Privacy Policy – Data Protection Notice

 

Below please find the data protection notice for the qneurope.com website.

The data controller with respect to the processing of data via the above website is:

QN Europe Deutschland GmbH
Neuhofstraße 9
D-64625 Bensheim
Telefon: +49 (6251) 98916-40

 

Our data protection officer is:

Thilo Noack
SBS DATA PROTECT GmbH
Hans-Henny-Jahnn-Weg 49
22085 Hamburg

 

If you would like to exercise rights in the context of data protection or if you have any questions regarding the use, collection and processing of your personal data, please contact: dataprotection.qn@qneurope.com

Security and protection of your personal data

We consider it our prime responsibility to safeguard the confidentiality of the personal data provided by you and to protect the data from unauthorized access.

As a company under private law, we are subject to the provisions of the European Data Protection Regulation (GDPR) and the regulations of the German Federal Data Protection Act (BDSG). We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by our external service providers.

 

Definitions

The law requires that personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness, transparency”). To ensure this, we advise you of the respective legal definitions of terms that are used in this data protection notice:

  1. Personal data

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter: “data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. Restriction of processing

“Restriction of processing” means the marking of stored personal data with the aim of limiting processing of such data in the future.

  1. Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

  1. Pseudonymization

“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

  1. Filing system

“Filing system” means any structured set of personal data which is accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

  1. Data controller

“Data controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  1. Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

  1. Recipient

“Recipient” means a natural or legal person, public authority, agency or other body, to which the personal data is disclosed, whether they are a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by such public authorities shall be in compliance with the applicable data protection regulations according to the purpose of the processing.

  1. Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons who, under the direct authority of the data controller or processor, are authorized to process personal data.

  1. Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Lawfulness of processing

Processing of personal data shall be lawful only if there is a legal basis for the processing. According to Article 6 (1) lit. a) – f) GDPR, the legal basis for the processing may be in particular:

  1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary for compliance with a legal obligation to which the data controller is subject;
  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
  6. processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular where the data subject is a child.

Information about the collection of personal data

In the following, we provide information on the collection of personal data when using our website. Personal data includes, for example, name, address, email addresses, user behavior.

 

Collection of personal data when visiting our website

In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security:

  • IP address
  • date and time of the request
  • time zone difference to Greenwich Mean Time (GMT)
  • content of the request (actual page)
  • access status/HTTP status code
  • data volume transferred in each case
  • website, from where the request is sent
  • browser
  • operating system and its interface
  • language and browser software version

After a technical evaluation this data will be deleted immediately. Pursuant to Art. 6 (1) lit. f) GDPR, such data collection protects our predominantly legitimate interests in the correct presentation of our website offering within the scope of a weighing of interests, as well as compliance with the basic European Data Protection Regulation in terms of security and confidentiality. 

How to contact us

When contacting us by email or by using the contact form, the provided data (your email address, possibly your name and telephone number) will be stored by us in order to answer your inquiry. The legal basis is Art. 6 (1) lit. a) GDPR. We will delete the data collected in this context, once storage is no longer necessary, e.g. once the request has been processed. Otherwise, the processing will be restricted if legal retention obligations apply. In case of a contract initiation resulting from the first contact, we process the data according to the legal basis of Art. 6 (1) lit. b) GDPR. 

QN Europe Partner Account

When opening a partner account, the data you provide will be stored and processed by us for contractual purposes. We will delete the data collected in this context, once storage is no longer necessary. Otherwise, the processing will be restricted because legal retention obligations apply.  

The processing is based on Art. 6 (1) lit. b) GDPR. 

