Privacy notice for the use of our website
Your privacy and the associated protection of your data is an important concern for us. This privacy statement explains our handling, your choices, in relation to the collection, use and disclosure of certain information - your personal data - in relation to our online offers. It goes without saying that we therefore take all available technical and organizational measures to protect your data from access by unauthorized third parties. To implement these measures, we strictly adhere to the legal provisions of the European Data Protection Regulation (DSGVO), the Federal Data Protection Act-new (BDSG-Neu) and Telemedia Act (TMG), the latter if still applicable in this context.
1. general information about the processing of your data
1.1 Data protection principles
1.2 Person responsible for data processing
The controller for the processing of your personal data is:
Detlef Kühl | Image & Photo Restoration
Am Goldenbach 5
Managing Director: Detlef Kühl
Tel.: +49 (0)6557 9004392
The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data. Please note that for your and our security, we may be required to verify your identity in the event that you contact us before we process your request.
1.3 Data protection officer
The contact information of the data protection officer is:
Named in 1.2
For all questions regarding data protection in connection with our online offers, you can also contact our data protection officer at any time. He or she can be reached at the above postal address and at the e-mail address given above. We expressly point out that if you use this e-mail address, the contents will not be exclusively noted by our data protection officer. If you wish to exchange confidential information, we therefore request that you first contact us directly via this e-mail address.
1.4 Preamble of personal data
We process your personal data in order to be able to offer the scope of functions provided and to fulfill the use entered into with you.
Personal data is only collected if you provide it to us of your own accord. No personal data is collected beyond this. Any processing of your personal data that goes beyond the scope of the legal permissions will only be carried out on the basis of your express consent. According toArt. 4 par. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person - an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We would now like to inform you about what types of your personal data we process, for what purposes and to what extent. This data protection information applies to all processing of personal data carried out by us. This includes, on the one hand, the provision of our services - in particular within the scope of our online services - and, on the other hand, within external online presences, such as our social media profiles.
We also process your data when it is necessary to protect legitimate interests pursuant toArt. 6DSGVO from us or from third parties. This may be the case in particular:
- to ensure IT security and IT operations, in particular also for support requests,
- to be able to substantiate facts in the event of legal disputes,
- to statistically evaluate the use of the website and to improve the user experience,
- to be able to respond to any feedback from you.
1.5 Legal basis and purposes of data processing
1.5.1 Relevant legal bases
We would like to present an overview of the legal basis of the GDPR on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations also apply. These include, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act - BDSG). Furthermore, state data protection laws of the individual federal states may apply.
18.104.22.168 To fulfill contractual obligations
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, servesArt. 6 para. 1 lit. b DSGVO as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
22.214.171.124 Within the framework of the balancing of interests
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, the following shall applyArt. 6 para. 1 lit. f DSGVO as the legal basis for data processing. We use tools necessary for the operation of our online offers due to our legitimate interest in accordance withArt.6Para.1lit.fDSGVO to enable you to use our website in a more comfortable and customized way, thus saving time and making it more effective.
It is our concern to make our online offers a safe place, whereby we are ideologically, party-politically and denominationally neutral and always stand by the free democratic basic order. We are committed to the principles of human rights, we actively oppose racist, anti-constitutional and xenophobic efforts as well as discriminatory or inhumane behavior, especially on the basis of nationality, ancestry, ethical affiliation, religion, gender, age, sexual identity or disability. To safeguard this interest in the sense ofArt. 6 para. 1 lit. f DSGVO, we store the registration parameters of blocked users who have demonstrably violated our principles or whose behavior was even abusive, to ensure and prevent any renewed registration as well as use of the associated online offers. The storage of personal data always takes place within the legal framework.
126.96.36.199 Based on your consent
The collection and use of personal data of our users is regularly carried out only with the consent of the user. Insofar as we obtain the consent of the data subject for processing operations relating to personal data, this servesArt. 6 para. 1 lit. a DSGVO as the legal basis for the processing of personal data. All other tools, especially those for marketing purposes, we use based on your consent in accordance withArt.6Para.1lit.aDSGVO as well as according to § 15 para. 3 p. 1 TMG, insofar as usage profiles are created for purposes of advertising or market research. Data processing using these tools only takes place if we have received your consent in advance.
188.8.131.52 Due to legal requirements or in the public interest
We disclose personal data, except in the cases mentioned below, only if and insofar as we are required and obliged to do so by law or on the basis of a court or official order. The legal basis for this isArt. 6 para. 1 lit. c DSGVO (legal obligation). To the extent that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the purpose of the processing shall be toArt. 6 para. 1 lit. e DSGVO as the legal basis.
184.108.40.206 Due to vital interests
The collection and use of personal data in accordance withArt. 6 para. 1 lit. d The purpose of the GDPR is to safeguard, respect and protect the vital interests of data subjects or another natural person. All tools and processes used are based on the aforementioned legal basis, whereby their use requires processing for the protection of vital interests.
