Data Privacy

Scope of application

This data protection declaration applies to all pages of our online network that link to this declaration. The general information can be found on our main data protection page.

Purpose of data collection

The purpose of data collection is the optimization of the website, error analysis, individual tailoring to your needs, the offer to contact you and, if necessary, the sale of goods and services.

General information on data processing

We collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services or to the extent that you as a user provide us with this data voluntarily. The collection and use of personal data by you as a user takes place regularly only with your consent or for the establishment and execution of a legal transaction. An exception applies in cases where prior consent cannot be obtained for factual reasons or is disproportionate and the processing of the data is permitted by another legal provision.

Legal basis for the processing of your data:

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
• When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
• If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Legitimate interests can be in particular:

• responding to inquiries;
• carrying out direct marketing measures;
• providing services and/or information intended for you;
• processing and transferring personal data for internal or external purposes. administrative purposes;
• the operation and administration of our website;
• the technical support of users;
• the prevention and detection of fraud and criminal offenses;
• protection against payment defaults when obtaining credit information for inquiries about deliveries and services;
• ensuring network and data security, insofar as these interests are in accordance with applicable law and the rights and freedom of the user;
• the achievement of efficiency gains by bundling services in individual Group companies (in particular marketing, IT, procurement).

Categories of recipients

• Service providers for website optimization, online marketing service providers and tools, service companies for information and communication technology, companies for software and device maintenance, some of which are described in more detail below
• Social networks and communities
• Internal recipients according to the "need to know" principle

Usage data/server log files

Each time our website is accessed, our systems automatically collect data and information from the computer system of the accessing computer.

The following types of data are collected: Browser type, version used, user's operating system, host name, internet service provider, user's IP address, date and time of access, websites from which the user's system has accessed our website or which the user accesses from our website.

The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. We also reserve the right to check the files if there is a justified suspicion of unlawful use or a specific attack on the pages based on concrete evidence. In this case, our legitimate interest is processing for the purpose of investigating and prosecuting such attacks and unlawful use.

Bunny CDN

When using our website, we use the content delivery network (CDN) Bunny CDN, provided by BunnyWay d.o.o., based in Dunajska cesta 165, 1000 Ljubljana, Slovenia. Bunny CDN optimises the loading times of our website by distributing content across a global network of servers and retrieving it from the server closest to the user's location.

An anonymised IP address of the user is recorded, together with technical information about the retrieved content. This data is processed solely for the purpose of optimising the delivery of content and ensuring the security of the service. Data processing is carried out on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, as we want to ensure the fast and efficient provision of our website. If you have previously given your consent, your data will also be processed on the basis of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time.

The data will only be stored for as long as is necessary to achieve the stated purposes or until you withdraw your consent.

Further information on data processing by Bunny CDN can be found in Bunny CDN's privacy policy at https://bunny.net/privacy and https://bunny.net/gdpr/.

Use of cookies

We use cookies. Cookies are data that can be stored in the Internet browser or by the Internet browser on the user's computer system and retrieved again when visiting a website. Cookies may contain a characteristic string of characters that enables the browser to be uniquely identified when the website or an integrated service is called up again. We use cookies to enable the operation of our website (technically necessary cookies), to make our website more user-friendly (functional cookies) and for marketing and advertising purposes (advertising cookies).

Technical cookies: Some elements of our website require that the accessing browser can be identified even after a page change. The purpose of their use is to enable the website to function at all. Examples of technically necessary cookies are the provision of a shopping cart or logging in as a registered user. The processing is therefore carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Functional cookies: There may be functions that are not absolutely technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the remembering of search terms, etc.. The processing is also carried out on the basis of Art. 6 para. 1 lit. b or f GDPR.

Advertising cookies: We also use cookies on some of our websites that enable us to analyze the surfing behavior of users. In this way, for example: search terms entered in search engines, frequency of page views, use of website functions, and information about the operating system and browser, etc. are transmitted. The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has consented to this - e.g. by making a selection in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f GDPR in conjunction with Art. 6 para. 1 lit. f GDPR. If third-party services are integrated, processing by them is governed by their respective data protection provisions, which are mentioned and/or linked below.