Cookie Consent Tool

We use the Borlabs cookie consent tool to obtain effective user consent for cookies and cookie-based applications that require consent. By means of integration of the tool, users are shown a banner when accessing the page, where they can give their consent to certain cookies and/or cookie-based applications by ticking the appropriate box. The tool blocks any placement of cookies requiring consent until the respective user gives the corresponding consent by ticking the box. This ensures that only if you have given your consent, such cookies are placed on your respective terminal equipment. In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings you have made for the duration of a session, certain user information (including the IP address) is collected by the cookie consent tool upon calling up of our website, transmitted to the server of the provider of the cookie consent tool and stored there. Such data processing is carried out in accordance with Art. 6 (1) lit. f) GDPR on the basis of our legitimate interest in a legally compliant, user-specific and user-friendly consent management of cookies and thus in a legally compliant design of our website. The further legal basis for the described data processing is Art. 6 (1) lit. c) GDPR. As the data controller, we are subject to the legal obligation to make the use of technically unnecessary cookies dependent on the respective user consent.

By using our website, information may be accessed (e.g. IP address) or stored (e.g. cookies) on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

Telecommunications Telemedia Data Protection Act (TTDSG)

The legal basis for the storage and retrieval of information from the end user’s terminal equipment is the consent given in accordance with Sec. 25 (1) sentence 1 TTDSG. This consent is requested upon accessing the website.

According to Sec. 25 (2) no. 2 TTDSG, consent is not required if storage of information on the end user’s terminal equipment or access to information already stored on the end user’s terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user. Based on the cookie settings it can be derived which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”), therefore fall under the exemption regulation of Sec. 25 (2) TTDSG and consequently do not require consent.

Please note that the further legal basis for any downstream processing of personal data is the GDPR. The relevant legal basis for the processing of personal data on this website is provided in the further course of this data protection notice.

Use of cookies

In addition to the above-mentioned data, cookies or similar technologies such as pixels (hereinafter generally referred to as “cookies”) are used on your computer when you use and visit our website. Cookies are either small databases, which are saved on your terminal device by your browser to store certain information, or image files such as pixels. The next time you visit our website with the same terminal device, the information stored in cookies will subsequently be returned either to our website (“first-party cookie”) or to another website to which the cookie belongs (“third-party cookie”).

Through the stored and returned information, the respective website recognizes that you have already accessed and visited the website with the browser on your device. We use this information to optimize and display the website according to your preferences. Only the cookie itself is identified on your terminal device. Personal data will only be stored beyond that with your explicit consent or if this is absolutely necessary in order to be able to use the service offered and called up by you accordingly.

This website uses the following types of cookies, the scope and functioning of which are explained below:

  • Strictly necessary cookies (Type A)
  • Functional and performance cookies (Type B)
  • Consent-based cookies (Type C)

Strictly necessary cookies (Type A)

Strictly necessary cookies facilitate functions without which you cannot use our websites as intended. These cookies are used exclusively by us and are therefore first-party cookies. This means that any information stored in the cookies will be returned to our website.

For example, strictly necessary cookies are used to ensure that you, as a registered user, can always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login details every time you view a new page.

The use of strictly necessary cookies on our website is possible without your consent. For this reason, strictly necessary cookies cannot be individually deactivated or activated. However, you can deactivate cookies in your browser at any time (see below). 

Functional and performance cookies (Type B)

Functional cookies allow our website to store information already provided (such as registered name or language selection) and to provide improved and more personal features based thereon. These cookies collect and store only anonymized information so that they cannot track your movements on other websites.

Performance cookies collect information about how our websites are used in order to improve their attractiveness, content, and functionality. These cookies help us, for example, to determine whether and which sub-pages of our website are visited and which content users are particularly interested in. In particular, we record the number of accesses to a page, the number of sub-pages accessed, the time spent on our website, the order of the pages visited, the search terms that have brought you to us, the country, the region and, if applicable, the city from which access is made, and the proportion of mobile devices that access our websites. We also record movements, “clicks”, and scrolling with the computer mouse to understand which areas of our website are of particular interest to users. As a result, we can better tailor the content of our website to the needs of our users and optimize our offer. The IP address of your computer, which is transmitted for technical reasons, is automatically anonymized and does not allow us to draw conclusions about the individual user.

You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

The legal basis is Art. 6 (1) lit. f) GDPR. 

