Tutela dei dati

Data Protection

Privacy Policy

This Privacy Policy is designed to inform you about how, why and on what scale we process personal data (hereinafter referred to as “data”) for the purposes of our online offer and the related web pages, functions and content, as well as our external online presence including, for example, our social media profiles (“hereinafter referred to as “online offer”). The terminology used, such as “processing” or “controller”, is based on the definitions as provided in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Cadolto Modulbau GmbH
Wachendorfer Str. 34
D-90556 Cadolzburg bei Nürnberg

Tel: +49 9103 502-0
Fax: +49 9103 502-120
e-mail: info@cadolto.com

Managing directors: Wolfgang McNichols, Henning Schrewe, Jürgen Warmuth

Commercial Register Fürth Local Court
HRB 16721 (GmbH)
VAT ID: DE 317 505 395

Link to publisher details: www.cadolto.com/f/impressum/

Types of processed data

- Inventory data (e.g. names and addresses)
- Contact data (e.g. e-mail addresses, telephone numbers)
- Content-based data (e.g. text entries, photos, videos)
- Usage data (e.g. web pages visited, interest in content, times accessed)
- Meta/communication data (e.g. information about devices used, IP addresses)

Categories of data subjects

Persons who visit and make use of the online offer (referred to jointly hereinafter as “users”).

Purpose of processing

- To provide the online offer and its functions and content
- To respond to queries and to communicate with users
- Security measures
- To measure reach/for marketing purposes

Terminology

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data with or without the use of automated processes. This term has a broad meaning, encompassing almost any form of data handling.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Relevant lawful bases

In accordance with Article 13 of the GDPR, we will let you know the lawful basis of our data processing. Insofar as the lawful basis is not referred to in the Privacy Policy, the following applies: The lawful basis for the obtaining of consent is Article 6 para. 1(a) and Article 7 of the GDPR, the lawful basis for processing in order to perform our services and implement contractually agreed measures and to respond to queries is Article 6 para. 1(b) of the GDPR, the lawful basis for processing in order for us to meet our legal obligations is Article 6 para. 1(c) of the GDPR, and the lawful basis for processing to uphold our legitimate interests is Article 6 para. 1(f) of the GDPR. In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 para. 1(d) of the GDPR provides the lawful basis.

Security measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk pursuant to Article 32 of the GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

These measures include in particular safeguarding the ongoing confidentiality, integrity and availability of data by controlling physical access to that data, as well as measures in relation to data access, entry and disclosure, safeguarding availability and separation. We have also set up processes to guarantee the upholding of data subject's rights, the erasure of data and the response to any threat to data. We also take account of the protection of personal data when developing and choosing hardware, software and processes, in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).

Cooperation with processors and third parties

Where we disclose data to other persons and enterprises (processors or third parties), transfer data to such recipients or otherwise grant them access to the data, this is only carried out on the basis of a legal authorisation (e.g. if the transfer of data to third parties, such as a payment service provider, is required for the performance of a contract pursuant to Article 6 para. 1(b) of the GDPR), or if you have given your consent, or if processing is necessary for compliance with a legal obligation or on the basis of our legitimate interests (e.g. when using agents, web hosts etc.). 

Where we commission third parties to process data on the basis of a “processing agreement”, this is done on the basis of Article 28 of the GDPR.

Transfers to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of our utilising third-party services or disclosing/transmitting data to third parties, this will only be carried out in order to perform our (pre-)contractual obligations, after having obtained your consent, on the grounds of a legal obligation or on the basis of our legitimate interests. Subject to statutory or contractual licences, we will only process or leave the data in a third country subject to the special conditions defined in Article 44 onwards of the GDPR, i.e. the processing takes place, for example, on the basis of particular guarantees, such as the officially recognised existence of a level of data protection that is in line with data protection in the EU (e.g. use of the privacy shield in the USA) or adherence to officially recognised special contractual obligations (known as “standard clauses”).

Rights of the data subject

You have the right to obtain confirmation from the controller as to the processing of your personal data, and you also have the right to information about that data and to further information and copies of the data pursuant to Article 15 of the GDPR.

In accordance with Article 16 of the GDPR, you have the right to have incomplete data concerning you completed or to demand that incorrect data be rectified.

Pursuant to Article 17 of the GDPR, you have the right to request that the relevant data be erased without delay or, alternatively, to request the restriction of processing of personal data in accordance with Article 18 of the GDPR.

In accordance with Article 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us and to request the transmission of this data to other controllers. 