Pretix

We use the pretix service from Raphael Michel, http://rami.io Softwareentwicklung, Markgräfler Straße 16,69126 Heidelberg, Germany, to manage events via our website. The purposes of processing may include the provision of a ticket shop system with a connected payment gateway, event analyses and the handling of the check-in process. The application is displayed on our website by means of an iFrame. The legal basis for the transmission of your personal, technical data is the simplification of event management as a legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Your data will only be stored for as long as necessary. In the case of ticket booking data, the statutory retention periods are decisive here, among other things. You can view further data protection provisions from the technical provider at https://pretix.eu/about/de/privacy.

Amazon Cloudfront

On our website we use the content delivery network (CDN) service Amazon CloudFront from Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 1855 Luxembourg.

Processed data are:

• IP address,
• website accessed,
• referrer URL,
• the browser and operating system used,
• other information that enables the differentiation of human and machine use (bot)

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring the best possible function of our website for our users, for which we would like to avoid long waiting times when accessing content through Amazon CloudFront. The storage period depends on the required purpose. For the exceptional cases in which personal data is transferred to the USA, standard contractual clauses apply. Furthermore, deviating data protection provisions of Amazon CloudFront apply: https://aws.amazon.com/de/privacy/?nc1=f_pr.

Further information on the data protection guidelines of Amazon CloudFront can be found at https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

Google Analytics

Some of our websites use Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics may be merged with other Google data. The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. a GDPR. We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offering and make it more interesting for you as a user. This website also uses Google Analytics to analyse visitor flows across devices using a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de . This website uses Google Analytics with the extension "_anonymiseIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately. In cases where personal data is transferred to the USA, standard contractual clauses apply.

Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, or Google Analytics from Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). User conditions: http://www.google.com/analytics/terms/de.html , overview of data protection: https://www.google.com/policies/privacy/partners/ , as well as the privacy policy: http://www.google.de/intl/de/policies/privacy . You have the right to revoke your consent granted in accordance with Art. 6 para. 1 lit. a GDPR at any time. You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

To prevent Google Analytics from collecting data across all devices, you can set an opt-out cookie. Opt-out cookies prevent the future collection of your data when you visit this website. You must opt out on all systems and devices used for this to be fully effective. You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/

General statements on web beacons / tracking pixels

Web beacons are invisible graphics the size of a pixel. These are used by partner companies, in particular for the purpose of tracking a user via various webpages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the webpage is loaded from the partner's server when the webpage is accessed. This provides the partner with your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the information for advertising cookies applies accordingly.

Content from external providers

We use active JavaScript content and fonts on our website, which may also originate from external providers such as Google. By accessing our website, these providers may receive information about your visit to our website, for example by transmitting your IP address. You can prevent this transmission by installing a JavaScript blocker such as the browser plugin 'NoScript' or by deactivating JavaScript in your browser. However, this can lead to functional restrictions.

Some of our websites incorporate third-party content, such as videos from YouTube, maps from Google Maps, images, texts and multimedia files, RSS feeds or other services from other websites. This always requires your IP address to be transmitted to the providers of this content. We cannot make any statement about the use of your data by these providers and also have no influence on further processing. In particular, we have no control over whether the data is used for other purposes, such as profiling. Please refer to the relevant data protection notices of the respective third-party providers. You can protect yourself against further tracking by tracking pixels from these providers by deactivating the acceptance of third-party cookies in your browser settings.

The legal basis for the transfer of personal data when integrating third-party providers is Art. 6 para. 1 lit. a GDPR if the user has given their consent - e.g. by selecting this in a cookie opt-in banner - otherwise Art. 6 para. 1 lit. f GDPR in conjunction with Art. 6 para. 1 lit. f GDPR i.c.w recital 47.

Contact form and e-mail contact

A contact form is available on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are Name, address, e-mail address, telephone number, etc. Not all of this data is mandatory. The following data is also stored when the message is sent: The IP address, date and time. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

The legal basis for the processing is:

• For the receipt of the data on the basis of the sending of the contact form as consent pursuant to Art. 6 para. 1 lit. a in conjunction with. Art. 5 (expectable processing) GDPR or alternatively on the basis of the legitimate interest in responding to your contact request in accordance with Art. 6 para. 1 lit. f GDPR.
• For the processing of data transmitted in the course of sending an e-mail, Art. 6 para. 1 lit. f GDPR with the above-mentioned legitimate interests.
• If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. There may be retention periods under commercial and tax law.

