Privacy and data protection

General information

The following information gives you an overview of what happens with your personal data when you visit this website. Personal data are all data with which you can be personally identified. You will find further details on privacy and data protection in the rest of our Privacy Policy.

Data collection on this website

Who is responsible for data collection on this website?

The data collected on this website are processed by the website operator. The relevant contact details are contained in the “Information on the controller” section of this Privacy Policy.

How do we collect your data?

Some data are collected when you provide them to us, such as data that you enter in a contact form.

Other data are collected, either automatically or following your consent, by our IT systems when you visit the website. These are primarily technical data (e.g. browser, operating system or time of site visit). These data are collected automatically as soon as you access this website.

For what do we use your data?

Some of the data are collected to guarantee the faultless provision of the website. Other data may be used to analyse your user behaviour.

What are your rights in respect of your data?

You have the right to obtain information about the origin, recipients and purpose of your stored personal data at any time, free of charge. You also have the right to obtain the rectification or erasure of these data. If you have consented to data processing, you may withdraw this consent at any time with effect for the future. You also have the right to obtain the restriction of processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

You may contact us at any time regarding these and other matters relating to privacy and data protection.

Analytics and third-party tools

Your surfing behaviour may be statistically analysed when you visit this website. This happens mainly through the use of analytics programs.

Detailed information on these analytics programs is provided further below in the Privacy Policy.

Mittwald

Our website is hosted by Mittwald. The hosting service is provided by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter: Mittwald).

For details, please refer to the Mittwald Privacy Policy (only available in German: https://www.mittwald.de/datenschutz.

Mittwald is used on the basis of Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). We have a legitimate interest in ensuring that our website is presented as reliably as possible. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Privacy and data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with data protection laws and this Privacy Policy.

Various personal data are collected when you use this website. Personal data are data with which you can be personally identified. This Privacy Policy explains which data we collect and what we use them for. It also explains how and why this is done.

Please note that security vulnerabilities may arise when transmitting data over the Internet (e.g. email communication). It is not possible to completely protect data against third-party access.

Information on the controller

The data controller for this website is:

NRW.Energy4Climate GmbH
Kaistraße 5
40221 Düsseldorf

Phone: +49 211 822086-430
Email: kontakt@energy4climate.nrw

The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and so on).

Storage period

Unless a specific storage period is mentioned in this Privacy Policy, we retain your personal data until the purpose of the data processing no longer applies. If you make a legitimate request for erasure or withdraw your consent to data processing, your data are erased unless we have any other legally permissible grounds for storing your personal data (such as retention periods set out under tax or commercial law); in the case of the latter, the data are erased as soon as these grounds no longer exist.

General information on the legal basis for the data processing on this website

If you have consented to the data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or on the basis of Art. 9(2)(a) GDPR if special categories of data are processed in accordance with Art. 9(1) GDPR. If you have consented to the storage of cookies or accessing of information on your device (e.g. via device fingerprinting), the data are also processed on the basis of Section 25(1) TTDSG. Consent may be withdrawn at any time. If your data are necessary for the performance of a contract or in order to take steps prior to entering into a contract, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data are necessary to comply with a legal obligation, we process them on the basis of Art. 6(1)(c) GDPR. In addition, the data may be processed on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following sections of this Privacy Policy.

Data Protection Officer

We have appointed a Data Protection Officer for our company.

Vladimir Siemens
ecoprotec GmbH
Pamplonastraße 19
33106 Paderborn

Phone: +49 5251 877 888-303
Email: siemens@ecoprotec.de

Information on data transfer to the USA and other third countries

Among others things, we use tools of companies based in the USA or other third countries considered non-secure under data protection law. If these tools are enabled, your personal data may be transferred to these third countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in those countries. For example, US companies are obligated to release personal data to security authorities without you as the data subject being able to take legal action to prevent this. The possibility cannot therefore be excluded that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many data processing procedures require your express consent. You may withdraw any consent already given at any time. The lawfulness of the data processing up to the point of the withdrawal remains unaffected by the withdrawal.

Right to object to data collection in special cases and for direct marketing (Art. 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA WHICH IS BASED ON ART. 6(1)(E) OR (F) GDPR, INCLUDING PROFILING BASED ON THOSE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING IS BASED, PLEASE CONSULT THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE SUBSEQUENTLY USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to lodge a complaint with the relevant supervisory authority

In the event of an infringement of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State, of their habitual residence, place of work or place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

In our case, the competent supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Kavalleriestraße 2–4
40213 Düsseldorf

Phone: 02 11/384 24-0
Email: poststelle@ldi.nrw.de

Right to data portability

You have the right to receive or to have a third party receive data we automatically process based on your consent or in performance of a contract in a commonly used and machine-readable format. If you request that the data be transmitted directly to another controller, this is only done where technically feasible.

