:
Security and protection of your personal data
We consider it our primary responsibility to maintain the confidentiality of the personal information you provide to us and to protect it from unauthorised access.
As a company under private law, we are subject to the provisions of the European General Data Protection Regulation (DSGVO) and the regulations of the Federal Data Protection Act (BDSG). We have taken technical and organisational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.
The legislator requires that personal data are processed in a lawful manner, in good faith and in a way that is comprehensible to the data subject (“lawfulness, processing in good faith, transparency”). To ensure this, we inform you about the individual legal definitions that are also used in this data protection notice:
1. personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their future processing.
“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be attributed to an identified or identifiable natural person.
6. file system
“File system” means any structured collection of personal data accessible according to specified criteria, whether such collection is maintained in a centralised, decentralised or functional or geographical manner.
7. responsible person
“Controller” means a natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
8. order processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
‘recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients and the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
10. third party
“Third party” means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent” of the data subject means any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
Lawfulness of the processing
The processing of personal data is only lawful if there is a legal basis for the processing. Pursuant to Article 6 (1) a) – f) DSGVO, the legal basis for processing may be in particular:
- The data subject has given consent to the processing of personal data concerning him or her for one or more specific purposes;
- the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Information on the collection of personal data
In the following, we inform you about the collection of personal data when using our website. Personal data are e.g. name, address, e-mail addresses, user behaviour.
Collection of personal data when visiting our website
In the case of mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access Status/HTTP Status Code
– Data volume transferred in each case
– Website from which the request comes
– Operating system and its interface
– Language and version of the browser software
After a technical evaluation, this data is deleted immediately. In accordance with Art. 6 Para. 1 lit. f) DSGVO, this data collection serves to protect our legitimate interests in the correct presentation of our website offering, which outweigh our interests in the context of a balancing of interests, as well as compliance with the EU General Data Protection Regulation in terms of security and confidentiality.
If you contact us by e-mail or via our contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. We delete the data accruing in this context after the storage is no longer necessary, e.g. when your request has been dealt with. Otherwise, processing is restricted if there are legal obligations to retain data. In the event of a contract initiation from contacting us, we process the data according to the legal basis Art. 6 para. 1 lit. b) DSGVO.
QN Europe Partner Account
When opening a partner account, the data you provide will be stored and processed by us for contractual purposes. We delete the data accruing in this context after the storage is no longer required. Otherwise, processing will be restricted because there are legal obligations to retain data.
The processing is based on Art. 6 para. 1 lit. b) DSGVO
Data collection and processing for the payment method
The person responsible for processing has integrated components of Novalnet AG (Novalnet AG, Feringastr. 4, 85774 Unterföhring (“Novalnet AG”)) into the website.
Novalnet is a full payment service provider that handles payment processing, among other things. If the data subject selects a payment method during the order process in the online shop, data of the data subject is automatically transmitted to Novalnet. By selecting a payment option, the data subject consents to the transmission of personal data for payment processing. The transmission of your data to Novalnet is based on Art. 6 para. 1 lit. a) DSGVO (consent) and Art. 6 para. 1 lit. b) DSGVO (processing for the performance of a contract).
The personal data transmitted to Novalnet are usually first name, last name, address, gender, e-mail address, IP address and, if applicable, date of birth, telephone number, mobile phone number and other data necessary for the processing of payments. The personal data associated with the respective order are also required for the processing of the purchase contract. In particular, there may be a mutual exchange of payment information, such as bank details, card number, validity date and CVC code, details of goods and services, prices.
The transfer of data serves in particular identity verification, payment processing and fraud prevention. The controller will transfer personal data to Novalnet in particular if there is a legitimate interest in the transfer. The personal data exchanged between Novalnet and the controller may be transferred by Novalnet to credit agencies. The purpose of this transmission is to check identity and creditworthiness.
Novalnet also discloses personal data to service providers or subcontractors to the extent necessary to fulfil contractual obligations or to process the data.
The data subject has the possibility to revoke his/her consent to the processing of personal data vis-à-vis Novalnet at any time. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
Data collection and processing for “Payment on account” or “Payment by SEPA direct debit” via InfinitePay.
For the payment methods “payment on account” or “SEPA direct debit” processed by InfinitePay, the purchase price claim shall be assigned to Financial Management Solutions GmbH (trading as “InfinitePay”), Haifa-Allee 28, 55128 Mainz, Germany (hereinafter “InfinitePay”). The data required for the processing of payments will be transmitted to InfinitePay. One of the main purposes of the data transfer is to enable InfinitePay to perform an identity and credit check in order to process your purchase with the means of payment you have chosen.
