A. Technology
1. SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the website operator. You can recognise an encrypted connection by your browser’s address bar reading "https://" instead of "http://" and the lock symbol in the browser bar.
If SSL or TLS encryption is activated, the data you send us cannot be read by third parties.
2. Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (in what is known as "server log files"). Our website collects a range of general data and information each time you access a website or an automated system. This general data and information is stored in the server’s log files. The browser
1. types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system accesses our website (called a referrer),
4. the sub-pages accessed via an accessing system on our website,
5. the date and time the website is accessed,
6. an internet protocol address (IP address) and
7. the accessing system's internet service provider may be collected.
No conclusions are drawn about you when using this general data and information. Instead, this information is needed to
1. properly deliver our website content,
2. to optimise the content of the website as well as to advertise it,
3. to ensure the continued functioning of our information technology systems and our website’s technology as well as to
4. provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack.
This collected data and information is therefore statistically analysed and further analysed by us with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data being processed by us. The data from the server log files is stored separately from all personal data provided by a data subject.
The legal basis for data processing is Article 6 Paragraph 1 Sentence 1(f) GDPR. Our legitimate interest is based on the purposes listed above for the collection of data.
Die Rechtsgrundlage für die Datenverarbeitung ist Art. 6 Abs. 1 S. 1 lit. f DS-GVO. Unser berechtigtes Interesse folgt aus oben aufgelisteten Zwecken zur Datenerhebung.
3. Encrypted payment transactions
If, after concluding a paid contract, you need to provide us with your payment details (e.g. account number for direct debit authorisation), this data is required for payment processing.
Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by your browser’s address bar reading "https://" instead of "http://" and the lock symbol in the browser bar.
With encrypted communication, third parties are unable to read the payment data you send us.
4. Disclosure of data to third parties
Your personal data will not be sent to third parties for purposes other than those listed below.
We will disclose your personal data to third parties if:
1. you have expressly consented to this pursuant to Article 6 Paragraph 1 Sentence 1(a) GDPR,
2. disclosure under Article 6 Paragraph 1 Sentence 1(f) GDPR is permitted to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. in the event that there is a legal obligation to disclose your data pursuant to Article 6 Paragraph 1 Sentence 1(c) GDPR and
4. if this is legally permissible and necessary for the performance of our contract with you pursuant to Article 6 Paragraph 1 Sentence 1(b).
4.1 Notice regarding transfer to the USA and other third countries
Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
5. Cloudflare (Content Delivery Network)
Our website uses functions from CloudFlare. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed through CloudFlare's network. CloudFlare is thus able to analyze the data traffic between users and our websites, for example, to detect and prevent attacks on our services. In addition, CloudFlare may store cookies on your computer for optimization and analysis. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. When disabling cookies, the functionality of this website may be limited. We have concluded a corresponding agreement with Cloudflare on the basis of the DS-GVO for order processing or according to EU standard contractual clauses. Cloudflare collects statistical data about visits to this website. The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical analysis for the purpose of operation, security and optimization of the offer. If you have consented to Cloudflare being used, the legal basis for the processing of personal data is Art. 6 (1) lit. a DS-GVO. In addition, there is a legitimate interest on our part to use Cloudflare to optimize our online offer and make it more secure. The corresponding legal basis for this is Art. 6 (1) lit. f DS-GVO. The personal data will be kept for as long as it is necessary to fulfill the purpose of processing. The data will be deleted as soon as they are no longer required to achieve the purpose. The transfer of your personal data to the USA is based on the standard contractual clauses. You can find more information about CloudFlare at: https://www.cloudflare.com/privacypolicy/
B. Cookies
1. General information about cookies
We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, trojan horses or other malware.
Information generated from the specific device used is stored in cookies. This does not mean, however, that we will gain immediate knowledge of your identity.
The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.
We also use temporary cookies to optimise user-friendliness. These cookies are stored on your device for a specific period of time. If you return to our website to use our services, cookies allow us to automatically recognise that you have visited our website previously and remember the inputs and settings you have made so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and analyse it for the purpose of optimising our services. These cookies allow us to automatically recognise that you have already visited our website when you visit our website again. These cookies are automatically erased after a defined period of time.
The processing of data through cookies for the purposes stated above is necessary in order to safeguard our legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1(f) GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so a message is always displayed before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the features on our website.
2. Legal basis for the use of cookies
The data processed by the cookies, which are required for the proper functioning of the website, are thus necessary to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) lit. f DS-GVO.
