Privacy Notice

Data Protection Declaration

1. Data protection at a glance

The following information provides a simple overview of what happens to your personal data when you visit our website. “Personal data” are all data with which you can be personally identified, e.g. name, address, telephone number, e-mail address.

SSL and TLS encryption

This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as a request that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Who is responsible for data processing?

The entity responsible for the data processing on this website is:

Data Virtuality GmbH

Katharinenstraße 15

04109 Leipzig

Phone: +49 341 264 37217

E-Mail: datenschutz@datavirtuality.de

How do we collect your data?

On the one hand, your data are collected by you communicating them to us. This can be data that you enter in a contact form, for example.

Other data are automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the visit). These data are collected automatically as soon as you visit our website.

What do we use your data for?

Some of the data are collected to ensure that the website is error-free. Other data may be used to analyse your user behavior. The analysis of your user behaviour is usually anonymous; your behaviour cannot be traced back to you. You may object to this analysis. You will find more detailed information about this in this data protection declaration below.

What rights do you have with regard to your data?

According to the EU General Data Protection Regulation (GDPR) you have the following rights with regard to your personal data:

  • Right to information
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to portability

If you wish to exercise your rights, please contact our data protection officer (for contact details, see “Who is our data protection officer?”).

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

The competent supervisory authority is:

Saxony Data Protection Commissioner

P.O. Box 12 00 16

01001 Dresden

Phone: +49 351 854 71101

Fax: +49 351 8547 1109

Internet: www.datenschutz.sachsen.de

Email: saechsdsb@slt.sachsen.de

Who is our data protection officer?

You can reach our data protection officer Mr. Marco Tessendorf from procado Consulting, IT- & Medienservice GmbH, Warschauer Str. 58a, 10243 Berlin, by e-mail at datenschutz@datavirtuality.de.

Hosting by Hetzner Online GmbH

For data processing, we use servers of the Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, which are used by us as a platform for hosting. Hetzner’s data centers are located in data center parks in Nuremberg and Falkenstein. Hetzner also operates a data center in Helsinki, Finland.

Hetzner Online is certified in accordance with DIN ISO/IEC 27001. The certificate documents adequate security management, the security of the data, the confidentiality of the information and the availability of the IT systems. As part of our cooperation, we do not pass on any personal data about your visit to our website directly to Hetzner. However, it may happen that Hetzner has at least potential access to personal data, e.g. during maintenance work. Since such cases also involve “job processing” pursuant to Article 28 GDPR, we have concluded a data protection agreement with Hetzner in accordance with that provision. This also ensures the protection of your personal data.

2. Data collection on our website

Use of cookies

(1) Description of data processing

Our website does uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offerings more user-friendly, more effective and safer. Cookies are small text files that are stored on your hard drive and allocated to the browser you are using and through which certain information flows to the location that the cookie sets (here by us). This website uses the following types of cookies, the scope and functionality of which are explained below:

  • transient cookies,
  • persistent cookies.

Transient cookies are automatically deleted when you close your browser. They include session cookies in particular. They store a “session ID”, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Insofar as other cookies (e.g. cookies for the analysis of your user behaviour) are stored, these are treated separately in this data protection declaration.

(2) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6(1)f GDPR.

(3) Purpose of data processing

The purpose of using cookies is to simplify the use of websites for users. In principle, our website can be used without the use of cookies. However, some functions cannot be offered without the use of cookies.

(4) Duration of storage, possibility to object

Cookies are stored on the user’s computer and transmitted from such computer to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

Server log files

(1) Description of data processing

If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, our system automatically collects data and information that your browser transmits to our server (“access data”):

  • address,
  • date and time of your visit,
  • time zone difference to Greenwich Mean Time (GMT),
  • website from which you accessed our website,
  • browser used,
  • operating system used.

The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

(2) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6(1), Sentence 1, Litera f GDPR.

(3) Purpose of data processing

The temporary storage of data by the system is necessary to provide you our website. For this purpose, the user’s IP address in particular must remain stored for the duration of the session.

The data are stored in log files to ensure the functionality of the website. In addition, the data help us to ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context.

These purposes also include our legitimate interest in data processing pursuant to Article 6(1)f GDPR.

(4) Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data are collected for the provision of the website, the data will be deleted case when the respective session has ended. If the data are stored in log files, they are deleted after 7 days at the latest.

(5) Possibility to object

The collection of data for the provision of the website and the storage of data in log files are mandatory for the operation of the website. There is therefore no possibility on the part of the website user to object.

