Privacy policy: Status August 2020

Definitions

This data protection declaration is based on the terms used by the European legislator for directives and re-gulations when the Basic Data Protection Regulation (DSGVO) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

• Personal data: Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particu-lar by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data Subject: any identified or identifiable natural person whose personal data are processed by the controller.
• Processing: Processing is any operation or set of operations, performed upon personal data, whether or not by automatic means, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, ret-rieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of restricting their future proces-sing.
• Profiling: profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, where-abouts or movements of that natural person.
• Pseudonymization: Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional in-formation is stored separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
• Controller or data controller: Controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the pur-poses and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
• Processor: a processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient: a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whe-ther or not that person is a third party. However, public authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients
• Third party: third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the pro-cessor, are authorized to process the personal data concerned.
• Consent: Consent means any freely given expression of will by the data subject in an informed and unambiguous man-ner for the particular case, in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.

Collection of general information when visiting our website

Nature and purpose of the processing:

When you access our website, i.e. when you do not register or otherwise provide information, information of a general nature is automatically collected. This information (server log files) includes, for example

• the browser types and versions used,
• the operating system used by the accessing system,
• the website from which an accessing system accesses our website (so-called Refe-rrer),
• the sub-websites, which are accessed via an accessing system on our website,
• the date and time of access to the website,
• Name and URL of the retrieved file,
• an Internet Protocol (IP) address of the,
• Date and time of access,
• the Internet service provider of the accessing system and
• other similar data and information which serve to avert danger in the event of attacks on our informa-tion technology systems.

They are processed in particular for the following purposes:

• Ensuring that the website can be connected without problems,
• Ensuring a smooth use of our website,
• Evaluation of system security and stability and
• for further administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind will be statistically evaluated by us, if necessary, in order to optimize our Internet presence and the technology behind it.

Legal basis

Legal basis The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate inte-rest in improving the stability and functionality of our website. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipient:

Recipient: Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Storage period:

Storage period: The data is deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website, when the respective session has ended.

Provision is required or necessary:

Provision prescribed or necessary: The provision of the above-mentioned personal data is not required by law or contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For these reasons, an objection is excluded.

Passing on of data

Your personal data will only be transferred to third parties for purposes other than those listed below if

• you have given your express consent in accordance with Art. 6 para 1 lit. a DSGVO,
• The disclosure pursuant to Art. 6 para. 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a predominant interest worthy of protection in not disclosing your data,
• • In the event that there is a legal obligation for disclosure under Art. 6 para. 1 lit. c DSGVO, and
• • This is legally permissible and according to Art. 6 para. 1 lit. b DSGVO for the processing of contrac-tual relations with you is required.

Legal or contractual regulations for the provision of personal data; necessity for the conclusion of the contract; obligation of the person concerned to provide the personal data; possible consequences of not pro-viding the data.

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. details of the contractual partner). Sometimes it may be necessary for the conclusion of a contract for a person concerned to provide us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded. Before the person concerned makes personal data available, he or she must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

Contact form

Nature and purpose of the processing:

Nature and purpose of the processing: The data entered by you will be stored for the purpose of individual communication with you. For this purpo-se, a valid e-mail address and your name are required. This serves to assign the inquiry and to answer it afterwards. The specification of further data is optional.

Legal basis

Legal basis: The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO).

By providing the contact form, we would like to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing your inquiry and for possible follow-up questions.

If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6 para. 1 lit. b DSG-VO).

Recipient:

Recipient: Recipients of the data may be contract processors .

Storage period:

Storage period: Data will be deleted at the latest 6 months after processing the request.

If a contractual relationship is established, we are subject to the statutory retention periods under the Ger-man Commercial Code (HGB) and delete your data after these periods have expired.

Provision is required or necessary:

Provision prescribed or necessary: The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, your e-mail address and the reason for the inquiry.

Cookies

Nature and purpose of the processing:

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website.

This enables us to obtain certain data such as IP address, browser used and operating system.

Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information con-tained in cookies to make navigation easier for you and to enable our web pages to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data wit-hout your consent.

Of course, you can always view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser. Please use the help function of your internet browser to find out how to change these settings. Please use the help function of your internet browser to find out how to change these settings Please note that some functions of our website may not work if you have deactivated the use of cookies.

Legal basis

Legal basis: The legal basis for the use of cookies is our legitimate interest (Art. 6 para. 1 lit. f DSGVO).

Storage period and cookies used:

If your browser settings or consent allow us to use cookies, the following cookies may be used on our websi-tes:

• displayCookieConsent
• wordpress_logged_in_49a0aa2495964e2997fd0368af40540f
• wordpress_sec_49a0aa2495964e2997fd0368af40540f
• wordpress_test_cookie
• wp-settings-3
• wp-settings-time-3
• wp-wpml_current_language

Insofar as these cookies (also) can (also) affect personal data, we will inform you about this in the following sections.

