General Privacy Statement Website



Information on the EU General Data Protection Regulation (GDPR)


Data protection information in accordance with the EU General Data Protection Regulation – as of June 2018

General


The protection of your personal data is something that we take very seriously. Your privacy is an important concern to us. 
The following provisions serve to provide you with information about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR), especially taking into account the information obligations under Articles 12 to 14 of the GDPR. They also serve to clarify existing data protection rights under the GDPR in accordance with Articles 15 to 22 and Article 34 GDPR.

Information about the responsible body


The body responsible for processing your personal data is provativ GmbH.
For contact details, please refer to the imprint below
https://provativ.com/de/impressum

We process your personal data in accordance with the respectively applicable statutory data protection requirements for the purposes listed below for each group of data subjects:


Use of service providers


Individual processes or services are carried out by carefully selected and commissioned service providers. We transmit or receive personal data about these service providers solely on the basis of a processing contract. If the seat of a service provider is located outside the European Union or the European Economic Area, then a third country transfer takes place. Data protection agreements that comply with the legal requirements are agreed by contract with these service providers in order to establish an adequate level of data protection and corresponding guarantees are also agreed.

Information about your rights


You have the right,
  • to ask us for confirmation that your personal data is being processed by us; if this is the case, then you have a right to information about these personal data and to the information listed in Article 15 GDPR.
  • to demand to receive the data concerning you in the restrictions of Article 20 GDPR in a commonly used, electronic, machine-readable data format. This also includes the transfer of the data (as far as this is possible) to another person directly specified by you.
  • to ask us to correct your data if they are incorrect, inaccurate and/or incomplete. Correction also includes the completion by means of declarations or notifications.
  • to demand from us that personal data relating to you be deleted immediately, provided that one of the reasons detailed in Article 17 GDPR applies. Unfortunately, we are not allowed to delete data that is subject to a legal storage period. If you do not wish us to contact you by newsletter or by any other means, we will store your contact details concerning this matter on a blocked list.
  • to revoke any consent given by you with effect for future processing, without incurring any disadvantages.
  • to require us to restrict the processing if one of the conditions listed in Article 18 GDPR is met.
  • for reasons arising from your particular situation, to object to the processing of your personal data at any time. We will then no longer process your personal data, unless we can prove compelling reasons worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims (Article 21 GDPR).
  • to complain without prejudice to any other administrative or judicial remedy and if you believe that the processing of personal data concerning you is in breach of the GDPR
  • to our data protection officer: [email protected] or by post (see address in the imprint)
  • to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of alleged infringement.


Deletion of your data


Unless otherwise stipulated in the more detailed privacy policies, we will delete your personal data if the contractual relationship with you has been terminated, you have exercised your right to cancellation, all mutual claims have been fulfilled and there are no other statutory retention requirements or legal justification for their storage.

Definitions


For the purposes of this general information, these terms are defined as follows:
  • Personal data: Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples are contact data, communication data, billing data.
  • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Employees: Employees, including temporary workers in relation to the hirer, those employed as part of their vocational training, participants in measures intended to allow people to participate in the world of work, as well as evaluations regarding occupational aptitude and capacity for work (people undergoing rehabilitation) employees working in recognised workshops for disabled people, volunteers performing a service under the Youth Voluntary Service Act or the Federal Voluntary Service Act, persons who, because of their economic independence, are to be considered as employee-like persons; they include people working from home and their peers, civil servants, judges of the federal government, soldiers and civil servants, as well as applicants for employment and persons whose employment relationship has ended.
  • Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.


Changes to our privacy policy


We reserve the right to change our privacy policy if need be and publish it here. Please check this page regularly. The updated statement will enter into force upon its publication, subject to applicable legislation. If we have already collected data about you that are affected by the change and/or are subject to a statutory information obligation, we will also inform you about any significant changes to our privacy statement.




Zurück zum Inhaltsverzeichnis der Übergreifenden Datenschutzerklärung


Privacy statement for website users



Scope of application


This privacy statement applies to all pages of our online network that link to this statement.
The general details can be found on our main page relating to our privacy statement.

The purpose of the data collection


The purpose of collecting the data is to optimise the website, analyse errors, to tailor the website to your individual needs, to offer to make contact with you as well as, if need be, to sell goods and services.