You also have the right pursuant to Article 77 of the GDPR to lodge a complaint with the responsible supervisory authority.

Right to withdraw consent

You have the right to withdraw your consent with regard to any further processing in the future pursuant to Article 7 para. 3 of the GDPR.

Right to object

You have the right to object to the future processing of data concerning you at any time pursuant to Article 21 of the GDPR. In particular you may object to processing for direct marketing purposes.

Cookies and the right to object to direct marketing

Cookies are small files that are stored on users’ computers and may contain a range of information. Cookies are primarily used to store information about a user (or the device on which the cookie is stored) during or even after use of online offer.

Temporary cookies referred to as “session” or “transient” cookies are deleted when the user stops using the online offer and closes the browser. This type of cookie can be used to store the content of a basket in an online shop, for example, or to store a login status. “Permanent” or “persistent” cookies continue to be stored after the browser has been closed. They can be used to store a login status in the event of a user returning after several days. This type of cookie can also be used to store users’ interests of relevance to measuring reach or for marketing purposes. “Third-party cookies” are cookies used by providers other than the data controller operating the online offer (otherwise, reference is made to “first-party cookies”).

We may use a combination of session cookies and persistent cookies, and provide information on this in our Privacy Policy.

If users do not want cookies to be stored on their computer, they should disable the corresponding option in their browser settings. Saved cookies may be deleted in the browser settings. Opting out of cookies may mean that the functions of this online offer are restricted.

You may opt out of all cookies used for online advertising, particularly with regard to tracking, via the US link http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. You can also turn off cookies in your browser settings. Please note that this might mean that you are subsequently unable to use all of the functions of the online offer.

Erasure of data

Pursuant to Articles 17 and 18 of the GDPR, the data processed by us are erased or processing of that data is restricted. Unless expressly advised to the contrary in this Privacy Policy, the data that we have stored are erased once they are no longer needed for the intended purpose and provided that their erasure is not prevented by any storage periods prescribed by law. If the data are not erased due to their being required for other purposes permitted by law, processing of the data is restricted. This means that the data are blocked and not processed for other purposes. This applies for example to data that must be stored in accordance with provisions of commercial or tax law.

In accordance with the statutory rules in Germany, data are stored for 10 years pursuant to Article 147 para. 1 of the Tax Code and Article 257 para. 1 nos. 1 and 4, and para. 4 of the Commercial Code (books, records, management reports, booking documents, trading books, tax documents etc.) and for 6 years pursuant to Article 257 para. 1 nos. 2 and 3, and para. 4 of the Commercial Code (commercial correspondence). 

In accordance with the statutory rules in Austria, data are stored for 7 years pursuant to Article 132 para. 1 of the Fiscal Code (bookkeeping documents, vouchers/invoices, accounts, records, commercial papers, statement of income and expenses etc.), for 22 years in relation to property and for 10 years in the case of documents relating to services provided electronically, telecommunication and broadcasting services provided to non-entrepreneurs in EU member states and for which use is made of the Mini One Stop Shop (MOSS) scheme.

Business-related processing

We also process
- Contract data (e.g. object of the agreement, contract term, customer category)
- Payment data (e.g. bank account details, payment history)
of our customers, interested parties and business partners for the purposes of providing contractually agreed services, customer service, marketing, advertising and market research.

Contractual services

We process the data of our contractual partners and interested parties as well as the data of other clients, customers or contractual partners (referred to jointly hereinafter as “contractual partners”) in accordance with Article 6 para. 1(b) of the GDPR in order to provide them our contractual or pre-contractual services. The data processed, as well as the type, scope and purpose of and need for the processing, are based on the underlying contractual relationship. 

The processed data include the master data relating to our contractual partners (e.g. names and addresses), contact details (e.g. e-mail addresses and telephone numbers) as well as contractual data (e.g. services used, content of contract, contractual communication, name of contact persons) and payment information (e.g. bank details, payment history). 

As a general rule we do not process special categories of personal data unless these form part of a commissioned or contractually agreed processing. 

We process data needed as the basis for and in order to perform the contractual services and indicate the need for such data where this is not obvious to the contractual partner. Data are only disclosed to external persons or enterprises if required in the context of an agreement. When processing the data provided to us in the context of an agreement, we act in accordance with the client’s instructions and on the basis of the statutory rules. 