Consent-based cookies (Type C)

Cookies that are neither strictly necessary cookies (Type A) nor functional or performance cookies (Type B) will only be used with your consent.

We reserve the right to use information obtained through cookies from an anonymized analysis of the usage behavior of visitors to our websites in order to show you specific advertisements for certain products on our own websites. We believe that you, the user, will benefit from this because we will display advertisements or content that based on your browsing habits, we consider to fit your interests and you will be shown less randomly scattered advertisements or certain content that may be of less interest to you.

Marketing cookies originate from external advertising companies (third-party cookies) and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

Legal basis: Art. 6 (1) lit. a) GDPR. 

Opt-out of marketing cookies

You can also manage cookies used for online advertising through tools developed in many countries within the scope of self-regulatory programs, such as the US-based https://www.aboutads.info/choices/ or EU-based

http://www.youronlinechoices.com/uk/your-ad-choices.

Legal basis: Art. 6 (1) lit. a) GDPR. 

Management and deletion of all cookies

In addition, you may set your internet browser to prevent the storage of cookies on your device in general or to ask you each time if you consent to the setting of cookies. Once the cookies are placed, you may delete them at any time. You can find out how this works in detail in the help section of your browser.

We use the following cookies described here for the following purposes:

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are small databases that are placed on your computer to help analyze your use of the website. The information about your web page use generated by the cookie is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is enabled on this website, your IP address is first shortened by Google within European Union Member States and in other states that are party to the European Economic Area Agreement. The full IP address is sent to a Google server in the USA and shortened there in exceptional cases only. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide the website operator with further services related to website and internet use.

The IP address transmitted in the context of Google Analytics by your browser is not merged with other data provided by Google.

You may prevent the placement of the cookies via your corresponding browser software settings; however, we would like to point out that you might not be able to fully use all the features of this website in that case. Furthermore, you can prevent the transmission of data generated by the cookie and relating to your use of the website (including your IP address) to Google as well as the processing of said data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. IP addresses thus are processed in a shortened form, excluding the possibility of any personal references. If the data collected about you is personally identifiable, the personal reference will be eliminated and the personal data deleted immediately.

We use Google Analytics to be able to analyze the use of our website and to improve it regularly. The generated statistics will enable us to enhance our services and make them more interesting for you as the user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You have the option to deactivate the cross-device analysis of your usage data in your account under “My Data”, “Personal Data”.

The provider has signed the standard contractual clauses of the prevailing EU data protection requirements (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors).

Details of the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use:

http://www.google.com/analytics/terms/de.html, privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and the data protection notice: http://www.google.de/intl/de/policies/privacy.

 Legal basis: Art. 6 (1) lit. a) GDPR 

Google Tag Manager

With Google Tag Manager, marketers can manage website tags via one interface. However, the tag manager itself, which deploys the tags, works without cookies and does not collect any personal data. The tag manager only triggers other tags. Explanations regarding the respective third-party providers can be found in this data protection notice. However, the Google Tag Manager does not use this data. If you have set or otherwise arranged the deactivation of cookies, this is observed for all tracking tags used by the Google Tag Manager, i.e. the tool does not change your cookie settings.

Legal basis: Art. 6 (1) lit. a) GDPR 

Google Fonts

The data controller has integrated Google Fonts on this website. Google provides free fonts that can be used for the design of websites.

This site uses so-called web fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When a page is called up, the browser of a data subject loads the required web fonts into the browser cache in order to display texts and fonts correctly.

For this purpose, the browser used by a data subject must connect to the Google servers. In this way, Google learns that the website in question has been accessed via the IP address of the data subject. Google Web Fonts are used in the interest of a uniform and appealing presentation of the online offers. If the browser of the data subject does not support web fonts, a default font is used by the computer of the data subject.

The provider has signed the standard contractual clauses of the prevailing EU data protection requirements (https://ec.europa.eu/info/law/law-topic/data-protection/publications/standard-contractual-clauses-controllers-and-processors). If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the data transmission to third countries.