Forms and e-mail contact

(1) Description and scope of data processing

You will find various forms on our website. What data are collected in the process is determined by the respective form. These data are collected for the following purposes:

  • REQUEST FOR CUSTOMISED DEMO: To be able to offer you a free, customised demo of Data Virtuality. If you request an appointment for a demo, then we will use your data to contact you, determine your needs and schedule an appointment together with you to meet.
  • 14-DAY TRIAL To provide you with our services free of charge for 14 days for testing. If you ask for our 14-DAY TRIAL, we will use your data to contact you, determine your needs and arrange an appointment with you.
  • FREE E-BOOKS: To provide you our free documents (white papers, guides).

Our website also gives users the opportunity to contact us via the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail are stored.

(2) Legal basis for data processing

The legal basis for the processing of the data is Article 6(1)b GDPR, as far as pre-contractual measures are concerned, which takes place upon your request (individual demo, 14-day trial). The legal basis for the processing of data which you make available to us in order to download documents free of charge is Article 6(1)f GDPR (protection of legitimate interests). It is our legitimate interest to be able to provide you with information material in line with your interests.

(3) Duration of storage

We store your data for as long as is necessary to process an inquiry, but for no longer than one year. This does not include data that we are legally obliged not to delete (e.g. documents that must be kept in accordance with tax and commercial law) and data that are required to safeguard legitimate interests, for example to assert claims.

(4) Possibility to object

Enquirers can contact us at any time by sending an e-mail to datenschutz@datavirtuality.de to request the deletion from the database of the personal data you have transmitted to us via the online form.

(5) Sales/marketing communications

If you request an INDIVIDUAL DEMO, a 14-DAY TRIAL or FREE E-BOOKS or WHITEPAPERS online, we may, with your consent, also use the personal information you provide us through the form for sales/marketing communications. By such communications we mean:

  • telephone contact (follow-up after INDIVIDUAL DEMO REQUEST, 14-DAY-TRIAL, FREE E-BOOKS or WHITEPAPERS) as well as
  • contact by e-mail to draw your attention to our newsletter or our products and services, or direct contact by e-mail.

The legal basis is § 6(1), Sentence 1, Litera a GDPR(Consent). You can revoke your consent at any time and we will not contact you again. You may revoke your consent by sending an e-mail to datenschutz@datavirtuality.de or by sending a message to the contact details given in the imprint.

(6) Disclosure of data

In order to achieve the intended purposes, it is necessary for data to be passed on to third parties. The legal basis for disclosure is Article 6(1)f GDPR (safeguarding of legitimate interests). It is based on our legitimate interest in the efficient provision of our services. We only work with third parties who offer sufficient guarantees that appropriate technical and organisational measures will be taken to ensure adequate protection of your rights. These third parties are:

(a) Pardot

The forms on our website are linked to Pardot. Pardot is marketing automation software from Salesforce.com EMEA Limited.

Voluntarily provided personal data are first stored in Pardot and then processed with the Salesforce CRM system for the purpose of establishing contact and/or sending information. Salesforce does not store IP addresses, but uses the unique visitor ID and unique identifier attributes.

Learn here how Salesforce processes your information when you visit websites.

We use Pardot as a marketing analysis service that enables us to maintain, measure, expand our web offering and marketing communications and optimise our website content. Data are processed in Salesforce on our behalf through the use of cookies.

Provider information:

salesforce.com EMEA Limited

Company No. 05094083, registered in England

Floor 26 Salesforce Tower, 110 Bishopsgate

EC2N 4AY London

UK

(b) Instapage

We use Instapage, Inc. services to create microsites and online forms. When you contact us through one of our online forms, we store the information you provide, the time you submit it, and whether you opened the form on a computer or mobile device. This enables us to answer your enquiry and ask possible follow-up questions and, if necessary, to improve the form we provide on Instapage or the information it contains. The forms on Instapage automatically forward the information to Pardot via a webhook. However, Instapage itself does not process these data, but only makes them available.

Provider information:

Instapage, Inc.

118 King St. Suite

450 San Francisco, CA 94107

USA

Subscription to our e-mail newsletter

(1) Description and scope of data processing

On our website you have the possibility to subscribe to our newsletter, with which we regularly inform you about our current interesting offerings.

We use the “double opt-in procedure” to register for our newsletter. This means that after your registration we will send you an e-mail to the specified e-mail address in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, the confirmation link will become invalid and your information will be blocked. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

Your e-mail address is the only required information for sending the newsletter. The specification of further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we save your e-mail address for the purpose of sending you the newsletter.

