Privacy and data protection

General information

The following information gives you an overview of what happens with your personal data when you visit this website. Personal data are all data with which you can be personally identified. You will find further details on privacy and data protection in the rest of our Privacy Policy.

Data collection on this website

Who is responsible for data collection on this website?

The data collected on this website are processed by the website operator. The relevant contact details are contained in the “Information on the controller” section of this Privacy Policy.

How do we collect your data?

Some data are collected when you provide them to us, such as data that you enter in a contact form.

Other data are collected, either automatically or following your consent, by our IT systems when you visit the website. These are primarily technical data (e.g. browser, operating system or time of site visit). These data are collected automatically as soon as you access this website.

For what do we use your data?

Some of the data are collected to guarantee the faultless provision of the website. Other data may be used to analyse your user behaviour.

What are your rights in respect of your data?

You have the right to obtain information about the origin, recipients and purpose of your stored personal data at any time, free of charge. You also have the right to obtain the rectification or erasure of these data. If you have consented to data processing, you may withdraw this consent at any time with effect for the future. You also have the right to obtain the restriction of processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

You may contact us at any time regarding these and other matters relating to privacy and data protection.

Analytics and third-party tools

Your surfing behaviour may be statistically analysed when you visit this website. This happens mainly through the use of analytics programs.

Detailed information on these analytics programs is provided further below in the Privacy Policy.

Mittwald

Our website is hosted by Mittwald. The hosting service is provided by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter: Mittwald).

For details, please refer to the Mittwald Privacy Policy (only available in German: https://www.mittwald.de/datenschutz.

Mittwald is used on the basis of Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). We have a legitimate interest in ensuring that our website is presented as reliably as possible. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Privacy and data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with data protection laws and this Privacy Policy.

Various personal data are collected when you use this website. Personal data are data with which you can be personally identified. This Privacy Policy explains which data we collect and what we use them for. It also explains how and why this is done.

Please note that security vulnerabilities may arise when transmitting data over the Internet (e.g. email communication). It is not possible to completely protect data against third-party access.

Information on the controller

The data controller for this website is:

NRW.Energy4Climate GmbH
Kaistraße 5
40221 Düsseldorf

Phone: +49 211 822086-430
Email: kontakt@energy4climate.nrw

The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and so on).

Storage period

Unless a specific storage period is mentioned in this Privacy Policy, we retain your personal data until the purpose of the data processing no longer applies. If you make a legitimate request for erasure or withdraw your consent to data processing, your data are erased unless we have any other legally permissible grounds for storing your personal data (such as retention periods set out under tax or commercial law); in the case of the latter, the data are erased as soon as these grounds no longer exist.

General information on the legal basis for the data processing on this website

If you have consented to the data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or on the basis of Art. 9(2)(a) GDPR if special categories of data are processed in accordance with Art. 9(1) GDPR. If you have consented to the storage of cookies or accessing of information on your device (e.g. via device fingerprinting), the data are also processed on the basis of Section 25(1) TTDSG. Consent may be withdrawn at any time. If your data are necessary for the performance of a contract or in order to take steps prior to entering into a contract, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data are necessary to comply with a legal obligation, we process them on the basis of Art. 6(1)(c) GDPR. In addition, the data may be processed on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following sections of this Privacy Policy.

Data Protection Officer

We have appointed a Data Protection Officer for our company.

Vladimir Siemens
ecoprotec GmbH
Pamplonastraße 19
33106 Paderborn

Phone: +49 5251 877 888-303
Email: siemens@ecoprotec.de

Information on data transfer to the USA and other third countries

Among others things, we use tools of companies based in the USA or other third countries considered non-secure under data protection law. If these tools are enabled, your personal data may be transferred to these third countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in those countries. For example, US companies are obligated to release personal data to security authorities without you as the data subject being able to take legal action to prevent this. The possibility cannot therefore be excluded that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many data processing procedures require your express consent. You may withdraw any consent already given at any time. The lawfulness of the data processing up to the point of the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and for direct marketing (Art. 21 GDPR) 

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. To determine the legal basis on which any processing is based, please consult this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (objection pursuant to art. 21(1) GDPR). 