We may save users’ IP addresses and information on the times at which online services were accessed. These data are stored on the basis of our legitimate interests and the interests of the users in protecting against misuse and other unauthorised use. As a general rule such data will not be disclosed to third parties unless required for the pursuit of our claims in accordance with Article 6 para. 1(f) of the GDPR or if there is a statutory obligation pursuant to Article 6 para. 1(c) of the GDPR.

The data will be erased once no longer required for the fulfilment of a contractual or statutory duty of care or in order to handle any guarantee and comparable obligations, with the need to keep the data being reviewed every three years. The statutory storage obligations apply otherwise.

Administration, financial accounting, office management, contact management

We process data for administrative purposes and in order to organise our operations, financial accounting and compliance with the statutory obligations, such as archiving. In this regard we process the same data that we process in the context of performing our contractual services. Processing is based on Article 6 para. 1(c) and (f) of the GDPR. The processing affects customers, interested parties, business partners and visitors to our website. The purpose of and our interest in processing lies in our administration, financial accounting, office management and archiving of data, in other words tasks that help us to maintain our business activities, perform our tasks and deliver our services. The erasure of data with regard to contractual services and contractual communication corresponds to the tasks referred to in these processing activities.

We disclose or transfer data to the tax authorities, advisors such as tax advisors or auditors and other fee agencies and payment service providers.

On the basis of our commercial interests we also save information on suppliers, organisers and other business partners for the purpose of subsequently establishing contact, for example. As a general rule these data, most of which are enterprise-related, are stored on a long-term basis.

Commercial analysis and market research

In order to be able to operate our business economically, and in order to recognise market trends and the wishes of our contractual partners and users, we analyse the data available to us on business transactions, contracts, enquiries etc. To this end we process inventory data, communication data, contract data, payment data, user data and meta data on the basis of Article 6 para. 1(f) of the GDPR, with contractual partners, interested parties, customers, visitors to and users of our online offer considered to be the concerned persons. 

We carry out analysis for the purpose of commercial evaluations, marketing and market research. We are able to take account of the profiles of registered users, with information on, for example, the services that they have used. This analysis helps us to make our online presence more user-friendly, to optimise our offering and to operate efficiently. The analysis is used solely by us and is not disclosed externally, apart from in the case of anonymous analysis with summarised values. 

Where such analysis or profiles are personalised, they are erased or anonymised when the user cancels or otherwise two years after the end of the agreement. Otherwise this overall analysis from a business management perspective and general trends are anonymised where possible.

Data protection information in relation to applications

We process applicant data solely for the purposes and in the context of the application process in accordance with the statutory rules. We process applicant data in order to fulfil our (pre)contractual obligations during the application process pursuant to Article 6 para. 1(b) and (f) of the GDPR insofar as we need to process data in the framework of legal procedures for example (also governed in Germany by Article 26 of the Federal Data Protection Act).

As part of the application process, applicants must provide us with applicant data. The required applicant data are indicated, if we provide an online form, and are otherwise derived from the job descriptions and basically include personal details and a postal/contact address and the documents forming part of the application, such as covering letter, CV and references. Applicants may also provide us with additional information voluntarily.

By submitting their application to us, applicants are consenting to the processing of their data for the purposes of the application procedure in accordance with the type and scope of processing stipulated in this Privacy Policy.

Insofar as special categories of personal data as defined in Article 9 para. 1 of the GDPR are submitted voluntarily as part of the application procedure, they will also be processed in accordance with Article 9 para. 2(b) of the GDPR (e.g. health information such as a serious disability or information on ethnic origin). Insofar as special categories of personal data as defined in Article 9 para. 1 of the GDPR are requested as part of the application procedure, they will also be processed in accordance with Article 9 para. 2(b) of the GDPR (e.g. health information if required with regard to performing the role concerned).

Applicants may submit their application using an online form on our website if we make such a form available. The data are transmitted to us in encrypted form using the latest technology available.
Applicants may also send their applications by e-mail. It should, however, be noted that e-mails are not automatically encrypted and it is up to the applicants themselves to apply encryption.  We are therefore unable to accept any responsibility for the transmission of the application from the sender to our server and would recommend using the online form or sending your application by post. We continue to accept applications by post as an alternative to online forms or e-mail.

The data provided by applicants may be further processed by us for the purposes of establishing en employment relationship if the application is successful. Otherwise, the if the job application is not successful, the applicant’s data will be erased. Applicants’ data will also be erased if an application is withdrawn, with applicants having the right to withdraw at any time.

