Privacy policy
Jung since 1828 Data privacy notice
Welcome to the Jung since 1828 GmbH website. Data privacy and the protection of your personal rights are of great importance to us. On this page we would like to inform you which data Jung since 1828 GmbH processes and for what purposes. If you have any questions or suggestions regarding our privacy policy, please do not hesitate to contact us.
Content
- Preface and selected terms
- Controller and Data Protection Officer
- Compact overview
- Legal basis for the processing of personal data
- Your rights under the General Data Protection Regulation
- Shop system and hosting
- Automatic server log files
- Use of cookies
- Cookie consent management
- Data processing in the context of communication and contact
- Information for applicants
- Direct marketing
- Audio and video conferences with MS Teams
- Analysis tools and advertising
- Plugins and tools on our website
- Our social media presence
- Supplementary data privacy information for our business partners
1. Preface and selected terms
First of all, this privacy policy informs visitors and users of our website about the online data processing procedures in which personal data is processed. On the other hand, it also contains information about our processing procedures that do not primarily take place online.
- GDPRis the abbreviation for the European General Data Protection Regulation.
- BDSGis the abbreviation for the German Federal Data Protection Act in its current version.
- Personal data refers to all individual details that allow conclusions to be drawn about a natural person (for a definition see Art. 4 Para. 1 GDPR). This includes, for example, names, e-mail addresses, telephone numbers, but also data such as IP addresses and customer numbers.
- The processing of personal data includes all operations, such as the collection, storage, transmission, archiving and erasure of personal data (for a definition see Art. 4 Para. 2 GDPR).
- The data subject within the meaning of data protection law is any natural person whose personal data is processed.
- Further definitions of terms can be found in the General Data Protection Regulation – mainly in Art. 4 of the GDPR (Definitions).
2. Controller and Data Protection Officer
Controller
JUNG since 1828 GmbH & Co. KG
Maybachstr. 19
71634 Ludwigsburg
Germany
Phone: +49 (0)7141 6435-0
Fax: +49 (0)7141 6435-129
E-mail: zentrale[at]jung-europe.de
Data Protection Officer
DSB Externer Datenschutzbeauftragter Stuttgart
Fabian Henkel
Graduate Business Administrator
Certified Data Protection Officer
Phone: +49 (0)176 32744172
E-mail: info@externer-datenschutzbeauftragter-stuttgart.de
Web: https://www.externer-datenschutzbeauftragter-stuttgart.de
3. Compact overview
The following content provides you with a brief overview of the processing of personal data; you will find more detailed information in the respective detailed passages.
Security on our website
Our website is equipped with a TLS certificate, which is used to encrypt data transmission processes. This happens, for example, when you send us a message using a form. As a precautionary measure, however, we would like to point out that one hundred per cent security in electronic data processing is not possible and that there is always a residual risk.
Data you transmit to us
On this website, we process the data that you enter yourself, for example using a form. In this case, the purpose of the processing is determined by the type of form and this privacy policy. If you send us a message by e-mail, for example, or contact us in any other way, we will also process your data in accordance with the reason why you contacted us.
Automatic server log files
Our server also automatically records all accesses and thus also IP addresses (log files); this serves to prevent attacks, analyse access figures and ensure smooth operation.
Use of cookies
Cookies help us to provide various services; you can find more information on this in this privacy policy.
Analysis and tracking tools
In addition to the pure server log files, which also provide us with information on page views, we use analysis tools. These tools give us detailed insights into the content visited on our site, the traffic flow and, for example, the country from which the website was accessed. In order for such services to work, cookies must be set for the website visitor or scripts must be executed. We explicitly point this out in this privacy policy in a case where we are currently using such services.
External plugins and content delivery networks
We sometimes use plugins and content delivery networks; well-known examples of such services are the video service YouTube and the map service Google Maps. If such services are integrated via a website, access data is transmitted to the services. As a rule, this is your IP address and other metadata, such as the time and date of access. As a rule, cookies are used to provide this information. We explicitly point this out in this privacy policy in a case where we are currently using such services.
