Privacy Policy for Website Users
Following the requirements of the General Data Protection Regulation (EU) (Regulation (EU) 2016/679) and applicable national laws, we explain to you in this privacy policy which personal data (“data” for short) we, as the controller, as well as the data processors commissioned by us, process.
This is the page about your rights to the data we process about you.
General Information
With our software-as-a-service products (“Services”), you can provide convenient methods for people to donate and you can manage donations and donor data.
This privacy policy applies to all personal data processed by Wikando GmbH and all personal data processed by companies commissioned by us (data processors). Personal data refers to information within Article 4(1) GDPR, such as your name, email address, or address. The scope of this privacy policy includes:
- Our online presence such as websites we run
- Social media profiles
- Email communication
Please note that this privacy policy does not apply to data related to our products, e.g., personal data that we hold on behalf of our customers. Any data collected by our customers, for instance from donors, as well as information about our customers collected in connection with the use of our services is stored and processed pursuant to the agreements concluded in the standard contractual clauses which both parties sign before commencement of our service.
Legal Grounds
The following privacy policy provides transparent information on the legal foundations and regulations, as in the relevant provisions of the General Data Protection Regulation (GDPR).
How do we collect your data?
We collect your data when you provide it to us. This may, for example, be data that you enter in a contact form. Furthermore, our IT systems automatically collect other data when you visit the website. These are primarily technical data (e.g., type of internet browser, operating system, or the time the page was visited). This data is collected automatically as soon as you visit our website.
However, we only process your data if one or more of the following conditions apply:
- Consent (Article 6(1)(a) GDPR): You have given us your consent to process your data for a specific purpose, such as to store your data entered in a contact form.
- Contract (Article 6(1)(b) GDPR): We process your data to fulfill contractual or pre-contractual obligations. For instance, we require your personal data before we can conclude a bill of sale with you.
- Legal obligation (Article 6(1)(c) GDPR): We process your personal data if it is subject to a legal obligation. We are, for example, legally obliged to retain invoices, which usually contain personal data, for accounting purposes.
- Legitimate interests (Article 6(1)(f) GDPR): Where we have legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we need to process specific data to operate our website securely and efficiently. Hence this processing is a legitimate interest.
What do we use your data for?
Some data is collected to ensure error-free provision of the website. Others can be used to analyze your usage behavior.
What rights do you have about your data?
At any time, you have the right to receive information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction, restriction, or deletion of this data. Should you have any further questions on this subject or about data protection in general, you can contact us at any time at the address given in the legal notice. You also have the right to complain to the supervisory authority.
You also have the right to request the restriction of processing your personal data in certain circumstances.
How long will we store your data?
We will only store your personal data for as long as necessary to provide our services, meaning that your personal data will be deleted as soon as the reason to process the data ceases to exist.
Commissioned data processing
We have concluded data processing agreements (DPAs) with all our data processors and fully adhere to the strict requirements of the German data protection authorities when using the services we employ.
Revocation of your consent for data processing
Many data processing activities are only possible with your prior express consent. You can withdraw your consent at any time. All you need to do is send us an informal message by email. Revocation does not affect the legality of the data processing carried out before your revocation.
Contact details of the data controller
Wikando GmbH
Peter Kral (Managing Director)
Schießgrabenstrasse 32
86150 Augsburg
Germany
Phone: +4982190786252
Email: info@fundraisingbox.com
Contact details of the data protection officer
Data protection consulting Mundanjohl
Andreas Mundanjohl
Zeller Strasse 30
73101 Aichelberg
Germany
Phone: +4982190782120
Email: datenschutz@wikando.de
Encryption & Links
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send us as the site operator. You can recognize an encrypted connection when the address bar of your browser changes from “http://” to “https://” and by the lock symbol next to it.
URL shortening with T1P
We use the services of okua GmbH, Potschappler Strasse 4, 01189 Dresden, Germany, to shorten URLs when posting on social media platforms or as part of newsletters.
You can recognize a T1P link as follows: https://t1p.de/…. When you click on a T1P link, a connection to okua’s servers is established, and okua is informed of which of the T1P links you have visited. okua also collects and stores your IP address, the time, the date, the referring website, and the browser type
The economic operation of our online offer and the user-friendliness of short URLs are in our legitimate interests under Article 6(1)(f) GDPR. We use the number of clicks to optimize our offering to give you opportunities for interactions that match your preferences.
okua solely provides us with anonymized information. We only obtain information about when a link was clicked, in which country, and on which original URL. Statistics about the shortened URL, for example, the number of hits and times the link was clicked, are also available. okua does not collect any personally identifiable information about you, nor does okua have access to any personal data you provide us.
Clicking on a T1P link may lead to further data processing by third parties over which we have no influence, access, or power to change.
Further information on how okua uses cookies and collects usage data can be found in their privacy policy.
Affiliate links/advertising links
The links marked with an asterisk (*) are so-called affiliate links. If you click on such an affiliate link and purchase via this link, we receive a commission from the online store or provider concerned. The commission does not affect your purchase price.
Data Processing & Communication
We collect, process, and use personal data only to the extent necessary for the establishment, content, or modification of the legal relationship (“stock data”), according to Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. We collect, process, and use personal data about the use of our website (usage data) only if it is necessary to enable the service or, where applicable, to charge the user for a service.
Collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected thereby.
Data transmission upon contract conclusion for services and digital content
We will only transfer personal data to third parties if such a transfer is necessary for processing the contract, such as the bank responsible for payment processing.
Further data transmission will not take place unless you have given your prior consent. Without your express consent, no data will be passed on to third parties, including for advertising purposes.
Such data processing is based on Article 6(1)(b) GDPR, which permits data processing to perform a contract or pre-contractual measures.
Data Storage Service Snowflake
We use the service of Snowflake Computing Netherlands BV, FOZ Building, Gustav Mahlerlaan 300-314, 1082 ME Amsterdam, Netherlands (hereinafter referred to as “Snowflake”) as our data warehouse. A data warehouse is a central collection of data created for analytical purposes, which helps us in decision-making. The legal basis for this processing is Art. 6(1)(f) GDPR, a legitimate interest. Our legitimate interest in processing lies in our desire to make improvements.
All personal data from the SaaS services used are processed in Snowflake from the aforementioned data processing systems. By using Snowflake, the data you provide will be transmitted to Snowflake and stored on their servers within the EU.
To ensure data protection, we have each obligated Snowflake in a data processing agreement in accordance with Art. 28(3) GDPR to protect the data and to process it solely for the purposes stated in this privacy policy.