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

Newsletter

You can subscribe to a free newsletter with advertising content on our website. Our newsletters contain information about our services, promotions, events, competitions, job offers and articles. Newsletters, on the other hand, do not include messages without advertising information that are sent as part of our contractual or other business relationship. This includes, for example, the sending of service emails with technical information and queries about orders, events, competition notifications or similar messages. When registering for the newsletter, the data from the input screen is transmitted to us. In addition, the IP address of the accessing computer and the time of access are collected. Your consent is obtained for the processing of the data during the registration process and reference is made to this privacy policy. If you purchase goods on our website via our online store and enter your e-mail address, we reserve the right to send you newsletters with direct advertising for our own similar goods. No data will be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given consent and for sending the newsletter as a result of the sale of goods in accordance with Section 7 para. 3 UWG or Art. 6 para. 1 lit. f. (dispatch on the basis of our legitimate business interest).

The purpose of collecting the user's email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This is also used to withdraw consent for the newsletter to be sent.

A statistical evaluation of the reading behavior only takes place to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. However, this is a function that we only use to check user activities and to be able to make corresponding optimizations. For this purpose, the newsletter contains a so-called "web beacon", a pixel-sized file that is retrieved from our server when the newsletter is opened. This web beacon can be personalized so that personal data is collected. Clicks are tracked via personalized links to the respective website. If personalized data is collected, the legal basis is Art. 6 para. 1 lit. a GDPR.

Data collection during registration and registered use

Some of our websites require or offer registration. The data collected is used for the purpose of using the respective websites and services, unless otherwise described and explicitly consented to during registration. The data collected results from the input mask during registration, the processing is based on Art. 6 para. 1 lit. b GDPR. All other data that you can enter at a later date to complete your profile are optional and voluntary and are based on the legal basis of Art. 6 para. 1 lit. a GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the e-mail address you have provided.

We collect certain usage data from registered member companies in order to optimise the offering on our platform and increase user-friendliness. This data includes information about when registered users or member companies log in, which pages they visit within the portal and which actions they perform. This data processing is carried out to ensure the functionality and security of our portal and to continuously improve our offering.

If a personal reference is derived from the data, the processing is carried out on the basis of our legitimate interest in the analysis and optimisation of the member portal in accordance with Art. 6 para. 1 lit. f GDPR as the legal basis for the collection and evaluation of this data. The data collected is used exclusively for the purposes described or mentioned above.

Data in user-generated content

If you write comments or posts, upload files to our servers, publish images or use other services, your IP address and - if you are logged in - your user data will be stored for our security. Due to the large amount of illegal content that is posted on the Internet every day, we reserve the right to use this information to defend ourselves in legal disputes or for criminal prosecution, i.e. to pass it on to opposing parties, law enforcement authorities and courts. The legal basis for the content provided is Art. 6 para. 1 lit. a and/or b GDPR, for all other data collected in the process Art. 6 para. 1 lit. f GDPR.

Comment subscriptions

On some of our websites you can subscribe to follow-up comments. If you are not logged in, you will receive a confirmation email as part of a double opt-in procedure to check whether you are the legitimate owner of the specified mailbox. You can unsubscribe from the notification at any time. Instructions on how to do this are included in each of the emails. Registered users do not have to go through the double opt-in procedure, as this takes place during registration. The legal basis for sending newsletters applies.

Credit rating information

Furthermore, we reserve the right to pass on personal data to third parties for credit rating information in the case of orders or commissions, insofar as this is necessary to safeguard our legitimate interests. Only the data required by the credit agency to calculate creditworthiness using a mathematical-statistical procedure will be transmitted. We require creditworthiness information in order to be able to decide on the establishment and execution of a contractual relationship while safeguarding our legitimate interests.

