Privacy Policy

Privacy Policy

1. Name and address of the party responsible

2. Name and address of the data protection officer

3. General information on data processing

4. Website publishing and creation of log files

5. Use of cookies

6. Newsletter

7. Registration

8. Contact form and email contact

9. Publication of job advertisement / online job advertisements

10. Blog systems, mailing lists and discussion platforms

11. Order processing in the online shop and customer account

12. External payment service providers

13. Use of third-party providers

14. Rights of the person concerned

15. Legal age and legal competence

16. Security measures


1. Name and address of the party responsible

The party responsible in accordance with the Data Protection Regulation and other national privacy laws of the Member States as well as other data protection regulations is:

Icinga GmbH

Deutschherrnstr. 15-19
90429 Nuremberg
Germany
Tel .: +49 911 92885-0
E-Mail: info@icinga.com
Website: www.icinga.com

2. Name and address of the data protection officer

The data protection officer of the party responsible is:

Marius Hein

NETWAYS GmbH
Deutschherrnstr. 15-19
90429 Nuremberg
Germany
Tel .: +49 911 92885-0
E-Mail: privacy@icinga.com
Website: www.netways.de


3. General information on data processing

3.1 Extent of the processing of personal data

In general, we process the personal data of our users only to the extent necessary for providing a functioning website as well as our content and services. The processing of the personal data of our users is done on a regular basis only after consent of the user. An exception applies in cases in which prior obtainment of consent is not possible for factual reasons and the processing of data is permitted by legal provisions.

3.2 Legal basis for the processing of personal data

If a person’s consent for the processing of personal data is obtained, article 6(1)(a) of the EU privacy regulation (GDPR) is applied as the legal basis. In the processing of personal data, which is necessary for the performance of a contract, of which the contracting party is the person concerned, article 6(1)(b) GDPR is applied as the legal basis. This also applies to processing measures that are required to perform pre-contractual measures. As far as the processing of personal data is required to fulfill a legal obligation our company is subject to, article 6(1)(c) GDPR is applied as the legal basis.

In the event that the essential interests of the person concerned or of another individual may require the processing of personal data, article 6(1)(d) GDPR serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, rights and freedoms of the person concerned do not outweigh the former interest, article 6(1)(f) GDPR serves as the legal basis for processing.

3.3 Data deletion and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage can be continued, if this has been provided by the European or national legislation in EU law regulations, laws or regulations that the person responsible is bound to. A blocking or deletion of data occurs even when a storage period stipulated by the standards mentioned expires, unless a necessity for continued storage of the data for conclusion or fulfillment of a contract exists.

3.4 Scope

This privacy statement informs users about the nature, extent and purpose of the collection and use of personal data by the responsible provider. The collection occurs in our online platforms such as website, blog, shop and event pages.

4. Website publishing and creation of log files

4.1 Description and extent of data processing

Whenever accessing our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  • information about the browser type and version used
  • the operating system of the user
  • the Internet service provider of the user
  • the IP address of the user
  • date and time of access
  • websites that lead the user’s system to our website
  • websites that are accessed from the user’s system via our website

4.2 Legal basis for data processing

The legal basis for the temporary storage of the data is article 6(1)(f) GDPR.

4.3 Purpose of data processing

The storage in log files is carried out in order to ensure the functionality of the website. Moreover, the data is used for optimizing the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes will not occur in this context.

4.4 Storage duration

The data is deleted as soon as it is no longer necessary for the attainment of its original purpose. In case of collection of the data for providing the website, this deletion is carried out when the current session ends.

In the case of storing the data in log files, deletion will take place within six months at the latest. A continued storage is possible. In this case, the IP addresses of users are deleted or distorted, so that an allocation of the calling client is no longer possible.

4.5 Possibility of objection and deletion

Data collection for providing the website and storing the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

5. Use of cookies

5.1 Description and extent of data processing

Our website uses cookies. Cookies are text files that are stored in the browser or by the browser on the computer system of the user. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string which can clearly identify the browser if you return to the website.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified when leaving and returning to a website.

When using cookies the following data is stored and transmitted:

  • operating data of the software, such as language setting, time zone etc.
  • products in a shopping cart
  • login information

5.2 Legal basis for data processing

The legal basis for the processing of personal data using cookies is article 6(1)(f) GDPR.