You can delete individual cookies or the entire cookie inventory via your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE

Provision is required or necessary:

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, com-pletely disabling cookies may mean that you will not be able to use all the features of our website.

Fanpage on Facebook

Our company operates within the social network “Facebook” (operated by: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) a so-called fan page.

Since the operation of the fan page is a joint responsibility (Art. 26 DS-GVO) between Facebook Ireland Ltd. and our company in terms of data protection law, a corresponding agreement was concluded with Facebook Ireland Ltd., which you can view under the following link: https://www.facebook.com/legal/terms/page_Controller_addendum.

https://www.facebook.com/legal/terms/page_Controller_addendum.

When you use Facebook products, such as our fan page, Facebook collects and uses the information descri-bed in its “Data Policy” under “What types of information do we collect?

Facebook’s “Data Policy” can be found online at:https://www.facebook.com/about/privacy/update.

Information about the cookies used by Facebook can be found in the Facebook cookie policy: https://www.facebook.com/policies/cookies/.

For fan pages, Facebook provides fan page operators with statistics and insights that help them gain insight into the types of actions people take on their pages (“Page Insights”).

Our company has no control over the collection of these statistics and insights by Facebook. According to Facebook, Page Insights are designed to show important trends without providing details about them that could identify you.

According to Facebook, fan page operators may be able to associate your profile picture with your fan page “Like” information if you have marked the fan page as “Like” and set your “Like” information for Pages to “Public.

Addition Facebook Page Insights

Information used for page insights

• Call up a page or an amount or a video from a page
• subscribe or unsubscribe to a page
• mark a page or post with “I like” or “I no longer like”.
• recommend a page in a post or comment
• comment, share or react to a page post (including the type of reaction)
• hide a page contribution or report it as spam
• click on a link from another page on Facebook or from a website outside of Facebook that leads to the page
• move the mouse over the name or profile picture of a page to see a preview of the page contents
• click on the website, phone number, “Plan route” button or any other button on a page
• whether you are logged in via a computer or mobile device while visiting or interacting with a site or its content

Responsibility for your information used to create page views

Site Insights provided for a Site may require the processing of personal data that falls under the protection of the European Data Protection Regulation (or “DS Regulation”). The DS Block Exemption Regulation applies to the processing of such data if, for example, you live in an area where Facebook Ireland provides Facebook products. In that case, Facebook Ireland and our company may be jointly responsible for your data collected in connection with a visit to or interaction with a site (including its content) if the data is processed for site insights. In this case the following applies to processing under joint responsibility:

• Facebook Ireland and our company have entered into an agreement which sets out their respective obligations under the DS Block Exemption Regulation. https://www.facebook.com/legal/terms/page_Controller_addendum.
• Facebook Ireland and our company have agreed that Facebook’s primary responsibility is to provide you with information about the joint processing and to enable you to exercise your rights under the DS Block Exemption Regulation. In accordance with the DS-GVO, you have the right of access, cor-rection, transferability and deletion of your data, as well as the right to object to the processing of y-our data and to restrict processing. You can find out more about these rights in your Fa-cebook set-tings.
• • Facebook Ireland and our company have agreed that the Irish Data Protection Commission is the au-thority responsible for overseeing the processing under joint responsibility. You have the right to file a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or your local regu-lator.

This privacy information is based on the text provided by Facebook Ireland.

Instagram

Our company operates within the social network “Instagram” (operated by: Facebook Ire-land Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) a so-called Instagram account.

Since the operation of the Instagram account is a joint responsibility (Art. 26 DS-GVO) between Facebook Ireland Ltd. and our company, a corresponding agreement was concluded with Facebook Ireland Ltd:

https://www.facebook.com/legal/terms/page_Controller_addendum.

When you use Facebook products, such as our Instagram Page, Facebook collects and uses the information described in its “Data Policy” under “What types of information do we collect?

Facebook’s “Data Policy” for Instagram can be found online at: https://help.instagram.com/519522125107875?helpref=page_content

For information about the cookies used by Facebook, please refer to the Facebook cookie policy: https://www.facebook.com/policies/cookies/.

For fan pages, Facebook provides fan page operators with statistics and insights that help them gain insight into the types of actions that people take on their pages (“Page Insights”).

Our company has no control over the collection of these statistics and insights by Facebook. According to Facebook, Page Insights are designed to show important trends without providing details about them that could identify you.

According to Facebook, fan page operators may be able to associate your profile picture with your fan page “Like” information if you have marked the fan page as “Like” and set your “Like” information for Pages to “Public.

XING

We operate an account of the social media network Xing, the company Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany. These features allow you to share content on Xing directly via our website, log in via Xing or follow interesting content. When you visit the website, data can be transmitted to the “Xing servers”, stored and evaluated.

What is Xing?

