Privacy

Data protection Online offering and web-based applications

General

This privacy policy - hereinafter referred to as "DSE" - informs you about the scope, purpose and nature of the processing of all personal data - hereinafter referred to as "data" - within our online offer and our web-based [Cloud/ Software-as-a-Service (SaaS)] applications as well as the associated websites, functions and content as well as external online presences, such as social media platforms/profiles on - hereinafter referred to as "online offer").

With regard to the terms used, such as "controller" or "processing", we refer to the definitions of the General Data Protection Regulation (hereinafter referred to as "GDPR"), Art. 4.

Link to the GDPR: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679&from=DE

Person responsible in the sense of the DSGVO

Patrick Berrendorf
Digital Communication Solutions GmbH
Grüner Weg 18
14109 Berlin, DE E-mail address: privacy [at] dicoso.de

Phone: +49 (0)30 863 963 59-0
Fax: +49 (0)30 863 963 59-11

Managing Director: Peter Berrendorf

Imprint: http://www.dicoso.de/impressum

Type of data processed

• Contact details:
  telephone numbers; fax numbers; e-mail addresses
• Inventory Data: Gender; title; academic degree; job title/position; names; addresses; team name; bank information; company name; company (legal form);
• Usage data:
  Web pages visited; ; access times; date of data collection; date of data update; consent to T&Cs and DSE product mapping; company mapping (to which company does the end user/employee etc. belong); type of request; device mapping;date and time of messaging; date and time of service; location mapping; times; calendar data; locations pick-up and destination); flight; train and bus and vehicle numbers;
• Content data: Text inputs;Image data; Social media link URLs (Facebook; Google+ page; Twitter; Pinterst; Instagram; Youtube; LinkedIn; Xing).
• Meta/communication data: IP addresses; URL; geo-coordinates; user agent; platform (e.g. Windows; Linux; macOS etc.)Date of account deactivation; date of last request (ping); date of last login; current login (session).

Persons concerned

Visitors and users of our online offers and web-based applications (hereinafter referred to as "web app"). In the following, the data subjects are collectively referred to as "users".

• End customer (consumer): Natural person who, as a user, accesses the online applications or web-based applications made available for use via their own end devices in order to obtain information and initiate and conclude a transaction.
• Employee (User): Natural person who, as a user on behalf of a company, uses the online offering and web-based applications provided in order to provide product information and initiate and conduct business with end customers.
• Provider (Supplier): Companies that offer and sell their products and services to end customers via the online applications and web-based applications provided by us using end devices installed at company locations, end devices of employees, and end devices of end customers.
• Applicants: Natural persons who apply either on their own initiative or in response to an advertisement for a vacant position by us and submit the documents and data required for this purpose.
• Newsletter recipients: Natural persons who register via a so-called double opt-in procedure for an electronically sent e-mail newsletter that is sent via a newsletter dispatch service provider.

Recipient categories

• Banking service provider
• Logistics company
• Authorities (governmental)
• Business partners/service providers (only necessary, official contact data)

Some of the aforementioned processes or services are performed by carefully selected and contracted service providers.

We transmit or receive personal data from these service providers solely on the basis of a processing contract. If the registered office of a service provider is outside the European Union or the European Economic Area, a third country transfer takes place. Data protection agreements in accordance with the legal requirements are contractually stipulated with these service providers to establish an appropriate level of data protection and corresponding guarantees are agreed.

Terms used

"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.

Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

"Personal data" means any information relating to an identified or identifiable natural person - hereinafter "data subject".

An identifiable natural person is defined as one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or to one or more factors specific to the physical, physiological, genetic, mental, social, cultural or economic identity of the natural person.

Relevant legal bases

According to the requirement of Art. 13 DSGVO we inform you about the legal basis of our data processing.

If the legal basis is not stated in the DSE, the following applies:

• The legal basis for processing for the fulfillment of our legal obligations is Art. 6 para. 1 lit. c DSGVO
• The legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.
• The legal basis for the processing for the fulfillment of our services and implementation of contractual measures as well as answering inquiries is Art. 6 para. 1 lit. b DSGVO
• The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO
• If vital interests of data subjects or other natural persons require processing of personal data, the legal basis is Art. 6 (1) lit. d DSGVO.