Newsletter / direct marketing
Direct marketing to existing customers for legitimate interests
We reserve the right to send our customers newsletters on the basis of §7 Para. 3 UWG (German Act Against Unfair Competition) in conjunction with Art. 6 Para. 1 lit. f GDPR. You can of course object to receiving direct marketing information at any time.
Direct marketing on the basis of your consent
If you give us your consent, we will send you newsletters until you withdraw your consent. You can withdraw your consent to us at any time with effect for the future.
Other data recipients
Use of processors
We use processors in accordance with the provisions of Art. 28 GDPR, for example in the areas of IT services, web hosting, e-mail hosting and printing services. They process personal data for us in accordance with our instructions.
Utilisation of non-specialist services
If necessary (e.g. to fulfil a contract), we pass on your data to banks, shipping service providers, our tax consultant or lawyer, for example.
Legal obligations
In addition, we are obliged in certain cases to report to the relevant authorities on the basis of the Money Laundering Act. In addition, we are subject to further legal obligations, such as commercial law or tax law. In this context, we must pass on certain data to tax authorities, for example.
Investigation of criminal offences
We pass on data to the law enforcement authorities if this is necessary for the investigation of a criminal offence.
General information on erasure periods for personal data
We process data for as long as this is necessary for the respective purpose. Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and fulfilment of a contract; in addition, we are obliged to comply with statutory retention obligations. If data processing is based on your consent, we will erase your data once you withdraw your consent.
Transfer of personal data to a third country
Where possible, we endeavour to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees. In individual cases, we may use plugins or tools that are hosted in third countries, but we use them on the basis of our legitimate interests. In such cases, we will point this out if necessary.
Obligation to provide personal data
You are free to decide whether you provide personal data for certain purposes on our website. The provision of personal data is contractually required for the initiation and execution of legal transactions.
4. Legal basis for the processing of personal data
The legal bases for the processing of personal data are exceptional circumstances that permit the processing of personal data. The main legal bases are set out in particular in Art. 6 GDPR. The legal bases on which we process personal data are described in the individual processing procedures in this privacy policy.
Consent given (Art. 6 Para. 1 lit. a GDPR)
Consent is one of these legal bases and requires that the person giving consent does so in an informed manner and on a voluntary basis. Consent on the basis of Art. 6 Para. 1 lit. a GDPR can be withdrawn at any time without giving reasons.
Contract-related data processing (Art. 6 Para. 1 lit. b GDPR)
The processing of personal data for the initiation or execution of contracts is also a legal basis and is defined in Art. 6 Para. 1 lit. b GDPR.
Legal obligation (Art. 6 Para. 1 lit. c GDPR)
The exception of data processing due to a legal obligation can be found in Art. 6 Para. 1 lit. c GDPR, for example, we are obliged to comply with certain retention periods under commercial and tax law.
Legitimate interests (Art. 6 Para. 1 lit. f GDPR)
The processing of personal data on the basis of a balancing of interests in accordance with Art. 6 Para. 1 lit. f GDPR allows processing after careful consideration of financial or legal interests against the legitimate interests of the data subject.
5. Your rights under the General Data Protection Regulation
Every natural person has certain rights; these are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can assert against us.
Right to withdraw consent granted in accordance with Art. 7 GDPR
You can withdraw your consent at any time without giving reasons with effect for the future.
Right to information in accordance with Art. 15 GDPR (restrictions possible in accordance with § 34 BDSG)
You have the right to request information about the data processed about you and the purposes of the processing at any time.
Right to rectification in accordance with Art. 16 GDPR
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.
Right to erasure in accordance with Art. 17 GDPR (restrictions possible in accordance with § 35 BDSG)
You have the right to request the erasure of your personal data that we process at any time. Insofar as complete erasure is not possible, for example because we have to fulfil statutory retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
Right to restriction of processing in accordance with Art. 18 GDPR
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the publication details. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
- If you have lodged an objection in accordance with Art. 21 Para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
- If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Right to data portability in accordance with Art. 20 GDPR
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Right to object to certain processing procedures and direct marketing in accordance with Art. 21 GDPR
If data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you lodge an objection, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 Para. 1 GDPR).