Further information can be found in Snowflake’s privacy policy at: https://www.snowflake.com/privacy-policy/
Communication
When you contact us by email, telephone, or fax, we will store and process your enquiry, including personal data given (name, enquiry), in order to process your request. We will not pass on this data without your consent.
This data is processed under Article 6(1)(b) GDPR if your enquiry is related to the performance of a contract or if it is necessary to take steps before entering a contract. In all other cases, the processing is based on your consent (Article 6(1)(a) GDPR) or on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.
If you send an enquiry to us using the contact form, the information you provide, including your contact details, will be stored by us to process your enquiry and in case of subsequent questions. We will not pass on this data without your consent.
The data you enter in the contact form is, therefore, processed exclusively based on your consent (Article 6(1)(a) GDPR). You can revoke your consent at any time. All you need to do is send us an informal message by email. Revocation does not affect the legality of the data processing carried out before your revocation.
We will store the data you provide on the contact form until you ask us to delete it, revoke your consent to its storage, or the purpose of keeping the data no longer applies (e.g., your request has been processed). Mandatory statutory provisions—particularly legal retention periods—remain unaffected.
Telephone
We use the “Freshdesk Contact Center” telephone system. The service provider is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 USA (hereafter: Freshworks). Freshworks, Neue Gruenstrasse 17, 10179 Berlin, Germany, is responsible for the European area. Freshdesk Contact Center is a telephone system used for communication between you and Wikando GmbH via Voice-over-IP.
Based on our legitimate interests (efficient and fast processing of user enquiries and handling of the sales process), this data processing is carried out under Article 6(1)(b) GDPR to process the contract with you or to take steps before entering a contract. Furthermore, the data processing occurs according to our legitimate interests under Article 6(1)(b) GDPR. Our legitimate economic interest lies in optimizing the management of contact requests and improving customer care to provide our services.
The following personal data may be transmitted to the Freshdesk Contact Center and stored there: standard data (e.g., name, telephone number, email address) and content data (e.g., details provided during a telephone call).
We use the “Freshdesk” ticket system to process your telephone support enquiries (see the section email and contact form).
Using the Freshdesk Contact Center, the data you provide will be transmitted to Freshworks and stored on their servers within the EU. Freshworks transmits this data to external service providers so they can offer their services.
We also agreed with Freshworks Data Processing Agreement for EU Customers, in which Freshworks undertakes to process user data as per our instructions and adhere to data protection standards within the European Union. Through this contract, Freshworks ensures that it processes your data under the General Data Protection Regulation and safeguards the data subject’s rights. Freshworks is certified under the Privacy Shield Agreement and affords an additional compliance guarantee with European data protection laws.
We use your data solely to process your request and may contact you for this purpose utilizing the contact details provided. We will not use this data for advertising purposes or pass it on to third parties. The data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected.
For more information on Freshworks and data protection, please refer to Freshworks’ privacy policy.
Email and contact form
We use the ticket system “Freshdesk” to process customer enquiries and the customer relationship management system (CRM system) “FreshSales” to process general enquiries. The service provider for both systems is Freshworks Inc., 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066 USA (hereafter: Freshworks). Freshworks, Neue Gruenstrasse 17, 10179 Berlin, Germany, is responsible for the European region.
Any support requests sent to us will be converted into support tickets inside Freshdesk, and the data you enter will be transmitted to Freshdesk. If the user has consented, the legal basis for processing the data is Article 6(1)(a) GDPR. Should the registration serve as the performance of a contract to which the user is a party or the implementation of steps necessary before entering a contract, the additional legal basis for processing the data is Article 6(1)(b) GDPR. We have a legitimate economic interest in optimizing the management of contact requests and improving customer care to provide our services.
The following personal data may be transmitted to FreshSales and Freshdesk and stored there: standard data (e.g., name, telephone number, email address) and content data.
Freshdesk uses cookies to help us process customer enquiries. By embedding cookies, Freshdesk receives information about your browser, operating system, internet service provider, and IP address, which may also be transmitted to the USA. Freshdesk uses such information to provide us with the services outlined above. The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.
Freshworks transmits this data to external service providers so they can offer their services.
We also agreed with Freshworks Data Processing Agreement for EU Customers, in which Freshworks undertakes to process user data as per our instructions and adhere to data protection standards within the European Union. Through this contract, Freshworks ensures that it processes your data under the General Data Protection Regulation and safeguards the data subject’s rights. Freshworks is certified under the Privacy Shield Agreement and affords an additional compliance guarantee with European data protection laws.
We use your data solely to process your request and may contact you for this purpose using the contact details provided. We do not utilize this data for advertising purposes or pass it on to third parties. The data will be deleted as soon as it is no longer required to fulfill the purpose for which it was collected.
For more information on Freshworks and data protection, please refer to Freshworks’ privacy policy.
Letter post
We use the document management and mail digitization service “Caya” from Caya GmbH, Ritterstrasse 24-27, 10969 Berlin, Germany, to digitize letters addressed to WIKANDO GmbH.
Caya will process our incoming letter post. The processing occurs based on a mail redirection order to “Caya.” Caya scans the letters to make them available in digital form. Caya keeps originals for 90 days before they are destroyed.
We have entered into a data processing agreement with Caya GmbH.
Insofar as personal data is processed in this context, the processing is carried out under Article 6(1)(f) GDPR based on our legitimate interest in the efficient organization and documentation of our business processes. Moreover, the processing is carried out based on Article 6(1)(b) GDPR, which permits data processing to perform a contract or pre-contractual measures.
For more information about Caya, its automated data processing, and its privacy policy, please visit https://www.caya.com/legals/datenschutzerklarung.
Comments and contributions
When users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests as per Article 6(1)(f) GDPR, protecting us in the event of someone leaving illegal content (like insults, prohibited political propaganda, or hate speech).
In such cases, we, as the site operator, may be held liable for the comment or contribution and, therefore, have a legitimate interest in the author’s identity.
Registering on this website
You may register on our website to use additional functions offered there. We use the data thus entered solely for the intended purpose of providing the respective offer or service for which you have registered. All mandatory information requested during registration must be furnished in full. Otherwise, we will reject your registration.
Should essential changes be made, for example to the scope of the offer, or in the event of technically necessary changes, we will use the email address provided during registration to inform you accordingly.
The data you enter during registration is processed based on your consent (Article 6(1)(a) GDPR). You can revoke your consent at any time. All you need to do is send us an informal message by email. Revocation does not affect the legality of the data processing carried out before your revocation.
We will store data collected during registration for as long as you are registered on our website and then delete it. Legal retention periods remain unaffected thereby.
Online appointment booking
We use the online calendar “Calendly” for convenient, quick, and hassle-free appointments. Calendly is a service of Calendly, LLC, 3423 Piedmont Road NE, Atlanta, GA 30305-1754, USA.