5.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be provided without the use of cookies. For these features it is necessary that the browser is recognized even after leaving and returning to the website.

The user data collected by technically necessary cookies is not used to create user profiles.

5.4 Storage duration, possibility of objection and deletion

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, you as a user are in control of the use of cookies. By changing the settings in your browser, you can disable or restrict the transfer of cookies. Already stored cookies can be deleted at any time. This can also be automated. When cookies are disabled for the use of our website, not all features of our website may be used to full extent.

6. Newsletter

6.1 Description and extent of data processing

Our website offers the possibility of subscribing to a free newsletter. During registration for the newsletter, the data from the input form is sent to us.

If you purchase goods or services from our website and thereby deposit your email address, it can be subsequently used by us for sending a newsletter. In such case only direct marketing information about similar products or services will be sent via the newsletter.

6.2 Legal basis for data processing

Legal basis for the processing of data by registering for the newsletter by the user is article 6(1)(a) GDPR if user consent is present.

Additional legal basis for sending the newsletter due to the sale of goods or services is § 7 para. 3 UWG (UC).

6.3 Purpose of data processing

The collection of the email address of the user is used for sending the newsletter.

The collection of further personal data as part of the registration process is used to prevent misuse of the services or the email address used.

6.4 Storage duration

The data is deleted as soon as it is no longer necessary for the attainment of its original purpose. The email address of the user is thus stored for as long as the newsletter subscription is active.

The other personal data collected in the registration process is generally deleted after a period of six months.

6.5 Possibility of objection and deletion

The newsletter subscription may be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in every newsletter. In that process it is also possible to revoke the consent to the storage of the personal data collected in the registration process.

7. Registration

7.1 Description and extent of data processing

On our website we offer users the option to register by entering  personal data. The data input form is sent to us and stored. In this process only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.

At the time of registration, the following data is stored:

  • the IP address of the user
  • date and time of registration

In the registration process a user consent to the processing of this data is obtained.

7.2 Legal basis for data processing

If the registration serves the fulfilment of a contract, of which the user is the contracting party, or the realization of pre-contractual measures, article 6(1)(b) GDPR is an additional legal basis for the processing of data. Otherwise an approval in accordance with article 6(1)(a) is obtained.

7.3 Purpose of data processing

Registration of the user is required for the performance of a contract with the user or to realize pre-contractual measures or to provide and test content in blog systems, mailing lists or discussion platforms.

7.4 Transfer of data to third parties

An order or a request by the user to create an offer or individual contact may result in forwarding data to a partner company. In this case, the possible transfer is explicitly pointed out and the consent is obtained. If necessary, data is transferred to:

  • affiliated sales partners
  • hotels or restaurants for events and trainings
  • logistics partners

7.5 Storage duration

The data is deleted as soon as it is no longer necessary for the attainment of its original purpose.

This is the case for the data collected in the registration process for the performance of a contract or the realization of pre-contractual measures if the data is no longer necessary for the implementation of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contracting party in order to comply with contractual or legal obligations.

7.6 Possibility of objection and deletion

As a user you always have the option to revoke the registration. You can have the data concerning you modified at any time.

If the data is required for the performance of a contract or to implement precontractual measures, early deletion of data is only possible unless no contractual or legal obligations are in place.

8. Contact form and email contact

8.1 Description and extent of data processing

Our website provides a contact form for electronic contact. If a user enters data into the input form the data will be sent to us and stored. In that process only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.

At the point of sending the message, the following information is also stored:

  • the IP address of the user
  • date and time of registration

For the processing of the data your consent is obtained as part of the transmission process and the Privacy Policy is indicated.

Alternatively, contact via the provided email address is possible. In this case, the personal user data transmitted with the email is stored.

In this context, no data is transferred to third parties. The data is exclusively used for the processing of the conversation.

8.2 Legal basis for data processing

If user consent is present, legal basis for the processing of the data is article 6(1)(a) GDPR.

The legal basis for the processing of the data received during the sending of an email is article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, article 6(1)(b) GDPR is an additional basis for the processing of data.

8.3 Purpose of data processing

The processing of personal data from the input form serves us for processing the contact as well as for customer care and quality management. When contacting us by email there is also a required legitimate interest in the processing of the data. Otherwise, the user’s consent is required.