Where your personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 Para. 2 GDPR).
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.
6. Shop system and hosting
The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter “Shopify”).
Shopify is a tool for creating and hosting websites. When you visit our website, Shopify collects your IP address and information about the device you are using and your browser. Shopify is also used to analyse visitor numbers, visitor sources and customer behaviour and to generate user statistics. When you make a purchase on our website, Shopify also collects your name, e-mail address, delivery and billing addresses, payment details and other data related to the purchase (e.g. telephone number, amount of sales made, etc.). Shopify stores cookies in your browser for the analyses,
details of which can be found in Shopify’s privacy policy: https://www.shopify.com/uk/legal/privacy?country=gb&lang=en.
The use of Shopify is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If corresponding consent was requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TDDDG (Telecommunications Digital Services Data Protection Act), insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.
7. Automatic server log files
Our web server automatically logs all accesses and therefore also the IP addresses of visitors. This serves to defend against attacks, analyse access figures and ensure smooth operation. We have a legitimate interest in this (Art. 6 Para. 1 lit. f GDPR).
In addition to the IP address, the server log usually also records other metadata about the session; you will find this data below.
- Date and time of access
- Information about the browser type and browser version used
- Details of the operating system used
- Device (Client)
- Referrer URL (which page you used to reach us)
- Hyperlinks called up
We only process this data for the above-mentioned purposes. We delete server log files after three months at the latest.
8. Use of cookies
Our website uses cookies for the provision of services and to ensure full functionality. Cookies – small text files that are automatically stored on your browser or device – can have various functions and contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
Cookies are stored on your end device and transmitted from it to our website. As a user, you have full control over the use of cookies. You can specify whether and which cookies you generally allow in your browser settings. We recommend that you set your browser so that you are informed when a website wants to set cookies on your computer. This gives you control over which cookies you want to allow. However, if you do not allow cookies, the functionality of websites may be restricted.
Cookies are divided into non-persistent and persistent cookies. A distinction is also made between first-party cookies (which come directly from our web server) and third-party cookies (which are placed on your computer by third party providers).
Cookie types by duration
Session cookies
Session cookies are deleted at the latest when you leave our website and close your browser.
Persistent cookies
These cookies remain stored even after you leave our website and close your browser. Persistent cookies can have different durations, from one day to several years. These cookies can fulfil various functions, for example your login data can be saved so that you are automatically logged in when you visit our website again. Other persistent cookies are used for analysis, tracking and marketing purposes.
Cookie types by origin
We use both first-party cookies and third-party cookies. First-party cookies are cookies that originate directly from us. Third-party cookies are cookies that are placed by a third-party provider. We use various third-party cookies for analysis, tracking and marketing purposes.
Cookie types by function
Technically required or necessary cookies
These cookies enable the operation of our website; without technically necessary cookies our site would not be usable or only usable to a very limited extent. For example, such cookies are used when you log in to our site or place a product in the shopping cart. Some of the cookies required also serve security purposes.
Analysis and statistics cookies
Analysis cookies collect information about the behaviour of site visitors, provide information about the length of stay and which information was accessed. Information is also collected about which website visitors come from, how many visitors the websites have and how long the user stays on the websites. The aim of these cookies is to optimise our website based on the information collected.
Tracking and marketing cookies
Tracking and marketing cookies (also remarketing and retargeting cookies) enable an analysis of browsing behaviour, they store which content has been visited and which products the user was looking for (tracking in this sense means monitoring). A user can also be identified across sites on the basis of these cookies with the aim of displaying adverts tailored to their interests.
Legal basis and information on setting your preferences
We use technically necessary cookies in the interest of a functional and stable website (Art. 6 Para. 1 lit. f GDPR); other cookies are only used with your consent (Art. 6 Para. 1 lit. a GDPR). You can set your preferences regarding the selection of non-essential cookies at the beginning of your visit, and you can also adjust your preferences at any time.
The individual legal bases for the use of various tools that use cookies can be found in the respective sections of our privacy policy.
