Privacy policy

Data protection declaration

1. First of all …

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified.

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the controller” in this data protection declaration.

How do we collect your data?

Some of your data is collected when you provide it to us. This could be data entered, say, in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure the fault-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have consented to data processing, you are able to revoke this consent at any time with future effect. Furthermore, you have the right, under specific circumstances, to demand the restriction of processing of your personal data. In addition, you have the right to make objection to the responsible supervisory authority.

For any further data protection questions in this regard, you are welcome to contact us.

Analytics tools and tools from third parties

When you visit this website, statistical evaluation of your surfing behaviour may be carried out. This takes place above all using “analytics” programs.

You can find detailed information on these analytics programs in the below data protection declaration.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

External hosting

This website is hosted externally. The personal data recorded on this website are stored on the host or hosts’ servers. These may include IP addresses, contact requests, metadata, communications data, contractual data, names, website access logs and other data generated through the use of a website.

External hosting takes place for the purpose of contractual fulfilment towards our existing and potential clients (art. 6 para. 1 (b) GDPR) and in the interest of ensuring the secure, rapid and efficient provision of online services through a professional provider (art. 6 para. 1 (f) GDPR). Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Our host(s) will only process your data to the extent necessary to fulfil their performance obligations and will follow our instructions in relation to such data.

We use the following host(s):

Kinsta, Kinsta Inc.
8605 Santa Monica Blvd #92581
West Hollywood, CA 90069
USA
www.kinsta.com

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. In this process, the transfer of information between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyse traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may also use cookies or other technologies to recognise internet users; these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as free from errors and as securely as possible (art. 6 para. 1 (f) GDPR).

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/.

You can find more information about security and data protection at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google Cloud CDN

We use the Google Cloud CDN content delivery network. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google offers a globally distributed content delivery network. In this process, the transfer of information between your browser and our website is technically routed via Google’s network. This allows us to increase the global accessibility and performance of our website.

The use of Google Cloud CDN is based on our legitimate interest in providing our website as free from errors and as securely as possible (art. 6 para. 1 (f) GDPR).

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

You can find more information about Google Cloud CDN here: https://cloud.google.com/cdn/docs/overview?hl=de.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

3. General and required information

Data protection

The operator of these pages takes the protection of your personal data very seriously. We handle your personal data confidentially, in accordance with the legal data protection requirements and this data protection declaration.

If you use this website, various forms of personal data will be collected. Personal data are all data with which you can be personally identified. The below data protection declaration explains which data we collect and what we use them for. It also explains how and for what purposes this occurs.

We would like to make it clear that data transmission via the Internet (e.g. through email communication) can be open to security breaches. Flawless protection of data from third-party access is not possible.

Information about the controller

The body responsible for data processing on this website is:

Gründermotor GmbH
Lautenschlager Str. 16
70173 Stuttgart
https://gruendermotor.io/
Email: hi[at]gruendermotor.io

The controller is the natural or legal person who, alone or with others, decides the purposes and means of processing of personal data (e.g. name, email addresses or similar).

Duration of storage

If no special duration of storage is named in this data protection declaration, your personal data will continue to be stored by us until the purpose of their processing no longer applies. If you wish to exercise a legitimate right to erasure or revoke consent to data processing, your data will be deleted if we have no other legally permissible reason to continue to store it (e.g. deadlines set in tax or commercial law); in the latter case, deletion will take place once these reasons are no longer in place.

If you have consented to data processing, we will process your personal data on the basis of art. 6 para. 1 (a) GDPR or art. 9 para. 2 (a) GDPR if special categories of data are processed in accordance with art. 9 para. 1 GDPR. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of art. 49 para. 1 (a) GDPR. If you have consented to the storage of cookies or to the access to information in your terminal device (e.g. via device fingerprinting), the data processing is also carried out on the basis of Section 25 (1) TTDSG. Consent can be withdrawn at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of art. 6 para. 1 (b) GDPR. Furthermore, we will process your data if this is necessary for the fulfilment of a legal obligation on the basis of art. 6 para. 1 (c) GDPR. The data processing may also be based on our legitimate interest pursuant to art. 6 para. 1 (f) GDPR. Information on the relevant legal basis in each individual case is provided in the following clauses of this data protection declaration.