1.5.2 Purposes of data processing
Master Data of our Users (Customer Data) will be used in accordance with the User's instructions, including any applicable terms in the User Agreement and the User's use of the Service Functionalities and as required by law. We are legally considered a processor of User Data, with the User as the data controller. We use information to further our legitimate interests in the course of operating our online services and related services, websites and business.
We process personal data in accordance with the above-mentioned legal bases for the following purposes, among others:
- Technical data - so that we can, for example, distinguish actual users from bots, prevent abusive use and block content that violates the rules and is also reported by other users; in anonymized form, also for statistical analysis purposes; the legal basis of the processing is 6 Para. 1 lit. f GDPR
- Location data - thus any localized and location-based information and thus to ensure the full functional scope; legal basis of the processing is 6 Para. 1 lit. a GDPR
- Contact information - to respond to your inquiries and to review the merits of the case, taking into account the regulations and circumstances applicable in your country; the legal basis of the processing is and6 Para. 1 lit. aas well as Art. 6 para. 1 lit. f GDPR
- Other data - to personalize the user experience and provide information tailored to the user. The relevant data is used and analyzed for improvement - for example, to better understand your interests, to help you personalize the user experience, or to offer features specifically for you. Information regarding age may also be used by us to verify that you are old enough to use and benefit from the Services; the legal basis of the processing is 6 para. 1 lit. a and Art. 6 para. 1 lit. f GDPR.
In accordance with the aforementioned legal basis, in view of our legitimate interest, we combine the collection of the aforementioned data with the purposes of (a) optimal provision, improvement and development of our online offering and (b) targeted personalization of content, advertising and marketing. To illustrate our legitimate interest with reference to the previously mentioned types of data, we combine the following purposes and data by way of example:
(a) For the optimal provision, improvement and development of our online offer:
- Conduct surveys and studies, test features as they are developed, and analyze existing data to evaluate and improve products and services, develop new features, and perform testing and troubleshooting.
- Use of the user's email address for notification of updates to our services and essential notifications about the associated user account.
- Using age to implement an age restriction.
(b) For targeted personalization of content, advertising and marketing:
- Use of location data to provide personalized content as well as recommendations.
- Use of automated processing operations to profile and associate you with any user groups based on the information you provide to us, your interaction with our online services, and information collected by third parties to deliver personalized content, advertising, and promotional messages.
- Combining data collected from you with data from business partners to use it to display more relevant advertisements.
Furthermore, there is the possibility of the existence of additional purposes that require separate consent for the further processing of personal data on the part of the user. The selection of the required data, which are processed on the basis of consent, depends on the purpose of the respective data processing. This traditionally includes the following purposes:
- Subscribe to the newsletter.
- Participation in surveys and market studies.
Furthermore, we process your data beyond the aforementioned purposes if this serves to protect our legitimate interests or the interests of third parties; the legal basis of the processing isArt. 6 para. 1 lit. f DSGVO. Our legitimate interests include in particular:
- the assertion of legal claims and the defense in legal disputes.
- the prevention and investigation of criminal acts.
- the management and further development of our business activities, including risk management.
- to detect misuse and to detect and eliminate technical faults in the operation of our website.
For example, we use your data in the interest of honest users to effectively counteract possible acts of abuse within our online services and to protect us and our users from harm in such cases. This also includes data processing that is necessary to enforce our rights and claims. If you make contact requests in our online offers, we may automatically collect and temporarily store personal data, such as your e-mail address and first and last name. As a result, we try to recognize and block fraudulent contact requests in good time. At the same time, we can also evaluate this data in order to send you a fraud warning. In addition, we use your data to identify malfunctions and ensure system security, including detection and tracking of unauthorized access and attempted access to our servers.
1.6 Information security and security measures
We undertake to take appropriate technical, logical, administrative and physical protection measures, which are designed against the background of the protection of personal data in such a way that accidental, unlawful or unauthorized losses, accesses, disclosures, uses, changes as well as transmissions are excluded with the greatest possible probability.
Even through intensive efforts, it is impossible to guarantee one hundred percent information security according to the current state of research. In particular, this is the case when using mobile applications, websites, computer systems, or transmitting information over the Internet or any other public network. Even if one hundred percent security is impossible, we take into account the sensitivity of the data we collect, process and store and ensure the greatest possible security by complying with the current state of the art. In order to maintain the greatest possible security of personal data, our systems, data protection policies and security measures are regularly checked for potential vulnerabilities and attacks, monitored and, if necessary, appropriately updated and improved.
Technical, logical, administrative, and physical safeguards include, but are not limited to:
- Access restriction - Access to personal data is reserved exclusively for authorized employees with a legitimate interest.
- SSL/TLS encryption (https) - To protect our online offers and the transmitted data, we use SSL/TLS encrypted communication between clients and servers.
- IP address shortening - If it is not necessary to process a complete IP address, this is shortened ("IP masking"). The shortening of the IP address is intended to prevent the identification of a person or to make it significantly more difficult.