Further information on Google Web Fonts is available at https://developers.google.com/fonts/faq and in the Google data protection notice: https://www.google.com/policies/privacy/

Legal basis: Art. 6 (1) lit. a) GDPR. 

Gstatic

Our website uses a web service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic). Gstatic is a service used by Google to retrieve static content to reduce bandwidth usage and preload the required catalog files. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic. The legitimate interest consists in the error-free functioning of the website.

The data is deleted as soon as the purpose of its collection has been fulfilled.

For more information on the handling of transmitted data, please refer to the Gstatic data protection notice: https://policies.google.com/privacy. You can prevent the collection as well as the processing of your data by Gstatic by deactivating the execution of the respective script code in your browser or by installing a script blocker in your browser (you can find this, for example, at www.noscript.net or www.ghostery.com).

If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 (1) lit. a) GDPR may serve as the legal basis for the data transfer to third countries.

Legal basis: Art. 6 (1) lit. a) GDPR 

Facebook fan page

We have integrated a Facebook component on our website, which is a link to our Facebook fan page. We use the technical platform of Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Facebook”) for the information service offered here.

In the opinion of the ECJ, Facebook and the operator of a Facebook fan page are joint data controllers within the meaning of Art. 26 GDPR with regard to the personal data that is processed via the Facebook fan page. For this reason, Facebook and we have concluded an agreement on our joint responsibility, which is available here. Please find some information to follow on the data processing on our Facebook fan page:

The processing of your personal data on the Facebook fan page is carried out under joint responsibility with: Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland. 

When accessing a Facebook fan page, the IP address of your terminal device is transmitted to Facebook. According to Facebook, this IP address is made anonymous and is deleted after 90 days, at least if it is a German IP address. In addition, Facebook stores further information about terminal devices of its users, e.g. the internet browser used. Facebook may potentially use this to assign IP addresses to individual users. If you are logged into your Facebook account while visiting our fan page, a cookie containing your Facebook identifier will be stored on your device. Because of this cookie, Facebook is able to track your visit to our fan page and how you used it. Facebook uses this information to provide you with customized content or advertising. If you do not want this to happen, you should log off your Facebook account or deactivate the “stay logged in” function. We furthermore recommend that you delete cookies from your device and exit and restart your browser. This process deletes Facebook information which Facebook can use to establish a link to you. However, if you want to use the interactive features of our fan page, you will need to log on to Facebook again with your Facebook details. This also makes it possible for Facebook to establish a link to you again. Facebook does not conclusively and clearly disclose, and we do not know, how Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are attributed to individual users, for how long Facebook stores such data and whether data from a visit to the Facebook page are disclosed to third parties. We can only refer you, as the user of our fan page, to Facebook’s statements on data protection. The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union. 

Facebook describes in general terms in its data use policy what information it receives and how this is used. There, you will also find information on how to contact Facebook as well as on the settings available for advertisements. The data use policy is available at the following link: http://de-de.facebook.com/about/privacy. The complete data policy of Facebook is available at: https://de-de.facebook.com/full_data_use_policy Facebook’s data protection policy contains further information on the processing of data:

https://www.facebook.com/about/privacy/ Opt-out options can be set up here: https://www.facebook.com/settings?tab=ads and here http://www.youronlinechoices.com. 

We as the operator of the Facebook fan page cannot assess the transmission and further processing of personal data in third countries, e.g. the USA, as well as the potential risks associated with this for you.

Instagram

We have integrated a component of the service Instagram on our website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data on other social networks. 

The operator of the Instagram services is Meta Platforms Ireland Ltd.

4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. 

Each time one of the individual pages of this website operated by the data controller, on which an Instagram component (Insta button) has been integrated, is called up, the internet browser on the information technology system of the data subject is automatically caused to download a representation of the corresponding component from Instagram by the respective Instagram component. As part of this technical procedure, Instagram receives information on which specific sub-page of our website is visited by the data subject. 