General information on data processing


In principle, we collect and use the personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of our users' personal data take place regularly, only after the user's consent has been obtained. An exception applies to cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal bases of the processing of your data:
  • Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • When processing the personal data required to fulfil a contract of which the data subject is a party, Article 6 (1) b GDPR serves as legal basis. This also applies to processing operations which are required to take steps prior to entering into a contract.
  • Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) c GDPR serves as the legal basis.
  • In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) d GDPR serves as the legal basis.
  • If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the interest of the former, then Article 6 (1) f GDPR serves as the legal basis for the processing.

In particular, legitimate interests may be:
  • answering inquiries;
  • the carrying out of direct marketing measures;
  • the provision of services and/or information intended for you;
  • the processing and transfer of personal data for internal or administrative purposes;
  • the operation and administration of our website;
  • the technical support of the users;
  • the prevention and detection of fraud and crime;
  • protecting against payment defaults when soliciting credit reports in the case of requests for deliveries and services; and or
  • ensuring network and data security, to the extent that such interests are consistent with applicable law and the rights and freedoms of the user;
Categories of recipients
  • Website optimisation service providers, online marketing service providers and tools, ICT service providers, software and hardware maintenance companies, in part described in more detail below
  • Social networks and communities as described below
  • Internal recipients in line with the "need to know" principle


Usage data/server log files


Each time our websites are accessed, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected here: browser type, version used, the user's operating system, Internet service provider, user's IP address, date and time of access, web pages from which the user's system has come to our website or to which the user goes to from our website.
With the above-mentioned legitimate interests, the legal basis for the temporary storage of data and log files is Article 6 (1) f GDPR.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. In order to do this, your IP address must be stored for the duration of the session.
Storage in log files is done to ensure website functionality. In addition, the data is used to optimise the website and to ensure the security of our IT systems. Any evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in the processing of data also lies in these purposes. The data will be deleted as soon as their collection is no longer required to achieve the purpose for which they were collected. In the case of collecting the data for the provision of our website, this is the case when the respective session is over. Furthermore, we also reserve the right to check the files if, on the basis of concrete evidence, a legitimate suspicion of unlawful use or a specific attack on the web pages exists. In this case, our legitimate interest is the processing of the data for the purpose of investigating and prosecuting such attacks and illegal uses.

Use of cookies


We use cookies. Cookies are text files that are stored on your computer and which your Internet browser saves. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our website demand that the calling browser be identified even after changing pages. The following data is stored and transmitted in the cookies: language settings, articles in a shopping cart, log-in information, etc.
We also use cookies on some of our web pages that allow the surfing behaviour of the users to be analysed. In this way, any search terms entered, the frequency of page views, the use of website functions, etc. are transmitted. The data of the users collected in this way are pseudonymised by technical measures for reasons of precaution. That is why any assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.
Legal basis for data processing by means of cookies
The legal basis for the processing of your personal data using technically necessary session cookies is Article 6 (1) f GDPR. The legal basis for the processing of your personal data using cookies for the purposes of analyses upon submission of the user's consent for this is Article 6 (1) f GDPR.
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. We require the use of cookies for the provision of the shopping cart, adoption of language settings, the memorisation of search terms, etc. Use of the analysis cookies is for the purpose of improving the quality of our website and its contents. By using the analysis cookies, we learn how the website is used so we can constantly improve our offer. Our legitimate interest in the processing of data also lies in these purposes. When accessing our website, the user is informed about the use of cookies for the purpose of analyses and his consent to the processing of the personal data used in this context is obtained. In this context, there is also a reference to this privacy statement. Cookies are stored on the user's computer and transmitted from it to our website. As a user, therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent. You can administer cookies of some US companies via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.

General statements about web beacons/tracking pixels


Web beacons are often-transparent graphic images that are the size of a pixel. They are used by affiliates, in particular for the purpose of tracking a user through the various web pages for profile formation for use with advertising that has been tailored to the user (targeting). A pixel embedded in the web page is loaded by the partner's server when the webpage is accessed. The partner thus receives your IP address, as well as details about your browser and its version, browser plug-ins (browser fingerprint) used, your operating system as well as your network operator.