1.7 Data transfer to companies, persons, institutions or other recipients
As a matter of principle, we do not disclose any personal data to third parties without authorization - unless you have given us permission to do so in accordance withArt. 6 para. 1 lit.a GDPR expressly granted consent, this is legally permissible and in accordance withArt. 6 para. 1 lit. b DSGVO is necessary for the processing of the contractual relationship with you, thus there is a legitimate interest in the disclosure according toArt. 6 para. 1 lit. f DSGVO, unless there is reason to believe that you have an overriding interest worthy of protection in not having your data disclosed. With regard to the disclosure according toArt. 6 para. 1 lit. c DSGVO, there is a legal obligation. With regard to the transfer of data to recipients outside our company, we would like to inform you that we are obliged to maintain confidentiality about all user-related information, facts or evaluations. We may only pass on information about you if this is required by law, you have given your consent, we are authorized to provide information and processors commissioned by us guarantee compliance with the provisions of the GDPR.
1.7.1 Data transfer within the company and the group of companies
Certain personal data, such as data provided during registration, may be disclosed within the company and the group of companies for internal administrative purposes as well as for legitimate corporate and business interests, any contract-related obligations including joint user support. A transfer of data - subject to the consent of the person concerned - takes place if it is necessary for the use and if there is a legal permission for the use.
1.7.2 Processors as service providers bound by instructions
Other companies, agents or contractors assist us in providing services on our behalf or enable us to provide our services to you. We use service providers to do this, for example, to provide marketing, advertising, communications, security, infrastructure and IT services, to customize, personalize and optimize our services, to provide customer services, to analyze data and to process and administer any customer surveys.
During the provision of such services, these service providers may have access to your personal information. We do not authorize their use or disclosure except in connection with the provision of their services. These service providers have been carefully selected by us and, in addition, we have entered into order processing agreements with them. Without exception, these are service companies bound by instructions, which process data in accordance withArt. 28 as well as Art. 29 DSGVO on our behalf and according to our instructions. Appropriate data protection contract design ensures that this data transfer and processing is permissible without a separate legal basis.
1.7.3 Disclosure to Government Agencies, Aggrieved Parties, and for Legal Proceedings
The legitimate interest within the meaning ofArt. 6 para. 1 f DSGVO is to ensure the proper functioning of our online services and, if necessary, to assert, exercise or defend legal claims.
Furthermore, we are legally bound within the meaning of theArt. 6 para. 1 c The data controller is required to provide information to certain public authorities upon request. This includes law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities.
1.7.4 Business transfers
In the event of a pending restructuring, reorganization, merger, sale or related transfer of assets, we will transfer your personal data to the parties involved in the transfer, subject to the recipient's consent, always in accordance with our privacy notice.
1.8 Data transfer to countries outside the European Economic Area
A data transfer to countries outside the EU or the EEA (so-called third countries) ﬁnds only if this is necessary for the execution of orders or is required by law, if you have given us your consent or within the framework of commissioned data processing. If service providers in the third country are used, they are, in addition to written instructions, obligated by the agreement of the EU standard contractual clauses to comply with the level of data protection in Europe. If the European Commission does not issue an adequacy decision for the above-mentioned countries pursuant toArt. 45DSGVO, appropriate arrangements have already been made by us for you to ensure an adequate level of data protection for any data transfers. If neither the aforementioned adequacy decision pursuant toArt. 45 par. 1 GDPR in conjunction with Art. 45 par. 3 GDPR exists nor one of the appropriate safeguards according toArt. 46GDPR, we base the data transfer on exceptions to theArt. 49 DSGVO, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
1.9 Storage period and deletion of personal data
The deletion of the stored personal data takes place immediately if the user revokes his consent to the storage in accordance withArt. 17 para. 1 b DSGVO or if the knowledge of these data is necessary for the fulfillment of the purpose pursued with the storage according toArt. 17 para. 1 a DSGVO is no longer necessary, in particular if the user account is deleted or if their storage is no longer necessary for other legal reasons according toArt. 17 para. 1 d DSGVO is inadmissible. If your data is transferred to third parties when using our online offers, they are responsible for its storage and deletion. The contact details of these third parties will be provided to you in the context of the use of our online offers, so that you can exercise your rights directly against the respective third party.
In principle, personal data is only processed and stored for as long as is necessary to fulfill contractual or legal obligations as well as storage periods according toArt. 17 par. 3 DSGVO mandatory. In order to comply with legal documentation obligations, data is stored accordingly for partly accounting reasons. The obligations arise from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The periods specified there for the retention of documents range from two to ten years. During the statutory retention period, your personal data will be blocked and will not be used for any other data processing. Thereafter, the relevant data will be routinely blocked or deleted or made anonymous in accordance with the statutory provisions.
1.10 Data subject rights
Users whose personal information is processed in certain countries, including the European Economic Area and the United Kingdom, have certain legal rights. Subject to any exceptions provided by law, you have, for example, the right to request access to this information and to request that it be updated, deleted or corrected. An overview of the main rights available to you as a user is set out below:
1.10.1 Right to information
According toArt. 15 DSGVO, you have the right to obtain information about your personal data at any time. This also includes the question of whether we process your data at all. If necessary, you are also entitled to request copies of the data we have stored about you. Furthermore, you can request information about the processing purposes, the category of data concerned, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making.