When you click the link to make an appointment or request a return call, you will be automatically connected to our appointment booking page at Calendly. Once you have selected and confirmed your appointment, you can enter your contact details (surname, first name, email) in an online form. You will then receive an email from Calendly confirming your appointment.
The data you enter in the Calendly form and the information you provide will be stored by Calendly and by us to process your request or in case of subsequent questions. The data entered will be processed exclusively based on your consent under Article 6(1)(a) GDPR.
The data will be kept by Calendly and us until you ask us to delete it, revoke your consent to keep it, or the purpose for storing the data no longer applies (e.g., the appointment has taken place). Mandatory statutory provisions—particularly legal retention periods—remain unaffected.
We have concluded a data processing agreement with Calendly and fully adhere to the strict requirements of the German data protection authorities when using Calendly.
Further information about Calendly and data protection at Calendly can be found in their privacy policy.
Presentations
For presentations with prospective clients and customers, we use the presentation tool Beautiful Slides, Inc., 1556 Sanchez St, San Francisco CA 94131 (hereinafter referred to as ‘beautiful.AI’). We process your data to fulfill the contract or because it is necessary for pre-contractual measures.
The processing of your data within the presentation is therefore carried out exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time.
You can find more information about beautiful.AI and data protection at beautiful.AI in the privacy policy.
Web Hosting
What is web hosting?
When you access a website in your web browser (e.g., Google Chrome, Mozilla Firefox, or Microsoft Edge), your computer connects to a web server. Operating a web server is a complex task, so it is often handled by professional service providers who offer web hosting and thus ensure reliable and error-free storage of website data.
Personal data may be processed when a connection between your browser and the corresponding web server is established. While your end device stores data from the web server, the web server also stores data from your end device to ensure the website’s proper operation.
Hetzner Online GmbH
Processing of personal data in the context of web hosting is lawful under Article 6(1)(f) GDPR (protection of legitimate interests), as the use of professional hosting at a provider is necessary to present our website on the Internet in a secure and user-friendly manner and to be able to track attacks and claims arising from this where required.
We use the provider Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany, for our website. For more information about the data processed by Hetzner Online GmbH, please refer to their privacy policy.
We have concluded a data processing agreement with the hosting provider based on Article 28 et seq. GDPR, ensuring compliance with data protection and safeguarding data security.
Web Analytics
What is web analytics?
We use web analytics on our website to evaluate website visitors’ behavior, involving collecting data that the provider of the analytics tool (also known as a tracking tool) stores, manages, and processes.
We utilize various tracking tools to optimize our website offering by evaluating visitor information and adapting our offering to our visitors’ needs, interests, and preferences.
VG Wort
We use “session cookies” from VG Wort, Munich, to measure access to textual content to record the likelihood of copying. Session cookies are tiny chunks of information that a provider stores in the working memory of the visitor’s computer. A randomly generated unique identification number, or session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. Session cookies cannot keep any other data. The measurements are carried out by Kantar Germany GmbH using the Scalable Central Measurement Method (SZM). They help to determine the probability of individual texts being copied to remunerate authors’ and publishers’ legal claims. We do not collect any personal data via cookies.
Many of our pages contain JavaScript calls, which we use to report hits to Verwertungsgesellschaft Wort (VG Wort). We enable our authors to participate in the royalties paid by VG Wort, ensuring the statutory remuneration for using copyrighted works under Section 53 of the German Act on Copyright and Related Rights (UrhG).
You can also use our website without cookies. Most browsers are set by default to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.
Privacy policy for the use of the Scalable Central Measurement System.
Facebook Pixel
We use the “Facebook Pixel” from Facebook on our website. The service provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Some code has been implemented on our website to embed the Facebook Pixel. This code loads some functions so that Facebook can track your user actions. These cookies enable Facebook to match your user data (customer data such as IP address or user ID) with the data of your Facebook account. The information generated is usually transferred to a server in the USA.
Facebook will then delete the data. For us, this data is anonymous and cannot be viewed.
To show our products only to those interested in them, we process your data according to Article 6(1)(f) GDPR. This enables us to position our advertising measures more effectively with the help of Facebook Pixel.
If you are logged into Facebook, you can change your ad settings yourself. If you are not a Facebook user, you can still manage your usage-based online advertising, having the option to deactivate or activate providers.
For more information about data protection, we recommend visiting Facebook’s privacy policy.
Google Analytics
We use the web analysis and optimization service “Google Analytics” on our website. The service provider is the American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland), which is responsible for all Google services within Europe.
Google Analytics uses so-called cookies. The information generated by the cookie about your website usage is usually transferred to a Google server in the USA and stored there.
To use Google Analytics, we require your consent, which we obtain via our cookie pop-up. According to Article 6(1)(a) GDPR, this consent is the legal basis for processing personal data, as it may occur when collected by web analytics tools.
Storing Google Analytics cookies and using this analysis tool are based on Article 6(1)(f) GDPR. As the website operator, Wikando GmbH has a legitimate interest in analyzing user behavior to optimize its website and advertising. To allow seasonal evaluations, anonymized user and event data is stored for 14 months before being deleted automatically.
We have activated the IP anonymization function on this website. Within member states of the European Union or other contracting states of the Agreement on the European Economic Area, your IP address will be truncated by Google before being transmitted to the USA. In exceptional cases, however, the full IP address is sent to a Google server in the USA and shortened there.
More information on IP anonymization can be found at Google directly.
This website uses the “demographic features” function of Google Analytics, allowing us to create reports that contain information about the age, gender, and interests of site visitors. This data is obtained from Google’s interest-based advertising and visitor data provided by third-party providers; it cannot be attributed to a person. You can turn off this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection.”
You can prevent cookies from being stored by selecting the appropriate settings in your browser software. Please note, however, that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the available browser plugin.
You can prevent the collection of your data by Google Analytics. This will set an opt-out cookie that will stop the collection of your data on future visits to this website: Deactivate Google Analytics.
For more information on how Google Analytics handles user data, please refer to Google’s privacy policy.
Google Tag Manager
We use the web analysis and optimization service “Google Tag Manager” on our website. The service provider is the American company Google Inc. Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland), which is responsible for all Google services within Europe.
Google Tag Manager is one of many helpful marketing products from Google, allowing us to centralize and manage sections of code from various tracking tools that we use on our website. In this way, we can design our website to suit the needs of all those interested in our products. It acts merely as a “manager” of the implemented tags. The data records the individual tags of the various tracking tools and is passed through the Google Tag Manager to the respective tracking tools without being saved. If Google stores data, such data is stored on Google’s servers, usually in the USA.