The data are erased, subject to any legitimate withdrawal of consent on the part of the applicant, after the expiry of a period of six months to enable us to respond to any follow-up questions regarding the application and to fulfil our obligations to submit evidence in relation to the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the rules set out in tax law.

Registration function

Users may set up a user account. Users are informed when registering of the information required from them, and the data provided will be processed on the basis of Article 6 para. 1(B) of the GDPR for the purposes of providing the user account. The processed data include in particular the login details (name, password and e-mail address). The data entered during the registration process are used for the purposes of the user account. 

Users may be provided with information relevant to their user account by e-mail, such as information on technical changes. If users cancel their user account, their data relating to that account will be deleted, subject to any statutory storage periods. It is the responsibility of the user to safeguard the data if the account is cancelled prematurely. We may permanently erase all of the user’s data saved during the term of the agreement.

Whenever our registration and login functions are used and user accounts accessed, we store the IP address and time of each user action. These data are stored on the basis of our legitimate interests and the interests of the users in protecting against misuse and other unauthorised use. As a general rule such data will not be disclosed to third parties unless required for the pursuit of our claims or in the event of a statutory obligation pursuant to Article 6 para. 1(c) of the GDPR. IP addresses will be anonymised or deleted after 7 days at the latest.

Establishment of contact

On establishing contact with us (e.g. using the contact form, by e-mail, telephone or via social media), the user’s details will be processed for the purposes of handling the enquiry and acting upon it pursuant to Article 6 para. 1 (b) of the GDPR. The user’s details may be saved in a Customer Relationship Management System ("CRM system") or comparable system for enquiries.

We delete enquiries as soon as they are no longer required. We review the need to maintain the record of the enquiry every two years. The statutory archiving obligations also apply.

Newsletter

Through the following we are informing you about the content of our newsletter and about the registration, mailing and statistical evaluation processes, as well as your rights of objection. By subscribing to our newsletter, you agree to receipt of the newsletter and to the described processes.

Newsletter content: We only send out newsletters, e-mails and further electronic notifications containing advertising information (hereinafter referred to as the “newsletter”) with the recipient's consent or on the basis of statutory permission. Insofar as the content of our newsletter is correctly described during the sign-up process, this determines the user's consent. Our newsletters also contain information on our services and about us.

Double opt-in and logging: Registering for our newsletter involves a double opt-in process. This involves you being sent an e-mail after registering, in which you are requested to confirm the registration. This confirmation is required to ensure that nobody can sign up using somebody else’s e-mail address. Newsletter registrations are logged to enable the registration process to be documented in line with the legal requirements. This involves saving information on the times at which registration and confirmation were logged, as well as the relevant IP address. Changes to your data saved with the service provider that sends out the newsletter are also logged.

Registration data: In order to sign up to the newsletter all you need to do is provide your e-mail address. You can also opt to provide us with your name so that we can address you personally in the newsletter.

The mailing of the newsletter and the related measurement of success are carried out on the basis of the recipient's consent pursuant to Article 6 para. 1(a) and Article 7 of the GDPR in conjunction with Article 7 para. 2 no. 3 of the Law against unfair competition (UWG) or, if consent is not required, on the basis of our legitimate interest in direct marketing pursuant to Article 6 para. 1(f) of the GDPR in conjunction with Article 7 para. 3 of the UWG. 

The registration process is logged on the basis of our legitimate interest pursuant to Article 6 para. 1(f) of the GDPR. Our interest lies in having a user-friendly and secure newsletter system that serves our commercial interests while also meeting users’ expectations and enabling us to provide evidence that we are complying with the rules on consent.

Termination/withdrawal of consent - You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. A link to unsubscribe is provided at the end of each newsletter. We may save the e-mail address used to deliver the newsletter for up to three years on the basis of our legitimate interests in being able to provide evidence of consent having previously been given. Processing of this data will be limited to any processing needed to defend against any claims. Individual requests for the erasure of data may be made at any time subject to provision of confirmation that consent was previously given.

Hosting and e-mail

We make use of hosting services in order to provide the following services: infrastructure and platform services, processing capacity, storage and database services, e-mail service, security services and technical maintenance services that we use in order to provide our online offer. 

To this end we or our hosting provider process inventory data, contact data, content data, contract data, user data, meta data and communication date relating to customers, interested parties and visitors of our online offer on the basis of our legitimate interest in the efficient and secure provision of this online offer pursuant to Article 6 para. 1(f) in conjunction with Article 28 of the GDPR (processing contract).