9. Cookie consent management
We offer you the opportunity to choose whether and which cookies and services you want to allow. For this purpose, we have implemented what is referred to as consent management, which is automatically displayed the first time you visit our website or after the preference cookie expires. If you have confirmed your selection regarding cookies and services, a cookie will be stored in your browser to save your preferences. You can find more information about this cookie in our cookie list.
We use cookie consent management on the basis of our legitimate interests (Art. 6 Para. 1 lit. f GDPR) to obtain the legally required consent (Art. 6 Para. 1 lit. c GDPR) to the use of technically unnecessary cookies and cookie-like technologies.
10. Data processing in the context of communication and contact
Message via contact form
You can send us messages using the contact form. When you do this, we process the data you enter in the data entry mask. Mandatory fields are marked and must be completed. The purpose of data processing is to handle your request and, if necessary, contact you afterwards. The legal basis for processing the data entered in the contact form is generally based on your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw your consent at any time with effect for the future without giving us any reasons. In addition, we process your data for the initiation or execution of sales contracts, insofar as you, for example, ask us product-related questions (Art. 6 Para. 1 lit. b GDPR).
Communication by e-mail
If you send us an e-mail, we will process your data in accordance with the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or in the context of the performance of a contractual relationship on the basis of Art. 6 Para. 1 lit. b GDPR and Art. 6 Para. 1 lit. f. GDPR. It is in our legitimate interest to process your enquiry quickly and efficiently.
Insofar as it is a product-related or service-related message, we generally process your data on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. b GDPR.
Please note that we store all incoming e-mails in accordance with the principles of proper accounting for a period of ten years, starting on the first day of the following year in which the message was received. Insofar as you request us to delete the data, we will henceforth restrict your data for processing and only store it for the purpose of complying with retention periods in our legitimate interest.
Communication by phone or fax
Even if you contact us by telephone or fax, we process your data either to initiate and execute contractual relationships (if the content is product-related or service-related) and/or in our legitimate interest, analogous to your contacting us by e-mail. We do not record the content of the conversation, but we may take notes for the processing of your enquiry. These are stored until the purpose of the data processing is achieved.
11. Information for applicants
Data protection provisions for the application procedure
If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It makes no difference to us whether you apply by post, e-mail or, if available for the position in question, by online form.
Scope and legal basis of processing
As a matter of principle, we only process the data that you yourself have transmitted to us as part of an application procedure. Additional sources may be consulted after you have been informed and contacted. For example, to ascertain whether we are allowed to contact a former employer. The legal basis for the implementation of an application procedure is §26 BDSG in conjunction with Art. 6 Para. 1 lit. b GDPR (prior to entering into a contract). Insofar as you give us your consent to store your data for a longer period of time, this is done on the legal basis of Art. 6 Para. 1 lit. a GDPR.
Erasure periods for applicant data
We erase applicant data a maximum of 4 months after the end of the application procedure (once a candidate has been selected and all applicants have been informed of the outcome). The purpose of the data processing is generally no longer given with the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims of rejected applicants. If you have the impression that your interests in immediate erasure outweigh our interests, you have the possibility to request us to erase your data. We will then check your request and give you feedback.
After the above-mentioned period has expired, your data will be erased unless we have to defend ourselves, for example in ongoing proceedings, such as a lawsuit under the German General Act on Equal Treatment. In this case, we will erase your data once the procedure has been completed, provided there are no statutory retention periods.
If we are allowed to store your data for a longer period of time on the basis of your consent, we will erase your data if you request us to do so and withdraw your consent. We may also erase your data before you withdraw your consent if it is foreseeable that no position is or will become available.
Inclusion in our pool of applicants
If we are unable to offer you a position at the present time, we may ask you for your consent to the further storage of your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Para. 1 lit. a GDPR). Of course, you can withdraw your consent at any time with effect for the future. If you do not withdraw your consent yourself within a period of two years, we will then at the very latest erase your data from our applicant pool.