Cooperation with third parties and so-called processors

If we transmit data to other persons and companies (processors or third parties) within the scope of our data processing, disclose data to them or grant them other access to the data, this will only be done on the basis of a legal permission, e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, service providers, etc.).

Should we commission third parties with the processing of data on the basis of a so-called "order processing agreement" (hereinafter "AVV"), this is done on the basis of Art. 28 DSGVO.

Data transfer to third countries

Should we process data outside of the European Union (EU) or should this occur in the context of data transfer to third parties or through the use of third-party services or disclosure, this will only occur if it is done in order to fulfill our (pre)contractual obligations

• on the basis of your consent
• due to a legal obligation or
• on the basis of our legitimate interests

Subject to contractual or legal requirements and permissions, we process or allow the processing of data in a third country only if the special requirements pursuant to Art. 44 et seq. DSGVO.

Data processing is carried out on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU, e.g. for the USA through the "Privacy Shield", or compliance with officially recognized contractual obligations, so-called "standard contractual clauses".

Rights of data subjects

Pursuant to Art. 15 of the GDPR, data subjects have the right to obtain confirmation as to whether or not personal data is being processed, to obtain information about such data and to obtain a copy of the data pursuant to Art. 15 of the GDPR.

According to Art. 16 DSGVO, data subjects have the right to request that the data concerning them be completed or corrected.

According to Art. 17 DSGVO, data subjects have the right to have relevant data deleted without delay.

According to Art. 18 DSGVO, data subjects have the right to request the restriction of the processing of their data.

In addition, pursuant to Article 20 of the GDPR, data subjects have the right to obtain the data concerning them and provided by them, as well as to request its transfer to other data controllers.

In accordance with Art. 77 of the GDPR, data subjects also have the right to lodge a complaint with the competent supervisory authority.

Right of revocation and objection

According to Art. 7 (3) DSGVO, data subjects have the right to revoke the consent given with effect for the future.

In accordance with Art. 21 DSGVO, data subjects have the right to object at any time to the future processing of data relating to them, in particular with regard to the use of data for the purpose of direct marketing.

Cookies and right to object to direct advertising

So-called "cookies" are small files that are stored on the computers of the respective users.cookies can store different information.

The main purpose of a cookie is to store information about a user or his device (the location of the cookie) during and also after use (visit) within the scope of the respective online offer and web-based applications.

A distinction is made between permanent and temporary cookies.

• Permanent cookies are cookies that remain stored even after the browser is closed. In addition, the interests of the user can be stored in a permanent cookie in order to use them for marketing purposes and / or reach measurement.
• So-called "third-party cookies" are cookies that are offered by providers (third parties) other than the responsible party that operates the online offer.
• Temporary cookies are cookies that are deleted after a user leaves an online service and closes his browser. Such a cookie, also known as a "session cookie", can be used, for example, to store the contents of an online store's shopping cart.

We may use both permanent and temporary cookies as part of our online and web-based applications, and we disclose this as part of our DSE.

If users do not want cookies to be stored on their device, we ask these users to disable the corresponding option in the browser settings.

Already stored cookies can be deleted in the browser settings.

Users must note that preventing the storage and use of cookies may lead to functional restrictions of the online offer and web-based applications or the web-based application.

A general objection to the use of cookies for marketing purposes can be declared via the following third-party services:

• http://www.youronlinechoices.com/
• http://www.aboutads.info/choices/

Data deletion

According to Art. 17 and 18 DSGVO, the data processed by us will be deleted or restricted in its processing.

The data stored by us will be deleted, unless expressly stated otherwise within the scope of this DSE, as soon as this data is no longer necessary for the respective purpose and there is no legal obligation to retain it.