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be subsequently used for direct marketing purposes (objection pursuant to art. 21(2) GDPR). 

Right to object to data collection in special cases and for direct marketing (Art. 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA WHICH IS BASED ON ART. 6(1)(E) OR (F) GDPR, INCLUDING PROFILING BASED ON THOSE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE SUBSEQUENTLY USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the relevant supervisory authority

In the event of an infringement of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State, of their habitual residence, place of work or place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

In our case, the competent supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Kavalleriestraße 2–4
40213 Düsseldorf

Phone: 02 11/384 24-0
Email: poststelle@ldi.nrw.de

Right to data portability

You have the right to receive or to have a third party receive data we automatically process based on your consent or in performance of a contract in a commonly used and machine-readable format. If you request that the data be transmitted directly to another controller, this is only done where technically feasible.

SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders and requests you send to us as the website operator. You can recognise an encrypted connection by the fact that the browser address line changes from http:// to https:// and by the lock icon in your browser line.

If SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Access, erasure and rectification

In accordance with the applicable legal provisions, you have the right, at any time and free of charge, to access information about your stored personal data, their origin and recipients, and the purpose of the data processing and, where applicable, the right to rectification and erasure of these data. You may contact us at any time regarding these and other matters relating to personal data.

Right to restriction of processing

You have the right to obtain the restriction of processing of your personal data. You may contact us at any time in relation to this. The right to restriction of processing exists in the following circumstances:

• If you contest the accuracy of your personal data held by us, we generally need some time to verify this. You have the right to obtain restriction of processing of your personal data for the duration of this period.
• If the processing of your personal data was/is unlawful, you may request the restriction of data processing as opposed to the erasure of the data.
• If we no longer need your personal data but you require them for the establishment, exercise or defence of legal claims, you have the right to obtain restriction of processing of your personal data as opposed to their erasure.
• If you have objected to processing pursuant to Art. 21(1) GDPR, the balance of your interests and ours has to be considered. Pending verification of which grounds override the others, you have the right to obtain restriction of processing of your personal data.

Where you have restricted processing of your personal data, such data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising emails

We hereby object to the use of contact details published within the context of the obligation to provide a legal notice to send advertising and information material that has not been expressly requested. The website operators expressly reserve the right to take legal steps if unsolicited advertising, such as email spam, is sent.

Cookies

Our web pages use “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your browser.

In some cases, third-party cookies may also be stored on your device when you access our website. These enable us or you to use certain services provided by third parties (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website features will not work without them (e.g. the shopping cart function or video display). Other cookies are used to analyse user behaviour or to display ads.

Cookies (necessary cookies) required to carry out electronic communication, to provide certain features you wish to use (e.g. for the shopping cart function) and to optimise the website (e.g. cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless some other legal basis is specified. The website operator has a legitimate interest in storing necessary cookies in order to provide optimised services that are free of technical errors. If consent has been requested for the storage of cookies and comparable recognition technology, the processing is carried out solely on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG); consent may be withdrawn at any time.

You can configure your browser so that you are informed of the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when you close the browser. Disabling cookies may limit the functionality of this website.

Insofar as third-party cookies are used or cookies are used for analysis purposes, you are informed of that separately in this Privacy Policy and we ask for your consent where required.

Consent with ConsentManager

Our website uses ConsentManager consent technology to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in compliance with data protection requirements. This technology is provided by Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter “ConsentManager”).

When you access our website, a connection is established with the ConsentManager servers to obtain your consents and other declarations in respect of cookie usage. ConsentManager then stores a cookie in your browser in order to be able to assign to you any consent given or withdrawn. The data thus collected are stored until you ask us to erase them, you delete the ConsentManager Provider cookie yourself or the purpose of the data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Consent with Cookie Consent Manager CCM19 

Our website uses the Cookie Consent Manager CCM19 of Papoo Software & Media GmbH (Auguststr. 4, 53229 Bonn; "CCM19"). 