1.10.2 Right to correction and completion
According toArt. 16 DSGVO, you have the right to have the personal data relating to you corrected and completed without delay if it is not or is no longer accurate or complete.
1.10.3 Right to erasure ("right to be forgotten")
According toArt. 17 DSGVO, you have the right to have your personal data stored by us deleted, for example if your data is no longer required for the purposes for which it was collected or processed. However, your right to erasure may be precluded due to a conflicting interest. We may be required to continue to store some of your data subject data where this is necessary in appropriate circumstances. Causes for continued storage include legal obligations (e.g., under applicable tax or commercial law or to prevent fraud and abuse and to maintain and improve security). If your data is not required until the expiry of the statutory limitation period for the proof of civil claims or due to legal retention obligations, we will delete it immediately.
1.10.4 Right to restrict processing
According toArt. 18 DSGVO you have the right to request the restriction of the processing of your personal data. This right exists in particular if the accuracy of the data concerned is disputed between the user and the online services offered, the continued existence of your data is no longer necessary or unlawful processing has taken place.
1.10.5 Right to data portability
According toArt. 20 DSGVO, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request its transfer to another controller, if and to the extent that you have provided us with the data and we process it.
1.10.6 Right to complain to a supervisory authority
According toArt. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. This applies in particular in the member state of your residence, workplace or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
1.10.7 Right to revoke the consent given
According toArt. 7 par. 3 DSGVO, you have the right to revoke your consent at any time. This has the consequence that we will not continue the data processing based on this consent in the future. The revocation of consent does not affect the lawfulness - of the processing carried out on the basis of consent until the revocation.
1.10.8 Right of objection
According toArt. 6 para. 1 e DSGVO (data processing in the public interest) orArt. 6 para. 1 f DSGVO (data processing on the basis of a balance of interests) you possess in connection withArt. 21 DSGVO the right to object to the processing of your personal data when a special situation is indicated. This applies in particular to profiling within the meaning of theArt. 4 par. 4 GDPR.
If your objection is to the processing of data for the purpose of direct marketing pursuant toArt. 21 par. 2 u. 3 DSGVO, we will immediately stop the processing. In this case, the specification of a special situation is not required. This also applies to the data collected in accordance with theArt. 4 par. 4 DSGVO, insofar as it is related to such direct marketing.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims in accordance withArt. 21 par. 1 DSGVO. To exercise these rights and for further questions regarding the processing of your data, you can contact us at any time.
1.11 Provision of our services
1.11.1 Online offer, e-mail dispatch and web hosting
We process your data in order to provide you with the respective offer and the associated functions. For the secure and efficient use of our online offers, we use servers that are managed by one or more web hosting providers. The servers used may also include so-called content delivery networks. Within the provision of the hosting offer, we process necessary, relevant data of our users in the context of a visit to our online offer - this also includes the use of our communication channels. If you transmit data in the context of our online offers, this includes entries and your IP address. Furthermore, we would like to point out that e-mails are encrypted by default on the transmission path, but are usually not stored in coded form on the servers used by the sender and recipient. This is the case, for example, if no end-to-end encryption procedure is used. Consequently, we cannot assume responsibility for a transmission path via e-mail.
1.11.2 Access data and log files
When using our online services, various information of a technical nature (such as the type of message, date and time of the message, trigger of the message, app used, indication of the content of the message) is automatically stored by the operating system of your end device in so-called log files as access data. This is necessary for technical and security reasons so that the services function properly and you can use the desired services in full. These log files are evaluated exclusively for the detection and treatment of possible errors or crashes. Legal basis isArt. 6 para. 1 lit. b GDPR.
2. system authorization and access rights
We pursue the goal of providing you with all functions flawlessly at all times, guaranteeing user security and being able to develop them further on an ongoing basis. In this context, our service accesses various interfaces of the end device you are using. These interfaces enable us to access your terminal device. These interfaces or system functions are mainly of a technical nature. Depending on the underlying operating system, device access is only possible with your consent in relation to the respective functionalities. These consents are stored locally in your end device in the form of system settings and can be adjusted and revoked at any time. In the following, you will find more detailed information about which permissions our service requires.
2.1 Legal basis of access rights
Access to system functionalities as well as the processing of personal data associated with this is carried out on the basis of the legal grounds already explained here, in particular taking into account our legitimate interest.
The provision of functionalities of our online offer is not exclusively linked to the processing of data, however, it is our legitimate interest to ensure the security of our services and also to consider legal as well as business considerations, even if the processing of data is not necessary for any other purposes.
At this point, we would like to assure our users that if they expressly revoke their consent to the processing of their data, we will immediately delete the stored personal data in accordance with the statutory retention obligations. Until the time of revocation, all processed data will be collected, evaluated, forwarded and analyzed on the basis of the consent given. This will of course be done within the scope of your declaration of consent.