Processing is restricted if the data is not deleted because it is necessary for other and legally permissible purposes, which means that the data is blocked and not used or processed for other purposes. This applies, for example, to all data that must be retained for legal reasons.

In Germany, the statutory retention period is as follows

• 10 years according to § 147 (1) AO
• 6 years according to § 257 (1) HGB
• 3 years according to §195 BGB

Business data processing

For the purpose of providing contractual services, services, marketing/advertising, market research and analysis, and customer support, we process contractual and payment data, including the subject of the contract, customer category, bank details, etc.

Hosting

Hosting services used by us serve to provide the following services: Infrastructure services; Computing capacity; Storage space; Database services; Platform services; Technical maintenance and security services.

For this purpose, we, or our respective hosting service provider, use the following data: Inventory data; Contact data; Content data; Contract data; Usage data; Meta and communication data of customers, interested parties, visitors and users of our respective online offer and web-based applications on the basis of our legitimate interests in an efficient and secure provision of the online offer and web-based applications pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO

Collection of access data and log files

According to Art. 6 para. 1 lit. f. DSGVO, we or our hosting service provider collect data on each access to the respective server on which this service is located on the basis of legitimate interests by means of so-called server log files, including name of the accessed website; file; date and time of access; status message about successful access; browser type and version; platform (operating system of the user); history (referrer URL (the previously visited page)); IP address; requesting provider.

Log file information is stored for a maximum of seven (7) days for security reasons and then deleted. Data whose retention is required for evidentiary purposes is excluded from deletion until final clarification of the respective incident!

Registration function

Users can create a user account. The mandatory information required for this purpose, if any, will be provided to users during registration. and used for the purposes of using the offer. Users may be informed by e-mail about information relevant to the offer or registration, such as changes to the scope of the offer or technical circumstances.

Upon termination/deactivation of the user account, the corresponding data with regard to the user account will be deleted, unless their retention is required for legal reasons pursuant to Art. 6 para. 1 lit. c DSGVO.

It is the responsibility of the users themselves to back up their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract. Within the scope of the registration and login functions as well as the use of the account by the user, we store the time of the respective user action and the IP address of the end device... The storage is based on our legitimate interests, as well as those of the users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c DSGVO.

After 7 days at the latest, IP addresses are anonymized or deleted.

Contact

When contacting us of any kind, e.g. telephone, contact form(s), email and/ or social media (e.g. Facebook, Instagram, Twitter etc.)), user information will be processed for the purpose of handling and processing the request in accordance with. Art. 6 para. 1 lit. b) DSGVO processed. User information may be stored in a customer relationship management system. We delete the requests if they are no longer necessary. We review the necessity at least every two (2)years; In addition, the legal archiving obligations apply.

Newsletter

We hereby inform you about the contents of our newsletters as well as the registration, dispatch and statistical evaluation procedures and your corresponding rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described below.

Login data

To register for one of our newsletters, it is sufficient to enter your e-mail address. Optionally, you have the option to enter your name for the purpose of individualized addressing in the newsletter.

Double-Opt-In/ Logging

The registration for our newsletter takes place in a so-called double opt-in process, i.e. after registration you will receive a separate e-mail in which you are asked to confirm your newsletter registration. This second confirmation is necessary to ensure that no one can register for a newsletter using someone else's e-mail address.

The registration for newsletters is logged in order to be able to prove the complete registration process according to the legal requirements, including the storage of the IP address, as well as the registration and confirmation time. In addition, all changes to your data stored with the shipping service provider are logged.

Newsletter content

We send newsletters, e-mails and other electronic content with promotional information (hereinafter "newsletter") exclusively with the consent of the recipients or legal permission. If, in the course of registering for one of our newsletters, its contents are specifically circumscribed, they are authoritative for the consent of the users. In addition, our newsletters contain information about our services and our company.

The sending of newsletters and the associated performance measurement is based on the consent of the recipients pursuant to Art. 6 para. 1 lit. a, Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission pursuant to § 7 para. 3 UWG. The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO.