We require your consent to use Google Tag Manager, which we obtain via our cookie pop-up. According to Article 6(1)(a) GDPR, this consent is the legal basis for processing personal data, as it may occur when collected by web analytics tools.
Apart from your consent, we have a legitimate interest in analyzing website visitors’ behavior to improve our technical and economic offer. Google Tag Manager helps us to enhance efficiency. The legal basis is Article 6(1)(f) GDPR. Notwithstanding, we only use Google Tag Manager if you have consented.
We recommend the Google Tag Manager FAQs for more information about the Google Tag Manager.
Google Cloud CDN
We use the Content Delivery Network (CDN) Google Cloud CDN. The provider is Google Ireland Limited (“Google Cloud”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google offers a globally distributed Content Delivery Network. Technically, the transfer of information between your browser and our website is routed through Google’s network. We use Google Cloud to ensure the operation of certain functions as well as the storage of our tracking data.
The use of Google Cloud CDN is based on our legitimate interest in providing our web offering as error-free and securely as possible, in accordance with Art. 6 (1) lit. f GDPR.
For the operation of the utilized functions, the Frankfurt region in Germany is used. However, Google Cloud operates on the principle of a multi-tenant environment, so data is replicated between multiple geographically distributed data centers (data center fault tolerance). The transmission of personal data to countries outside the EU occurs only within the framework of the operation of these functions (Google Cloud Platform). The legal basis for this is the corresponding EU standard contractual clauses. See the GCP model contractual clauses and further information on data protection in Google Cloud at https://cloud.google.com/security/gdpr/resource-center/contracts-and-terms?hl=en.
More information about Google Cloud CDN can be found here: https://cloud.google.com/cdn/docs/overview
Hotjar
We use the web analysis and optimization service “Hotjar” on our website. The service provider is Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta) to analyze visitor data statistically.
Hotjar helps us to analyze the behavior of our website visitors. The tools offered by Hotjar include heatmaps, conversion funnels, visitor recording, incoming feedback, feedback polls, and surveys (learn more). Thus, Hotjar helps us offer you a better user experience and superior service. The data is transferred to the Hotjar servers in Ireland (EU).
To use Hotjar, we require your consent, which we obtain via our cookie pop-up. According to Article 6(1)(a) GDPR, this consent is the legal basis for processing personal data, as it may occur when collected by web analytics tools. Apart from your consent, we have a legitimate interest in analyzing website visitors’ behavior to improve our technical and economic offer. With the help of Hotjar, we can detect website errors, identify attacks, and enhance efficiency. The legal basis is Article 6(1)(f) GDPR. Notwithstanding, we only use Hotjar if you have given your consent.
As you browse our website, Hotjar automatically collects information about your user behavior. Cookies also store data placed on your computer (usually in your browser) without collecting personal data. Hotjar does not pass on any collected data to third parties. However, Hotjar explicitly points out that sharing data with Amazon Web Services is occasionally unavoidable. Parts of your information will then be stored on these servers. Amazon is, however, bound by a non-disclosure obligation not to disclose this data.
For more information on the cookies used, please refer to Hotjar’s privacy policy. Hotjar stores all data anonymously so that no conclusions can be drawn about you. Besides, you can prevent the collection of your data at any time. All you have to do is visit the opt-out page and click on “Deactivate Hotjar.”
Scalable central measurement methods
Our website uses the “Scalable Central Measurement Method” (SZM) of Kantar Germany GmbH (Landsberger Str. 284, 80687 Munich) for the calculation of statistical parameters to determine the likelihood of texts being copied.
This involves collecting anonymous measurements. The access number measurement alternatively uses a session cookie or a signature created from various automatically transmitted information of your browser to recognize computer systems. IP addresses are only processed in anonymized form.
The technique was developed with data protection in mind to determine the likelihood of individual texts being copied. Individual users are never identified; your identity is always protected. You will not receive any advertising via this system.
Online Marketing
What is online marketing?
Marketing measures are implemented to achieve marketing objectives. All measures carried out over the Internet to accomplish such goals are called online marketing. One aim is to draw people’s attention to and present our products to as many interested individuals as possible on our website. For this, we perform online marketing involving online advertising, content marketing, and search engine optimization. We also store and process personal data for efficient and targeted online marketing. This data helps us present our content only to those interested in it and allows us to measure the success of our online marketing measures.
Google Audiences / Remarketing
We use the “Google Audiences/Remarketing” service on our website. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
The purpose of this service is the interest-based display of advertisements for users. To work, it requires analyzing the use of the website based on cookies. These cookies store anonymized or pseudonymized data relating to the website usage. Once you visit other websites that also use these services, you might be presented with advertisements that match your previous interests.
During processing by Google Audiences/Remarketing, data may be transferred to the USA. Security of the transfer is ensured by so-called standard contractual clauses, which safeguard that the processing of personal data is subject to a level of security that complies with the GDPR. Should the standard contractual clauses not be sufficient to establish an adequate level of security, consent will be obtained from you in advance under Article 49(1)(a) GDPR as part of the Usercentrics consent management system.
You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account.
For more information and the data protection provisions, please refer to Google’s privacy policy.
Google Ads and Google Ads Conversion Tracking
We use the “Google Ads” service on our website. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
Its purpose is the so-called conversion tracking, meaning we can recognize what happened after you click on one of our ads. For this purpose, cookies are set with a limited lifetime.
This processing is based on your consent under Article 6(1)(a) GDPR. If you do not want Google Ads to collect and process the data as mentioned above, you can refuse your consent or withdraw it at any time with prospective effect.
In addition to Google Ireland Limited, data may be transmitted to the following recipients as part of the processing:
– Google LLC.
– Alphabet Inc.
During processing by Google Ads, data may be transferred to the USA. Security of the transfer is ensured by so-called standard contractual clauses, which safeguard that the processing of personal data is subject to a level of security that complies with the GDPR. Should the standard contractual clauses not be sufficient to establish an adequate level of security, consent will be obtained from you in advance under Article 49(1)(a) GDPR as part of the Usercentrics consent management system.
For more information and the data protection provisions, please refer to Google’s privacy policy.
Bing Ads
We use the “BingAds” service on this website. The service is operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
BingAds is a conversion and tracking service. Microsoft places cookies on users’ devices that analyze the user behavior on our website, assuming that the visitor has reached our website via a BingAds advertisement. As a result, we only receive information on the total number of users who have clicked on such an ad. No IP addresses are stored, and no personal information about the user’s identity is disclosed.
This processing is based on your consent under Article 6(1)(a) GDPR. If you do not want BingAds to collect and process the data as mentioned above, you can refuse your consent or withdraw it at any time with prospective effect.