Data protection officer

We have appointed a data protection officer. They can be reached by email at hi[at]gruendermotor.io.

Note on data transfer to the USA and other third countries

Some of the tools we use come from companies based in the USA or other third countries that are not considered secure under data protection law. When these tools are active, your personal data may be transferred to and processed in these third countries. We would like to point out that no level of data protection comparable to that provided in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for surveillance purposes. We have no influence on these processing activities.

Many data processing measures are only possible with your express consent. You can withdraw consent once given at any time. The legality of the data processing that took place up to the point of withdrawal is unaffected by this.

Right of objection to data processing in special cases and against direct marketing (art. 21 GDPR)

IF DATA PROCESSING TAKES PLACE ON THE BASIS OF ART. 6 PARA. 1 (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR REASONS ARISING FROM YOUR PERSONAL SITUATION; THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. THE LEGAL FOUNDATIONS ON WHICH EACH FORM OF PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU REGISTER AN OBJECTION WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS: WE CAN DEMONSTRATE COMPELLING REASONS FOR SUCH PROCESSING THAT DEMAND THE PROTECTION OF THE LAW AND WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS; OR IF SUCH PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION AS PER ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THEIR PROCESSING FOR SUCH PURPOSES; THIS ALSO APPLIES TO PROFILING INASMUCH AS IT IS CONNECTED WITH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION AS PER ART. 21 PARA. 2 GDPR).

Right to complain to the responsible regulatory authority

In the case of infringements of the GDPR, the data subject has the right to complain to a regulatory authority, particularly one in the member state of their ordinary residence, place of work or in the place of the alleged infringement. The right to complain exists without prejudice to any other administrative or judicial remedy,

Right to data portability

You have the right to receive or have provided to a third party the data that we process with your consent or automatically in the fulfilment of contracts in a structured, commonly used and machine readable format. If you demand the direct transfer of the data to another controller, this will only take place if technically possible.

Information, correction and erasure

Within the framework of the valid legal prescriptions, you have the right to obtain information at any time and free of charge about the data stored relating to you, its origins and recipients and the purpose of the data processing. You also have the right, as applicable, to rectification or erasure of these data. For any further personal data questions in this regard, you are welcome to contact us.

Right to restriction of processing

You have the right to demand the restriction of the processing of your personal data. You can contact us at any time in this regard. You have the right to restriction of processing in the following instances:

  • If you dispute the correctness of your personal data that we store, we will usually need time to check this. For the duration of this checking process, you have the right to demand the restriction of processing of your personal data.
  • If the processing of your personal data has occurred / is occurring unlawfully, you are able to request, instead of the deletion of your data, the restriction of its processing.
  • If we no longer need your personal data but you do for the establishment, exercise or defence of legal claims, you have the right to demand the restriction of processing instead of erasure.
  • If you have lodged an objection as per art. 21 para. 1 GDPR, a process must take place to balance your interests and our own. As long as it is unclear whose interests are overriding, you have the right to demand the restriction of processing of your personal data.

If you have restricted the processing of your personal data, these data will only be processed – excluding storage – with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for urgent reasons of public interest within the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or queries sent to us as the operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the address bar, which will change in your browser from “https://” to “https://”, while a lock symbol appears.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

4. Data collection on this website

Cookies

Our internet sites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your end device. They are either stored temporarily, for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you yourself delete them or they are automatically deleted by your browser.

Cookies can originate from us (“first-party” cookies) or from third-party companies (“third-party” cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g. cookies for processing payment services).

Cookies have varying functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process (necessary cookies), to provide certain functions that you have requested (e.g. the shopping cart function) or to optimise the website (e.g. cookies to measure web audience) are stored on the basis of art. 6 para. 1 (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically flawless and optimised provision of services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG); consent can be revoked at any time.

You can set your browser so that you are informed about the storage of cookies and only allow them in individual cases, can exclude them in particular cases or in general and can activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website can be restricted.

You can find out which cookies and services are used on this website in this privacy policy.