SSL/TLS encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders and requests you send to us as the website operator. You can recognise an encrypted connection by the fact that the browser address line changes from http:// to https:// and by the lock icon in your browser line.

If SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Access, erasure and rectification

In accordance with the applicable legal provisions, you have the right, at any time and free of charge, to access information about your stored personal data, their origin and recipients, and the purpose of the data processing and, where applicable, the right to rectification and erasure of these data. You may contact us at any time regarding these and other matters relating to personal data.

Right to restriction of processing

You have the right to obtain the restriction of processing of your personal data. You may contact us at any time in relation to this. The right to restriction of processing exists in the following circumstances:

• If you contest the accuracy of your personal data held by us, we generally need some time to verify this. You have the right to obtain restriction of processing of your personal data for the duration of this period.
• If the processing of your personal data was/is unlawful, you may request the restriction of data processing as opposed to the erasure of the data.
• If we no longer need your personal data but you require them for the establishment, exercise or defence of legal claims, you have the right to obtain restriction of processing of your personal data as opposed to their erasure.
• If you have objected to processing pursuant to Art. 21(1) GDPR, the balance of your interests and ours has to be considered. Pending verification of which grounds override the others, you have the right to obtain restriction of processing of your personal data.

Where you have restricted processing of your personal data, such data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

Objection to advertising emails

We hereby object to the use of contact details published within the context of the obligation to provide a legal notice to send advertising and information material that has not been expressly requested. The website operators expressly reserve the right to take legal steps if unsolicited advertising, such as email spam, is sent.

Cookies

Our web pages use “cookies”. Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your browser.

In some cases, third-party cookies may also be stored on your device when you access our website. These enable us or you to use certain services provided by third parties (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website features will not work without them (e.g. the shopping cart function or video display). Other cookies are used to analyse user behaviour or to display ads.

Cookies (necessary cookies) required to carry out electronic communication, to provide certain features you wish to use (e.g. for the shopping cart function) and to optimise the website (e.g. cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless some other legal basis is specified. The website operator has a legitimate interest in storing necessary cookies in order to provide optimised services that are free of technical errors. If consent has been requested for the storage of cookies and comparable recognition technology, the processing is carried out solely on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG); consent may be withdrawn at any time.

You can configure your browser so that you are informed of the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when you close the browser. Disabling cookies may limit the functionality of this website.

Insofar as third-party cookies are used or cookies are used for analysis purposes, you are informed of that separately in this Privacy Policy and we ask for your consent where required.

Consent with ConsentManager

Our website uses ConsentManager consent technology to obtain your consent to the storage of certain cookies on your device or the use of certain technologies and to document this in compliance with data protection requirements. This technology is provided by Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website: https://www.consentmanager.de (hereinafter “ConsentManager”).

When you access our website, a connection is established with the ConsentManager servers to obtain your consents and other declarations in respect of cookie usage. ConsentManager then stores a cookie in your browser in order to be able to assign to you any consent given or withdrawn. The data thus collected are stored until you ask us to erase them, you delete the ConsentManager Provider cookie yourself or the purpose of the data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

ConsentManager is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Server log files

The website provider automatically collects and stores information in “server log files” that your browser automatically transmits to us. These are:

• Browser type and version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address

These data are not merged with other data sources.

These data are collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a presentation that is free of technical errors and in the optimisation of its website – the server log files are required to ensure this.

Contact form

If you submit queries to us via contact form, we store your information from the query form, including the contact details you provide there, for the purpose of processing your query and in case there are follow-up queries. These data are not shared without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.

We keep the data you enter in the contact form until you ask us to erase them, withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once your query has been dealt with). Mandatory statutory provisions – especially retention periods – remain unaffected.

Queries via email, phone or fax

If you contact us via email, phone or fax, we store and process your query, including all of the personal data resulting from this (name, query), for the purpose of processing your query. These data are not shared without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.

We keep the data you send to us via contact queries until you ask that we erase them, you withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once the matter has been dealt with). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

Google Analytics

This website uses functions of the Google Analytics web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data for this, such as page views, length of stay, operating systems used and the origin of the user. These data are combined into a User ID and assigned to the device used by the website visitor.