Data transmission via the Internet

Data transmission via the Internet is generally associated with certain risks. Data is not specially encrypted; in particular, messages from the contact form on our website and messages in the service chat are transmitted unencrypted. Please bear this in mind when transmitting data. If you wish to communicate with us by encrypted e-mail, this is possible via SMIME encryption. Please let us know if you wish to use encryption, as we regularly send unencrypted emails due to the currently low market penetration of email encryption methods.

Data transfer

If you provide us with personal data, it will only be passed on to third parties if this is necessary to process the contractual relationship or if another legal reason legitimizes this transfer. However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken appropriate measures to protect your personal data.

Storage periods

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Privacy policy for LinkedIn page

The general information can be found on our main data protection page. Our company operates a social media channel on the LinkedIn platform. According to the judgement of the European Court of Justice (ECJ) of 5 June 2018, Ref. C-210/16, the operator of social media pages is at least jointly responsible for data processing, at least in the case of Facebook fan pages, within the meaning of Art. 26 GDPR. To date, we are not aware that LinkedIn offers an agreement that fulfils the requirements of Art. 26 GDPR.

We only process your data if you contact our HR department via the LinkedIn platform or apply for an advertised position via LinkedIn for precisely these purposes. In this case, LinkedIn collects your data and makes it available to us. The legal basis for the processing of personal data is, depending on the case constellation, the processing for the initiation and execution of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR or on the basis of our legitimate interest in communicating with users and our external presentation for the purpose of advertising in accordance with Art. 6 para. 1 lit. f) GDPR.

If you have given your consent to the provider of the social network for the data processing described above with effect for us, the legal basis is Art. 6 para. 1 lit. a) GDPR. This may also involve storage and further processing by us. The processing of your personal data in the event of an application is governed by our applicant data protection declaration. We may also collect data from visitors to our company website if the advert can be defined as visitor processing. However, we do not store this data on our own systems, nor is it systematically processed beyond occasional awareness. Our information regarding the controller, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.

For any further processing, we would like to point out that the privacy policy of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn) applies to our LinkedIn company page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

Privacy policy for WhatsApp channel

When you use our WhatsApp channel, we process your telephone number shortened by WhatsApp and any profile information that you voluntarily provide to us. The processing takes place exclusively for the purpose of disseminating information and news via our WhatsApp channel. Please note that WhatsApp channels are a one-way communication platform where we send messages to all subscribers without the subscribers being able to communicate with each other, reply to the messages or track interactions with content on a personalised basis.

Your telephone number is only used to deliver the messages and is not visible to other subscribers to the channel. Data processing is based on your consent, which you give by subscribing to the channel. We would like to point out that WhatsApp is a service of Meta Platforms, Inc. and that Meta carries out independent data processing processes, such as the collection of metadata (e.g. timestamps and device information).

The use of the WhatsApp channel is voluntary and you can revoke your consent at any time for the future by unsubscribing from our WhatsApp channel. For more information on data processing by WhatsApp and Meta, please refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/privacy-policy

Information on data processing

The general information can be found on our main data protection page. As a customer / member and as an interested party or other data subject, we process your personal data primarily to establish and fulfil a contractual relationship concluded with you or on the basis of our legitimate interest. We collect, store and, if necessary, pass on your data to the extent necessary to provide the contractually agreed service, to provide information, to carry out direct marketing activities or other activities of our business operations. Failure to provide this data may mean that the contract cannot be concluded. In addition, we only process your data if you have consented to the processing or another legal authorisation exists.

Declaration of membership

With your application for admission to our association, you provide us with personal data in the registration form and in the further questionnaire, which we collect and process within the framework and for the fulfilment of our association purposes. The personal data will be treated in accordance with the data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Purposes of data processing

We process your personal data to fulfil the following purposes in connection with the initiation and execution of a contractual relationship or other activities in the interests of our company:

• contract processing
• communication about products, services and projects and to respond to enquiries
• about appointment bookings and other reservations
• existing customer advertising, use as a selection criterion for direct marketing, in order to be able to offer you a customised service
• credit checks
• the management of our business relationships
• quality management
• the improvement and development of intelligent and innovative services
• customer analysis for market and opinion research
• the handling of our logistics/materials management
• the organisation of events and trade fair appearances reporting on our company and events organised and attended by us as well as trade fair appearances/visits in electronic and non-electronic media
• compliance with legal or contractual requirements
• the settlement of legal disputes, enforcement of contracts and the assertion, defence and exercise of legal claims, detection and prosecution of fraudulent and other unlawful acts

In addition, we will only process your data with your express consent.