(2) Legal basis for data processing

The legal basis is Article 6(1), Sentence 1, Litera f GDPR, insofar as we store data in order to document your registration and, if necessary, clarify possible misuse of your personal data. We store your e-mail address with your consent. The legal basis is Article 6(1), Sentence 1, Litera a GDPR.

(3) Possibility of revocation and duration of storage

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to datenschutz@datavirtuality.de or by sending a message to the contact details given in the imprint.

We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided the former existence of consent is confirmed at the same time.

(4) Newsletter service providers

The newsletters are sent via Pardot, a newsletter distribution platform of salesforce.com EMEA Limited. The personal data you provide us in the course of registering for the newsletter will also be processed in the United States for the purpose of sending the newsletter and for marketing purposes. We transfer this information to Salesforce.com EMEA Limited. The legal basis for disclosure is Article 6(1)f GDPR (safeguarding of legitimate interests). It is based on our legitimate interest in the efficient provision of our services.

We only work with third parties who offer sufficient guarantees that appropriate technical and organisational measures will be taken to ensure adequate protection of your rights. Salesforce.com has joined the EU-U.S. Privacy Shield  and thus offers an additional guarantee of compliance with European data protection law if data are processed in the United States.

We have also concluded a data processing agreement with Salesforce. This is a contract in which Salesforce agrees to protect our users’ information, process it on our behalf in accordance with its privacy policies, and specifically not disclose it to third parties.

(6) Newsletter success measurement

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain web beacons and/or tracking pixels that are stored externally. For the evaluations, we link the above server log data and the web beacons to your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. We record when you read our newsletters, which links you click in them and infer your personal interests from this. We link these data to actions you take on our website.

The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to our users’ interests. This is also our legitimate interest pursuant to Article 6(1), Sentence 1, Litera f GDPR.

You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to datenschutz@datavirtuality.de or by sending a message to the contact details given in the imprint.

3. Analysis tools and advertising

Website analysis with Google Analytics

This website uses the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses “cookies”, which are stored on your computer and help analyse your surfing behaviour on our website. The information generated by the cookie about the use of this website is usually transferred to a Google server in the United States and stored there.

We use Google Analytics to analyse the use of our website and to regularly improve the site. The statistics obtained enable us to improve our services and make them more interesting for you as a user.

This website uses Google Analytics with an extension that anonymises IP addresses. This means that your IP address is transferred to Google in abbreviated form, thus excluding the possibility of personal references. If the data collected about you contain a personal reference, this reference is immediately excluded.

The legal basis for the use of Google Analytics is Article 6(1), Sentence 1, Litera f GDPR. For exceptional cases in which personal data are transferred to the United States, Google has submitted to the EU-U.S. Privacy Shield.

The data will be deleted as soon as they are no longer needed for our purposes. This is the case with us after 14 months.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address) and from processing these data by downloading and installing the browser plug-in available here. We also offer you the possibility to deactivate your usage data on this website by clicking the following link: Disable Google Analytics from collecting data for this website. In this case, an opt-out cookie will be placed that prevents future collection of your user data when you visit this website.

Advertising with Google Analytics Remarketing

This site also uses Google Analytics Remarketing features in conjunction with the cross-device features of Google Ads and Google DoubleClick.

This feature allows you to link the advertising target groups created with Google Analytics Remarketing with the cross-device features of Google Ads and Google DoubleClick. In this way, interest-related, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one device (e.g. mobile phone) can also be displayed on your other devices (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalised advertising messages can be displayed on any device on which you sign in with your Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by opting out of personalised advertising in your Google Account by following this link.

The data collected in your Google Account are only collected on the basis of your consent, which you can give or revoke at Google (Article 6(1)a GDPR). In the case of data collection processes that are not merged into your Google account (e.g. because you do not have a Google account or have objected to the merging), the data collection is based on Article 6(1)f GDPR. The justified interest results from the fact that the website operator has an interest in the anonymous analysis of the website visitors for advertising purposes.

For more information and the privacy policy, please see Google’s privacy policy here.

Advertising with Google Ads and Google Conversion Tracking

This website uses the online advertising program Google Ads.

In the context of Google Ads, we use conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. These cookies lose their validity after 30 days and do not serve to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and ourselves may recognize that the user clicked on the ad and was directed to that page.

Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers see the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your Internet browser under User Settings. You will then not be included in the conversion tracking statistics.

The storage of conversion cookies is undertaken based on Article 6(1) Litera f GDPR. As website operators, we have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising.