Furthermore, we can record your mouse movements, scrolling, clicks and more with Google Analytics. In addition, Google Analytics uses various modelling approaches to augment the collected data sets and applies machine learning technologies for data analysis.

Google Analytics uses technology that enables user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to and stored on a Google server in the USA.

This analytics tool is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its website and advertising. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?[SU1] hl=de.

More information on how user data is handled by Google Analytics is contained in Google’s Privacy Policy: https://support.google.com/analytics/answer/600424[SU2] 5?hl=de.

Google Signals

We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your location, search history and YouTube history as well as demographic data (visitor data). These data may be used for personalised advertising with the help of Google Signals. If you have a Google account, the Google Signal visitor data are linked to your Google account and used for personalised ads. The data are also used to create anonymised statistics on the user behaviour of our users.

Commissioned processing

We have concluded a commissioned processing agreement with Google and are fully compliant with the strict requirements of the German supervisory authorities in our use of Google Analytics.

Storage period

Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. User ID) or ad IDs (e.g. DoubleClick cookies, Android Advertising ID) are anonymised/erased after two months. Details on this can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=de

Newsletter data

If you would like to receive the newsletter offered on the website, we require from you an email address as well as information that allows us to verify that you are the owner of the email address given and you agree to receive the newsletter. Further data are not collected or are collected solely on a voluntary basis. For newsletter processing, we use newsletter service providers as described below.

Rapidmail

This website uses Rapidmail to send newsletters. This service is provided by rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that can be used, among other things, to organise and analyse the sending of newsletters. The data you enter for the purpose of receiving the newsletter are stored on Rapidmail’s servers in Germany.

Data analysis by Rapidmail

For analysis purposes, the emails sent with Rapidmail contain a tracking pixel that establishes a connection with Rapidmail’s servers when the email is opened. This makes it possible to determine whether a newsletter message was opened.

Furthermore, we can determine with the help of Rapidmail whether and which links in the newsletter message are clicked on. All of the links in the email are tracking links that can be used to count your clicks. If you do not want Rapidmail to analyse your data, you must unsubscribe from the newsletter. We provide a corresponding link in every newsletter message.

You will find more on Rapidmail’s analysis functions under the following link (only available in German): https://de.rapidmail.wiki/kategorien/statistiken/.

Legal basis

The data processing is based on your consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time. The lawfulness of the data processing already carried out remains unaffected by the withdrawal.

Storage period

We/the newsletter service provider store(s) the data provided by you for the purpose of receiving the newsletter until you unsubscribe from the newsletter, at which point they are erased from the newsletter distribution list. Data we store for other purposes remain unaffected by this.

After you have been removed from the newsletter distribution list, your email address may be stored by us/the newsletter service provider on a blacklist insofar as this is necessary to prevent future mailings. The backlist data are used solely for this purpose and are not aggregated with other data. This serves both your interest and our interest in complying with the legal requirements in respect of sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). There is no time limit for the storage of the data on the blacklist. You may object to the storage if your interests override our legitimate interest.

You can find more on Rapidmail’s Privacy Policy at (only available in German): https://www.rapidmail.de/datensicherheit.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

YouTube with enhanced privacy

This website contains YouTube videos. The pages are operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube with privacy-enhanced mode enabled. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not necessarily ruled out through privacy-enhanced mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. The YouTube server is then given information on which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, once a video has started, YouTube can store various cookies on your device and use comparable recognition technology (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used in a number of ways, such as to gather video statistics, improve the user experience and prevent attempted fraud.

If necessary, further data processing operations over which we have no influence may be triggered after a YouTube video starts playing.

YouTube is used in the interest of making our website appealing. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.

More information on data protection at YouTube is contained in its privacy policy at: https://policies.google.com/privacy?hl=de

If you register for an event within the context of our web presence, we process your personal data in order to accept the registration.

Data processing

Among other things, we use online conferencing tools to communicate with our customers. The specific tools that we use are listed below. If you communicate with us via an online video or audio conference, your personal data are collected and processed by us and the provider of the respective conferencing tool.

The conferencing tools collect all data that you provide/use to use the tool (email address and/or your phone number). Furthermore, the conferencing tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” in relation to the communication process (metadata).

In addition, the provider of the tool processes all technical data required to process the online communication. In particular, this includes IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker and the type of connection.

If content is exchanged, uploaded or otherwise provided within the tool, this is also stored on the tool provider’s servers. In particular, such content includes cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.

Please note that we do not have complete influence over the data processing operations of the tools used. Our options depend significantly on the corporate policy of the respective provider. Further information on the data processing performed in respect of the conferencing tools can be found in the privacy policies of the respective tools used, which are listed below this text.