Other personal data processed during the transmission are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.4 Transfer of data to third parties

An order or a request by the user to create an offer or for individual contact may result in the forwarding of data to a partner company. In this case, the possible transfer is explicitly stated and consent is obtained. If required, data is transferred to:

  • affiliated sales partners
  • hotels or restaurants for events and trainings
  • logistics partners

8.5 Publication of data

When transferring success stories, the data collected is published on the websites including the names of the user. In this case, the possible transfer is explicitly indicated and the corresponding consent is obtained accordingly.

8.6 Storage duration

The data is deleted as soon as it is no longer necessary for the attainment of its purpose, the purpose expires or the user’s consent is revoked.

The personal data additionally collected during the transmission process will be deleted after a period of six months.

8.7 Possibility of objection and deletion

The user always has the possibility to withdraw his consent to the processing of personal data. If the user contacts us by email, he can object to the storage of personal data at any time. In such a case, the conversation can not be continued.

In such a case all personal data that has been stored in the course of the contact is deleted.

9. Publication of job advertisement / online job advertisements

9.1 Description and extent of data processing

The application data is collected for the purpose of the application process and processed by us. Thereby, different data is processed, such as name, phone number, email address etc. This data is basically used for contact and communication.

Any information not proccessible under the General Equal Treatment Act (race, gender, religion or belief, disability, age or sexual identity) is not processed. We also ask not to transmit information on diseases, pregnancy, ethnic origin, political opinion, philosophical or religious beliefs, trade union membership, physical or mental health or sexual life. This also applies to content that is likely to violate the rights of third parties (e.g. copyrights, press law or general rights of third parties).

If an application is followed by the conclusion of an employment contract, the data submitted can be stored – in compliance with relevant legal regulations – in a personnel file for the purpose of the usual organizational and management processes.

9.2 Legal basis for data processing

Legal basis for the processing of data which is transmitted in the course of sending an email is article 6(1)(f) and article 6(1)(a) GDPR. If the email contact aims at the conclusion of a contract, article 6(1)(b) GDPR is an additional legal basis for the processing.

9.3 Purpose of data processing

The processing of personal data from an email solely serves us for processing the application process and employee recruitment and also includes your required, legitimate interest in processing the data.

9.4 Storage duration

If an application is rejected, the transmitted data is deleted automatically three months later. This does not apply if (e.g. the obligation of proof under the General Equal Treatment Act) continued storage is necessary due to legal requirements or it has been explicitly agreed upon a longer storage period in our prospect database.

9.5 Possibility of objection and deletion

The user has the possibility to withdraw his/her consent to the processing of personal data at any time. The data is deleted immediately provided that this deletion is not offset by legitimate interests of the person responsible or the user. Instead of data deletion data can be blocked if stipulated by law.

10. Blog systems, mailing lists and discussion platforms

10.1 Description and extent of data processing

Within these systems, it is possible to make comments, to write guest articles or to participate in a discussion. Thereby only relevant data is collected, including contact information (name, first name, email addresses etc.) or content data.

At the time of registration, the following data is also stored:

  • the IP address of the user
  • date and time of registration

If comments are made, other users can subscribe to them. At the time of commenting, the other users are informed. No personal data allowing direct identification is transferred in the comments.

Furthermore, we reserve the right on the basis of our legitimate interests under article 6(1)(f) GDPR to process the information provided by the user for the purpose of spam detection or to delete posts that violate the personal rights of third parties.

The data entered in the context of the comments and posts is permanently stored by us until revocation by the users.

10.2 Legal basis for data processing

The legal basis for the processing of the data is obtained by personal consent under article 6(1)(a) or the interests of the party responsible under article 6(1)(f).

10.3 Purpose of data processing

We operate the above mentioned systems for marketing purposes, employee and customer acquisition and provisioning of general information. The main focus is for relevant user groups to receive general information on the business of the party responsible.

10.4 Storage duration

Content and communication data provided within the systems are permanently stored by us until revocation by the users. Log data is deleted after six months at the latest.

10.5 Possibility of objection and deletion

The user has the possibility to withdraw his consent to the processing of personal data at any time. On the basis of our legitimate interests, we are allowed to store the withdrawn email addresses for up to three years before deletion in order to prove a once given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is being confirmed.