During processing by BingAds, data may be transferred to the USA. Security of the transfer is ensured by so-called standard contractual clauses, which safeguard that the processing of personal data is subject to a level of security that complies with the GDPR. Should the standard contractual clauses not be sufficient to establish an adequate level of security, consent will be obtained from you in advance under Article 49(1)(a) GDPR as part of the Usercentrics consent management system.
For more information, visit the Microsoft guidelines.
Cookie Consent Management Plattform
What is a cookie consent management platform?
We use Consent Management Platform (CMP) software on our website, facilitating the correct and secure handling of scripts and cookies used by you and us.
The software automatically creates a cookie pop-up, scans and checks all scripts and cookies, provides the cookie consent required under data protection law, and helps you and us keep track of all cookies. The Cookie Consent Management tool identifies and categorizes all existing cookies. As a website visitor, you can decide whether to allow scripts and cookies and, if so, which ones.
Usercentrics
We use “Usercentrics,” a consent management platform (CMP), on our website. The service provider is the German company Usercentrics GmbH, Sendlinger Strasse 7, 80331 Munich, Germany.
Using Usercentrics, we aim to offer our website visitors the best possible transparency regarding data protection. We are legally obliged to inform you about all tools and cookies that process your personal data. Likewise, it is your right to decide which cookies you accept and which you do not. You can choose to accept or reject cookies using the consent management system.
As part of our cookie management tool, you can manage each cookie yourself and have complete control over the storage and processing of your data. Your declaration of consent is stored either in an opt-in cookie or on a server to avoid asking you each time you visit our website and to allow us to prove your consent if required by law. The storage period of your cookie consent varies depending on the provider of the cookie management tool. In most cases, this data (e.g., pseudonymous user ID, time of consent, details of cookie categories or tools, browser, and device information) is stored for up to two years.
If you agree to cookies, your personal data will be processed and stored using these cookies. If we are permitted to use cookies based on your consent (Article 6(1)(a) GDPR), this consent also serves as the legal basis for the use of cookies and the processing of your data. A cookie consent management platform is used to manage consent to cookies and enable you to consent. Further, by utilizing this software, we can operate the website in an efficient and legally compliant manner, which constitutes a legitimate interest (Article 6(1)(f) GDPR).
We only process personal data for as long as it is necessary to provide our products. Data stored in cookies is kept for different lengths of time. Some cookies are deleted as soon as you leave the website; others may remain stored in your browser for several years. The exact duration of data processing depends on the tool used. The respective data protection declarations of the individual providers will usually provide you with detailed information about the duration of data processing.
For more information about the data processed using Usercentrics, please refer to their privacy policy.
Social Media
What is social media?
Alongside our website, we are active on various social media platforms. In this process, user data may be processed so that we can target users who are interested in us through social media networks. Moreover, some elements of a social media platform may also be embedded directly in our website, for example, a so-called social button on our website to forward you to our social media presence. Social media refers to websites and apps where registered members can produce content, share content openly or in specific groups, and network with others.
We use a selection of Facebook tools on our website. Facebook is a social media network of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. These tools allow us to provide you and people interested in our products with the best possible offer.
We use advertisements (Facebook Ads) to present information about our products to potentially interested people. To do so, Facebook needs information about people’s wants and needs to present users with suitable advertising. As such, the company obtains information about user behavior (and contact details) via our website. As a result, Facebook gains access to more extensive user data, enabling it to display suitable advertising about our products and services to interested parties and enable customized advertising campaigns on Facebook.
Facebook calls information about your behavior regarding our website “event data.” They are also used for measurement and analysis purposes for Facebook to produce “campaign reports” on our behalf about the impact of our advertising campaigns. Likewise, the analytics give us a better insight into how you use our website or products. We optimize your user experience on our website with some of these tools. For example, using social plugins, you can share content from our site directly on Facebook.
Whenever data is collected from you and transferred via our embedded Facebook elements or our Facebook page (fan page), we and Facebook Ireland Ltd. are jointly responsible. However, Facebook is solely responsible for the further processing of this data. Our joint commitments are documented in a publicly accessible agreement, stating, for example, that we must inform you about using Facebook tools on our website. Additionally, we are responsible for ensuring the secure integration of the tools into our website under data protection law. Facebook, on the other hand, is, among other things, responsible for the data security of Facebook products.
The following overview outlines the various Facebook tools, which data is sent to Facebook, and how you can delete this data.
- Facebook Pixel
- social plugins (such as the “Like” or “Share” button)
- Facebook Login
- Account Kit
- APIs (programming interface)
- SDKs (collection of programming tools)
- Platform integrations
- Plugins
- Codes
- Specifications
- Documentations
- Technologies and services
With these tools, Facebook enhances its services and can obtain information about user activities outside of Facebook.
By using individual Facebook tools, personal data (customer data) may be sent to Facebook. Depending on the tools used, these customer data may include name, address, telephone number, or IP address.
Facebook will use this information to match this data with data it holds about you (if you are a Facebook member). Customer data is hashed before it is transmitted to Facebook, meaning an arbitrarily large data set is transformed into a character string. Hashing will also encrypt the data.
Event data is also transmitted alongside the contact data. “Event data” refers to the information we receive about you on our website, such as which subpages you visit or which products you buy from us. Facebook does not share the information it obtains with third parties (such as advertisers) unless the company has explicit permission or is legally required. Event data may also be linked to contact data to allow Facebook to offer better-personalized advertising. Facebook deletes the contact data once the matching process mentioned above has been completed.
To optimize the delivery of ads, Facebook will only use the event data when combined with other data (collected by Facebook in different ways). Besides, Facebook utilizes this event data for security, protection, development, and research purposes. Much of this data is transferred to Facebook via cookies. Depending on the tools you use and whether you are a Facebook member, there will be varying numbers of cookies stored in your browser. For more general information on using Facebook cookies, please visit the cookies section on their data protection page.
If you have consented to your data being processed and stored by embedded Facebook tools, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we will only use the tools if you have given your prior consent. Most social media platforms also utilize cookies in your browser to store data. Therefore, we recommend you carefully read our data protection notice on cookies and consult Facebook’s privacy and cookie policies.
Among other places, Facebook also processes data in the USA. Facebook utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige Facebook to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
In principle, Facebook stores data until it is no longer needed for its services and Facebook products. Customer data, however, is deleted within 48 hours after it has been matched with your user data.
Complete data deletion only occurs if you delete your Facebook account completely.
The data that Facebook receives via our site is stored in cookies (e.g., for social plugins). You can deactivate, delete, or manage some or all cookies in your browser. The process differs depending on which browser you use.
If you do not wish to receive cookies, you can configure your browser to inform you whenever a cookie is to be set, deciding whether you want the cookie or not.