This website uses a cookie consent tool to obtain effective user consent for cookies and cookie-based applications that require consent. Through the integration of a corresponding JavaScript code, users are shown a banner when they access the page, in which they can give their consent to certain cookies and/or cookie-based applications by ticking the appropriate box. In this case, the tool blocks the placement of all cookies requiring consent until the user gives such consent by ticking the corresponding box. This ensures that such cookies are only set on the user’s device if consent has been granted.

In order for the cookie consent tool to be able to clearly assign page views to individual users and to individually record, log and store the consent settings made by the user for the duration of a session, certain user information (including the IP address) is collected when our website is opened by the cookie consent tool, transmitted to the tool provider’s server and stored there.

The legal basis for the data processing described here is art. 6 para. 1 (c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-necessary cookies dependent on the user’s consent in each case.

We have concluded a processing contract with the provider, obliging it, among other things, to protect the data of visitors to our website and not to pass it on to third parties.

Service used and service provider:

Webtoffee c/o Mozilor Limited
10 Paxton Cres, Shenley Lodge
Milton Keynes MK5 7PY
United Kingdom
https://www.webtoffee.com/product/gdpr-cookie-consent/

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of the pages collects and automatically stores information in so-called server log files, transmitted automatically to us by your browser. These include:

  • browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • time of the server request
  • IP address

No collation of these data with other sources is carried out.

The recording of these data takes place on the basis of art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in the fault-free presentation and optimisation of the website. To this end, server logfiles must be collected.

Contact form

If you send queries to us via a contact form, your information from the contact form, including the contact data you enter there, will be stored by us for the purpose of processing the query and in case subsequent questions arise. We will not transfer these data without your consent.

The processing of these data takes place on the basis of art. 6 para. 1 (b) GDPR, if your query is connected with the fulfilment of a contract or the execution of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (art. 6 para. 1 (f) GDPR) or on your consent (art. 6 para. 1 (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data entered by you in contact forms remain with us until you request their deletion, withhold consent to their storage or until the purpose of data storage is no longer present (e.g. when your query has been completely processed). Mandatory legal prescriptions – in particular, limits of retention – remain unaffected.

Contact by email, telephone or fax

If you contact us by email, telephone or fax, you enquiry, including all resulting personal data (name, query) will be stored and processed by us for the purpose of answering your request. We will not transfer these data without your consent.

The processing of these data takes place on the basis of art. 6 para. 1 (b) GDPR, if your query is connected with the fulfilment of a contract or the execution of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (art. 6 para. 1 (f) GDPR) or on your consent (art. 6 para. 1 (a) GDPR) if this has been requested; the consent can be revoked at any time.

The data sent to us by you in the course of contact requests remain with us until you request their deletion, withhold consent to their storage or until the purpose of data storage is no longer present (e.g. when your request has been completely processed). This in no way prejudices any mandatory legal prescriptions – in particular, legal limits of retention.

Typeform

We have Typeform integrated in this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter Typeform).

Typeform allows us to create online forms and embed them on our website. The data you enter in our Typeform forms will be stored on Typeform’s servers until you request us to delete it, revoke any consent you have given to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal prescriptions – in particular, limits of retention – remain unaffected.

The use of Typeform is based on art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in functional online forms. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Registration on this website

You can register on this website to use additional features of the site. We use the data thus entered only for the purpose of providing usage of a specific offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse registration.

In case of important changes, for example to the scope of the offer, or technically necessary changes, we will use the email address provided during registration to provide you with information.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (art. 6 para. 1 (b) GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. This does not prejudice any other legal retention requirements.

5. Social media

Our social media presences

This privacy policy applies to the following social media sites

Data processing by social networks

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.

Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. “like” buttons or advertising banners). Visiting our social media sites triggers numerous processing operations relevant to data protection. To be specific:

if you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown personalised advertising inside and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising may be displayed on all devices on which you are or have been logged in.

Please also note that we are not able to track all processing by social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are designed to ensure the broadest possible presence on the internet. This is a legitimate interest within the meaning of art. 6 para. 1 (f) GDPR. The analytical processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of art. 6 para. 1 (a) GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (to information, correction, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Duration of storage

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data which is kept by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Your rights

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to object, the right to data portability and the right to complain to the competent supervisory authority. Furthermore, you can request the correction, blocking, erasure and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the data collected is also transferred to the USA and other third countries.

We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies the data processing operations for which we or Meta are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

For details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.