The plug-in allows you to give consent to data processing via the website, in particular the setting of cookies, as well as to exercise your right of revocation for consent already given. The purpose of data processing is to obtain and document the required consent for data processing and thus to comply with legal obligations. 

Cookies are used for this purpose. Among other things, the following information may be collected, stored and possibly transmitted to CCM19: randomly assigned ID, consent status, date and time of consent/rejection. The data is stored for 1 year and one month and then deleted. This data is not shared with other third parties. 

Data processing is carried out to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. 

You can find more information about data protection at CCM19 at: www.ccm19.de/datenschutzerklaerung.html  

Commissioned processing 

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR. 

Server log files

The website provider automatically collects and stores information in “server log files” that your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data are not merged with other data sources.

These data are collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a presentation that is free of technical errors and in the optimisation of its website – the server log files are required to ensure this.

Contact form

If you submit queries to us via contact form, we store your information from the query form, including the contact details you provide there, for the purpose of processing your query and in case there are follow-up queries. These data are not shared without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.

We keep the data you enter in the contact form until you ask us to erase them, withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once your query has been dealt with). Mandatory statutory provisions – especially retention periods – remain unaffected.

Queries via email, phone or fax

If you contact us via email, phone or fax, we store and process your query, including all of the personal data resulting from this (name, query), for the purpose of processing your query. These data are not shared without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.

We keep the data you send to us via contact queries until you ask that we erase them, you withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once the matter has been dealt with). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Google Analytics

This website uses functions of the Google Analytics web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data for this, such as page views, length of stay, operating systems used and the origin of the user. These data are combined into a User ID and assigned to the device used by the website visitor.

Furthermore, we can record your mouse movements, scrolling, clicks and more with Google Analytics. In addition, Google Analytics uses various modelling approaches to augment the collected data sets and applies machine learning technologies for data analysis.

Google Analytics uses technology that enables user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to and stored on a Google server in the USA.

This analytics tool is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its website and advertising. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?[SU1] hl=de.

More information on how user data is handled by Google Analytics is contained in Google’s Privacy Policy: https://support.google.com/analytics/answer/600424[SU2] 5?hl=de.

Google Signals

We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, search history and YouTube history as well as demographic data (visitor data). These data may be used for personalised advertising with the help of Google Signals. If you have a Google account, the Google Signal visitor data are linked to your Google account and used for personalised ads. The data are also used to create anonymised statistics on the user behaviour of our users.

Commissioned processing

We have concluded a commissioned processing agreement with Google and are fully compliant with the strict requirements of the German supervisory authorities in our use of Google Analytics.

Storage period

Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. User ID) or ad IDs (e.g. DoubleClick cookies, Android Advertising ID) are anonymised/erased after two months. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

CRM-System
 

We use the Microsoft Dynamics 365 CRM system. The provider of this service is Microsoft 

Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.  

Purpose 

We use the system to manage customers and prospective customers (leads) and to process user inquiries faster and more efficiently. The use of the system is based on basis of our legitimate interest pursuant to Art. 6 (1)(f) GDPR. 

Legal basis 

The data processing is based on your consent (Art. 6 (1)(a) GDPR). You can revoke this consent at any time. The lawfulness of the data processing operations already carried out remains unaffected by the unaffected by the revocation. 

Recipient 

Recipient of the data is, in addition to NRW.Energy4Climate GmbH, also Microsoft Dynamics 365 as an order processor. The data is processed within the European Union processed. The data protection addendum for the products and services of Microsoft, more information can be found at https://privacy.microsoft.com. 

Storage period 

The deletion data is deleted as soon as it is no longer required for our analysis purposes.  

Unsubscription / revocation 

You can revoke your consent to the recording of your data in our CRM tool at any time with 

the future. 