For all other cookies, it applies that you have given your consent to this via our opt-in cookie banner within the meaning of Art. 6 (1) lit. a DS-GVO.
3. Notes on the avoidance of cookies in common browsers
Via the settings of the browser you are using, you have the option to delete cookies, to allow only selected cookies or to disable cookies completely at any time. You can obtain further information on the support pages of the respective providers:
- Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
- Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
- Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
- Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.
4. Cookiebot (Consent Management Tool)
We use the consent management tool "Cookiebot" provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service allows us to obtain and manage the consent of website visitors to data processing.
Cookiebot collects data generated by end users who use our website. When an end user gives consent via the cookie consent tool, Cookiebot automatically logs the following data:
- The end user's IP number in anonymized form (the last three digits are set to 0).
- Date and time of consent.
- User agent of the end user's browser.
- The URL from which the consent was sent.
- An anonymous, random and encrypted key.
- The consent status of the end user, which serves as proof of consent.
The key and consent status are also stored in the end user's browser in the cookie "CookieConsent" so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months. The key is used for proof of consent and for an option to verify that the consent status stored in the end user's browser is unchanged from the original consent submitted to Cybot.
The functionality of the website is not guaranteed without the processing. The "CookieConsent" cookie set by Cookiebot is classified as necessary.
Cybot is a recipient of your personal data and acts as a processor for us.
Detailed information on the use of Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.
C. Contents of our website
1. Data processing for order processing
The personal data we collect is disclosed to the transport company hired to deliver goods under the scope of contract execution, provided this is necessary for the delivery of the goods. We disclose your payment details to the bank commissioned as part of payment processing, provided this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for this transfer of data is Article 6 Paragraph 1(b) GDPR.
2. Conclusion of contracts with the online shop, retailers and dispatch of goods
We only send personal data to third parties where necessary as part of contract execution, for example to the companies entrusted with the delivery of the goods or the bank entrusted with processing payment. No data is otherwise sent unless you have expressly agreed to this. Your data will not be disclosed to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Article 6 Paragraph 1(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
3. Contact/contact form
Personal data is collected when you contact us (e.g. using our contact form or by email). If you use a contact form to get in touch with us, the contact form you use will indicate the data being collected. This data is stored and used exclusively for the purpose of responding to your query or establishing contact and the associated technical administration. The legal basis for data processing is our legitimate interest in responding to your request pursuant to Article 6 Paragraph 1(f)f GDPR. If the aim of you contacting us is to conclude a contract, processing is also legally based on Article 6 Paragraph 1(b) GDPR. Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations in place that prevent its erasure.
D. Newsletters
1. Newsletter for regular customers
If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per article 7, paragraph 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with article 6, paragraph 1 lit. f GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.
2. Marketing newsletter
You can subscribe to our newsletter via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.
We use our newsletter to regularly communicate our offers to our customers and business partners. You can, therefore, only receive our company’s newsletter if
1. you have a valid email address and
2. have registered for the newsletter.
For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorised the newsletter.
When you register for the newsletter we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.
The personal data collected during registration are used solely for sending our newsletter. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.
The legal basis for data processing for the purposes of sending a newsletter is article 6, paragraph 1 lit. a GDPR.
E. Data protection for applications and in the application process
1. Type and purpose of processing:
The controller collects and processes the personal data of applicants for the purpose of processing the application process. Processing can also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
2. Legalbasis:
In order to fulfil contractual obligations (Art. 6 sec. 1(b) GDPR) in conjunction with Section 26 BDSG. The processing of data is carried out in preparation of an employment contract
3. Recipients:
Human Ressources for contact with you and contractual cooperation (including the fulfilment of pre-contractual measures) as well as managers involved in the decision-making process. Your data may be passed on to service providers who act as processors for us, e.g. support or maintenance of IT or IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially.
Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.
4. Storage retention:
If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically deleted six months after notification of the cancellation decision, unless any other legitimate conflict with the interests of the controller. Other legitimate interests in this sense are, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
5. Third country transfer:
Your data will only be processed within the European Union and states within the European Economic Area (EEA).
6. revocation of consent:
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data pursuant to Article 6(1)(f) of the Data Protection Regulation (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the Data Protection Regulation.
If you file an objection, we will no longer process your personal data unless we can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
7. Provision required or required:
As part of the application process, you must provide the personal data necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations or for their we are legally obliged to collect. Without this data, we will generally not be able to take you into account adequately in the decision-making process for filling thevacancy.