You can find more information about Google Ads and Google Conversion Tracking in the Google Privacy Policy.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Insight Tag from LinkedIn

Our website uses the LinkedIn Insight Tag of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The LinkedIn Insight Tag is a small piece of JavaScript code that we have added to our website. Every time you visit any of our pages that contain LinkedIn features (e.g. our online application forms), information about your visits to the site, including URL, referrer URL, IP address, device and browser properties, timestamps, and page views, is collected and transmitted to a LinkedIn server in the United States. For cases when personal information is transferred to the United States, LinkedIn has submitted to the EU-U.S. Privacy Shield  and thus offers a guarantee of compliance with EU data protection law.

Using the LinkedIn Insight Tag, we can analyze the success of our campaigns within LinkedIn or determine target groups for these campaigns based on user interaction with our online offerings.

These data are encrypted by LinkedIn and anonymised within 7 days. The anonymised data are deleted within 90 days. LinkedIn does not share any personal data with the website operator (i.e. us), but only provides the operator aggregated reports about the website’s target audience and display performance. More information about LinkedIn’s Insight Tag can be found here.

LinkedIn also provides retargeting for website visitors so that the website owner can use this information to display targeted advertising outside his or her website without identifying the LinkedIn member. Members of LinkedIn can control the use of their personal data for advertising purposes in their account settings (more below).

The processing of personal data is undertaken based on Article 6(1)f GDPR. As website operators, we have a legitimate interest in analysing user behaviour in order to optimise both our website and our advertising.

You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out  here. If you are a LinkedIn member, click on the field “Reject LinkedIn”. If you are not on LinkedIn, click “Reject”. If you are logged in at LinkedIn, you can deactivate data collection at any time with this link.

Facebook Pixel

Our website uses the so-called “Facebook Pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

Using the Facebook Pixel, Facebook is able to identify you as a visitor to our online offerings as a target group for the display of ads (“Facebook ads”). Accordingly, we use the Facebook Pixel to display Facebook ads placed by us only for Facebook users who have shown an interest in our online offerings or who have certain features (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (“custom audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads match the potential interest of users and are not annoying. Facebook Pixel allows us to further track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users were referred to our website after clicking on a Facebook ad (known as “conversion”).

Facebook has joined the EU-U.S. Privacy Shield  and thus offers a guarantee of compliance with EU data protection law.

The processing of the data takes place within the framework of the Facebook Data Policy. Information about Facebook Pixel and how it works can be found in the help section of Facebook.

You can deactivate the remarketing function “Custom Audiences” in the area Settings for Advertisements. You must be logged in to Facebook to do this.

If you don’t have a Facebook account, you can deactivate  Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance website.

Albacross

On our website we use the Albacross technology of Albacross Nordic AB, Kungsgatan 26, 111 35 Stockholm, Sweden (“Albacross”).

Albacross collects and uses the IP address from which you visited our website and technical information that enables Albacross to distinguish different visitors from the same IP address. Albacross also stores the domain from the form input to correlate the IP address with your employer.

By using Albacross tracking, we improve our lead management service for companies that visit our website and are interested in our offerings. This also constitutes our legitimate interest in data processing pursuant to Article 6(1)f GDPR.

Albacross technology is designed primarily to identify companies – not individuals – who have visited our website. More detailed information can be found at https://albacross.com/privacy-policy/ as well as http://help.albacross.com/gdpr/gdpr-introduction.

We have concluded a data processing agreement with Albacross. This is a contract in which Albacross undertakes to protect the data of our users, to process them on our behalf in accordance with their data protection policies and, in particular, not to pass them on to third parties.

You may at any time withdraw your consent to this processing. Such withdrawal may be made either by contacting us, or by contacting Albacross directly.

Albacross Nordic AB

Kungsgatan 26

111 35 Stockholm, Sweden

www.albacross.com

contact@albacross.com

4. Plug-ins and tools

YouTube

Our website uses plug-ins of the YouTube page operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plug-in, you will be connected to YouTube’s servers. This will tell the YouTube server which of our pages you have visited.

If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)f GDPR.

You can find further information on the handling of user data in the YouTube Privacy Policy.

Vimeo

Our website uses plug-ins of the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo plug-in, you will be connected to Vimeo’s servers. The Vimeo server will be informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the United States.

If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.

You can find further information on the handling of user data in the Vimeo Privacy Policy.

Intercom

This website uses technologies of Intercom, Inc., 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Ireland, to collect and store anonymised data for web analytics purposes and to operate the live chat system to respond to live support requests. These anonymous data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the Internet browser of the site visitor. The cookies enable the recognition of the Internet browser. Insofar as the information collected in this way is personally identifiable, it is processed in accordance with Article 6(1)f GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behaviour for optimisation purposes.