Types of data processed by us

The following personal data is processed:

• Contact data: e.g. name, address, telephone number;
• identification/payment data: e.g. account number, VAT ID no.
• Order data: e.g. quantity, turnover, intervals
• Geodata: e.g. addresses, delivery conditions
• Image data: Photo and video recordings
• Other data: Other information required in the context of the business relationship, provided voluntarily or available from public sources

Categories of recipients

The personal data will be transmitted to supervisory authorities, legal service providers/auditors within the scope of the given necessities. If we are subject to a legal obligation to do so, we will disclose your data to the competent authority upon request.

In some cases, we use external service providers to process your data. If these service providers are not based in the European Economic Area, we ensure that the data transfer is permissible under data protection law by means of data protection agreements that meet the legal requirements and, if necessary, other measures to ensure an appropriate level of data protection.

These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. Our service providers are regularly monitored by us. The service providers will not pass this data on to third parties, but will delete it after fulfilment of the contract and the conclusion of statutory storage periods, unless you have consented to further storage.

These are, for example:

• Banking, payment service providers
• Logistics companies or shipping companies
• IT service providers
• Marketing service providers
• Further education/training providers/company consultants
• Photographers
• etc.

For orders on account, we reserve the right to carry out a credit risk assessment based on mathematical-statistical procedures (scoring). For this purpose, your data required for the credit check will be transferred to a credit agency (e.g. Schufa, Creditreform, Bürgel, Atradius, Coface). If the credit check is positive, an order on account is possible. If the credit check is negative, we cannot offer you payment on account. You can object to the transmission of this data to the credit agency at any time, but then it is no longer possible to order on account.

Legal bases for processing

The legal bases for the processing of your data are in particular:

• Art. 6 para. 1 lit. a) on the basis of your consent. This can also be given verbally or through an unambiguous act of consent.
• Art. 6 para. 1 lit. b) for the establishment, performance and termination of a contractual relationship
• Art. 6 para. 1 lit. c) for the fulfilment of a legal obligation
• Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Legitimate interests

Our legitimate interests lie in the achievement of the above-mentioned purposes and, in addition, e.g. in:

• the pursuit of our business interests, including direct marketing and credit checks,
• the realisation of efficiency and effectiveness potential, also in cooperation with partners and, where applicable, affiliated companies,
• ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
• the assertion, exercise or defence of legal claims,
• the avoidance of damage and/or liability of the company through appropriate measures,
• the implementation of information and communication measures, including advertising measures, and
• the reporting of company information.

Data collected by third parties

Data may be provided to us by third parties, e.g. by trade fair organisers or as part of recommendations. In this case, this is usually contact data in connection with data on specific product or service requirements or interests.

We may collect data from credit agencies regarding creditworthiness and/or negative characteristics.

Storage period

Once the respective purpose no longer applies, your data will be deleted in compliance with statutory retention periods. We will delete your business contact data after the end of the business relationship. We store image data permanently.

The general information can be found on our main data protection page. When you apply for a position in our company, we process and store your personal data.

We take your privacy very seriously and would therefore like to take this opportunity to inform you about how we handle your applicant data.

Purpose of data collection

Before you join our company or during the application process, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent necessary.

Types of data that we process

The following types of personal data are regularly processed:

• Applicant data; name, date of birth, CV, nationality/work permit, etc. for the selection, recruitment process, entry and exit management,
• Private contact data; address, telephone number, e-mail (for the purpose of establishing contact)
• Data in the context of personnel screening; e.g. police clearance certificate, background check (ZUP)
• If applicable, data subject to professional secrecy; e.g. Data on health aptitude and any restrictions
• Other data in personnel administration; severe disability (if relevant), driving license

We do not require any information from you that is not usable under the General Equal Treatment Act (AGG) (race, ethnic origin, gender, pregnancy, information on physical or mental illness, membership of a trade union, religion or belief, disability, age, sexual identity or sex life), unless relevant to the advertised position.