The processing is carried out on the basis of Art. 6 (1) (f) DSGVO due to the legitimate interest in offering various payment methods as well as the legitimate interest in protecting against payment defaults. You have the right to object to this processing of your personal data, which is based on Art. 6 (1) f) DSGVO, at any time by notifying us for reasons arising from your particular situation.
If you would like information about the use of your personal data, you can contact firstname.lastname@example.org at any time.
The provision of the data is necessary for the conclusion of the contract with the payment methods selected by you. Failure to provide the data will result in the contract not being able to be concluded with the payment methods you have chosen.
Cookie Consent Tool
We use the Cookie Consent Tool from Borlabs to obtain effective user consent for cookies and cookie-based applications that require consent. By integrating this tool, users are shown a banner when they access the page, in which they can give their consent for certain cookies and/or cookie-based applications by ticking the appropriate box. The tool blocks the setting of all cookies requiring consent until the respective user gives the corresponding consent by setting a check mark. This ensures that such cookies are only set on your respective end device if you have given your consent. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for a session duration, certain user information (including the IP address) is collected when our website is called up by the cookie consent tool, transmitted to the server of the provider of the cookie consent tool and stored there. This data processing is carried out in accordance with Art. 6 (1) f) DSGVO on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website. Further legal basis for the described data processing is Art. 6 para. 1 lit. c) DSGVO. As the responsible party, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.
By using our website, information (e.g. IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.
Telecommunications Telemedia Data Protection Act (TTDSG)
The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, according to § 25 para. 1 p. 1 TTDSG. This consent is requested when the website is called up.
According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user’s terminal equipment or the access to information already stored in the end user’s terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption of Section 25 (2) TTDSG and thus do not require consent.
Please note that the legal basis for the downstream processing of personal data then results from the GDPR. You will find the relevant legal basis for the processing of personal data on this website in the further course of this data protection information.
In addition to the previously mentioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as “cookies”) are used on your computer when you use and visit our website. Cookies are either small databases that are stored by your browser on your end device to store certain information, or image files such as pixels. The next time you call up our website with the same terminal device, the information stored in cookies is subsequently sent back either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”).
Through the stored and returned information, the respective website recognises that you have already called up and visited it with the browser of your end device. We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your end device. Any further storage of personal data only takes place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.
This website uses the following types of cookies, the scope and functionality of which are explained below:
– Essential cookies (type a)
– Functional and performance cookies (type b)
– Cookies requiring consent (type c)
Essential cookies (type a)
Essential cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is returned to our website.
Essential cookies are used, for example, to ensure that you, as a registered user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page.
The use of essential cookies on our website is possible without your consent. For this reason, absolutely necessary cookies cannot be individually deactivated or activated. However, you have the option to generally deactivate cookies in your browser at any time (see below).
Functional and performance cookies (type b)
Functional cookies allow our website to store information you have already provided (such as registered name or language selection) and offer you improved and more personalised features based on this information. These cookies only collect and store anonymised information, so they cannot track your movements on other websites.
Performance cookies collect information about how our websites are used in order to improve their attractiveness, content and functionality. These cookies help us to determine, for example, whether and which subpages of our website are visited and which content users are particularly interested in. In particular, we record the number of times a page is accessed, the number of sub-pages accessed, the time spent on our website, the order of the pages visited, which search terms led you to us, the country, region and, if applicable, the city from which access is made, as well as the proportion of mobile devices accessing our websites. Furthermore, we record movements, “clicks” and scrolling with the computer mouse in order to understand which areas of our website are of particular interest to users. As a result, we can tailor the content of our website more specifically to the needs of our users and optimise our offering. The IP address of your computer transmitted for technical reasons is automatically anonymised and does not allow us to draw any conclusions about the individual user.
You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.
Legal basis: Art. 6 para. 1 lit. f) DSGVO
Cookies requiring consent (type c)
Cookies that are neither absolutely necessary (type a) nor functional or performance cookies (type b) are only used after your consent.
We reserve the right to also use information obtained by means of cookies from an anonymised analysis of the usage behaviour of visitors to our websites in order to display specific advertising for certain of our products to you on our own websites. We believe that this benefits you as a user because we display advertising or content that we believe, based on your browsing behaviour, matches your interests and so you are less likely to be shown randomly scattered advertising or specific content that may be of less interest to you.
Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create targeted advertising for the user.
Legal basis: Art. 6 para. 1 lit. a) DSGVO
Opt-out for marketing cookies
You can also manage cookies used for online advertising through tools developed in many countries as part of self-regulatory programmes, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices.
Legal basis: Art. 6 para. 1 lit. a) DSGVO
Management and deletion of all cookies
In addition, you can set your internet browser to generally prevent cookies from being saved on your end device or to ask you each time whether you agree to cookies being set. Once cookies have been set, you can also delete them at any time. You can find out how all this works in detail in the help function of your browser.