The data collected using Intercom technologies will not be used to personally identify the visitor to this website and will not be merged with personal data relating to the bearer of the pseudonym without the express consent of the person concerned. To avoid the storage of Intercom cookies, you can set your Internet browser so that no cookies can be stored on your computer in the future or cookies that have already been stored will be deleted. However, disabling all cookies may mean that some functions on our website will no longer be able to be executed. You can object to the collection and storage of data for the purpose of creating a pseudonymised user profile at any time with effect for the future by sending us your objection informally by e-mail to the e-mail address specified in this data protection declaration.

5. Web Fonts from Adobe Typekit

This website uses web fonts provided by Adobe Typekit for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you are using must connect to the Adobe Typekit servers. This will allow Adobe Typekit to know that your IP address has been used to access our website. The use of Adobe Typekit Web Fonts is in the interest of a consistent and appealing presentation of our online offerings. The legal basis is Article 6(1)f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information about Adobe Typekit Web Fonts, here and in the Adobe Typekit Privacy Policy.

6. Online applications

When you apply online on our website, we store your name, email, address, telephone number and how you learned about the job you are applying for. In addition, we store your electronic letter of motivation (“Describe for us exactly why you are the right person”) and your electronic resume. In addition, we store additional data if you voluntarily upload them for us via the “What else we should see” field.

By way of your application, you represent that the information you have provided is true. Please note that any false statement or deliberate omission may constitute a reason for rejection or subsequent termination.

We do not need information from you that is not usable under the General Equal Treatment Act (race, ethnic origin, gender, religion or belief, disability, age or sexual identity). We also do not ask for information on diseases, pregnancy, ethnic origin, political beliefs, philosophical or religious convictions, trade union membership, physical or mental health or sex life. This also applies to content that is suitable for violating the rights of third parties (e.g. copyrights, press rights or general rights of third parties).

Your personal data will only be processed if they relate to your interest in current or future employment with us and the processing of your application. The data will not be passed on to third parties. If your application is successful, the data provided may be used for administrative purposes within the framework of your employment. The legal basis is § 26 of the German Federal Data Protection Act (new).

Your online application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. Under no circumstances will third parties be made aware of your details. The processing of the data takes place exclusively in Germany.

If we are unable to offer you employment, we will retain the data you have provided for up to 6 months for the purpose of answering questions relating to your application and rejection based on a statutory retention obligation. The legal basis for the storage obligations is Article 6(1)c GDPR

Your data are transmitted in encrypted form and then stored in a database. All systems in which your personal data are stored are protected against access and only accessible to a certain group of persons responsible for personnel.

7. Our social media sites

Data processing through social networks

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.

Social networks such as Facebook, Google+, etc. can usually analyse your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous processing operations relevant to data protection. In particular:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can attribute this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing on the social media portals. Depending on the provider, the operators of the social media portals may be able to carry out further processing operations. Details can be found in the terms of use and data protection policies of the respective social media portals.

Legal basis

Our social media sites are designed to ensure the most comprehensive presence on the Internet possible. This is a legitimate interest in the terms of Article 6(1)f GDPR. The analysis processes initiated by the social networks may have different legal bases, which must be stated by the operators of the social networks (e.g. consent in the terms of Article 6(1)a GDPR).

Data controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during your visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our possibilities depend to a large extent on the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence are deleted from our systems as soon as the purpose for their storage no longer applies, you request us to delete them or revoke your consent to storage. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – are not prejudiced hereby.

We have no influence on the storage period of your data, which are stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified according to the EU-US Privacy Shield.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in. Details can be found in the Facebook Privacy Policy.

Google+

We have a profile on Google+. The provider is Google Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google is certified under the EU-US Privacy Shield:

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in. Details can be found in the Google Privacy Policy.

Twitter

We use the Twitter text messaging service. The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified according to the EU-US Privacy Shield.

You can adjust your Twitter privacy settings independently in your user account. To do this, click on the following link and log in. Details can be found in the Twitter Privacy Policy .

Instagram

We have a profile at Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how we handle your personal data can be found in the Instagram Privacy Policy.

Pinterest

We have a profile at Pinterest. The operator is Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”). Details on how we handle your personal data can be found in the Pinterest Privacy Policy.

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on how we handle your personal data can be found in the XING Privacy Policy.

LinkedIn

We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited CompanyWilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified according to the EU-US-Privacy-Shield. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link.

Details on how we handle your personal data can be found in the LinkedIn Privacy Policy.

Version: January 2019