Newsletter

On our website, we use the newsletter service Microsoft Dynamics 365 Marketing, a service offered by Microsoft Ireland Operations Limited, based in Ireland; subsidiary of Microsoft Corporation, USA, (hereinafter "Microsoft"). The e-mail address you provide will be used to send the newsletter. The data will be processed within the European Union.  

Purpose  

We use the system to send e-mail messages (e.g. in connection with the provision of downloads), for event management (e.g. to manage event participants) and to provide landing pages and contact forms. 

E-mail tracking 

The statistical information collected also includes whether the newsletter was opened, when it was opened and which links you clicked on. In addition, your registration for the newsletter is logged in order to be able to prove the consent given in accordance with the GDPR. This includes the consent text, the storage of the registration and confirmation time, as well as the IP address. While this information can technically be assigned to individual newsletter recipients, the evaluation of personal data has been deactivated and information about newsletter recipients is only analyzed pseudonymously and cannot be decrypted and assigned to individual users.  

Collection of data / Double-Opt-In 

The registration for our newsletter is subject to a so-called double opt-in procedure. This means that after registering for our newsletter, you will receive an e-mail asking you to confirm your subscription. Such confirmation is necessary to ensure that people do not subscribe with someone else's e-mail address. The newsletter subscription is logged so that the subscription process can be verified in accordance with legal requirements. This includes the recording of the date and time of subscription and confirmation, as well as the IP address. The changes to your data stored by the email marketing service provider are also logged. 

Legal basis 

The use of Microsoft and the system, the collection and analysis of statistics and the logging of the registration process for email communication are based on your consent to receive email communication via Microsoft Dynamics 365 in accordance with Art. 6 (1)(a) GDPR, in accordance with Art. 6 (1)(f) GDPR when downloading whitepapers and in accordance with § 25 para. 1 TTDSG regarding the use of cookies. Consent can be revoked at any time for the future. 

Recipient 

In addition to NRW.Energy4Climate GmbH, the recipient of the data is Microsoft Dynamics 365 as an order processor. The data is processed within the European Union. The data protection supplement for Microsoft products and services applies, more information can be found at https://privacy.microsoft.com. 

Unsubscription / revocation / storage period 

You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time and unsubscribe from the newsletter. There is an unsubscribe link at the end of each newsletter. The personal data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this. 

Microsoft Privacy Policy 

Further data protection information can be found in the Microsoft data protection declaration at: https://privacy.microsoft.com/en-US/privacystatement 

YouTube with enhanced privacy

This website contains YouTube videos. The pages are operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube with privacy-enhanced mode enabled. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not necessarily ruled out through privacy-enhanced mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. The YouTube server is then given information on which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, once a video has started, YouTube can store various cookies on your device and use comparable recognition technology (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used in a number of ways, such as to gather video statistics, improve the user experience and prevent attempted fraud.

If necessary, further data processing operations over which we have no influence may be triggered after a YouTube video starts playing.

YouTube is used in the interest of making our website appealing. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

More information on data protection at YouTube is contained in its privacy policy at:

https://policies.google.com/privacy?hl=de

Google Maps 

On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. By using this service, our location is shown to you and a possible approach is facilitated. 

Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, this may also result in a transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and analysis are carried out in accordance with Art. 6 (1)  (f) GDPR on the basis of Google's legitimate interest in the display of personalized advertising, market research and / or the design of Google websites. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. 

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used. 

You can view Google's terms of use at www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at www.google.com/intl/de_US/help/terms_maps.html. 

Detailed information on data protection in connection with the use of Google Maps can be found on Google's website ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/. 

Microsoft Forms 

We have integrated Microsoft Forms on this website. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter Microsoft). 

Microsoft Forms enables us to create online forms to record messages, requests and other input from our website visitors in a structured manner. All entries made by you are processed on Microsoft's servers. 

The use of Microsoft Forms is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 (1)(f) GDPR). If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. 