Google Analytics


Google Analytics


Some of our web pages use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called “cookies”, which are text files stored on your computer and which enable the website to analyse how users use the site. The information generated by the cookie about your use of the website is, as a rule, transmitted to and stored by Google on servers in the United States. In the event of that the IP anonymization on this website is activated, however, Google will truncate your IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and truncated there. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator. Google will not associate your IP address transmitted within the framework of Google Analytics from your browser with any other data held by Google The legal basis for processing the user's personal data is Article 6 (1) f GDPR. We use Google Analytics to analyse and regularly improve the use of our website. With the statistics we gather, we can improve our offer and make it more interesting for you as a user. This website also uses Google Analytics for cross-device analysis of visitor traffic conducted through a user ID. You can disable the cross-device analysis of your usage under "My Data" and "Personal Information" in your customer account.    You can prevent the storage of cookies by selecting the appropriate settings of your browser software; however, we wish to point out that if you do this, you may not be able to use all the features of this website to the fullest extent possible. Furthermore, you can prevent Google from collecting and using any data relating to your use of the website (incl. your IP address) by downloading and installing the browser plug-in available under the following link https://tools.google.com/dlpage/gaoptout?hl=en-GB. This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in a truncated form to prevent them from being directly linked to a particular individual. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately. For the exceptional cases in which personal data is transferred to the US, Google complies with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. User conditions:
http://www.google.com/analytics/terms/de.html, overview of data protection:
http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Privacy Statement:
http://www.google.de/intl/de/policies/privacy.

Use of the remarketing or "similar target groups" function by Google Inc.
On some of our web pages, we use the remarketing or "similar audiences" function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This feature serves to analyse visitor behaviour and visitor interests.
Google uses cookies to carry out the website usage analysis, which forms the basis for the creation of interest-based advertising. Cookies mean that website visits as well as anonymised data on the use of the website can be recorded. The personal data of users are deleted as soon as the purpose of the storage no longer applies. If you then visit another website in the Google display network, you will then be shown adverts which are more likely to take previous areas of interest regarding products and information into account.
If need be, your data will also be transmitted to the USA. The transmission of data to the USA is covered by an adequacy decision of the European Commission. Processing is carried out on the basis of Article 6 (1) f GDPR due to our justified interest in addressing visitors to the website with targeted advertising by displaying personalised interest-related ads when they visit other websites in the Google Display Network. You have the right, at any time, for reasons that arise from your particular circumstances, to object to the processing of your personal data, which takes place on the basis of Article 6(1) e or f GDPR. For this purpose, you can permanently deactivate the use of cookies by following the link below and downloading and installing the plug-in: https://support.google.com/ads/answer/7395996?hl=de.
Alternatively, you may opt out of third-party cookies by visiting the Network Advertising Initiative deactivation page at https://www.networkadvertising.org/choices/ and carrying out the opt-out information given there.

Use of Google Adwords conversion tracking
On some of our web pages, we use the online marketing programme “Google AdWords” and, within this framework, conversion tracking (evaluation of customer interaction). Google conversion tracking is a service operated by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When you click on an advert placed by Google, a cookie is placed on your computer to enable conversion tracking. These cookies have limited validity, do not contain any personal data and so cannot be used for personal identification. When you visit certain pages on our website and the cookie has not yet expired, we and Google can recognise that you clicked on the advert and were forwarded to this page. Every Google AdWords customer receives a separate cookie. It is, therefore, not possible to track cookies relating to the websites of AdWords customers. The information collected using the conversion cookie serves the purpose of producing conversion statistics. This allows us to find out the total number of users who clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. However, we do not receive any information which could be used to personally identify users. Processing is carried out on the basis of Article 6 (1) f GDPR due to our justified interest in targeted advertising and the analysis of the effectiveness and efficiency of this advertising.
You have the right, at any time, for reasons that arise from your particular circumstances, to object to the processing of your personal data which takes place on the basis of Article 6(1) e or f GDPR.
You can prevent the storage of cookies by selecting the appropriate technical settings of your browser software.
We wish to point out, however, that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You will then not be included in the conversion tracking statistics. You can also deactivate personalised advertising in Google’s advertising settings. You can find instructions on how to do that at https://support.google.com/ads/answer/2662922?hl=de
You can also deactivate the use of cookies by third parties by calling up the Network Advertising Initiative deactivation page at
https://www.networkadvertising.org/choices/ and following the opt-out instructions. More information as well as Google’s privacy statement is available at:
https://www.google.de/policies/privacy/

Google Tag Manager


On some of our web pages, we use Google Tag Manager. This service allows website tags to be managed by a single interface. Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. Google Tool Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain in effect for all tracking tags insofar as they are implemented with the Google Tag Manager. All other statements apply as with Google Analytics.