11. Order processing in the online shop and customer account

We process the data of our customers during the ordering process in our online shop to allow them to select and order products and services, and also to enable payment and delivery, or rather execution.

11.1 Processing data

The processed data includes inventory data, communication data, contract data, payment data and affected by the processing are our customers, potential customers and other business partners. The processing is done for the purpose of providing contractual services relating to the operation of an online shop, billing, delivery and customer service. Here, we use session cookies to store the cart content and permanent cookies to store the login status.

11.2 Legal basis for data processing

The processing is performed on the basis of article 6(1)(b) (execution of order processes) and (c) (legally required archiving) GDPR. The information marked as mandatory is required to initiate and execute a contract. The information is disclosed to third parties only in the context of delivery, payment, or in accordance with legal permits and duties to legal advisors and authorities. The data will only be processed in third countries if it is necessary for the performance of the contract (e.g. on customer demand upon delivery or payment).

11.3 Data storage

Users can optionally create a user account allowing them primarily to view their orders. During the registration, the required mandatory information will be indicated to the users. The user accounts are not public and can not be indexed by search engines. If users have cancelled their user account, related data will be deleted unless its storage is necessary for commercial or fiscal reasons in accordance with article 6(1)(c) GDPR. Information given in the account remains stored until its deletion with subsequent archiving in the case of a legal obligation. If a user cancels his/her account it is incumbent to backup their data before the end of the contract.

During the registration and re-registration as well as use of our online services, we store the IP address and the time of each user activity. The data is stored on the basis of our legitimate interests, as well as of the abuse protection of our users and other unauthorized use. The transfer of such data to third parties is principally not carried out, unless it is necessary for the pursuit of our claims or unless there is a legal obligation in accordance with article 6(1)(c) GDPR

.

11.4 Storage duration

The deletion is executed after expiration of legal warranty and similar obligations, the need for the retention of data is reviewed every three years; in the case of legal archiving obligations deletion takes place after their expiration (end of commercial law (6 years) and tax (10 years) retention obligations).

12. External payment service providers

We use external payment providers for payment transactions by us and our users.

As part of the performance of contracts we use the payment service provider on the basis of article 6(1)(b) GDPR. In addition, we use external payment providers on the basis of our legitimate interests in accordance with article 6(1)(b) GDPR

in order to offer an effective and secure payment option to our users.

12.1 Legal basis for data processing

The data processed by the payment service provider includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as the contract-, totals- and recipient-related information. The information is required to carry out the transactions. The details entered will only be processed by the payment service provider and stored with them. I.e. we do not receive account or credit card related information, but only information with confirmation or rejection of payment. Under certain circumstances, the data is transmitted by the payment service provider to credit reporting agencies. Purpose of this transfer is to prove identity and to assess credit standing. We refer to the Terms and Conditions and Privacy Policy of the payment service provider.

For payment transactions, the terms and conditions and the privacy policy of the respective payment service provider, which is available within the respective websites, and transaction applications apply. We also refer to those for more information and enforcement of objection, information and other affected rights.

Paypal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full)

Computop (https://www.computop.com/de/datenschutz/)

13. Use of third-party providers

13.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ( “Google”). It is used on the basis of the article 6(1)(1)(f) GDPR. Google Analytics uses so called “Cookies”, text files that are stored on your computer and allow an analysis of your use of the website.

13.1.1 Data storage

The following information generated by cookies about your use of the website is usually transferred to a Google server in the USA and stored there:

  • browser type/version
  • operating system used
  • referrer URL (previously accessed website)
  • hostname of the accessing computer (IP address)
  • time of server request

The IP address sent as part of the Google Analytics process will not be merged with other Google data. We have also expanded Google Analytics on this website with the code “anonymizeIP”. This guarantees the masking of your IP address, so that all data is collected anonymously. Only in extraordinary cases, the full IP address is transmitted to a Google server in the USA and shortened there.

13.1.2 Data analysis

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compiling reports on the website activities and to provide the website owner with other services related to the website and internet usage. You may refuse the use of cookies by changing the settings in your browser; however, we point out that in this case you may not be able to use all features of this site to the full extent.

13.1.3 Prevention of processing

You can prevent the collection of data regarding your usage of the website generated by the cookie (incl. your IP address) by Google and also, the processing of this data by Google by downloading and installing the browser plugin available in the download link below:

https://tools.google.com/dlpage/gaoptout.