Social media plugins

Instagram

Instagram functions are integrated on this website. These functions are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your terminal device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

Insofar as consent has been obtained, the above-mentioned service is used on the basis of art. 6 para. 1 (a) GDPR and § 25 TTDSG. Consent can be withdrawn at any time. Unless consent has been obtained, the use of the service is based on our legitimate interest in being as visible as possible on social media.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the transfer is not subject to joint control. The obligations incumbent on us jointly have been set out in a joint processing agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for implementing the tool on our website in a manner that is secure from a data protection perspective. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For more information, please see Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

6. Analytics tools and advertising

Pipedrive

We use Pipedrive for our CRM. The provider is Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia, website: https://www.pipedrive.com/de (hereinafter referred to as Pipedrive).

Among other things, Pipedrive allows us to manage existing and potential customers, as well as customer contacts. With the help of Pipedrive, we’re able to capture, sort, and analyze customer interactions via email, social media, or phone across multiple channels.

No website visitor data is automatically transferred to Pipedrive’s CRM. Rather, we ourselves enter data of interested parties (including website visitors) into the system in the cloud, which they have provided to us themselves via various channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). For such marketing activities, a separate consent is obtained in the collection form, which can be revoked by the data subject at any time.

The use of Pipedrive is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in the most efficient customer management and customer communication possible. Consent for this is not required in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TTDSG.

Pipedrive’s privacy policy can be found at https://www.pipedrive.com/en/privacy. Further information on Pipedrive’s data protection-compliant processing can be found at https://support.pipedrive.com/de/article/pipedrive-and-gdpr.

Order processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

Matomo

This website uses the open source web analytics service Matomo.

With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, which page views are made when and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analytics tool takes place on the basis of art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both the web presence and any advertising carried out. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

IP anonymisation

We use IP anonymisation for analysis with Matomo. Your IP address is truncated before analysis so that it can no longer be clearly assigned to you.

Cookieless analysis

We have configured Matomo so that it does not store cookies in your browser.

Hosting

We host Matomo with the following third-party provider:

Kinsta (see “Host”)

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

7. Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. If further data are collected it will be on a purely voluntary basis. We use newsletter service providers, which are described below, to process the newsletters.

Mailchimp

This website uses the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

Mailchimp is a service with which, among other things, the sending of newsletters can be organised and analysed. If you enter data for the purpose of receiving the newsletter (e.g. email address), this data will be stored on Mailchimp’s servers in the USA.

With the help of Mailchimp we can analyse our newsletter campaigns. When you open an email sent with Mailchimp, a file contained in the email (so-called web beacon) connects to Mailchimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not want any analysis by Mailchimp, you must unsubscribe from the newsletter. We provide a link that lets you do this in every newsletter we mail.

The data processing thus takes place on the basis of your consent (art. 6 para. 1 (a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legality of data processing that has already taken place is unaffected by this revocation.

The data you provide us for the purposes of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe and deleted from the mailing list at this point. Data stored by us for other purposes are not affected by this.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://mailchimp.com/eu-us-data-transfer-statement/ and https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. Data from the blacklist are only used for these purposes and are not collated with other data. This serves both your and our interests, including our interest in compliance with legal requirements for the mailing of newsletters (legitimate interest as per art. 6 para. 1 (f) GDPR). Placement on the blacklist is not time-limited. You can object to your being placed on it if your interests override our legitimate interest.

For more details, please refer to Mailchimp’s privacy policy at: https://mailchimp.com/legal/terms/.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

8. Plugins and tools

YouTube

This website embeds videos from the website YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to YouTube’s servers is established. Through this, YouTube is informed of which of our pages you have visited.

Furthermore, YouTube may store various cookies on your terminal device or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can collect information on the visitors to this site. These data are used e.g. to record video statistics, improve user-friendliness and prevent attempted fraud.

If you are logged into your own YouTube account, YouTube is able to assign your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube takes place in the interests of presenting our online content attractively. This represents a legitimate interest in the sense of art. 6 para. 1 (f) GDPR. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

For further information on the handling of user data, please refer to YouTube’s privacy policy at: https://policies.google.com/privacy?hl=de.

Vimeo

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages equipped with a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. In addition, Vimeo obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.