Double-Click


On some of our websites, we use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to provide ads that are relevant to users, to improve reports on campaign performance, or to prevent a user from seeing the same ads multiple times. Google uses a cookie ID to determine which ads are running in which browser and can thus prevent them from being displayed multiple times. Moreover, DoubleClick uses cookie IDs to track conversions related to ad requests. This is the case when, for example, a user sees a DoubleClick ad and later goes to the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain information that can be used to identify a person.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the extent and further use of the data collected by the use of this tool by Google and, therefore, inform you to the best of our knowledge: by including DoubleClick on your website, Google is informed that you have accessed the corresponding part of our website or clicked on an ad of ours. If you are registered with a service provided by Google, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a chance that the provider will find and store your IP address.
There are different ways to prevent tracking of online activities:
a) by setting your browser software accordingly, in particular, suppressing third-party cookies to prevent you from receiving third-party ads; 
b) by disabling the cookies for conversion tracking by setting your browser to block cookies from the domain „www.googleadservices.com“, https://www.google.de/settings/ads; this setting is cleared when you delete your cookies;
c) by disabling the interest-based ads of the providers that are part of the "About Ads" self-regulatory campaign via the link http://www.aboutads.info/choices, this setting will be cleared when you delete your cookies;
d) by the permanent deactivation in your browsers (Firefox, Internet Explorer or Google Chrome) under the link http://www.google.com/settings/ads/plugin. We wish to point out that, in this case, you may not be able to use all the features of this offer to their fullest extent.
The legal basis for the processing of your data is Article 6 (1) a GDPR. Our legitimate interest lies in the needs-based operation of our website and its contents.
You can find more information on DoubleClick by Google here https://www.google.de/doubleclick and here http://support.google.com/adsense/answer/2839090, and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google complies with the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

HotJar

Some of our web pages use the Hotjar's web analytics service of HotJar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta, Europe Tel. +1 (855) 464-6788 [email protected]. HotJar visually represents the clicks, taps and scrolling behaviour on the observed web pages in so-called heatmaps. Anonymous conclusions can be drawn from this data regarding the user's scrolling and clicking behaviour in order to improve website usability. In addition to data on visitor behaviour, a browser fingerprint is created, which represents pseudonymised data. According to HotJar, personal data are automatically hidden. A "Do Not Track" setting in the browser can prevent the data from being collected. You may object to any data processing by HotJar under https://www.hotjar.com/opt-out The HotJar's privacy statement can be found here: http://www.hotjar.com/privacy

Wired Minds


Our website uses the counting pixel technology of wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviour. If need be, data used to create pseudonymised user profiles are collected, processed and stored. Wherever possible and useful, these usage profiles are completely anonymised. Cookies may be used in order to do so. Cookies are small text files that are stored in the visitor's Internet browser and serve to recognise the Internet browser. The data collected, which may also contain personal data, are transmitted to wiredminds or collected directly by wiredminds. wiredminds may use information that is left by visits to the websites to create anonymised user profiles. The data obtained will not be used to personally identify the visitor to this website and will not be merged with personal data of the bearer of the pseudonym without the express permission of the data subject. Insofar as IP addresses are recorded, their immediate anonymization takes place by deleting the last number block. WIDERSPRUCHSLINK (OPT-OUT)

Contents of external providers


On our website, we use active JavaScript content and fonts, which might also come from external providers, such as Google. Upon accessing our website, these providers may receive information about your visit to our website, e.g. through the transmission of your IP address. You can prevent this transfer by installing a JavaScript blocker, such as the browser plugin "NoScript", or by disabling JavaScript in your browser. This may, however, lead to functional restrictions.
Some of our web pages include content from third parties, such as videos from YouTube, maps from Google Maps, images, texts and multi-media files, RSS feeds or other services from other websites. This always requires the transmission of your IP address to the providers of this content. We cannot provide any information about the use of your data with these providers and have no influence on their further processing, especially not about whether the data are used for further purposes, such as profiling. Please refer to the respective privacy statement of the respective third party providers.
You can, among other things, prevent further tracking carried out by the tracking pixels of these providers by changing your browser settings so that they do not accept third-party cookies.