If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific sub-page the data subject is visiting each time the data subject calls up our website for the entire duration of the respective stay on our website. This information is collected by the Instagram component and matched by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on our website, the data and information thus transmitted will be matched to the personal Instagram user account of the data subject and stored and processed by Instagram. 

Instagram will always receive information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged into Instagram at the time of calling up our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before accessing our website. 

Further information on the prevailing data protection regulations can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Other processing purposes

Some laws and regulations may require the collection and processing of personal data (e.g. tax laws, trade laws, trade and export regulations, anti-money laundering laws, other compliance obligations). If such legal obligations are based on laws and regulations of the EU or EU Member States, the legal basis for the processing of personal data is Article 6 (1) sentence 1 lit. c) GDPR. Where such legal obligations are based on laws and regulations of third countries (non-EU), compliance with such legal obligations may constitute a legitimate interest. In this case, the legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. f) GDPR. The latter also applies to the processing of personal data for the purpose of complying with our policies, codes of conduct and regulations. 

Legal enforcement: We may also process your personal data in order to assert our rights and enforce our legal claims. We may also process your personal data in order to be able to defend ourselves against legal claims. Finally, we may process your personal data to the extent necessary to prevent or prosecute criminal offenses. In this context, we process your personal data to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR (legal basis), insofar as we assert our legal claims or defend ourselves in legal disputes, or we prevent or investigate criminal offenses (legitimate interest). 

Consent: If you have provided your consent to the processing of personal data for certain purposes (e.g. sending information material and offers, assistance with payment transactions), the lawfulness of such processing is based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR (legal basis). You may withdraw your consent at any time. Please note that your withdrawal will only take effect for the future and that the processing up to that point will not be affected.

Duration of the processing

We process your data only as long as it is necessary for the fulfillment of our contractual obligations or applicable legal provisions and the maintenance of our relationship with you. We shall inform you about the specific data storage period as part of the respective description of the individual data processing. If there is no specific indication of the storage period, we are unable to state such a period because it depends on different individual factors (e.g. the term of the contract, assertion of claims, etc.). In these cases, we base the storage duration on the principle of data minimization and proportionality. 

Business documents are kept for a maximum of 6 and 10 years in accordance with the requirements of the German Commercial Code and the German Fiscal Code. 

As long as you do not object or withdraw your consent, we will use your data to maintain and intensify our trusting business relationship for our mutual benefit. 

Should you wish for your data to be deleted, we will delete your data immediately, provided that there are no legal obligations to retain the data.

Rights of the data subject  

  1. Withdrawal of the consent

If the processing of personal data is based on your granted consent, you have the right to withdraw the consent at any time. The withdrawal of the consent will not affect the lawfulness of the processing that was based on your consent before its withdrawal. 

  1. Right to confirmation

You have the right to request confirmation from the data controller as to whether we are processing any personal data relating to you. You can request such confirmation at any time using the contact details above. 

  1. Right to information

If personal data is processed, you may request information about such personal data as well as the following information at any time: 

  • the purpose of the processing;
  • the categories of the personal data being processed;
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
  • the existence of a right to rectification or erasure of personal data concerning you, or the right to restriction of the processing by the data controller, or a right to object to such processing;
  • the existence of a right to complain to a supervisory authority;
  • where the personal data is not collected from the data subject, any available information on the origin of the data;
  • the existence of automated decision-making procedures, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
  • if personal data is transmitted to a third country or to an international organization, you have the right to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transmission. We provide a copy of the personal data that is the subject of the processing. For any additional copies you request as an individual, we may charge a reasonable fee based on administrative costs. If your request is filed electronically, the information shall be provided in a commonly used electronic format, unless stated otherwise. The right to receive a copy under Art. 20 shall not prejudice any rights and freedoms of other persons.
  1. Right to rectification and completion

You have the right to request that we correct any inaccurate personal data relating to you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration. 

  1. Right to erasure (“right to be forgotten”)

You have the right to ask the data controller to delete the personal data concerning you without delay and we are obliged to delete personal data without delay if one of the following reasons applies: 

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • the data subject withdraws the consent on which the processing was based pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR and there is no other legal basis for the processing.
  • the data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
  • the personal data has been processed unlawfully.
  • the erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the data controller is subject.