2.2 Categories of device authorizations
2.2.1 Identity and contacts
If the user uses a user account within the scope of this online offer, access to the account information, such as the e-mail address, is required. As a user, your e-mail address or common "social logins" are then available for registration. In the case of registration via the e-mail address, information such as "e-mail address, first name and last name" is requested. The option of a "social login" in the form of a single sign-on requires the authorization "identity" or its characteristics, so that a user account registration can be carried out via social networking services, such as Google, Facebook or Twitter.
2.2.2 Account and device ID
For security reasons and to create a user account, your device ID may be collected. Among other things, access to your device identifier enables so-called user targeting, which prevents unauthorized login attempts and ensures legitimate use of the user account.
2.2.3 Network connection information
Under certain circumstances, this authorization is required to read the signal strength of network connections in order to be able to carry out system improvements and troubleshooting.
2.2.4 Geobased location data
This authorization is always linked to the consent of the user and allows a localization of your location and is used to provide services and any content of our online offer as well as to display information and services related to your location. Geobased location services must be available and activated on your device in order to be used for our online offer and the service associated with it.
2.2.5 Camera and microphone
This authorization is always linked to the user's consent and is used in the context of the use of our online offering to process audio, image and video recordings of users by accessing the microphone and camera function.
2.2.6 Videos, photos and audio recordings
This authorization allows access to the memory of your terminal device with the aim of processing the videos, photos and audio recordings contained therein as well as creating new media data. We are fully aware of the sensitivity involved in processing this category of personal data, which is why we guarantee that we will only process it in accordance with its functionality.
2.2.7 Contact details
Granting this permission enables access to your contact directory. Now it can be checked, for example, whether others of your contacts also use our online offer. A data comparison takes place on our servers, whereby this is used exclusively for the purpose of a comparison.
2.3 Age restriction and child protection
It is a matter of course for us to protect your privacy if you have decided to use our online offers. We feel particularly obligated to protect the privacy of children if they intend to visit our offers. We expressly ask all parents to regularly observe and monitor the activities of their children.
In particular, children deserve special protection with regard to their personal data, as children may be less aware of the risks, consequences and safeguards involved and of their rights when personal data are processed. Such special protection should concern, in particular, the use of children's personal data for advertising purposes or for the creation of personality or user profiles and the collection of children's personal data when using services offered directly to children. At this point, we strictly adhere to the requirements of theArt. 8 GDPR. Here is inArt. 8 par. 1 GDPR stipulates which regulations must be observed for personal data in connection with data protection for children. In this context, two basic case distinctions can be made:
- The child has reached the age of 16 - the processing of personal data is lawful.
- The child has not yet reached the age of 16 - the lawfulness of the processing of children's personal data depends on the consent of the parents for the child or with the consent of the child.
The Federal Republic of Germany does not make use of the opening clause to reduce the minimum age in the context of data protection of children in need of protection. Consequently, the minimum age of 16 years is decisive for us in the context of the age restriction.
Responsible according toArt. 8 par. 2 GDPR are encouraged to make appropriate technical efforts to ascertain consent.
3. collection and analysis of personal data
The following list provides an overview of data collection and the types of data associated with it, including potential personal data:
- Contact information: Email address, phone number, country of residence
- Inventory data: Name, gender, age, address
- Applicant data: Cover letter, resume, references, qualifications.
- Usage data: Access times, click rates, viewing habits, web pages visited.
- Technical data / metadata: IP address; registration time; operating system; device type
- Location data: GPS data; WLAN connection data; radio cell interrogation; manual specification.
- Interaction data: Input within the app; responses to surveys; language selection.
- Contract / payment data: Bank details, subject of contract, term, invoices
- Data requiring special protection: biometric data, such as fingerprints and the pattern of the iris; data on ethnic and cultural origin, political, religious and philosophical beliefs, health, sexuality and trade union membership
We retain your personal information only for as long as is necessary to provide the Services or for other necessary purposes. This includes complying with our legal obligations, resolving disputes, and enforcing our terms and conditions and policies. For more detailed information on any purposes, please refer to the sections of this chapter and the "Purposes of Data Processing" chapter.
3.1 Third-party providers and services
3.1.1 Cookies and tracking pixels
Below we would like to draw your attention to some important information:
- You may be assigned cookies and tracking pixels when you use online services.
- "Persistent cookies" are stored permanently, for example, to fill in login information.
- "Session cookies" are stored for the duration of your visit to an online service.
- "First-party cookies" are stored on your device by operators of the online service.
- "Third-party cookies" are predominantly used by advertisers (so-called third parties).
- Data from cookies and similar technologies may be combined with other data.
Furthermore, we would like to inform you about typical uses:
- Identification of your person or your terminal device
- Enabling the access as well as the use of an online offer
- Improvement of products, services and system security
- Statistical measurement of the use of an online offer
- Performance monitoring (including data traffic and loading times)
- Marketing through usage-based advertising
These technologies are used, among other things, by third parties for tracking and tracing (real-time and follow-up) your online activities. Subsequently, your user experience will be personalized according to your wishes and needs by any advertising networks.