Our interest is directed towards the use of a secure and at the same time user-friendly newsletter system that serves our business interests as well as meets the requirements and expectations of the users and furthermore allows us to prove consent.

Termination/ Revocation

You can cancel and revoke your receipt of newsletters at any time. You will find the link to cancel the newsletter at the end of each newsletter. Based on our legitimate interests, we may store unsubscribed email addresses for up to three (3) years before deleting them for the purpose of sending newsletters, in order to be able to prove consent previously given.

The processing of this data will be limited to the purpose of a possible defense against any claims, an individual request for cancellation is possible at any time, provided that at the same time the former existence of consent is confirmed.

Newsletter - Shipping service provider

The dispatch of our newsletter takes place by means of our dispatch service platform "MailChimp". of the American provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

You can view the privacy policy of the shipping service provider here: https://mailchimp.com/legal/privacy.

The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement, thereby providing a guarantee of compliance with the European level of data protection (see: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active).

The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO and an order processing agreement pursuant to Art. 28 para. 3 p. 1 DSGVO. The dispatch service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.

Newsletter - Success measurement

The newsletters contain so-called web beacons, which are retrieved from our servers or the servers of our shipping service provider when the newsletter is opened. Information about the browser and your system, technical information, as well as your IP address and the time of retrieval are collected during the retrieval process.

In addition, the statistical surveys include the evaluation of whether the newsletters are opened, at what time they are opened and which URL was clicked by the recipient. For technical reasons, this information can be assigned to individual newsletter recipients, but we do not use it to monitor individual users.

The evaluations serve us primarily to recognize the reading habits of the recipients and to adapt the content we send accordingly or to send different content according to the interests of our users.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), in the interest of analyzing, optimizing and economically operating our online offering within the meaning of Art. 6 (1) lit. f. DSGVO, Google Analytics, a web analytics service provided by Google LLC ("Google").

Google uses cookies for this purpose. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a server of Google LLC in the USA and stored there. Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law, see also https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. On our behalf, Google will use this information to evaluate the use of our online offer by the users, to compile reports on the activities within this online offer and web-based applications and to provide us with further services related to the use of the online offer and the web-based application as well as the internet use. In doing so, pseudonymous user profiles can be created from the processed data. We only use Google Analytics with IP anonymization activated, i.e. the IP address of users is truncated by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly. Users can prevent the collection of the data generated by the cookie and related to their use of the online offer and web-based applications to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. For more information about Google's use of data, settings and opt-out options, please visit Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information Google uses to serve you ads").

Social media

We offer online presences within social networks in order to communicate with the interested parties, users, customers and users active there and to inform them about our products and services. When calling up the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply. Unless otherwise stated in our DSE, we process the user data if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Integration of third-party services and content

We use within our online offers and our web-based applications in the sense of Art. 6 para. 1 lit. f. DSGVO, content or service offers from third party providers to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). The prerequisite for this is that the respective third-party provider of this content collects the IP address of the user, as without the IP address the content could not be sent to the browser. The IP address is therefore required for the display of this content. We always strive to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called web bacons for statistical and/or marketing purposes. With the help of web beacons, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the operating system, browser, time of visit, referring websites, as well as other information about the use of the provided online services and web-based applications, and may also be combined with such information from other sources.

Amazon Web Services (AWS)

Our web-based applications are hosted via Amazon Web Services (AWS) of Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA. AWS is certified under the Privacy Shield Agreement, thereby providing a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4). DSE of Amazon Web Services: https://www.amazon.com/gp/help/customer/display.html?nodeId=468496

Conclusion of a contract for commissioned data processing

We have concluded an order data processing contract with Amazon Web Services, Inc. and fully implement the strict requirements of the German data protection authorities when using our applications.

Google

Google is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Maps

We use and integrate maps of the service "Google Maps" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DSE: https://www.google.com/policies/privacy; Opt-Out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the function for the recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DSE: https://www.google.com/policies/privacy; Opt-Out: https://adssettings.google.com/authenticated.