Xing is a social network with its headquarters in Hamburg, Germany. The company specializes in the ma-nagement of professional contacts. That means, unlike other networks, Xing is primarily about professional networking. The platform is often used for job search or to find employees for your own company. Beyond that Xing offers interesting content to different vocational topics. The global counterpart is the American com-pany LinkedIn.

What data is stored by Xing?

Xing offers the Share button, Follow button and Log-in button as a plug-in for websites. As soon as you open a page where a social plug-in from Xing is installed, your browser connects to servers in a data center used by Xing. In the case of the Share button, according to Xing, no data should be stored that could derive a direct reference to a person. In particular, Xing does not store any IP address of yours. Furthermore, no cookies are set in connection with the Share button. Therefore, no evaluation of your user behavior will take place. You can obtain further information about this at https://www.xing.com/app/share%3Fop%3Ddata_protection.

As soon as you log in to Xing or become a member, further personal data will definitely be collected, proces-sed and stored. Xing also passes on personal data to third parties if this is necessary for the fulfillment of its own business purposes, if you have given your consent or if there is a legal obligation.

Legal basis

The legal basis for the processing of personal data and the associated data transfer to Xing is your consent (Art. 6 para. 1 lit. a DSGVO).

Storage period:

Xing stores the data on different servers in different data centers. The company stores this data until you delete the data or until a user account is deleted. Of course, this only affects users who are already Xing members.

Recipient:

The recipient of the data is Xing and, if applicable, the processor of the order.

How can I delete my data or prevent data storage?

You have the right to access and delete your personal data at any time. Even if you are not a Xing member, you can use your browser to prevent possible data processing or manage it according to your wishes. Most data is stored via cookies. Depending on the browser you have, the administration works slightly differently. The instructions for the most common browsers can be found here:

You can also configure your browser so that you are always informed when a cookie is about to be set. Then you can always decide individually whether you want to accept the cookie or not.

At https://privacy.xing.com/de/datenschutzerklaerung you can learn more about the data processing of the social media network Xing.

Notification of changes

Changes in the law or changes in our internal processes may make it necessary to adapt this privacy state-ment.

In the event of such a change, we will notify you at least six weeks before it takes effect. In general (No. 6) you have a right of revocation with regard to the consents you have given.

Please note that (unless you exercise your right of revocation) the current version of the Privacy Policy is the valid version.

Update/deletion of your personal data

Changes in the law or changes in our internal processes may make it necessary to adapt this privacy state-ment.

In the event of such a change, we will notify you at least six weeks before it takes effect. In general (No. 6) you have a right of revocation with regard to the consents you have given.

Please note that (unless you exercise your right of revocation) the current version of the Privacy Policy is the valid version.

Rights of data subjects

Every data subject shall have the right, granted by the European directive and regulation maker, to obtain from the controller confirmation as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she can contact our data protection officer or another employee of the data controller at any time.

Any person concerned by the processing of personal data has the right, granted by the European directive and regulation, to obtain at any time, free of charge, from the controller, information about the personal data relating to him or her stored and a copy of this information (Art. 15 DSGVO). In addition, the European legislator has provided the data subject with the following information:

• the processing purposes
• the categories of personal data processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
• the existence of a right to the rectification or erasure of personal data concerning him or her or to the limitation of the processing carried out by the controller or of a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: All available information on the origin of the data
• the existence of automated decision making, including profiling, in accordance with Art. 22 para. 1 and 4 DSGVO and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject

The data subject also has the right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.

In accordance with Art. 77 of the DSGVO, you have the right to complain to a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or work.

If a data subject wishes to exercise this right to information, he or she can contact our data protection officer or another employee of the data controller at any time.

Any person concerned by the processing of personal data has the right granted by the European directive and regulation to demand the immediate rectification of incorrect personal data concerning him or her (Art. 16 DSGVO). Furthermore, the data subject shall have the right, having regard to the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary statement.

If a data subject wishes to exercise this right of rectification, he or she can contact our data protection officer or another employee of the data controller at any time.

Any person concerned by the processing of personal data has the right granted by the European directive and regulation to require the controller to delete the personal data concerning him without delay (Art. 17 DSGVO), if one of the following reasons applies and if the processing is not necessary:

• The personal data have been collected for such purposes or processed in any other way for which they are no longer necessary.
• The data subject shall revoke his consent to the processing pursuant to this Article Art. 6 para. 1 letter a) DSGVO or Art. 9 Para. 2(a) DSGVO and there is no other legal basis for the processing.
• The person concerned shall create a Art. 21 para. 1 DSGVO, and there are no overriding legitimate reasons for the processing, or the data subject submits an objection to the processing in accordance with Article 1 DSGVO. Art. 21 para. 2 DSGVO lodges an objection against the processing.
• Personal data have been processed unlawfully.
• The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
• The personal data have been processed in relation to information society services offered in accordance with Article 5(1) of the Directive. Art. 8 para. 1 DSGVO.