As an alternative to the browser add-on, especially in browsers on mobile devices, you can avoid detection by Google Analytics by also clicking on this link. It will set an opt-out cookie, which prevents future collection of your information when accessing this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. For information on the integration of the opt-out cookie, go to:

https://developers.google.com/analytics/devguides/collection/gajs/.

Furthermore, we use Google Analytics to analyze data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can deactivate this in the Ads Preferences Manager

http://www.google.com/settings/ads/onweb/?hl=de

More information on privacy in the context of Google Analytics can be found in the Google Analytics Help Center:

https://support.google.com/analytics/answer/6004245?hl=de

13.2 Google Adwords

We also use the Google advertising tool “Google Adwords” on our website. In this context, we use the analytical service “Conversion Tracking” from the company Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”, on our website.

13.2.1 Data storage

If you have come to our website via a Google ad, a cookie is stored on your computer. Cookies are small text files that are downloaded and stored by your Internet browser on your computer. These so-called “conversion cookies” lose validity after 30 days and do not serve for your personal identification. If you visit certain pages of our website and the cookie has not yet expired, we and Google can see that you as a user have clicked on one of our ads placed with Google and have thus been forwarded to our side.

13.2.2 Data processing

The information obtained by means of the “conversion cookie” is used by Google to create visitor statistics for our site. Through these statistics, we see the total number of users who clicked on our ad and also which pages of our website have been accessed by the respective user afterwards. However, we and other advertisers using “Google Adwords” will not receive any information by which users can be identified personally.

13.2.3 Prevention of processing

You can prevent the installation of “conversion cookies” by changing the browser settings so that the automatic setting of cookies is generally disabled or it specifically blocks cookies only from the domain “googleadservices.com “.

The relevant privacy policy of Google is available in the following link:

https://services.google.com/sitestats/de.html

13.3 Google Maps

On our website we us the component “Google Maps” run by the company Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”.

In each request of the component “Google Maps”, a cookie is set by Google in order to process user settings and date when accessing the website where the component “Google Maps” is integrated.

13.3.1 Data processing

This cookie is normally not deleted when closing the browser, but will turn invalid after a specific amount of time, unless it is previously deleted manually by the user..

13.3.2 Prevention of processing

If you do not agree with this processing of your data, you have the option of disabling the service “Google Maps” and thereby preventing the transfer of data to Google. To deactivate you must disable the JavaScript function in your browser. However, we point out that this may lead to a limited function of  “Google Maps”.

The use of “Google Maps” and the information obtained through “Google Maps” are in accordance with the Google Terms

http://www.google.de/intl/de/policies/terms/regional.html

 

and the additional terms for “Google Maps”

https://www.google.com/intl/de_de/help/terms_maps.html

13.4 Google fonts

On our website we use the component “Google Fonts” from the company Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, referred to as “Google”.

13.4.1 Data processing

Google Fonts records the data sets of requests to CSS and fonts. Aggregated user numbers show how popular certain font families are and this information will be published on our analytics page. Furthermore, data from the web crawlers of Google detect which sites are using Google fonts. This data is published and is available in the BigQuery database of Google Fonts. For more information about collection and processing, please see the privacy policy of Google.

https://policies.google.com/privacy?hl=de

13.4.2 Prevention of processing

If you do not agree with this processing of your data, you have the option of disabling the service “Google Maps” and thereby preventing the transmission of data to Google. To deactivate you must disable the JavaScript function in your browser.However, we point out that this may lead to a limited function of  “Google Maps”.

The use of “Google Maps” and of the information obtained through “Google Maps” is done in accordance with the Google Terms

http://www.google.de/intl/de/policies/terms/regional.html

 

and the additional terms for “Google Maps”

https://www.google.com/intl/de_de/help/terms_maps.html

13.5 Google+

On our website, we use the “+1″ button from the provider Google+ Google Inc. 1600 Amphitheater Parkway, Mountain View , CA 94043, referred to as “Google”.

In each access to our website, which is equipped with such a “+1” component, this component causes the browser you are using to download a respective representation of the component from Google. In this process, Google is informed about which specific page of our website you are visiting.

According to the information from Google further evaluation of your visit does not take place if you are not logged in to your Google account.