For more information on how Facebook uses your data, please refer to their privacy policy.
We use social plugins from the social media network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website, such as feeds, content sharing, or links to our LinkedIn page. The social plugins are marked with the familiar LinkedIn logo and allow, for example, exciting content to be shared on LinkedIn directly via our website. LinkedIn Ireland Unlimited Company Wilton Place in Dublin is responsible for data processing within the European Economic Area and Switzerland.
By embedding such plugins, data can be sent to, stored, and processed on LinkedIn. LinkedIn is the largest social media network for business contacts. Here, we focus exclusively on establishing business contacts. Businesses can present services and products on the platform and develop business relationships.
It is impossible to follow all social media channels individually. Now and then, we post interesting news or reports that are worth sharing. To do so, we have made it possible to share exciting content on our website directly on LinkedIn or to refer to our LinkedIn page. We consider integrated social plugins to be an extended service on our website. Data that LinkedIn collects also helps us to present promotional campaigns only to those individuals who are interested in our offer.
LinkedIn does not store any personal data, just by integrating the social plugins. LinkedIn calls the data generated by plugins passive impressions.
If you have consented to your data being processed and stored by embedded social media elements, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we will only use the embedded social media elements if you have given your prior consent. Among other places, LinkedIn also processes data in the USA. LinkedIn utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige LinkedIn to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
If you have given your consent and clicked on a social plugin, for instance, to share our content, the platform stores personal data as so-called “active impressions,” regardless of whether you have a LinkedIn account. If you are logged in, the data collected will be assigned to your account.
Your browser connects to the LinkedIn servers directly whenever you interact with our plugins. The company logs various usage data, which may include your IP address, login data, device information, or information about your Internet or mobile phone provider. If you access LinkedIn services via your smartphone, your location can also be determined (after you have granted permission). LinkedIn may also pass this data on to third-party advertisers in hashed form. Hashing means that a data record is converted into a character string, allowing data to be encrypted so that individuals can no longer be identified.
LinkedIn generally retains your personal data for as long as the company considers it necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains some data in aggregated and anonymized form even after you delete your account. The data is stored on various servers in America and presumably also in Europe.
You have the right to access and delete your personal data at any time. You can manage, change, and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn.
You can also prevent data processing by LinkedIn in your browser. As mentioned above, LinkedIn stores most of the data via cookies in your browser. These cookies can also be managed, deactivated, or deleted. Depending on which browser you have, the administration works slightly differently.
You can also set up your browser so that you are always informed when a cookie is to be set. That way, you can always decide whether you want to allow a cookie or not.
For more information on data processing, please refer to LinkedIn’s privacy policy.
We use X, formerly known as Twitter, functions on our website, including embedded tweets, timelines, buttons, and hashtags. Twitter is a short message service and a social media platform of Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
We strive to provide information about our services via various channels and communicate with our customers. Integrating our Twitter activity on our website lets you gain insights into our content or access our Twitter page via a direct link. By incorporating them, we want to improve our service and the user-friendliness of our website.
Simply integrating the Twitter function does not transfer any personal data or data about your web activities to Twitter.
If you have consented to your data being processed and stored by embedded social media elements, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we will only use the embedded social media elements if you have given your prior consent.
If you have given your consent, Twitter also processes data in the USA. Twitter utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige Twitter to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
Only when you interact with the Twitter functions, like clicking on a button, can data be sent to, stored, and processed by Twitter. We have no influence over this data processing and bear no responsibility. As part of this privacy policy, we want to provide an overview of what data Twitter stores, how Twitter uses this data, and how to protect yourself from data transmission.
For some, Twitter is a news service, while for others, it is a social media platform, and for still others, it is a microblogging service. All these terms have their justification and mean more or less the same. You will find embedded Twitter functions on some of our subpages. As you interact with Twitter content, like clicking on a button, Twitter may collect and store data even if you don’t have a Twitter account. Twitter calls this data “log data.” It includes demographic data, browser cookie IDs, smartphone ID, hashed email addresses, and information about which pages you have visited on Twitter and your actions. Twitter naturally stores more data if you have a Twitter account and are logged in. This storage usually takes place via cookies. Cookies are small text files mostly set in your browser that transmit different information to Twitter.
The data collected by Twitter is used to understand user behavior better to improve its services and promotional offers, but also for internal security measures.
In its privacy policy, Twitter repeatedly emphasizes not to store any data from external website visits if you or your browser are located within the European Economic Area or in Switzerland. If you interact directly with Twitter, however, then, of course, Twitter also stores data about you.
You can manage your data on Twitter if you have a Twitter account.
Otherwise, you can visit twitter.com and click on “Customization”. You can manage your collected data under “Individualization and data.”
As mentioned above, most data is stored via cookies, which you can manage, deactivate, or delete in your browser. You can also configure your browser to be informed about each cookie. That way, you can always decide whether you want to allow the cookie or not.
Twitter may also use the data for personalized advertising inside and outside Twitter. You can deactivate personalized advertising in the settings under “Individualization and data.” If you utilize Twitter on a browser, you can deactivate personalized advertising.
For more information on data processing, please refer to Twitter’s privacy policy.
We use social plugins on our website from the social media network Xing, operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. These functions allow you to share content on Xing directly via our website, log in via Xing, or follow exciting content. You can identify the plugins by the company name or the Xing logo. When you visit a website that uses a Xing plugin, data may be transmitted to, stored, and analyzed on the “Xing servers.”
The company specializes in the management of professional contacts. That is, unlike other networks, Xing is primarily about professional networking. The platform is often used for job searches or recruiting employees for one’s own company. Xing also offers exciting content on various professional topics.
If you have consented to your data being processed and stored by embedded social media elements, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners. Nevertheless, we will only use the embedded social media elements if you have given your prior consent.
Xing offers a share button, a follow button, and a login button as website plugins. When you open a page where such a social plugin is integrated, your browser connects to servers in a data center used by Xing. According to Xing, no data that could be directly linked to a person is stored when using the share button. In particular, Xing does not keep your IP address. Also, no cookies are set in connection with the share button, so no evaluation of your user behavior occurs.
For other Xing plugins, cookies are only set in your browser once you interact or click on the plugin. Personal data such as your IP address, browser data, or the date and time of your visit to Xing can be stored here. Provided you have a XING account and are logged in, the data collected, as well as stored data, will be assigned to your account.
You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can prevent possible data processing via your browser or manage it according to your wishes.
You can also set up your browser so that you are always informed when a cookie is to be set. That way, you can always decide whether you want to allow a cookie or not.
For more information about data processing by the Xing social media network, please refer to their privacy policy.