If one of the above reasons applies and a person concerned wishes to have personal data stored by us deleted, he or she can contact our data protection officer or another employee of the data controller at any time. Our data protection officer or another employee will ensure that the request for deletion is complied with immediately.

If the personal data were made by us and our enterprise is responsible as responsible person in accordance with Art. 17 Para. 1 DSGVO, we shall take reasonable measures, including technical measures, to inform other data controllers who process the published personal data that the data subject has requested the deletion of all links to such personal data or copies or replications of such personal data from such other data controllers, insofar as such processing is not necessary, taking into account the available technology and implementation costs. Our data protection officer or another employee will take the necessary steps in individual cases.

Any person data subject to the processing of personal data has the right, granted by the European directive and regulation, to request the controller to limit the processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject for a period of time which allows the data controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defence of legal claims.
• The data subject has lodged an appeal against the processing pursuant to Art. 21 para. 1 DSGVO and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the data subject.

If one of the above conditions is met and a person concerned wishes to request the restriction of personal data stored by us, he or she can contact our data protection officer or another employee of the data controller at any time. Our data protection officer or another employee will arrange for the processing to be restricted.

Any data subject involved in the processing of personal data has the right, granted by the European directive and regulation, to obtain personal data concerning him or her which have been provided by the data subject to a controller in a structured, common and machine-readable format. It shall also have the right to communicate such data to another controller without being hindered by the controller to whom the personal data have been disclosed, provided that the processing is carried out on the basis of the consent pursuant to Art. 6 para. Art. 6 para. 1 letter a) DSGVO or Art. 9 Para. 2 letters a) DSGVO or on a contract in accordance with Art. 6 para. 1 letter (b) DSGVO and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability, the data subject has complied with the following provisions Art. 20 para. 1 DSGVO the right to have the personal data transferred directly from one responsible person to another responsible person, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

In order to assert the right to data transferability, the person concerned can contact the data protection officer appointed by us or another employee at any time.

Any person data subject to the processing of personal data shall have the right granted by the European legislator to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him by virtue of Article 6(1) of the Directive and the Regulation. 1 letter e) or f) DSGVO to lodge an objection. This also applies to profiling based on these provisions.

In the event of objection, we will no longer process the personal data unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned or serve the processing, assertion, exercise or defence of legal claims.

If we process personal data in order to conduct direct advertising, the person concerned has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling in so far as it is related to such direct marketing. If the data subject objects to our processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject shall have the right, for reasons connected with his/her particular situation, to object to the processing of personal data concerning him/her which we process for scientific or historical research purposes or for statistical purposes in accordance with Article 16(1)(b) of the Regulation. Art. 89 para. 1 DSGVO, unless such processing is necessary for the performance of a task in the public interest.

To exercise the right to object, the data subject may contact our data protection officer or another employee directly. The data subject shall also be free to exercise his right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Any person data subject to the processing of personal data shall have the right, granted by the European directive and regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him or her or significantly affects him or her in a similar manner, provided that the decision

• is not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
• is authorised by legislation of the Union or of the Member States to which the person responsible is subject and that legislation contains adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or
• with the express consent of the data subject.

Is the decision

• necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
• where it is done with the express consent of the data subject, we shall take reasonable steps to safeguard the rights and freedoms and the legitimate interests of the data subject, including at least the right of the data subject to have his or her data subject intervene, to state his or her views and to challenge the decision.

If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact our data protection officer or another employee of the data controller for this purpose.

Any person concerned by the processing of personal data has the right, granted by the European directive and regulation maker, to revoke consent to the processing of personal data at any time.

If the data subject wishes to exercise his/her right to revoke his/her consent, he/she can contact our data protection officer or another employee of the data controller at any time.

Legal basis of the processing

Art. 6 para. 1 letter a) DSGVO serves our company as a legal basis for processing operations in which we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as in the case of processing operations necessary for the supply of goods or for the rendering of any other service or consideration, the processing shall be based on Article 6(1)(b) of the Treaty. 1 letter b) DSGVO. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, such as in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 Para. 1 letter c) DSGVO. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business was injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing on Art. 6 para. 1 letter (d) DSGVO Ultimately, processing operations could be limited to Art. 6 para. 1(f) DSGVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not predominate. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 DSGVO).

legitimate interests in the processing pursued by the controller or by a third party

Is the processing of personal data based on Art. 6 para. 1 letter f) DSGVO, it is our legitimate interest to conduct our business for the benefit of all our employees and shareholders.

Questions to the data protection officer

If you have any questions regarding data protection, please write us an e-mail or contact the person respon-sible for data protection in our organization directly: datenschutz@itago.de

Actuality

This privacy policy is currently valid and has the status August 2020.