12. Direct marketing
Direct marketing to existing customers in the legitimate interest
We reserve the right to use the data collected as part of a purchase contract or service contract for direct advertising by e-mail or post in accordance with § 7 Para. 3 of the UWG (German Act Against Unfair Competition) if the customer does not object or has not objected to this use. Direct advertising only includes offers for similar products or services to those already purchased from us by the user.
We use your data for up to three years after the last legal transaction for direct marketing purposes in the legitimate interest.
We have a legitimate economic interest (Art. 6 Para. 1 lit. f GDPR) in informing our customers about new products and improvements to our services. Of course, you can object to receiving direct advertising at any time. Please address your objection to the controller named above. You will also find information in every newsletter on how you can assert your objection.
Direct marketing based on your consent
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use newsletter service providers, described below, to process the newsletter.
CleverReach
We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service that can be used to organise and analyse the sending of newsletters. The data you enter for the purpose of receiving the newsletter (e.g. e-mail address) will be stored on CleverReach’s servers in Germany or Ireland.
Our newsletters sent with CleverReach enable us to analyse the behaviour of newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. Conversion tracking can also be used to analyse whether a predefined action (e.g. purchase of a product on this website) has taken place after the link in the newsletter has been clicked. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/
Data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legality of the data processing procedures already carried out remains unaffected by the withdrawal of consent.
If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more information, please refer to CleverReach’s privacy policy at: https://www.cleverreach.com/en-de/privacy-policy/.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.
13. Audio and video conferences with MS Teams
We use the Microsoft Teams tool for communication. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy:
https://www.microsoft.com/en-us/privacy/privacystatement?msockid=11be49726af96c9c1ce45db16be06dd2.
Microsoft Teams processes all data that you provide/enter to use the tools (e-mail address and/or your telephone number). The conference tools also process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other “context information” in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required for handling online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, this is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing procedures of the tools used. Our options depend largely on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy policies of the respective tools used, which we have listed below this text.
Purpose and legal basis
We use Microsoft Teams to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR).
If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.
Storage period
The data collected directly by us via the video and conference tools will be erased from our systems as soon as you ask us to do so, withdraw your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence on the length of time your data is stored by the operators of the conference tools for their own purposes For details, please contact the operators of the conference tools directly.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that the personal data of our website visitors will only be processed in accordance with our instructions and in compliance with the GDPR.
14. Analysis tools and advertising
We do not currently use any analysis or marketing tools.
15. Plugins and tools on our website
16. Our social media presence
Data processing through social networks
We maintain publicly accessible profiles in social networks. The individual social networks used by us can be found below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences triggers numerous data-privacy-relevant processing procedures. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can link this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this manner, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot monitor all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data privacy provisions of the respective social media portals.
Legal basis
Our social media presence is designed to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing procedures triggered during this visit. In principle, you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing procedures of the social media portals. Our options depend largely on the company policy of the respective provider.
Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, withdraw your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods – remain unaffected.
We have no influence on the length of time your data is stored by the operators of the social networks for their own purposes. For details, please obtain information directly from the operators of the social networks (e.g. in their privacy policy, see below).
Social networks in detail
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Meta on joint processing (Controller Addendum). This agreement specifies which data processing procedures we or Meta are responsible for when you visit our Facebook page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can customise your advertising settings yourself in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You will find details here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381. Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You will find details here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/en/privacy-policy
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You will find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. Details on how they handle your personal data can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
17. Supplementary data privacy information for our business partners
Data categories and purposes of processing
We process the personal data of our service providers and partners that we receive directly as part of our business relationship. If we have received data from you, we will only process it for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you
- Last name, First name
- Address and / or company address
- Telecommunication data
- E-mail address
- Company
- Professional function and / or position
- Bank details / other payment details
- Data on the history of the business relationship
As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contacts initiated by you or by one of our employees, further personal data is generated, e.g. information about the contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.
On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. commercial and association registers, press, media, Internet) and are authorised to process.
Data processing for other purposes is only considered if the necessary legal requirements pursuant to Art. 6 Para. 4 GDPR are met. In this case, we will of course comply with any information obligations pursuant to Art. 13 Para. 3 GDPR and Art. 14 Para. 4 GDPR.