Audio, Video & Streaming
What are audio and video elements?
Our website has embedded audio and video elements so that you can watch videos or listen to music/podcasts directly on our website. Service providers make the content available, meaning all content is obtained from the provider’s servers.
These embedded plugins are from platforms like YouTube, allowing you to listen to or view the respective content via our website.
If you use audio or video elements on our website, your personal data may also be sent to, processed, and stored by the service providers.
YouTube
YouTube content is integrated into “extended data protection mode,” ensuring that YouTube does not store any cookies on your device initially. That is, YouTube will not keep any information about the visitor unless you watch the video.
This processing is based on your consent under Article 6(1)(a) GDPR. If you do not want YouTube to collect and process the data as mentioned above, you can refuse your consent or withdraw it at any time with prospective effect.
If you consent to data processing and click on the video, your IP address will be sent to YouTube, telling YouTube that you have watched the video. If you are logged into YouTube, this information is also assigned to your user account. You can prevent this by logging out of YouTube before watching the video.
In addition to Google Ireland Limited, data may be transmitted to the following recipients as part of the processing:
– Google LLC.
– Alphabet Inc.
During processing by YouTube, data may be transferred to the USA. Security of the transfer is ensured by so-called standard contractual clauses, which safeguard that the processing of personal data is subject to a level of security that complies with the GDPR. Should the standard contractual clauses not be sufficient to establish an adequate level of security, consent will be obtained from you in advance under Article 49(1)(a) GDPR as part of the Usercentrics consent management system.
For more information, please refer to YouTube’s privacy policy.
Video conferencing & streaming
What is video conferencing & streaming?
We use software tools to hold video conferences, online meetings, webinars, display sharing, or streaming. Information is transmitted simultaneously via sound and moving images during a video conference or streaming. With the help of such video conferencing or streaming tools, we can communicate with customers, business partners, and employees quickly and easily over the Internet. When selecting the service provider, we consider the applicable legal requirements.
Third-party video conferencing and streaming solution providers can process data once you interact with the software program. They use such data and metadata for different purposes. The data helps to make the tool more secure and to improve the service. In most cases, the data may also be used for the third-party provider’s marketing purposes.
GoToWebinar
We use “GoToWebinar,” a service for video webinars, on our website. The service provider is the American company LogMeIn, with its registered office in Ireland Limited, Bloodstone Building Block C 70, Sir John Rogerson’s Quay Dublin 2, Ireland.
We aim to communicate with you, our customers, and our business partners quickly, easily, and securely—also digitally—which works best with video conferencing solutions. Most tools work directly from your browser. The tools also offer helpful add-ons such as a chat and screen sharing function or sharing content between meeting participants.
Among other places, GoToMeeting also processes data in the USA. GoToMeeting utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige GoToMeeting to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
If you have consented to your data being processed and stored by the video or streaming solution, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). We may also offer a video conference as part of our services if this has been contractually agreed with you in advance (Article 6(1)(b) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners, but only if you have given your consent.
Insofar as you have consented to the processing, your data will be processed and stored on the servers of the respective service provider when you participate in our video conference or streaming.
Usually, your name, address, and contact data, such as your email address, telephone number, and IP address, are stored. It may keep information about the device you are using and store which websites you visit, at what time you visit a website, or which buttons you click. Data shared within the video conference (photos, videos, texts) may also be saved.
For more information about the data processed using GoToMeeting, please refer to their privacy policy.
Webinaris
To conduct webinars, we use the online solution “Webinaris” provided by Webinaris GmbH, Bussardstrasse 5, 82166 Graefelfing, Germany, which acts as our data processor.
We aim to communicate with you, our customers, and our business partners quickly, easily, and securely—also digitally—which works best with video conferencing solutions. Most tools work directly from your browser. The tools also offer helpful add-ons such as a chat and screen sharing function or sharing content between meeting participants.
If you have consented to your data being processed and stored by the video or streaming solution, it will serve as the legal basis for data processing (Article 6(1)(a) GDPR). We may also offer a video conference as part of our services if this has been contractually agreed with you in advance (Article 6(1)(b) GDPR). In general, your data is also stored and processed based on our legitimate interest (Article 6(1)(f) GDPR) in fast and good communication with you or other customers and business partners, but only if you have given your consent.
Insofar as you have consented to the processing, your data will be processed and stored on the servers of the respective service provider when you participate in our video conference or streaming.
Registration and webinar login takes place via a registration form provided by Webinaris. You will be asked for your name and email address. We will use your data to automatically send you the access data for the webinar via Webinaris and reminder emails before and after the webinar and dates for import into standard calendar software. Depending on the webinar content, you will receive another email after the webinar, allowing you to request further information.
You can revoke your consent to receive emails at any time by clicking on the respective link at the end of the email, or you can send us a message to the contact given in the legal notice to request deletion.
For more information on data protection at Webinaris, please refer to their privacy policy.
Recruiting Tools
What are recruiting tools?
Various companies offer software tools to simplify the job application process. Most systems also provide filter options to search through databases of potential candidates to quickly and efficiently find employees who are a good fit for the hiring company. Your personal data is sent, stored, and managed via online forms and recruiting tools. This section covers recruiting tools and the traditional application process by email or online form. For more information on the recruiting tools, please refer to the privacy policies of the respective providers.
Xing E-Recruiting
We use the recruiting tool “Xing E-Recruiting” on our website. The service provider is the German company New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
To search for suitable applicants, we use Xing E-Recruiting in compliance with all legal regulations to optimize the search for suitable applicants and the application process, sometimes allowing us to find apt employees for our company more quickly.
For details of the conditions of the recruitment process, please refer to the respective job advertisements.
If we add you to our application pool, we do so based on your prior consent (Article 6(1)(a) GDPR). Please note that your consent to our application pool is voluntary, has no influence on the application procedure, and you can revoke your consent at any time.
The data is processed under Article 9(2)(c) GDPR if vital interests are protected. Data processing for health care, occupational medicine, medical diagnostics, provision, or treatment in the healthcare or social sector, or managing systems and services in the healthcare or social industry is carried out under Article 9(2)(h) GDPR. If you voluntarily provide special categories of personal data, the processing is carried out under Article 9(2)(a) GDPR.
Naturally, if you apply to us, you must also submit data about yourself so we can assess your application accordingly. The exact information you provide depends on the job description or the information required in the online form.
Generally, this involves data such as name, address, date of birth, and proof of your qualifications relevant to the job. During the application process, information on your health or ethnic origin may also be requested in addition to the standard personal data, such as your name or address, so that you and we can exercise your rights respecting employment law, social security, and social protection and at the same time comply with the corresponding obligations. Such data is considered a “special category of personal data.”