We ask that you do not send us such data. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights or other intellectual property rights, personal rights, press law or general rights of third parties).

Legal basis for processing

• for the establishment, performance and termination of a contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR
• to fulfill a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR,
• in the case of processing to safeguard a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR,
• as well as on the basis of your consent by voluntarily providing data that is not absolutely necessary for the purpose, such as hobbies in your CV. However, such consent is generally not required for the conclusion of a contract or the continuation of an existing contract. The legal basis is Art. 6 para. 1 lit. a GDPR.

Our legitimate interests lie, for example, in

• optimizing application processes,
• achieving efficiency gains by bundling services in individual Group companies (in particular HR, IT),
• ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
• asserting, exercising or defending legal claims,
• avoiding damage and/or liability of the company by taking appropriate measures.

Categories of recipients

• Internal recipients according to the "need to know" principle, generally on the basis of necessity for the performance of the employment relationship and on the basis of an overriding legitimate interest;
• Companies affiliated under company law (group companies) as joint controllers: The main contents of the regulation of tasks in relation to the rights of data subjects can be requested from the contact address provided; however, in accordance with Art. 26 (3) GDPR, these rights can be claimed by data subjects from all companies involved.
• Service providers who support us professionally or technically in the application process.

Deletion periods

Your data will be deleted after the respective purpose has been achieved. However, data will be stored for as long as is necessary for the defense of legal claims. The retention period is generally 6 months. If your profile has been transmitted to us by a personnel service provider and there are commission claims from this service provider, the storage period may be up to their fulfillment or the statute of limitations. If processing relevant to accounting has been carried out, such as the reimbursement of travel expenses, the data required for this will be deleted in compliance with the statutory retention periods, usually 6 or 10 years. If the application was successful and we conclude a contract with you, we will transfer the data collected during the application process to our personnel file.

Information about data processing

The general information can be found on our main data protection page. We would like to take this opportunity to inform our employees about how we handle their personal data in the context of the employment relationship.

Purpose of data collection

During the course of your employment, your personal data will be processed primarily for the purpose of performing and/or terminating the contractual relationship, including the tasks associated with the respective activity. Other purposes may include processing for compliance with legal requirements (including third party requests for information) or for business development or communication activities.

Types of data we process

We process the following personal data in the context of your employment relationship:

• Applicant data; name, date of birth, curriculum vitae, certificates, matriculation certificate for students, work permit if applicable, driver's license for the entry process;
• Private contact data; address, telephone number, e-mail;
• Business contact data; e.g. telephone numbers, e-mail, place of work telephone numbers, e-mail, place of work, job title;
• image data; photo for identification and photos for company events;
• identification/payment data; identity card or work permit data for identification and to determine the legitimacy of the employment, place of birth, marital status, if you are a parent, proof of birth certificate(s) of the child(ren), tax identification number, health insurance membership, social security number (copy of social security card or letter from pension insurance), income tax class, allowances, religious confession for church tax, account number, any garnishments (for purposes of payroll and compliance with social security, tax and other legal obligations);
• Health data; periods of incapacity to work, e. g. g. health data; periods of incapacity to work, e.g. in the context of payroll accounting, for accounting with health insurance funds or professional associations, or in the context of legal obligations as an employer, such as company integration management or the fulfillment of obligations regarding the protection of severely handicapped persons, or in the context of operational self-regulation, such as occupational safety or company medical examinations;
• time recording, access and usage data; vacation periods, working time accounts, shift schedules, if applicable, locking times or access protocols, time protocols regarding the activities performed, locking times or access protocols, also electronic protocols in the context of the use of our IT infrastructure, etc.
• Data collected in the course of personnel screening; if part of the information management system: e. g. police clearance certificate;
• Aptitude and performance/behavioral monitoring data; training and development information; data to measure goal achievement, e.g., for variable compensation, data on incidents;
• Other data in personnel administration: secondary employment, data in connection with occupational health care and occupational health management, occupational safety, copy of severely handicapped certificate, copy of driver's license, any employee surveys.