Legal bases according to which we process your data
On the basis of your consent (Art. 6 Para. 1 lit. a) GDPR)
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed on the basis of your consent, you have the right to withdraw your consent from us at any time with effect for the future.
Data processing for the fulfilment of contracts (Art. 6 Para. 1 lit. b) GDPR)
We process personal data for the fulfilment of contracts. The fulfilment of contracts includes, for example, the conclusion, execution and reversal of a contract. In addition, we process personal data that is required for the implementation of pre-contractual measures, such as the initiation of a contract, and that is provided at your request.
Data processing due to a legal obligation (Art. 6 Para. 1 lit. c) GDPR)
Like every company, we must fulfil retention obligations and other documentation obligations, which may also affect documents containing personal information. Insofar as we process data for these purposes, the processing is based on a legal obligation.
Data processing on the basis of a balancing of interests (Art. 6 Para. 1 lit. f) GDPR)
If we process data on the basis of a balancing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Art. 21 GDPR. Where permitted by the specific purpose, we process your data in pseudonymised or anonymised form.
Other recipients of your data
Disclosure to processors within the scope of Art. 28 GDPR
Processors used by us (Art. 28 GDPR), in particular in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. If we commission service providers to fulfil our tasks, we always observe the data privacy regulations; in particular, data is only passed on after contracts for order processing have been concluded. We will be happy to inform you which processors we use.
For the fulfilment of a contractual relationship
If it is necessary for the fulfilment of the contract with you, we pass on your data, for example, to our bank for the processing of payments or shipping service providers such as Deutsche Post, DHL, UPS, GSL, DPD or other occasion-related providers.
Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).
Other bodies, insofar as you have given us your consent
If you have given your explicit consent, we will also pass on your data to other organisations However, this takes place within the limits of your verifiable consent.
Information on erasure periods for personal data
Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and fulfilment of a contract.
In addition, like every company, we are obliged to comply with the statutory retention periods, for example the periods under commercial and tax law. Insofar as statutory retention obligations exist, the personal data concerned will be stored for the duration of the retention obligation. The storage period is also based on the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. After the retention period has expired, a check is made as to whether there is any further need for processing. If the data is no longer required, it will be deleted.
As a rule, such retention periods in the context of legal transactions (according to §147 AO [German Fiscal Code] / §257 HGB [German Commercial Code] / §14b UstG [German Value Added Tax Act]) are 10 years, beginning with the year following the legal transaction.
Specific example
If you provide us with your contact details, for example by e-mail, telephone or by handing over your business card, we store this data on the basis of Art. 6 Para. 1 lit. b GDPR on the basis of pre-contractual measures and in the legitimate interest (Art. 6 Para. 1 lit. f GDPR) of smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you request us to do so or if no further contact takes place within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit. b GDPR), we will store your data for ten years until the expiry of the commercial and tax law requirements. After this period, we check whether we can erase the data and, if necessary, arrange for it to be erased.
E-mails and business letters
We archive all our e-mail correspondence for ten years. If you send us an e-mail, your data and the entire contents of the e-mail will be stored accordingly for 10 years. Most e-mails count as business letters, and e-mails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual e-mail in this respect is not in proportion to the benefit and the interests of the sender that are worthy of protection. However, you can of course ask us to erase your data at any time and we will carry out a case-by-case review and inform you of the result. This may result in the erasure or restriction of processing, depending on the content of the correspondence.
Withdrawal of your consent
Insofar as we process your data on the basis of your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after you withdraw your consent unless there are legitimate interests against a complete erasure. For example, we generally retain declarations of consent for up to three years after receipt of your withdrawal of consent in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We retain the consent exclusively under restriction of processing in order to be able to defend ourselves in the event of a dispute.
Legal or contractual obligation to provide personal data
The provision of personal data is regularly required for the initiation, conclusion, fulfilment and reversal of a contract. In the event that you do not provide the required personal data, we will not be able to conclude and fulfil a contract with you.
Transfer to a third country
Your personal data is generally processed by us in data centres in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or if we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.
The original version of this privacy policy is the German version. In any legal disputes, the German version shall be binding.