Contact form and e-mail contact


Our website has a contact form, which can be used for contacting us via the Internet. When a user makes use of this option, the data entered in the input form will be transmitted to us and saved. These data are the following: name, address, e-mail address, telephone number, etc. At the time the message is sent, the following data are also stored: the IP address, date and time. In order to process the data, your consent is obtained during the submission process and we refer you to this privacy statement.
Alternatively, you can contact us via the e-mail address provided.. In this case, the user's personal data transmitted by e-mail will be stored. In this context, the data is not disclosed to third parties. The data are exclusively used for conducting the conversation.
The legal basis of the processing is:
  • For the processing of the data after the user has signed up to receive the newsletter, if consent has been given by the user, Article 6 (1) a GDPR.
  • For the processing of the data that have been transmitted in the course of the sending an e-mail, Article 6 (1) f GDPR with the above-mentioned legitimate interest.
  • If the contact via e-mail is aimed at concluding a contract, then the additional legal basis for the processing is Article 6 (1) b GDPR.
The processing of the personal data collected from the input screen serves us only to process the contact. In the case of contact via e-mail, this also includes the necessary legitimate interest in the processing of the data. The other personal data processed during the dispatching process serve to prevent any abuse of the contact form and to ensure the security of our IT systems.
The data are deleted as soon as their collection is no longer required to achieve the purpose for which they were collected. With regard to the personal data obtained via the input screen or the contact form and those that were sent via e-mail, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the relevant facts have been ultimately clarified. The additional personal data collected during the sending process will be deleted, at the latest after the statutory retention period has expired.
At all times, the user has the possibility to revoke his consent to the processing of his personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. 

Newsletter


Our website gives you the chance to subscribe to a free newsletter with promotional content. Our newsletters contain information about the services we offer, our promotions, events, competitions, job offers and articles. Not part of our newsletters, however, is news with no promotional information that is sent out as part of our contractual or other business relationship. This includes, for example, the dispatch of service e-mails with technical instructions and queries regarding orders, events, and notifications of prize draws or similar messages. The data from the input screen are transmitted to us when you subscribe to the newsletter. In addition, the IP address of the calling computer and the time of the call are collected. In order to process the data, your consent is obtained during the registration process and reference is made to this privacy statement. When you purchase goods on our website via our online shop and deposit your e-mail address, we reserve the right to send you a newsletter via direct mail for our own similar goods. With regard to the processing of data for the sending of newsletters, the data is not disclosed to third parties. The data are exclusively used for sending the newsletter. The legal basis for the processing of the data after the user has subscribed to the newsletter is, given the user's prior consent, Article 6 (1) a GDPR and for the dispatch of the newsletter as a result of the sale of goods in accordance with Section 7 III UWG (Act Against Unfair Competition) or Article 6 (1) f (dispatch on the basis of our legitimate business interests).  The collection of the user's e-mail address serves to dispatch the newsletter. The collection of other personal data in the context of the subscription process serves to prevent misuse of the services or the e-mail address used. Subscription to the newsletter may be terminated at any time by the user concerned. Each newsletter contains a link for this purpose. This also acts as a revocation of consent for the newsletter sent.
Any statistical evaluation of the reading behaviour takes place only to the extent that it can be determined whether the recipients have opened the newsletter and clicked on the links. This is a feature that we only use to validate user activity and optimise accordingly. For this purpose, the newsletter contains a so-called "web-beacon", a pixel-sized file, which is retrieved from our server when the newsletter is opened.  This web beacon is not personalised, which means that no personal information is collected.

Data collection during registration and registered use


Some of our websites require or allow you to register. The data collected in the process are used for the purposes of the use of the respective websites and services, unless otherwise specified and explicitly consented to during registration. The data collected come from the input screen during the registration process. All further data that you may deposit at a later date in order to complete your profile is optional and voluntary. After you have registered, we may inform you of any relevant circumstances that are connected to our offer to which you have registered via the stored e-mail address.