The data you enter in the form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected. 

For further information, please refer to Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement. 

ISSUU 

This website links to the service provider Issuu for some of the e-paper media presented. The provider is Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA. Issuu, Schwedter Strasse 36A, 10434 Berlin, Germany. 

In order to use the functions of Issuu, it is necessary to store your IP address. This information is transmitted to a server of Issuu in the USA and stored there. If you are logged into your Issuu account, you enable Issuu to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Issuu account. The provider of this site has no influence on this data transmission. 

Issuu is used in the interest of an appropriate presentation of our content. This represents a legitimate interest within the meaning of Art. 6 (1)(f) GDPR. 

More information on the handling of user data can be found in Issuu's privacy policy: issuu.com/legal/privacy. 

If you register for an event within the context of our web presence, we process your personal data in order to accept the registration.

Data processing

Among other things, we use online conferencing tools to communicate with our customers. The specific tools that we use are listed below. If you communicate with us via an online video or audio conference, your personal data are collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to use the tool (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in relation to the communication process (metadata).

In addition, the provider of the tool processes all technical data required to process the online communication. In particular, this includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

If content is exchanged, uploaded or otherwise provided within the tool, this is also stored on the tool provider’s servers. In particular, such content includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have complete influence over the data processing operations of the tools used. Our options depend significantly on the corporate policy of the respective provider. Further information on the data processing performed in respect of the conferencing tools can be found in the privacy policies of the respective tools used, which are listed below this text.

Purpose and legal basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the tools are used for the general simplification and acceleration of communication with us/our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If consent is requested, the use of the tools concerned is based on this consent; consent may be withdrawn at any time with effect for the future.

Storage period

The data collected directly by us via the video and conferencing tools are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the length of time for which your data are stored by operators of the conferencing tools for their own purposes. For details on this, please contact the operators of the conferencing tools directly.

Conferencing tools used

We use the following conferencing tools:

Zoom

We use Zoom. This service is provided by Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Please refer to the Zoom Privacy Statement for details on data processing: https://zoom.us/de-de/privacy.html.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://zoom.us/de-de/privacy.html.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Microsoft Teams

We use Microsoft Teams. This is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Please refer to the Microsoft Teams Privacy Statement for details on data processing:

https://privacy.microsoft.com/de-de/privacystatement.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Slido

During an event, participants can take part in surveys using the Slido interaction tool or send questions and suggestions to the speaker using the chat function. Use is optional; the event can also be followed without Slido.

If the interaction tool is used, this requires the consent of the participants to the use of data by sli.do s. r. o.. The corresponding privacy policy can be found on the homepage of sli.do s.r.o. (https://www.sli.do/terms#privacy-policy). Consent is requested on the event page via a so-called two-click solution. This means that before the interaction tool is used, reference is made to the privacy policy of the operator of the tool and consent or your consent to the use of data is given in the form of a click. The interaction tool can then be used in the form of a second click. Personal data will only be transmitted after you have given your consent. It is also possible to use the interaction tool anonymously after consenting to the use of data by Slido in order not to transmit any personal data other than the IP address. This option can be selected in the settings of the interaction tool. Anonymization is expressly recommended.

The data processed by Slido includes: the IP address, information on the device used (hardware model, operating software used), time of access, TSL protocol, TSL certificates, information on any system crashes of the interaction tool, hardware settings, language settings, query of pre-installed cookies to identify the browser or any Slido account (if installed on the device used). With the exception of the IP address, personal data can be anonymized by a setting in the Slido interaction tool.