Google Fonts

Among other things, we use the fonts, so-called "Google Fonts" of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DSE: https://www.google.com/policies/privacy; Opt-Out: https://adssettings.google.com/authenticated.

Google Analytics

We use Google Analytics of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for the analysis and evaluation as well as for the optimization of our online offers and web-based applications. DSE: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated

Tidio chat

We integrate the live chat application TidioChat of the provider Tidio Ltd, 220C Blythe Road, W14 0HH, London, UK. The chat can be used completely anonymously and is used to advise prospective customers and customers on product selection and product questions. The data collected will only be used for the intended purpose and will be stored within the scope of legal retention obligations or deleted after expiry. DSE: https://www.tidiochat.com/en/privacy-policy

Webflow

We use the web-based application www.webflow.com from the provider Webflow, Inc., 208 Utah Street, Suite 210 San Francisco, California, 94103, USA, among others, to design and create our applications. DSE: https://webflow.com/privacy

Youtube

We integrate videos via the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DSE: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Twitter

Functions and contents of the Twitter service can be integrated within the scope of our online offer. Twitter is offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include content such as images, videos, text or buttons with which users can express their liking of the published content, the authors of the content or subscribe to our posts. If the users are members of Twitter, Twitter can assign the call of the aforementioned content and functions to the profiles of the users there. Twitter is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). DSE: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.

Facebook Social Plugins

According to Art. 6 para. 1 lit. f. DSGVO) we use social plugins, hereinafter "plugins",of the social network facebook.com. which is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Plugins can represent interaction elements or content and are recognizable by one of the Facebook logos:

• white "f" on blue tile
• a "thumbs up" sign or
• the terms "Like", "Like" or
• are marked with the addition "Facebook Social Plugin".

The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). If a user calls up a function of this online offer that contains such a plugin, his end device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated by the latter into the online offer, whereby user profiles can be created from the processed data. We have no influence on the scope of the data that Facebook collects with the help of this plugin and therefore inform users according to our level of knowledge. Facebook receives the information that a user has called up the corresponding page of the online offer through the integration of the Facebook plugins online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by clicking the so-called "Like Button" or submitting a comment, corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook learns and stores his IP address. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/. If a user is registered with Facebook and does not want Facebook to collect data about him/her via this online offer or web-based application and link it to his/her membership data stored with Facebook, he/she must log out of Facebook and delete his/her cookies before using our online offerOnline offer and web-based applications. Further settings and objections to the use of data for advertising purposes, are possible within the Facebook profile settings: https: //www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Pinterest

Functions and content of the Pinterest service may be integrated within our online offer and web-based applications. Pinterest is offered by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. This may include, among other things. Content such as videos, images or texts as well as buttons with which users can express their liking regarding the content as well as subscribe to the authors of the content or our posts. If users are members of the Pinterest platform, Pinterest can assign the call of the above-mentioned content and functions to the profiles of the users there. DSE of Pinterest: https://about.pinterest.com/de/privacy-policy.

Instagram

Within our online offer and our web-based applications, functions and contents of the online service Instagram are integrated, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Here you can. Content such as images, videos or texts and buttons belong, with which users can announce their like regarding the content, the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the call of the above-mentioned content and functions to the profiles of the users there. DSE of Instagram: http://instagram.com/about/legal/privacy/.

LinkedIn

Within our online offer and our web-based applications, functions and contents of the service LinkedIn may be integrated, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the call of the above content and functions to the profiles of the users there. DSE of LinkedIn: https://www.linkedin.com/legal/privacy-policy.

LinkedIn is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). DSE: https://twitter.com/de/privacy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Xing

Within our online offer and web-based applications, functions and content of the service Xing may be integrated, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking regarding the content, the authors of the content or subscribe to our posts. If the users are members of the Xing platform, Xing can assign the call of the above-mentioned content and functions to the profiles of the users there. DSE of Xing: https://www.xing.com/app/share?op=data_protection.