220.127.116.11 Technical cookies
18.104.22.168 Functional cookies
Functionally necessary cookies may be used to provide improved, more personal functions and to store information already provided. Areas of application include, for example, the intermediate storage of form entries and language settings as well as the provision of video and audio files.
22.214.171.124 Performance cookies
Performance cookies can be used to improve user-friendliness and performance. Fields of application include the collection of information about the usage patterns of the online offer (including click rates, viewing habits and displayed error messages).
126.96.36.199 Marketing cookies
Statistical, marketing and personalization cookies can be used for marketing and market research purposes. Areas of application include improving targeting, personalizing advertisements, measuring the effectiveness and reach of marketing campaigns, and tracking and tracing across multiple online offerings.
188.8.131.52 Settings for cookies
3.1.2 Social media networks and plugins
To complete our online offer, there is the possibility of using social media and social networks. If we make use of this option, we may be represented online in these social networks. We pursue the purpose of communicating with interested parties and active users as well as informing them about our range of services. When using social networks, a transmission and processing of personal data may take place, for example in the context of third-party cookies and social media plugins used. For this purpose, so-called marketing cookies are normally utilized for market research and advertising purposes and thus potentially for the analysis of your usage behavior. Furthermore, the integration of social media plugins can support us in logging into our app with existing user accounts (single sign-on) or sharing posts and content via these networks, as well as integrating other external media. We would like to point out that through the use of social media services, your data may be stored and processed in third countries in and outside the European Union. In this context, we cannot fully exclude potential risks relating to you from our side. This applies, for example, to the protection and enforcement of user rights.
3.1.3 Cloud computing and software as a service (SaaS)
Software as a Service (SaaS) is a sub-area of cloud computing and describes a licensing and distribution model. SaaS offers the possibility of outsourcing software and associated services. IT service providers or third parties offer an underlying, external IT infrastructure (storage, server, network connection) and platform (operating system, middleware, runtime environment) as well as the software services (applications and data) based on it. Uses include the storage, administration and exchange of e-mails, documents, content and other information as well as the use of websites, forms, calendars, chats and participation in audio and video conferences.
Consequently, transfer and processing of personal data may take place - for example, for the aforementioned purposes of use and potentially associated third-party cookies from IT service providers. Processing may include the storage of master, contact and contract data on external third-party servers. Traditionally, IT service providers collect usage and metadata for security purposes and service optimization. For more detailed information, please see our chapters on data sharing with companies, individuals, institutions, or other recipients and the section for cookies and tracking pixels as well as the data usage policies of the respective SaaS provider.
3.1.4 Tools and widgets
Collectable personal data may include, in particular:
- User data (name, e-mail address, location, language setting, whereabouts)
- Initial launch and app data (version and versions)
- Data on the number of users and sessions (duration and time)
- Technical data, such as information about the end device (operating system, IP address and device type)
- Usage data, such as interactions with the app (content viewed and click-through rates)
The categories of applicable tools are listed below.
184.108.40.206 Technical tools
Technically necessary tools may be used to provide and use our online services. Areas of application include login authentication, language settings, and the storage of other details and information already provided until the next visit to the app.
220.127.116.11 Functional tools
Functionally necessary cookies can be used to provide improved, more personal functions. Areas of application include, for example, the provision of additional communication, presentation and payment channels as well as the optimization of usability.
18.104.22.168 Analysis tools
Analysis tools may be used to further develop our online offering. Areas of application include the statistical collection and analysis of user behavior and the evaluation of various marketing channels.
22.214.171.124 Marketing tools
Marketing tools can be used for advertising and market research purposes. Areas of application include recording customer satisfaction, improving targeting, personalizing advertisements, and measuring the effectiveness and reach of marketing campaigns.
3.1.5 Advertising networks and online marketing
We may process your personal data for the purpose of online marketing (including marketing advertising space or displaying promotional content). As part of the marketing, user profiles may be created and stored in a cookie - alternatively, similar procedures with the same purpose may be used. Details of the profiles may include content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymization) may be used as a security measure for your personal protection. When using online marketing, we generally only receive access to information about the effectiveness of our advertisements and about any conversation rates for the analysis of marketing measures used.
3.2 Communication and marketing
3.2.1 Customer relationship management and contact channels
To maintain our customer relationships, we enable you to contact us as part of our customer relationship management. Contact can potentially be made in various ways, such as by e-mail, telephone, fax, form request or via the social media we use. If you send us an inquiry, your information and data will be used and stored for the purpose of processing and resolving any issues. Please use the contact options offered in our online offers.
126.96.36.199 Instant messenger
Contact initiated through the use of messenger services - for example, via the messengers of established social media networks such as WhatsApp and Facebook Messenger - is conventionally encrypted end-to-end. Your message content and attachments sent to us, as well as any information about personal data, are not directly visible to the operator of the messenger. However, it is possible for the messenger provider to indirectly collect personal data - so-called metadata. The identifier of the sender and the addressee, the date and time, technical device data and location data are possible metadata. If you do not agree to this type of data collection, please use an alternative contact method.