Compilation of access data and log files

On the basis of our legitimate interest as defined in Article 6 para. 1(f) of the GDPR, we, or our hosting provider, compile data on each instance of the server on which our service is located being accessed (server log files). The access data include the name of the website accessed, file, date and time of access, data volume transferred, notification of successful access, browser type including version, user’s operating system, referrer URL (previously visited site), IP address and the enquiring provider.

For security reasons (e.g. to clear up any acts of misuse or fraud), log file information is saved for a maximum duration of 7 days and then deleted. Any data that must be held for longer as evidence will not be erased until the incident in question has been definitively resolved.

Google Tag Manager

We use Google Tag Manager to manage website tags via a user interface (and, for example, in order to integrate Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal data about the user. With regard to processing of the user’s personal data, reference is made to the following information on Google services. Use policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google AdSense with personalised advertisements

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Article 6 para. 1(f) of the GDPR), we make use of the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We make use of the AdSense service in order to display and use adverts on our website, for which we are paid a fee. Usage data are processed for this purpose, such as for example the click on the advert and the user's IP address (with the last two digits removed). This means that that user’s data are processed in pseudonymised form. 

We use Adsense with personalised adverts. On the basis of the websites visited and apps used by users, and the resulting user profiles, Google draws conclusions about user’s interests. Advertisers make use of this information in order to tailor their campaigns to these interest, which in turn is of benefit to the users and advertisers alike. With regard to Google, adverts are personalised if recorded or known data are used to determine or influence the selection of adverts. These data include previous search queries, activities, website searches, the use of apps, and demographic and location information. This includes specifically: demographic targeting, targeting based on interest categories, remarketing and targeting of lists to compare customers and target group lists, which were uploaded in the DoubleClick Bid Manager or Campaign Manager.

Further information on how your data are used by Google and on your setting options and opt-outs can be found in the Google privacy policy(https://policies.google.com/technologies/ads) and in the settings on how Google ads are displayed (https://adssettings.google.com/authenticated).

Google Adsense with non-personalised advertisements

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Article 6 para. 1(f) of the GDPR), we make use of the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We make use of the AdSense service in order to display adverts on our website, for which we are paid a fee. Usage data are processed for this purpose, such as for example the click on the advert and the user's IP address (with the last two digits removed). This means that that user’s data are processed in pseudonymised form. 

We use Adsense with non-personalised adverts. The adverts displayed are not based on user profiles. Non-personalised adverts are not based on past user behaviour. In the case of targeting, context information is used, including a rough geographical targeting (e.g. narrowed down to town) based on current location, the content on the current website or app, and current search terms. Google stops any form of personalised targeting, including any demographic targeting and targeting based on user lists.

Further information on how your data are used by Google and on your setting options and opt-outs can be found in the Google privacy policy(https://policies.google.com/technologies/ads) and in the settings on how Google ads are displayed (https://adssettings.google.com/authenticated).

Google AdWords and conversion measurement

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Article 6 para. 1(f) of the GDPR), we make use of the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use Google "AdWords” in order to place adverts in the Google advertising network (e.g. in search results, in videos, on websites etc.), so that the adverts are displayed to users with a presumed interest in them. This means that we are able to display adverts for and within our online offer in a more targeted way so that users only see adverts that potentially match their interests. The term “remarketing” is used to refer to a situation in which a user is shown adverts for products in which he or she has shown an interest on other web pages. When users access our or other websites on which the Google advertising network is active, Google automatically runs a code and (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. In this way an individual cookie, i.e. a small file, can be saved on the user's device (other comparable technologies may also be used). This file contains information on which websites the user has visited, on the content that the user is interested in and the offers that the user has clicked on, as well as technical information relating to the browser and operating system, referring websites, time spent on the website and further data regarding use of the online offer.

We also receive an individual conversion cookie. The information gathered with the help of the cookie helps Google to compile conversion statistics for us. We, however, are only provided with the anonymised total number of users who have clicked on our advert and been forwarded to a page with a conversion tracking tag. We do not receive any information that can be used to identify users personally.

The user data are processed in pseudonymised form in the Google advertising network. This means that Google does not save and process the names or e-mail addresses of users, for example, but processes the relevant data on a cookie-related basis within pseudonymised user profiles. Consequently, from Google’s perspective, the adverts are not managed and displayed for a specific, identified person but for cookie holders, regardless of who the cookie holder is. This does not apply if a user has expressly allowed Google to process the non-pseudonymised data. The information collected about the users is submitted to Google and stored on Google's servers in the USA.