Your data or application will be sent to us encrypted via the online form. Alternatively, you can also send us your application by email. When you choose the latter, the data is transmitted but not stored in encrypted form by the sending and receiving servers.
If your application is successful, the data you provide may be processed by us to establish an employment relationship. We will delete the data received if the application does not meet expectations. The data will also be deleted if you withdraw your application. Should you agree to join our applicant pool, we will store your data collected in this context until you leave the applicant pool; the same is valid for withdrawing your consent.
You can always revoke your consent at any time. The data will be deleted after 6 months at the latest to enable us to answer possible questions about the application and to be able to provide evidence. Invoices for any reimbursement of travel expenses are archived in compliance with tax regulations.
For more information about the data processed using Xing E-Recruiting, please refer to their privacy policy.
Other Google Services
Google Fonts
The “Google Web Fonts” service is used on this website. The service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
With the help of Google Web Fonts, we embed and display external fonts, so-called Google Fonts, on our website. Google Web Fonts is integrated locally on our site so that fonts are not loaded from Google servers.
Their use serves our legitimate interest under Article 6(1)(f) GDPR in presenting the website in an attractive and user-friendly manner. Local hosting ensures no data is transmitted to Google and no corresponding data transfer occurs.
For more information and the data protection provisions, please refer to Google’s privacy policy.
Google Maps
We use “Google Maps” from Google Inc. on our website. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services within Europe. With Google Maps, we can show you locations more clearly and adapt our service to your needs. Using Google Maps, data is sent to Google and stored on Google servers. In this section, we would like to outline what Google Maps is, why we use the service, what data is kept, and how you can prevent this.
Google Maps is an Internet map service provided by Google. With Google Maps, you can search for exact locations of cities, places of interest, accommodation, or businesses online using a PC, tablet, or app. If companies are represented on Google My Business, further information about the company is displayed in addition to its location. Map sections of a location can be embedded in a website using HTML code to visualize locations. Google Maps shows the earth’s surface as a road map or aerial or high-quality satellite image, enabling precise geographic representations.
We have made every effort on this site to ensure you have a valuable and meaningful time on our website. By integrating Google Maps, we can provide essential information on various locations, and you can see where we are located at a glance. The directions always show you the best or fastest way to reach us. You can call up the directions for routes by car, public transport, on foot, or by bike. For us, the provision of Google Maps is part of our customer service.
If you consent to use Google Maps, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR, this consent serves as the legal basis for processing personal data, as it may occur when collected by Google Maps. We also have a legitimate interest in using Google Maps to optimize our online service based on Article 6(1)(f) GDPR. Nevertheless, we will only use Google Maps if you have consented.
Google also processes data in the USA, among other places. Please note that, according to the European Court of Justice, there is currently no adequate level of protection for data transfer to the USA, entailing various risks for the lawfulness and security of data processing. Google utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige Google to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
Google Maps will collect and store your data if you have given your prior consent, including the search terms entered, your IP address, and the latitude and longitude coordinates. The start address you enter is also saved if you use the route planner function. However, this data storage takes place on the Google Maps website. While we can only inform you about it, we have no influence on it. As we have integrated Google Maps into our website, Google will place at least one cookie in your browser. This cookie saves data on your user behavior. Google uses this data primarily to optimize its services and to provide you with individual, personalized advertising.
The automatic deletion function for location and activity data stores location and web/app activity information for either 3 or 18 months—depending on your decision—before being deleted. You can delete this data manually from your history anytime via your Google account. You need to switch activities on or off in your Google account to prevent your location from being recorded.
You can deactivate, delete, or manage individual cookies in your browser.
If you do not wish to receive cookies, you can configure your browser to inform you whenever a cookie is set, allowing you to decide whether to allow it or not for each cookie.
For more information about Google’s data processing, please refer to their privacy policy.
Google reCAPTCHA
We use “Google reCAPTCHA” on our website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Our primary goal is to secure and protect our website for you and us in the best possible way by using Google reCAPTCHA from Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services within Europe.
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. reCAPTCHA aims to check whether the data input on our websites (e.g., in a contact form) is made by a human or an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics as soon as the website visitor enters the website.
If you consent for Google reCAPTCHA to be used, the legal basis for the corresponding data processing is this consent. According to Article 6(1)(a) GDPR, this consent serves as the legal basis for processing personal data, as it may occur when collected by Google reCAPTCHA. We also have a legitimate interest in using Google reCAPTCHA to optimize our online service based on Article 6(1)(f) GDPR. Nevertheless, we will only use the Google reCAPTCHA if you have given your prior consent.
Google also processes data in the USA, among other places. Google utilizes standard contractual clauses approved by the EU Commission to process data for recipients based in third countries or to transfer data to third countries. These clauses oblige Google to comply with the data protection level applicable in the European Union when processing relevant data outside the EU.
Using reCAPTCHA, data is transmitted to Google to determine whether you are human. reCAPTCHA thus serves the security of our website and, in return, your security. For example, without reCAPTCHA, a bot could register as many email addresses as possible during registration to subsequently “spam” forums or blogs with unwanted advertising content. reCAPTCHA can avoid such bot attacks.
For analysis purposes, reCAPTCHA evaluates various information (e.g., IP address, time spent by the visitor on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
All reCAPTCHA analyses run in the background; website visitors are not informed that an analysis is taking place.
If you do not want any data about you and your behavior to be transmitted to Google, you must log out of Google entirely and delete all Google cookies before visiting our website or using the reCAPTCHA software. The data is generally automatically transmitted to Google as soon as you visit our website. To delete this data, you must contact Google Support.
Therefore, by using our website, you consent to the automatic collection, processing, and use of data by Google LLC and its representatives.
For more information about the service, see Google reCAPTCHA and Google’s privacy policy.
Fivetran
We use Fivetran, provided by Fivetran Inc., 1221 Broadway Street, Suite 2400 Oakland, CA 94612, USA (hereinafter referred to as “Fivetran”) to support the analysis of information.
The purpose is the transmission of data into database systems. Data processing takes place within Germany and the European Economic Area. The legal basis for the mentioned processing purposes is, on the one hand, the performance of the joint contractual relationship and the associated provision of our services (Art. 6 para. 1 b GDPR) as well as consent (Art. 6 para. 1 a, Art. 9 para. 2 a GDPR).
Fivetran will only transfer data to third countries if there is an adequacy decision by the EU Commission for the respective country, if EU Standard Contractual Clauses are implemented, other appropriate safeguards according to Art. 46 GDPR, or exceptions according to Art. 49 GDPR are applicable.
Further information can be found in the service provider’s privacy policy. You can find the EU Standard Contractual Clauses here.