If you are logged into your Vimeo account, you enable Vimeo to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or comparable recognition technologies (e.g. device fingerprinting) to recognise website visitors.

The use of Vimeo is in the interest of ensuring an appealing presentation of our online provision. This constitutes a legitimate interest within the meaning of art. 6 para. 1 (f) GDPR. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.

For further information on the handling of user data, please refer to Vimeo’s privacy policy at: https://vimeo.com/privacy.

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google fonts are installed locally. No connection to the Google servers takes place here.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Font Awesome (local hosting)

This site uses Font Awesome for the uniform display of fonts. Font Awesome is installed locally. A connection to servers belonging to Fonticons, Inc. does not take place.

For more information on Font Awesome, please see the Font Awesome Privacy Policy at: https://fontawesome.com/privacy.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not made aware that an analysis is taking place.

The storage and analysis of the data is based on art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and from spam. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

For more information about Google reCAPTCHA, please see the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Zapier

We have integrated Zapier on this website. The provider is Zapier Inc, Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter Zapier).

Zapier allows us to link various functionalities, databases and tools to our website and synchronise them with each other. In this way, it is possible, for example, to automatically feed out content that we publish on our website on our social media channels or to export content from marketing and analysis tools. Depending on the functionality, Zapier can also collect various personal data.

The use of Zapier is based on art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in integrating the tools used as effectively as possible. Where corresponding consent has been requested, the processing is carried out exclusively on the basis of art. 6 para. 1 (a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://zapier.com/tos.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

9. Audio and video conferencing

Data processing

For communication with our clients, we use online conference tools, among other things. The tools we use are listed in detail below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). In addition, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “contextual information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for the handling of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is exchanged, uploaded or otherwise made available within the tool, this is also stored on the servers of the tool providers. Such content includes, but is not limited to, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the Service.

Please note that we do not have full control over the data processing operations carried out by the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (art. 6 para. 1 (b) GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of art. 6 para. 1 (f) GDPR). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with future effect.

Duration of storage

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory statutory retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conference tools:

Zoom

We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.

Data transfer to the USA is founded on the standard contractual clauses of the EU Commission. Details can be found here: https://zoom.us/de-de/privacy.html.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

10. Own services

Handling user data

We offer you the opportunity to apply to us (e.g. by email, post or an online application form). In the following, we inform you about the extent, purpose and use of your personal data as collected during the applications process. We ensure that the collection, processing and use of your data take place in accordance with the data protection law in force and all further legal prescriptions and that your data are treated in the highest confidence.

Extent and purpose of data collection

If you send us an application, we process the connected data (e.g. contact and communications data, application documents, notes taken during applicant interview etc.) insofar as is necessary to make decisions about the foundation of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), art. 6 para. 1 (b) GDPR (general contract initiation) and – if you have given your consent – art. 6 para. 1 (a) GDPR. Consent can be withdrawn at any time. Your personal data are exclusively transmitted within our company to persons involved in the processing of your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and art. 6 (1) (b) GDPR for the purpose of implementing the employment relationship.

Duration of data retention

If we do not make you an offer, you decline an offer or retract your application, we reserve the right to continue to store the data you transferred to us on the basis of our legitimate interest (art. 6 para. 1 (f) GDPR) up to 6 months from the termination of the application process (retraction or rejection of application). Subsequently, the data will be deleted and the physical application documents destroyed. Storage takes place in particular to provide evidence in case of legal disputes. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for continued storage no longer applies.

Longer retention can take place if you give corresponding consent (art. 6 para. 1 (a) GDPR) or if legal retention limits oppose deletion.

Google Drive

We have integrated Google Drive on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive allows us to include an upload area on our website where you can upload content. When you upload content, it is stored on Google Drive servers. When you enter our website, a connection to Google Drive is also established so that Google Drive can determine that you have visited our website.

The use of Google Drive is based on art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in a reliable upload area on his website. If suitable consent has been requested, processing takes place solely on the basis of art. 6 para. 1 (a) GDPR; consent can be withdrawn at any time.

Data processing

We have concluded a data processing contract (German acronym: AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this company only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Lust auf etwas Neues?

Dann schau dich in unserem neuen Jobportal um.

Zum Jobportal