We use the following cookies described here for the following purposes:
This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). Google Analytics uses “cookies”, which are small databases placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.
The provider has signed the standard contractual clauses of the prevailing EU data protection requirements (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).
Third Party Provider Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User Terms:
http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection notice: http://www.google.de/intl/de/policies/privacy
Legal basis: Art. 6 para. 1 lit. a) DSGVO
Google Tag Manager
With the Google Tag Manager, marketers can manage website tags via an interface. However, the Tag Manager itself, which deploys the tags, works without cookies and does not collect any personal data. The Tag Manager merely ensures that other tags are triggered. Corresponding explanations on these respective third-party providers can be found in this privacy notice. However, the Google Tag Manager does not use this data. If you have set or otherwise made a deactivation of cookies, this will be observed for all tracking tags that were used with the Google Tag Manager, so the tool does not change your cookie settings.
Legal basis is Art. 6 para. 1 lit. a) DSGVO
The controller has integrated Google fonts on this website. Google provides free fonts that can be used in the design of websites.
This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When a page is called up, the browser of a data subject loads the required web fonts into the browser cache in order to display texts and fonts correctly.
For this purpose, the browser used by a data subject must connect to Google’s servers. This enables Google to know that the relevant website has been accessed via the IP address of the data subject. The use of Google web fonts is in the interest of a uniform and appealing presentation of the online offers. If the browser of the person concerned does not support web fonts, a standard font will be used by the computer of the person concerned.
The provider has signed the standard contractual clauses of the prevailing EU data protection regulations (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors). If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) a) of the GDPR may serve as the legal basis for the transfer to third countries.
The legal basis here is Art. 6 para. 1 lit. a) DSGVO.
Our website uses a web service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic). Gstatic is a service used by Google to retrieve static content in order to reduce bandwidth usage and to load required catalogue files in advance. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic. The legitimate interest lies in the error-free functioning of the website.
The data is deleted as soon as the purpose of its collection has been fulfilled.
If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) a) DSGVO may serve as the legal basis for the transfer to third countries.
The legal basis here is Art. 6 para. 1 lit. a) DSGVO.
Facebook fan page
We have integrated a component of the Facebook service on our website, which is a link to our Facebook fan page. We use the technical platform of Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Facebook) for the information service offered here.
According to the ECJ, there is joint responsibility within the meaning of Article 26 of the GDPR between Facebook and the operator of a Facebook fan page for the personal data processed via the Facebook fan page. For this reason, Facebook and we have concluded an agreement on joint responsibility, which you can access here. We provide you with the following information on data processing on our Facebook fan page:
The processing of your personal data on the Facebook Fanpage is carried out under joint responsibility with: Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland
When you access a Facebook fan page, the IP address of your end device is transmitted to Facebook. According to Facebook, this IP address is anonymised and deleted after 90 days, at least if it is a German IP address. In addition, Facebook stores further information about the end devices of its users, e.g. the internet browser used. This may enable Facebook to assign IP addresses to individual users. If you are logged into your Facebook account while visiting our fan page, a cookie with your Facebook ID is stored on your terminal device. Based on this cookie, Facebook can track that you have visited our fan page and how you have used it. Facebook uses this information to present you with content or advertising tailored to you. If you do not want this, you should log out of your Facebook account or deactivate the “stay logged in” function. We also recommend deleting the cookies on your device and closing and restarting your browser. This process deletes Facebook information that Facebook can use to establish a link to you. However, if you want to use the interactive functions of our fan page, you would have to log in to Facebook again with your Facebook login information. This also enables Facebook to establish a link to you again. In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us. In this respect, we can only refer you as a user of our fan page to Facebook’s statements on data protection. The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union.
The transmission and further processing of users’ personal data to third countries, such as the USA, as well as the associated possible risks for you as a user cannot be assessed by us as the operator of the Facebook fan page.
We have integrated a component of the Instagram service on our website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.
The operator of the Instagram services is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.
Each time one of the individual pages of this website operated by the data controller is called up and on which an Instagram component (Insta button) has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to Instagram at the same time, Instagram recognises which specific subpage the data subject is visiting each time the data subject calls up our website and for the entire duration of the respective stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged into Instagram at the same time as calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website.
Other processing purposes
Some laws and regulations may require the collection and processing of personal data (e.g. tax laws, trade laws, trade and export regulations, anti-money laundering laws, other compliance obligations). If such legal obligations are based on laws and regulations of the EU or EU Member States, the legal basis for the processing of personal data is Article 6 (1) S. 1 lit. c) DSGVO. If such legal obligations are based on laws and regulations of third countries (non-EU), compliance with these legal obligations may constitute a legitimate interest. In this case, the legal basis for the processing of personal data is Article 6 (1) sentence 1 lit. f) DSGVO. The latter also applies to the processing of personal data for the purpose of compliance with our policies, codes of conduct and regulations.