188.8.131.52 Virtual chat assistants
Contact initiation through chat services and virtual chat assistants include text-based automated dialog systems. These information systems allow communication with a technical system via the input and output of a natural language. Chat assistants answer users' questions and concerns vicariously as interactive agents. Problem solutions as well as information about our online offers can thus be provided without waiting times. The collection of personal data is mandatory for the functionality of the online chat. Furthermore, we store and log the content of your conversations via the chat services. The collected data and information can be used to address users personally, to transmit any requested content and problem solutions, to interact with further information systems on behalf of the user if necessary, and also to improve the artificial intelligence of the chat assistance. The latter allows chatbots to learn responses to frequently asked queries and to recognize unanswered queries, so that a personal contact can be suggested. Therefore, if you do not agree with the way the data is collected, please use an alternative contact channel.
We would also like to point out that chatbots can be offered by third parties and therefore the privacy policies of the respective provider apply. Only the respective operators of the virtual assistants have access to the data concerning you and are in a position to implement direct actions and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the chatbot providers. Should problems nevertheless arise, we will of course be happy to provide you with advice and assistance.
184.108.40.206 Push messages
Contact initiations through push messages are one-way communication channels. These messages show you current information as well as news on your end device without opening the associated app. Traditionally, the sign-up for push messages is automatic. If you no longer wish to receive these notifications at a later time, you can use the settings of your mobile device to deactivate them. The accompanying collection of personal data potentially serves advertising and marketing purposes, the processing of location data if messages are sent based on location, and analysis and performance measurement for optimization purposes. Messages may be statistically recorded and analyzed, for example, to identify data on the user's usage habits (including retrieval behavior and display time) and to personalize push messages. Therefore, if you do not agree with the type of data collection, please use an alternative contact channel.
We would also like to point out that push messages may be offered by third-party providers and therefore the privacy policies of the respective provider apply. Only the respective operators of the messages have access to the data concerning you and are in a position to implement direct actions and provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
Contact initiations through newsletters are one-way communication channels. These e-mails may contain regular information and updates about our online offers. A valid e-mail address is required to receive newsletters - thus also processing to send the newsletter - as well as consent and approval for the delivery itself.
For your protection, it is necessary to implement a double opt-in procedure for the receipt of newsletters. To implement the double opt-in process, after a newsletter registration (first opt-in) you will receive another e-mail/SMS to confirm registration (second opt-in), so that misuse of e-mail addresses is prevented. Furthermore, your IP address, date and time of registration and the time of confirmation are recorded for logging the registration process to prevent any misuse.
We as a provider or user of a newsletter service are required to comply with legal obligations in the context of newsletter subscription and thus to support you in protecting your interests when sharing your personal data. Therefore, we commit ourselves in principle to the following security measures:
- Deactivated checkbox for data protection consent including a link to data protection
- Deactivated checkbox for newsletter subscription
- For non-anonymous tracking, unchecked checkbox to consent tracking of the user.
- Use of unique as well as independent checkboxes
- Application of the minimum principle in data collection in the registration form
- No advertising in the confirmation email of the double opt-in procedure
You are not required to provide your personal data during the registration process. However, if you do not provide the required personal data, your subscription may not be processed or not processed completely. Subsequently, your data will be stored for the duration of the newsletter delivery. If the confirmation email does not receive any attention from you, your data will be deleted after a legally reasonable period of time. The span of the aforementioned period takes into account that the sender of the newsletter must observe legal and, if applicable, contractual retention obligations. The processing of the aforementioned data is carried out for the justification, exercise as well as defense of legal claims.
User behavior can be analyzed either specifically or anonymously. The analysis may include, for example, the opening rates of newsletters, the number of clicks on integrated links, the reach or the reading time. We are happy to align the offers and information sent to you with your personal interests and to continuously optimize our content and communication. The implementation of the analysis is done with the help of counting pixels embedded in the newsletters. If you do not want the analysis of usage behavior, you can unsubscribe from the newsletter or deactivate graphics by default in your e-mail program.
We would also like to point out that newsletters may be offered by third-party providers and that the privacy policies of the respective provider therefore apply. Only the respective operators of the newsletters have access to the data concerning you and are in a position to carry out direct action and to provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.2 Affiliate marketing
Affiliate programs and networks can appeal in the context of a recommendation marketing of our online offers. Thus, affiliate links and similar references (including search masks and widgets) may refer to third-party offers and services. In return for the successful marketing of third-party offers - users follow affiliate links or subsequently take up the offers - we receive a commission.
3.2.3 Publication media
In connection with publication media, such as blogs, podcasts or forums, processing of personal data of readers may take place. The processing purpose lies in the presentation and communication between authors and readers or in the context of necessary information security measures.
If the publication medium offers the possibility of leaving contributions, your IP address may be stored for security reasons. If an author publishes illegal content - for example, insults or prohibited political propaganda - the IP address can be used to forward the author's identity to the relevant authorities and ensure self-protection against legal consequences for third-party content. In addition, the processing can be used for spam detection and elimination or, for example, to prevent multiple voting in surveys. It is our legitimate interest to permanently store contributions as well as associated comments including potentially contained information on websites, apps and contact data for the seamless preservation of the publication medium until the user objects.