Data in user-generated content


Insofar as you write comments or contributions or upload files to our servers or publish images or use other services, your IP addresses and – if you are logged in – your user data are stored for our security. Due to the multitude of illegal content posted on the Internet every day, we reserve the right to use this information for our defence in legal disputes or for the purposes of prosecution, i.e. to also transfer such data to defendants, law enforcement agencies and courts.

Transmitting data via the Internet


Transmitting data via the Internet is basically subject to certain risks. Special encryption of the data is not undertaken; in particular, messages from the contact form of our website and messages that form part of the service chat are transmitted in an unencrypted form.
Please keep this in mind when transferring data. Insofar as you wish to communicate with us via encrypted e-mail, you can do so via SMIME encryption. Please let us know for your wish for encryption, as we regularly send data in unencrypted form, due to the currently low market penetration of e-mail encryption processes.

Data transfer


If you communicate personal data to us, they will only be passed on to third parties if this is necessary for processing the contractual relationship or if some other legal ground legitimises this transfer.
However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.

Storage periods


The data subject's personal data will be deleted or blocked as soon as the purpose of the storage no longer applies. European or national legislators of EU regulations, laws or other regulations to which the controller is subject may have provided for an extension of this period. The blocking or deletion of the data shall take place even if a storage period prescribed by the standards mentioned expires, unless there is a need to continue to store the data for the conclusion or performance of a contract.








Zurück zum Inhaltsverzeichnis der Übergreifenden Datenschutzerklärung


Information about data processing for employees


We would hereby like to inform our employees about the way we handle their personal data within the employment relationship.

The purpose of data collection


During your period of employment with us, your personal data will be processed mainly for the purpose of carrying out and/or terminating the contract, as well as for the purposes of the company's profile.
Types of data processed by us
As part of the employer-employee relationship, we process the followingpersonal data:
  • applicant data; name, date of birth, curriculum vitae, nationality/work permit, etc. for the selection and recruitment process, entry and exit management;
  • private contact details; address, telephone number, email;
  • professional contact details; e.g. telephone numbers, e-mail, place of work, job title, possibly a photo;
  • identification/payment data; identity card data or work permit to identify and establish the legitimacy of the employment, place of birth, marital status, tax identification number, health insurance membership, income tax bracket, tax exempt amounts, church denomination for payment of church tax, account number, any seizure of wages (for the purpose of payroll accounting to fulfil social security, tax and other legal obligations);
  • health data, e.g. within the context of payroll accounting, for settlement with health insurance funds or professional associations or within the scope of legal obligations as the employer, e.g. the company integration management or the fulfilment of duties with regard to the protection of the severely disabled or in the context of the company's self-regulation such as the occupational safety or occupational medical examinations;
  • time recording and access data, holiday periods, working time accounts, shift schedules, closing times or access protocols, etc.;
  • personal screening data (e.g. police certificate of good conduct, background check):
  • data on suitability and on the performance/behavioural check; information on training and education , data for the purpose of measuring the achievement of goals, e.g. for variable remuneration, data on infringements of road traffic regulations ("parking fines");
  • other data relating to HR management: data in the context of occupational health and occupational health management, health and safety measures, any degree of severe disability, possession of a driving licence, any garnishments of salary;
Categories of recipients
We will send your personal data to the following recipients in order, for example, to comply with legal obligations or obligations arising from the employment relationship:
  • bank service providers, if need be, service providers for the calculation of pension provisions
  • service providers for the settlement of wages (tax consultants), auditors, service companies for ICT, companies for software and hardware maintenance
  • health, social and accident insurance carriers and other insurance companies
  • authorities such as financial authorities, social security funds, employment agencies, if need be, authorities dealing with safety, health, road traffic and associated fines and other authorities
  • company medical service
  • companies related under company law (group companies) as joint controllers: the essential contents of the regulation of the tasks with regard to the rights of data subjects can be requested at the given contact address; according to Article 26 (3) GDPR the data subject may exercise his or her rights under this Regulation in respect of and against all the companies (controllers) involved.
  • business partners and customers (official contact details), temping agencies
  • website users when portrayed or named on the corporate website
Legal bases of the processing
When processing your personal data, we naturally comply with applicable law. Processing is, therefore, only carried out on a legal basis. The following legal bases are particularly relevant with regard to the employment relationship:
  • Article 6 (1) a on the basis of your consent, whereby no contract is required for the conclusion of a contract or the continuation of an existing contract,
  • Article 6 (1) b for the establishment, carrying out and termination of a contractual relationship,
  • Article 6 (1) c with regard to compliance with a legal obligation,
  • Article 6 (1) f to safeguard a legitimate interest

  • If we process your data within the scope of our legitimate interest, this will lie, for example, in:
    • the carrying out of electronic access controls,
    • the optimisation of HR planning
    • ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
    • the assertion, exercise or defence of legal claims, including data for the documentation of flows of benefits,
    • the avoidance of injury and/or liability of the company by taking appropriate measures,
    • the profile of the company.