Enforcement: We also process your personal data to exercise our rights and enforce our legal claims. Similarly, we process your personal data to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offences. In this context, we process your personal data to protect our legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) DSGVO (legal basis), insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences (legitimate interest).
Consent: Insofar as you have given us consent to process personal data for certain purposes (e.g. sending information material and offers, assistance with payment processing), the lawfulness of this processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) DSGVO (legal basis). Consent given can be revoked at any time. Please note that the revocation is only effective for the future and does not affect the processing until then.
Duration of the processing
We only process your data for as long as is necessary to fulfil our contract or applicable legal provisions and to maintain our relationship with you. We inform you about the specific storage period of the data within the scope of the respective description of the individual data processing. If you do not find a concrete indication of the storage period there, then it is not possible for us to name such a period because it depends on various individual factors (e.g. the term of the contract, assertion of claims, etc.). In these cases, we base the duration of storage on the principle of data minimisation and proportionality.
Business documents are kept for a maximum of 6 and 10 years in accordance with the requirements of the German Commercial Code and the German Fiscal Code.
As long as you do not object or revoke your consent, we will use your data to maintain and intensify our trusting business relationship for our mutual benefit.
Should you wish your data to be deleted, we will delete your data immediately, provided that there are no legal obligations to retain the data.
Rights of the data subject
1. revocation of consent
If the processing of personal data is based on consent given, you have the right to revoke your consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
2. right to confirmation
You have the right to request confirmation from the controller as to whether we are processing personal data relating to you. You can request confirmation at any time using the contact details above.
3. right to information
If personal data are processed, you can request information about these personal data and about the following information at any time:
(a) the purposes of the processing;
(b) the categories of personal data processed;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
(d) if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning you, or the restriction of processing by the controller, or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
(g) where the personal data are not collected from the data subject, any available information on the origin of the data;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
i) If personal data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards pursuant to Article 46 DPA Regulation in connection with the transfer. We will provide a copy of the personal data that is the subject of the processing. For any further copies you request as an individual, we may charge a reasonable fee based on administrative costs. If you make the request electronically, the information shall be provided in a commonly used electronic format, unless it indicates otherwise. The right to receive a copy under Article 20 shall not prejudice the rights and freedoms of other persons.
4. right to rectification and completion
You have the right to request that we correct any inaccurate personal data relating to you without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
5. right to erasure (“right to be forgotten”)
You have the right to request the controller to delete the personal data concerning you without delay and we are obliged to delete personal data without delay if one of the following reasons applies:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(b) the data subject revokes the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR and there is no other legal basis for the processing.
(c) the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
(d) the personal data have been processed unlawfully.
(e) the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
If the controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data.
The right to erasure (“right to be forgotten”) does not exist insofar as the processing is necessary:
– to exercise the right to freedom of expression and information;
– for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
– for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes as referred to in Article 89(1) of the GDPR, where the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
– for the assertion, exercise or defence of legal claims.
6. right to restriction of processing
You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:
(a) the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data;
(c) the controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the establishment, exercise or defence of legal claims; or
(d) the data subject has objected to the processing pursuant to Article 21(1) of the GDPR for as long as it is not yet clear whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted in accordance with the above conditions, such personal data shall be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.
7. right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:
a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) DSGVO and
(b) the processing is carried out with the aid of automated procedures.
When exercising the right to data portability pursuant to paragraph 1, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8. right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
In the context of the use of information society services, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures using technical specifications.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1), unless the processing is necessary for the performance of a task carried out in the public interest.
You can exercise the right to object at any time by contacting the respective person responsible.
9. right to complain to a supervisory authority
They shall also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes this Regulation.
10. right to effective judicial remedy
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, you shall have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data not in compliance with this Regulation.
Our offer is basically aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians.
Data protection information for applicants
We are pleased that you are interested in us and are applying or have applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.
Which of your data do we process? And for what purposes?
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.
On what legal basis is that based?
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal prosecution after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular in order to safeguard legitimate interests pursuant to Art. 6 para. 1 lit. f) DSGVO. Our interest then consists in the assertion or defence of claims.
How long will the data be stored?
Data of applicants will be deleted after 6 months in case of rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.
If you have been awarded a position during the application process, the data from the applicant data system will be transferred to our personnel information system.
To which recipients is the data passed on?
Your application data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who need this for the proper course of our application procedure.
Where is the data processed?
The data is processed exclusively in data centres in the Federal Republic of Germany.
If sections or individual terms of this statement are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.
Status of the data protection notice: 03.07.2023