Purpose and legal basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the tools are used for the general simplification and acceleration of communication with us/our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If consent is requested, the use of the tools concerned is based on this consent; consent may be withdrawn at any time with effect for the future.

Storage period

The data collected directly by us via the video and conferencing tools are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence over the length of time for which your data are stored by operators of the conferencing tools for their own purposes. For details on this, please contact the operators of the conferencing tools directly.

Conferencing tools used

We use the following conferencing tools:

Zoom

We use Zoom. This service is provided by Zoom Communications Inc., San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Please refer to the Zoom Privacy Statement for details on data processing: https://zoom.us/de-de/privacy.html.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://zoom.us/de-de/privacy.html.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Microsoft Teams

We use Microsoft Teams. This is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Please refer to the Microsoft Teams Privacy Statement for details on data processing:

https://privacy.microsoft.com/de-de/privacystatement.

Commissioned processing

We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Handling applicant data

We offer you the opportunity to apply for a position with us (e.g. by email, post or online application form). We have set out information for you here about the scope, purpose and use of the personal data concerning you collected during the application process. We can confirm that your data are collected, processed and used in accordance with the applicable data protection laws and all other legal provisions and are treated as strictly confidential.

Scope and purpose of the data collection

If you apply for a position with us, we process your related personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation) and – if you have given your consent – Art. 6(1)(a) GDPR. Consent may be withdrawn at any time. Your personal data are only passed on to people within our company who are involved in processing your application.

If the application is successful, the data submitted by you are stored in our data processing systems on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

Data retention period

If we are unable to offer you a position, you reject a job offer or you withdraw your application, we reserve the right to retain the data submitted by you for up to six months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interest (Art. 6(1)(f) GDPR). The data are then erased and the physical application documents destroyed. The data are retained in particular for evidentiary purposes in the event of a legal dispute. If it is evident that the data will be required after the six-month period has expired (e.g. due to an imminent or pending legal dispute), they are only erased when the purpose of further retention no longer applies.

The data may also be retained for a longer period if you have given the relevant consent (Art. 6(1)(a) GDPR) or there are statutory retention obligations that prevent the erasure.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our applicant pool. If you are admitted to the pool, all documents and information from the application are transferred to the applicant pool so that you can be contacted in the event of a suitable vacancy.

Admission to the applicant pool is based exclusively on your express consent (Art. 6(1)(a) GDPR). Your consent is voluntary and has no relation to the ongoing application process. The data subject may withdraw their consent at any time. In this case, the data from the applicant pool are irrevocably erased unless there are statutory grounds for retaining them.

The data from the applicant pool are irrevocably erased within two years of consent being granted.

Our social media presence

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as LinkedIn, Twitter, etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous processing operations with data protection relevance. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, these data are collected using cookies stored on your device or by recording your IP address, for example.

Using the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown targeted advertising within and outside of the respective social media presence. If you have an account with the respective social network, the targeted advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details on this, please refer to the terms of use and privacy provisions of the respective social media portals.

Legal basis

Our social media profiles are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may have differing legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).

Controller and enforcement of rights

If you visit one of our social media profiles (e.g. on Facebook), we act as joint controller together with the operator of the social media platform in respect of the data processing operations triggered during this visit. In principle, you can enforce your rights (access, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis us and the operator of the respective social media portal (e.g. Facebook).

Please note that, despite joint controllership with the social media operators, we do not have complete influence over the data processing operations of the social media portals. Our options depend significantly on the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected.

We have no influence over the length of time for which your data are stored by operators of the social networks for their own purposes. For details on this, please refer directly to the operators of the social networks (e.g. the information in their privacy policy, see below).

Individual social networks

Twitter

We use the Twitter short messaging service. This is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter privacy settings yourself in your user account. For this, please click on the following link and log in: https://twitter.com/personalization.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

For details, please refer to the Twitter Privacy Policy: https://twitter.com/d[SU1] e/privacy.

XING

We have a profile on XING. This service is provided by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how it handles your personal data, please refer to the XING Privacy Policy (available in German only): https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how LinkedIn handles your personal data, please refer to its Privacy Policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how it handles your personal data, please refer to the YouTube Privacy Policy: https://policies.google.com/privacy?hl=de.

We reserve the right to amend this Privacy Policy at any time. Any changes will be announced by publishing the amended Privacy Policy on our website. Unless otherwise specified, such amendments will take effect immediately. Therefore, please check this Privacy Policy regularly in order to view the latest version.