    You have the right to object to the processing of personal data in the context of a legitimate interest, for reasons that arise from your particular situation. We will then no longer process your data unless we can prove compelling legitimate reasons on our part that outweigh your rights and freedoms or that serve the processing of the assertion, exercise or defence of legal claims.

    We do not use the personal data you provide to make automated decisions about you.
    We may, however, use your data as selection criteria for selecting suitable candidates for project assignments

    Data collected by third parties
    Using the ELStAM procedure, we collect payroll data that the tax authorities provide us with for the purposes of correct accounting.
    This applies in particular to the payroll data below.

    Duration of storage
    After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods. As a rule, these periods are 6 or 10 years. For various categories of data, however, such as occupational pensions, the retention period could be 30 years or longer.




    Zurück zum Inhaltsverzeichnis der Übergreifenden Datenschutzerklärung


    Privacy Statement for Applicants


    When you apply for a job or for freelance work in our company, we process and store your personal data.
    We take your privacy very seriously and would like to inform you about how your application data is handled.

    The purpose of data collectiong


    Before joining our company or during the application process, we process your personal data solely for the purpose of establishing a contractual relationship to the extent required.

    The types of data we process


    The following types of personal data are regularly processed:
    • applicant data; name, date of birth, curriculum vitae, nationality/work permit, knowledge, skills, history of work experience for the selection and recruitment process, entry and exit management
    • private contact details; address, telephone number, e-mail (for the purpose of establishing contact),
    • (optional) data as part of the staff screening process (e.g. police certificate of good conduct, background check) – depending on the client or site/location of employment;
    • possibly data that are subject to professional secrecy; e.g. data on suitability as regards health and any restrictions
    • other data relating to HR administration: severe disability (if relevant), possession of a driving licence

    Wedo not require any information from you that cannot be used under the General Equal Treatment Act (race, ethnic origin, pregnancy, physical or mental illness, trade union membership, religion or belief, disability, sexual identity or sex life).
    We ask that you do not transmit such data to us. The same applies to content that is likely to infringe the rights of third parties (e.g. copyrights, ancillary copyrights, or other intellectual property rights, press rights or the general rights of third parties).

    Legal bases of the processing

    • for the establishment, implementation and termination of a contractual relationship pursuant to Article 6 (1) b GDPR; also for consultancy and freelancer contracts;
    • to fulfil a legal obligation under Article 6 (1) c GDPR;
    • in the case of processing, to protect a legitimate interest in accordance with Article 6 (1) f GDPR;
    • as well as on the basis of consent that you have given by voluntarily providing data that are not absolutely necessary for the purpose (e.g. hobbies in your curriculum vitae)
      (however, such information is, in principle, not required to conclude a contract or continue an existing contract) according to Art 6 (1) a GDPR,
    • likewise on the basis of consent also for the mediation of consultancy and freelancer contracts,
      whereby this information can be decisive for the conclusion of a consultancy or freelancer contract;


    Our legitimate interests lie, for example, in the following:

    • optimising the application processes,
    • ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
    • asserting, exercising or defending legal claims,
    • avoiding damage and/or liability of the company by taking appropriate measures.
    • mediating a consultancy or a freelancer contract

    We do not use the personal data you provide to make automated decisions about you.
    However, we may use your data as selection criteria to select suitable candidates for project assignments.