If the publication medium also offers the option of subscribing to articles and comments, various implementations are conceivable. For example, the subscription can be integrated into the app and additionally linked to push messages or sent as a newsletter to an e-mail address. We ask you to read the sections on newsletters and push messages accordingly, as these may contain relevance for post and comment subscriptions. Please pay particular attention to explanations regarding functions, purposes, data processing and the right of revocation.
Finally, we would like to point out that publication media may be offered by third-party providers and that the data protection guidelines of the respective provider therefore apply. Only the respective operators of the media have access to the data relating to you and are in a position to implement direct actions and provide information, so that we expressly request at this point that any requests for information and assertion of user rights be directed to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.4 Conference platforms
In the context of video and audio conferences, such as webinars, meetings and online workshops, personal data of the conference participants may be processed. The type and scope of processing and the storage period are based on the data requirements of the respective conference and the functions used (including screen sharing, chat, surveys and recording functions) as well as any service optimization and security measures in the context of information security and the law.
We would like to encourage you to also comply with data protection measures when using conference platforms. For the duration of a conference, please note the data and privacy protection in particular in the background of your recordings (including images and involuntary participants) and that unauthorized disclosure of access data to conference rooms is not permitted. Finally, we would like to point out that conference platforms may be offered by third-party providers and therefore the data protection policies of the respective provider apply. Only the respective operators of the platforms have access to the data concerning you and are in a position to take direct action and provide information, so that we expressly request at this point that any requests for information and assertion of user rights be directed to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.2.5 Applicants and candidate pool
A basic requirement of application procedures is the transfer of applicant data for the purpose of assessment, comparison and selection. Depending on the position advertised, we request the information required for the application. We are aware that, among other things, a transfer of particularly sensitive categories of data takes place. Furthermore, we would like to point out that the minimum principle must be applied when transferring data. In addition, please note that application data via e-mail is usually encrypted in transit (end-to-end), but not necessarily on the servers. We can therefore not guarantee secure transmission by e-mail and the associated responsibility. Alternatively, you can apply by mail or online form. If offered, voluntary inclusion in an applicant pool is based on consent. However, participation in an applicant pool has no influence on the current application process and can be withdrawn by you at any time.
For your own security, we delete your personal data in the event of an unsuccessful application or in the event of revocation. The storage period and deletion is also based - subject to a justified revocation - on our legitimate interest (including follow-up questions regarding the application) as well as a legally reasonable period of time to comply with our obligations to provide evidence (including regulations on equal treatment of applicants). Finally, we would like to inform you that recruitment software and platforms as well as services may be used by third-party providers and that the data protection guidelines of the respective provider therefore apply. Only the respective providers have access to the data concerning you and are in a position to carry out direct action and to provide information, so that we expressly ask you at this point to direct any requests for information and assertion of user rights directly to the providers. Should problems nevertheless arise, we will of course be happy to assist you in word and deed.
3.4 Analysis of visitor flows and behavior
In the course of an evaluation of visitor flows to our online offer, your personal data may be collected and analyzed. Among other things, behavior, interests and demographic information are analyzed. The analysis produces insights into when our offers and its functions or content are most frequently used and which areas require optimization. As part of the analysis, user profiles may be created (profiling) and stored in a cookie - alternatively, similar procedures with the same purpose may be used. Details of the profiles may include, for example, content viewed, location data and technical details of the end device. Furthermore, your IP address may be stored and a so-called IP masking procedure (shortening of the IP address for pseudonymization) may be used as a security measure for your personal protection.
4. overview and listing of (third-party) providers and services
Details & Explanation
1. general information about the processing of your data
1.11 Provision of our services
3. collection and analysis of personal data
3.1 Third-party providers and service
3.3 Communication and marketing
3.4 Analysis of visitor flows and behavior
This glossary provides you with an overview of the most important and central terms used in this data protection declaration and also contains explanations for you. Below you will find an alphanumeric list of all relevant explanations of terms:
"Processor" means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
"Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
"Special categories of personal data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data uniquely identifying a natural person, health data, or data concerning a natural person's sex life or sexual orientation.
A "cookie" is a small file containing a string of characters that is sent to your terminal device when you visit a website or app. The next time you visit the online offer, it can recognize your end device on the basis of the cookie. Cookies can store user settings and other information. Your device can be configured to reject all cookies separately. Some services of our online offer may not be fully functional without cookies.
"Third party" means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
"Recipient" means a natural or legal person, public authority, agency or other body to whom Personal Data is disclosed.
"IP address" is assigned as a number to each device that is connected to the Internet. This is called an Internet Protocol (IP) address. These numbers are usually assigned in blocks that are associated with specific geographic areas. The IP address can often be used to identify the location from which the device connects to the Internet.
"Personal data" means any data and information relating to an identified or identifiable natural person ("data subject"). A natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation performed with or without the aid of automated procedures in relation to personal data, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction and erasure.
"Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.