Further information on how your data are used by Google and on your setting options and opt-outs can be found in the Google privacy policy(https://policies.google.com/technologies/ads) and in the settings on how Google ads are displayed (https://adssettings.google.com/authenticated).

Online presence in social media

We maintain an online presence in social networks and platforms in order to communicate with our customers, interested parties and users there and in order to keep them up to date with our services. Use of the respective networks and platforms is subject to the terms and conditions of business and the data processing guidelines of each operator. 

In the absence of any provision to the contrary in this Privacy Policy, we process user data in instances where users communicate with us within the social networks and platforms, e.g. by contributing content to our online presence or sending us messages.

Integration of third-party services and content

Within our online offer and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Article 6 para. 1(f) of the GDPR), we use content and service offerings from third parties in order to integrate their content and services, such as videos or fonts (hereinafter referred to jointly as “content”). 

This is always subject to the requirement that the third-party providers of such content make use of users’ IP addresses as without these addresses they would not be able to send their content to the browsers. Consequently, the IP address is required for the content to be provided. We strive only to use content from providers that restrict their use of the IP address to the delivery of content. Third-party providers may also use pixel tags (invisible graphics, also referred to as web beacons) for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic to the pages of this website. The pseudonymised information may also be stored in cookies on users’ devices and may contain technical information on the browser and operating system, referring websites, time spent on the website and further data regarding use of the online offer, and may also be combined with such information from other sources.

YouTube

We integrate videos from the YouTube platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Fonts

We integrate fonts (“Google fonts”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google ReCaptcha

We integrate the function to detect bots, for example when completing online forms ("ReCaptcha"), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Google Maps

We integrate maps (“Google Maps”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include in particular IP addresses and location data for the users, which may not, however, by collected without the users’ consent (generally given via the settings on their mobile device). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

Xing

Our online offer may include functions and content from Xing, provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Content such as images, videos or texts and interfaces may be included enabling users to share this online offer within Xing. If users are members of the Xing platform, Xing will be able to match information on use of the above content and functions to its user profiles. Xing’s privacy policy: https://www.xing.com/app/share?op=data_protection..

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer as defined in Article 6 para. 1(f) of the GDPR), we make use of Google Analytics, a web analysis service of Google LLC (“Google”). Google makes use of cookies. Generally speaking, the information produced by the cookie on use of the online offer by users is transferred to a Google server in the USA and saved there.

Google is certified under the Privacy Shield agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google uses this information on our behalf in order to evaluate how the users are using our online offer, in order to compile reports on the activities within this online offering and in order to provide us with further services related to use of this online offering and Internet use. The processed data may form the basis of pseudonymised user profiles for the users.

We only use Google Analytics with IP anonymisation enabled. This means that a user’s IP address is abbreviated by Google within the member states of the European Union or in other European Economic Area states. Full IP addresses are only forwarded to a Google server in the USA and abbreviated there in exceptional cases.

The IP address sent from the user’s browser is not combined with the other data held by Google. Users may prevent cookies from being saved on their device by adjusting the settings in their browser software; users may also stop the data produced by the cookie and relating to their use of the online offer from being sent to and processed by Google by downloading and installing the browser add-on available at the following link: tools.google.com/dlpage/gaoptout.

Further information on how your data are used by Google and on your setting options and opt-outs can be found in the Google privacy policy (https://policies.google.com/technologies/ads) and in the settings on how Google ads are displayed (https://adssettings.google.com/authenticated).

Personal user data are deleted or anonymised after a period of 14 months.

Google Universal Analytics

We use the Universal Analytics version of Google Analytics. Universal Analytics is a feature of Google Analytics providing user analysis on the basis of a pseudonymised user ID and creating a pseudonymous user profile based on usage over different devices (known as cross-device tracking).

Target group formation with Google Analytics

We use Google Analytics so that the adverts displayed within the advertising services of Google and its partners are only shown to users who have an interest in our online offer or who have particular characteristics (e.g. interest in particular subjects or projects determined on the basis of website visits), which we send to Google (known as remarketing or Google Analytics audiences). With the help of the remarketing audiences, we also want to ensure that our adverts correspond to users’ potential interest.

Google Analytics opt-out browser add-on

The Google Analytics opt-out browser add-on gives website visitors greater control over which data on the websites they visit are used by Google Analytics.  The add-on tells the Google Analytics JavaScript (ga.js) that no information about the website visit should be sent to Google Analytics.

Opt-out

 

 

Top