If the data controller has made the personal data public and is obliged to erase it pursuant to paragraph 1, the data controller shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform all data controllers, who process the personal data, that a data subject has requested that all links or copies or replications of that personal data be deleted.

 

The right to erasure (“right to be forgotten”) does not exist insofar as the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under Union or Member State law, to which the data controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the data controller;
  • for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h) and i) and Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, where the right referred to in paragraph 1 is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  • for the assertion, exercise or defense of legal claims.
  1. Restriction of processing

You have the right to request us to restrict the processing of your personal data if one of the following conditions is met:

  1. the accuracy of the personal data is disputed by the data subject, namely for a period enabling the data controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of the use of the personal data;
  3. the data controller no longer needs the personal data for the purposes of the processing but the data subject needs them for the establishment, exercise or defense of legal claims; or
  4. the data subject has objected to the processing pursuant to Art. 21 (1) GDPR for as long as it is not yet established whether the legitimate grounds of the data controller override those of the data subject.

Where processing has been restricted in accordance with the above conditions, such personal data shall be processed, apart from being stored, only with the consent of the data subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or of a Member State.

  1. Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another data controller without hindrance by the data controller to whom the personal data was provided, insofar as: 

a) the processing is based on consent pursuant to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) or on a contract pursuant to Art. 6 (1) lit. b) GDPR and

b) the processing is carried out by means of automated procedures. 

When exercising the right to data portability pursuant to paragraph 1, you have the right to ensure that the personal data is transferred directly from one data controller to another data controller to the extent that this is technically feasible. The exercise of the right to data portability does not affect the right to erasure (“right to be forgotten”). This right does not apply to any processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. 

  1. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) lit. e) or f) GDPR; this also applies to profiling based on these provisions. The data controller shall no longer process the personal data unless the data controller can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. 

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes. 

In the context of the use of the services of an information society, notwithstanding Directive 2002/58/EC, you may exercise your right to object by means of automated procedures that use technical specifications. 

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1), unless the processing is necessary for the performance of a task carried out in the public interest. 

You can exercise the right to object at any time by contacting the respective data controller. 

  1. Right to lodge a complaint with a supervisory authority

You also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if the data subject is of the opinion that the processing of personal data relating to them infringes this regulation. 

  1. Right to effective judicial remedy

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, you shall have the right to an effective judicial remedy if you are of the opinion that your rights under this regulation have been infringed as a result of the processing of your personal data that is not in compliance with this regulation.

 

Children

Our offering is generally aimed at adults. Persons under the age of 18 should not transmit any personal data to us without the consent of their parents or legal guardians. 

Data protection notice for applicants

Thank you for your interest and for applying for a position in our company. Please find some information to follow on the processing of your personal data in connection with your application. 

Which of your data will be processed by us? And for what purpose?  

We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process.

What is the legal basis for the processing?

The legal basis for the processing of your personal data in this application procedure is primarily Sec. 26 Federal Data Protection Act (BDSG). According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. 

Should the data be required for legal prosecution purposes after completion of the application process, the data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our interest then consists in asserting or defending claims. 

How long will your data be kept?  

Data of applicants will be deleted after 6 months in case of rejection.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. From there, the data will be deleted after the expiry of two years. 

If you have been awarded a position during the application process, the data from the applicant data system will be transferred to our personnel information system.

 

To which recipients is the data passed on?  

Your applicant data will be viewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the heads of department for the respective open position. From here, the further process is determined. In principle, only those persons in the company have access to your data who require the information for the proper running of our application procedure.

 

Where is the data processed?  

The data is exclusively processed by data centers in the Federal Republic of Germany.

 

Legal validity  

If sections or individual terms of this statement are not or no longer legal or correct, the content or validity of the other parts of this document remain unaffected by this fact.

 

Status of the data protection notice: 07/15/2022