    Categories of recipients

    • Internal recipients according to the "need to know" principle
    • Companies related under company law (group companies) as joint controllers:
      the essential contents of the regulation of the tasks with regard to the rights of data subjects can be requested from the given contact address
      according to Article 26 (3) GDPR, however, the data subject may exercise his or her rights under this Regulation in respect of and against all the companies involved.
    • Client companies that are planning to be hired as consultants/freelancers


    Deletion periods


    After the purpose in question has been achieved, your data will be deleted. However, data will be kept for as long as is necessary to defend legal claims. The storage period for unsuccessful applications is usually 6 months. If your profile was transmitted to us by a personnel service provider and commission claims of this service provider exist, the storage period may last until they have been satisfied or for the duration of the limitation period. If your profile is saved on the basis of consent given for the mediation of a consultancy or freelancer contract, then the data will be deleted after consent has been revoked. Insofar as accounting-relevant processing has been carried out, e.g. the reimbursement of travel expenses, the data required for this purpose will be deleted in compliance with statutory retention periods, as a rule 6 or 10 years. If the application was successful and we conclude a contract with you or add you into our pool of freelancers, we will store your data at least for the duration of the contract or the membership of the freelancer pool.




    Zurück zum Inhaltsverzeichnis der Übergreifenden Datenschutzerklärung


    Privacy statement for other data subjects



    Information on data processing


    As a customer and as a prospective customer or other data subject, we process your personal data primarily for the purpose of establishing and fulfilling a contractual relationship concluded with you or on the basis of a legitimate interest. Your data will be collected, stored and, if need be, passed on by us to the extent required to provide the contractually agreed service or information, and to carry out direct marketing activities or other activities of our business. Failure to provide the data may result in the contract being unable to be concluded. Moreover, we process your data only if you have consented to the processing or given some other legal permission.
    Purposes of the data processing
    We process your personal data to achieve the following purposes in connection with the contractual relationship:
    • contract processing (including shipping)
    • advertising to existing customers, use as a selection criterion for direct marketing so we can offer you customised service
    • retailer support
    • a credit check
    • the management of our supplier relationships
    • customer service
    • quality management
    • the improvement and development of intelligent and innovative services
    • customer analysis with regard to the market and opinion polls
    • the handling of our logistics/materials management

    Furthermore, we process your data only with your express consent.
    Types of data that we process
    The following personal data are processed:
    • contact details; name, address, phone number
    • identification/payment data; account number, VAT ID no.
    • order data: quantity, turnover, intervals
    • geodata: addresses, delivery terms
    Categories of recipients
    These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. We check them regularly. The service providers will not pass on these data to third parties, but delete them after the contract has been fulfilled and the legal storage periods have expired, insofar as you have not consented to any longer storage periods. If we are under any legal obligation to do so, we will share your information with the competent authority on request.
    This could include, for example:
    • bank or payment service
    • logistics companies
    • companies in the trades sector
    • etc.
    Legal bases of processing
    The legal bases for the processing of your data are in particular:
    • Article 6 (1) a on the basis of your consent, whereby no contract is required for the conclusion of a contract or the continuation of an existing contract,
    • Article 6 (1) b for the establishment, carrying out and termination of a contractual relationship,
    • Article 6 (1) c for compliance with a legal obligation,
    • Article 6 (1) f to safeguard a legitimate interest
    Our legitimate interests lie in the achievement of the above-mentioned purposes and beyond, for example in:
    • the exercising our business interests, including direct marketing campaigns and credit checks,
    • the enhancement of efficiency and effectiveness potentials, also in cooperation with partners and, possibly, affiliated companies,
    • ensuring compliance with safety regulations, requirements, industry standards and contractual obligations,
    • asserting, exercising or defending legal claims,
    • the avoidance of damage and/or the liability of the company by taking appropriate measures
    Customer analysis
    In the event of a customer analysis, the processing of your data will either be done in an anonymous or – if anonymous processing for factual reasons is not possible or not useful – in a pseudonymised form.
    Some of the afore-mentioned processes or services are performed by carefully selected and contracted service providers. We transmit or receive personal information about these service providers solely on the basis of a processing agreement. If the seat of a service provider is outside the European Union, or the European Economic Area, a third country transmission will take place. Data protection agreements that comply with the legal requirements are contractually agreed with these service providers in order to establish an adequate level of data protection and corresponding guarantees are agreed.
    Data collected by third parties
    If applicable, we may be provided with data by third parties, e.g. in the context of recommendations. In such a case, it is usually a matter of contact information associated with data relating to specific product or service needs.

    Duration of storage
    After the respective purpose has been achieved, your data will be deleted in compliance with the legal retention periods.