AnySMS

Within our online offer and web-based applications, users have the option to send the displayed products and offers via SMS (Short Message Service). Provider of the SMS functionality is mes.mo GmbH, Stuttgarter Straße 4, 73262 Reichenbach, Germany. DSE: of mes.mo GmbH: http://www.any-sms.biz/datenschutz.html

SendGrid

Within our online offer and our web-based applications, functions and contents of the service SendGrid Inc., 1801 California St., Suite 500, Denver, Colorado 80202, U.S.A. may be integrated. Provider and is carried out in the interest of the inquirer for the transmission of desired product and offer information as well as for the arrangement of appointments. SendGrid is certified under the Privacy Shield Agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000TRktAAG&status=Active). DSE of SendGrid: https://sendgrid.com/policies/privacy/

ExaVault

We use the SFTP service of ExaVault, Inc. 344 Thomas L Berkley Way, Oakland, CA 94621, USA, to transfer product data required to operate our solutions and applications. ExaVault is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt00000004FBwAAM).DSE of ExaVault: https://www.exavault.com/privacy/

Dropbox

We make files available for download for information purposes (e.g. brochures, leaflets, product information) via Dropbox International Unlimited Company, Upper Hatch Street, One Park Place, Floor 5, Ireland. Dropbox is certified under the Privacy Shield Agreement, thereby providing a guarantee of compliance with European data protection law(https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0). DSE from Dropbox: https://www.dropbox.com/privacy

WeClapp GmbH

We record customer and order data via the ERP system of the company Weclapp GmbH, Frauenbergstraße 31 - 33, 35039 Marburg, DE. DSE: https://www.weclapp.com/de/impressum/

LeadForensics

For marketing and optimization purposes, this website uses products and services of LeadForensics(http://www.leadforensics.com). LeadForensics' head office is located at Communication House 26 York Street, London, W1U 6PZ United Kingdom. Lead Forensics obtains details of your organization including phone number, web address, SIC code, a description of the company. Lead Forensics will show the actual history of your visit to this site, including all pages visited and viewed by you and how long you spent on the site. Under no circumstances will the data be used to personally identify an individual visitor. If IP addresses are collected, they are anonymized immediately after collection. On behalf of the operator of this website, Lead Forensics will use the collected information for the purpose of evaluating your visit to the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. If you do not agree, you can object to the collection, processing and storage of data at any time with effect for the future by clicking on the following link:

Exclude from website tracking -

Data protection for applicants

Purpose of data collection

Before joining the company or during the application process, we process the personal data of applicants exclusively for the purpose of establishing a contractual relationship to the extent required.

If applicants send us unsolicited application documents as part of a speculative application that contain personal data and information, we treat this data in the same way as applicant data that is sent to us by an applicant in response to an advertisement for a vacant position.

Legal bases for the processing of your personal data are in particular:

• for the establishment, performance and termination of a contractual relationship pursuant to Art. 6 para. 1 lit.b)
• for the fulfillment of a legal obligation according to Art. 6 para. 1 lit.c)
• in the case of processing for the protection of a legitimate interest pursuant to Art. 6 para. 1 lit. f)
• as well as on the basis of your consent by voluntarily providing data that is not absolutely necessary for the purpose according to Art. 6 para. 1 lit a)

Our legitimate interests in this regard are:

• the optimization of the application processes,
• ensuring compliance with safety regulations, requirements, industry standards and contractual obligations
• the assertion, exercise or defense of legal claims
• the prevention of damage and/or liability to the company by taking appropriate measures.

Types of data that we process

The following personal data is collected, processed and stored:

• Applicant data; name date of birth, curriculum vitae, nationality/work permit, etc. for selection, recruitment, entry and exit management.
• private contact data; address, telephone number, email (for the purpose of contacting you)
• Data within the scope of personnel screening (police clearance certificate, background check)
• If applicable, data that are subject to professional secrecy (data on health suitability and any restrictions).
• other data in the personnel administration: severe disability (if relevant), driver's license ownership

We do not require applicants to provide any information that is not usable under the General Equal Treatment Act (race, ethnic origin, gender, religion or belief, disability, age or sexual identity). We expressly ask you not to provide information about illnesses, pregnancy, ethnic origin, political views, philosophical or religious convictions, membership of a trade union, physical or mental health or sexual life. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, press law or general rights of third parties).