In its decision of July 16, 2020, Case C-311/18 ("Schrems II"), the European Court of Justice (ECJ) declared the European Commission's adequacy decision on the EU-US Privacy Shield (Privacy Shield Decision 2016/1250) to be invalid. There is no level of data protection in the USA that is essentially comparable to European data protection standards. As a result, there is no valid adequacy decision by the European Commission regarding the transfer of personal data to the USA within the meaning of Art. 45 para. 1, 3 GDPR. Furthermore, there are no so-called appropriate safeguards within the meaning of Art. 46 (2), (3) GDPR. Possible risks of such data transfers without an adequacy decision and without appropriate safeguards arise in particular from the fact that an adequate level of data protection cannot be guaranteed. The provider may have to grant government agencies access to the processed personal data. Personal data may therefore be passed on to third parties who process or use the data for their own purposes. Data subject rights may not be enforced.

For information on the recipients of personal data and the storage period when using the Slido interaction tool, see www.sli.do/terms.

With regard to the optional use of the Slido interaction tool, your consent is based on Art. 49 para. 1 sentence 1 lit. a) GDPR. If you do not consent to the use of personal data via Slido, the tool cannot be used. However, the event can also be followed without the use of Slido.

Handling applicant data

We offer you the opportunity to apply for a position with us (e.g. by email, post or online application form). We have set out information for you here about the scope, purpose and use of the personal data concerning you collected during the application process. We can confirm that your data are collected, processed and used in accordance with the applicable data protection laws and all other legal provisions and are treated as strictly confidential.

Scope and purpose of the data collection

If you apply for a position with us, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and – if you have given your consent – Art. 6(1)(a) GDPR. Consent may be withdrawn at any time. Your personal data are only passed on to people within our company who are involved in processing your application.

If the application is successful, the data submitted by you are stored in our data processing systems on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

Data retention period

If we are unable to offer you a position, you reject a job offer or you withdraw your application, we reserve the right to retain the data submitted by you for up to six months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interest (Art. 6(1)(f) GDPR). The data are then erased and the physical application documents destroyed. The data are retained in particular for evidentiary purposes in the event of a legal dispute. If it is evident that the data will be required after the six-month period has expired (e.g. due to an imminent or pending legal dispute), they are only erased when the purpose of further retention no longer applies.

The data may also be retained for a longer period if you have given the relevant consent (Art. 6(1)(a) GDPR) or there are statutory retention obligations that prevent the erasure.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. If you are admitted to the pool, all documents and information from the application are transferred to the applicant pool so that you can be contacted in the event of a suitable vacancy.

Admission to the applicant pool is based exclusively on your express consent (Art. 6(1)(a) GDPR). Your consent is voluntary and has no relation to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool are irrevocably erased unless there are statutory grounds for retaining them.

The data from the applicant pool are irrevocably erased within two years of consent being granted.

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as LinkedIn, etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous processing operations with data protection relevance. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, these data are collected using cookies stored on your device or by recording your IP address, for example.

Using the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown targeted advertising within and outside of the respective social media presence. If you have an account with the respective social network, the targeted advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details on this, please refer to the terms of use and privacy provisions of the respective social media portals.

Legal basis

Our social media profiles are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may have differing legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).

Controller and enforcement of rights

If you visit one of our social media profiles (e.g. on Facebook), we act as joint controller together with the operator of the social media platform in respect of the data processing operations triggered during this visit. In principle, you can enforce your rights (access, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis us and the operator of the respective social media portal (e.g. Facebook).

Please note that, despite joint controllership with the social media operators, we do not have complete influence over the data processing operations of the social media portals. Our options depend significantly on the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected.

We have no influence over the length of time for which your data are stored by operators of the social networks for their own purposes. For details on this, please refer directly to the operators of the social networks (e.g. the information in their privacy policy, see below).

Individual social networks

XING

We have a profile on XING. This service is provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how it handles your personal data, please refer to the XING Privacy Policy (available in German only): https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how LinkedIn handles your personal data, please refer to its Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how it handles your personal data, please refer to the YouTube Privacy Policy.

We reserve the right to amend this Privacy Policy at any time. Any changes will be announced by publishing the amended Privacy Policy on our website. Unless otherwise specified, such amendments will take effect immediately. Therefore, please check this Privacy Policy regularly in order to view the latest version.