Categories of recipients

We may disclose your personal data to the following recipients, for example, to comply with legal obligations or obligations arising from the employment relationship:

• internal departments on a need-to-know basis,
• the works council within the scope of its powers and statutory duties,
• banking service providers, financial service providers, service providers for the calculation of pension provisions, if applicable,
• Service providers for payroll accounting - tax consultants, auditors, service companies for information and communication technology, companies for software and equipment maintenance, service providers for personnel restructuring only,
• Health, social security, pension and accident insurance providers as well as other insurance companies and providers of capital-forming benefits,
• Authorities such as tax authorities, social security funds, employment agencies, safety, health, road traffic or related fine authorities, customs authorities or monitoring bodies for illegal employment and minimum wage; other authorities,
• Company medical service,
• Companies affiliated under company law (group companies) and controllers with joint responsibility: the main contents of the regulation of the tasks with regard to the rights of data subjects can be requested at the contact address provided, but according to Art. 26 para. 3 GDPR, these rights can be claimed by data subjects from all companies involved,
• Third-party debtor in the case of wage garnishment, insolvency administrator in the case of personal insolvency,
• Business partners and customers (business contact data), temporary employment agencies.

Legal basis of the processing

When processing your personal data, we naturally comply with applicable law. Processing therefore only takes place on a legal basis. The following legal bases come into consideration in particular in the employment relationship:

• Art. 6 para. 1 lit. a) on the basis of your consent, whereby none is generally required for the conclusion of a contract or the continuation of an existing contract: this applies in particular to data that is neither legally nor factually necessary for the execution of the employment relationship and that you have voluntarily provided to us or for which you have consented to processing.
• Art. 6 para. 1 lit.b) i.c.w. §26 BDSG for the establishment, execution and termination of a contractual relationship: all data that establish the employment relationship such as curriculum vitae and proof of qualifications, employee master data required for the execution of the contract, from other insurances, on status in the context of disability and pregnancy protection, to prove the provision of the contractually owed service (e.g. time sheets, vacation planning) and, if applicable, according to §26 BDSG data in connection with internal investigations to clarify a concrete suspicion of criminal offenses or serious breaches of duty.
• Art. 6 para. 1 lit.c) to fulfill a legal obligation: information on tax circumstances, health and social insurance, other records on legally required training and instruction, possibly data within the framework of the Infection Protection Act (if applicable).
• Art. 6 para. 1 lit. f) to safeguard a legitimate interest: all other data such as log files, internal coordination data and planning, internal correspondence and in the context of internal IT systems.
• Art. 88 GDPR on the basis of collective agreements (works agreements) with regard to the processing regulated in the works agreements.

The data types are not exhaustive and are further detailed above.

Legitimate interests

If we process your data within the scope of our legitimate interest, this lies, for example, in

• the implementation of electronic access controls,
• the optimization of personnel planning,
• the achievement of efficiency gains by bundling services in individual Group companies (in particular personnel, IT, procurement),
• ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
• the assertion, exercise or defense of legal claims, including data for the documentation of service flows,
• the avoidance of damage and/or liability of the company through appropriate measures.
• the implementation of internal information and communication measures.
• reporting on company information.

You have the right to object to the processing of personal data within the scope of a legitimate interest on grounds relating to your particular situation. We will then no longer process your data unless we can demonstrate compelling legitimate grounds on our part that outweigh your rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We do not use the personal data provided by you to make automated decisions concerning you.

Data collected by third parties

We collect payroll data via the ELSTAM procedure, which the tax authorities provide to us for correct payroll accounting. This applies in particular to the payroll data listed below.

From 2021, due to the introduction of the electronic certificate of incapacity for work, we are obliged to retrieve the sick leave data (i.e. start and duration of incapacity for work, as well as the time of termination of continued payment of remuneration in the event of illness) from your health insurance company on the basis of a sick note from you.

Note: The general information can be found on our main data protection page.

Storage period

After the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, usually 6 or 10 years, for various data categories such as occupational pension provision 30 years and longer.