Deletion periods

After the respective purpose has been achieved, your data will be deleted. However, data will be retained for as long as necessary to defend legal claims or against any AGG allegations. As a rule, this is six (6) months, unless your profile was transmitted to us by a personnel service provider and is subject to longer-lasting commission claims by this service provider. If accounting-related processing has been carried out, such as the reimbursement of travel expenses, the data required for this will be deleted in compliance with the statutory retention periods, which are generally six (6) or ten (10) years.

If the application is successful and we conclude a contract with you, we transfer the data collected during the application process to our personnel file.

‍

Data protection for employees

Information on data processing

Before you join our company, we process your personal data exclusively for the purpose of establishing a contractual relationship to the extent required.

During the period of your employment or subsequently, your personal data will be processed for the purpose of implementing and/or terminating the contractual relationship.

After the respective purpose has been achieved, your data will be deleted in compliance with the statutory retention periods, which are usually 6 or 10 years, or 30 years or longer in the case of various data categories such as occupational pension plans.

Legal bases of the processing

Legal bases for the processing of your personal data are in particular:

• Art. 6 para. 1 lit a) on the basis of consent from you, whereby in principle none is required for the conclusion of a contract or the continuation of an existing contract,
• Art. 6 para. 1 lit.b) for the establishment, performance and termination of a contractual relationship,
• Art. 6 para. 1 lit.c) to fulfill a legal obligation,
• Art. 6 para. 1 lit. f) for the protection of a legitimate interest

Our legitimate interests in this respect lie, for example, in

• the implementation of electronic access controls,
• the optimization of personnel planning,
• ensuring compliance with safety regulations, requirements, industry standards, and contractual obligations,
• the assertion, exercise or defense of legal claims,
• the avoidance of unnecessary expenditures as well as increasing efficiency and effectiveness,
• the avoidance of official requirements such as a driving record requirement,
• the prevention of damage and/or liability to the company by taking appropriate measures.

Data collected from third parties

Via the ELSTAM procedure, we collect payroll accounting data that the tax authorities provide to us for correct accounting. This applies in particular to the payroll data listed below.

We may be notified of misconduct regarding the use of company vehicles by third parties and receive information in this connection.

Types of data that we process

The following personal data are processed:

• Applicant data; name date of birth, curriculum vitae, citizenship/work permit, etc. for selection, recruitment, entry and exit management;
• private contact details; address, telephone number, email (for the purpose of contact);
• official contact details; e.g. telephone numbers, email, place of work, job title, photo if applicable;
• Identification/payment data; identity card data or work permit for identification and determination of the legitimacy of employment, place of birth, marital status, tax identification number, health insurance membership, income tax class, allowances, denominational affiliation for church tax, account number, any wage garnishments (for the purpose of payroll accounting and fulfillment of social security, tax and other legal obligations);
• Timekeeping data, vacation times, work time accounts, shift schedules, if applicable, etc.;
• Data within the scope of personnel screening depending on use in various mandates that require this, e.g. police clearance certificate, background check (ZUP);
• Data on suitability for performance/behavior monitoring; training and continuing education information, data for the purpose of measuring target achievement, e.g. for variable compensation component, data on violations of road traffic regulations ("parking tickets"),
• other data in personnel administration: data within the scope of company health care and company health management, occupational health and safety, any degree of severe disability, driver's license ownership;

Categories of recipients:

• Bank service provider, if applicable service provider for calculating pension provisions
• Service provider for payroll accounting (tax advisor), auditor
• Health, social and accident insurance carriers and other insurance companies
• Authorities such as tax authorities, social security funds, employment agencies, and, if applicable, safety, health, road traffic or related fine offices and other authorities
• Company medical service
• Business partners and customers (business contact data)

Regarding the rights of employees, information is provided in the superordinate privacy policy.

‍