13.5.1 Data storage

If you press the “+1” button on our website while being logged in to Google, Google can collect information regarding your Google account, the website you recommend as well as regarding your IP address and other browser related information.

Thus, your “+1” recommendation can be stored and made publicly available. Your herewith given Google “+1” recommendation can then be shown as an indication along with your account name and optionally with your photo from Google in Google services, such as in search results or in your Google account or in any other place, such as for example websites and ads on the Internet. In addition, Google can associate your visit to our website with your data saved with Google. Google also records this information in order to continue to improve Google’s services.

13.5.2 Prevention of processing

If you therefore want to prevent the aforementioned collection by Google in the best way possible, you have to log out of your Google account before visiting our website.

The Google privacy policy regarding the “+1” button and all other information on the collection, sharing and use of data by Google, with their respective rights and the options for your profile settings can be found here:

https://developers.google.com/+/web/buttons-policy

13.6 Twitter

The party responsible has integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible micro-blogging service on which users can publish and spread so-called tweets, short messages which are limited to 280 characters. These short messages are available for everyone, including people not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter allows to address a wide audience with the use of hashtags, links or retweets. Service provider of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

13.6.1 Data processing

Whenever accessing one of the pages of this website, which is operated by the person responsible for the processing and on which a Twitter component (Twitter button) has been integrated, the browser of the information technology system of the person concerned automatically causes the respective Twitter component to download a representation of the corresponding Twitter component. Further information on the Twitter buttons are available at:

about.twitter.com/de/resources/buttons

As part of this technical process, Twitter receives knowledge about exactly which subpage of our website is accessed by the person concerned. Purpose of the integration of the Twitter component is to provide our users with a retransmission of the contents of this website in order to make this website popular in the digital world and to increase our number of visitors.

13.6.2 Data storage

If the user is logged in to Twitter while visiting our website, Twitter recognizes throughout every visit exactly which subpage of our website is visited by the user concerned. This information is collected by the Twitter component and allocated through Twitter to the corresponding Twitter account of the user concerned. If the user concerned presses a Twitter button integrated on our website, the data and information transmitted in this process is associated with the personal Twitter account of the user concerned and stored and processed by Twitter.

13.6.3 Data analysis

If a user is logged in to Twitter at the time of the visit to our website, Twitter always receives information about it, regardless of whether the user clicks on the Twitter component or not. If such transmission of this information to Twitter is not desired, this user can prevent the transmission by logging out of their Twitter account before accessing our website. The applicable privacy policy of Twitter can be viewed in the following link.

twitter.com/privacy

13.7 Facebook

On our website we use components of the provider facebook.com. Facebook is a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

In each access to our website this component causes the browser you are using to download a corresponding representation of the component from Facebook. In this process, Facebook is informed about the exact page of our website you are visiting.

13.7.1 Data storage

If you access our website while being logged in to Facebook, Facebook recognizes which specific page you are visiting with the help of the information collected by the component, and associates this information with your personal Facebook account. For example, if you click the “Like” button or enter comments, this information is transmitted to your personal account on Facebook and stored there. Additionally , the information that you have visited our site is passed on to Facebook regardless of whether clicking on the component or not.

13.7.2 Prevention of processing

If you want to prevent this transmission and storage of data about you and your actions on our website to and by Facebook, you need to log out of Facebook before you actually access our website. The privacy policy of Facebook gives details about this subject, in particular about the collection and use of data by Facebook, about your respective rights and about the setting options for protecting your privacy:

https://de-de.facebook.com/about/privacy/

 

An overview of the Facebook plugin can be found at

https://developers.facebook.com/docs/plugins/

13.8 Jetpack (WordPress)

On our website, we use the component Jetpack from Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, United States of America, by using the technology of Quantcast Corp., 201 Third Street, 2nd Floor, San Francisco, CA 94103, United States of America.

13.8.1 Data storage

With each individual access to our website, data is collected for web analytics and stored in the United States through the use of cookies. Cookies are small text files that are stored locally in the cache of the Internet browser of the visitor, enabling the recognition of the visitor’s Internet browser. The IP address, however, is anonymized immediately after processing and before storing it. You may prevent the use of cookies by adjusting your browser software or by deleting already stored cookies; however, we point out that thereafter you may not be able to access all features of our website.

13.8.2 Prevention of processing

The consent to collection and use of data by the component Jetpack can be revoked for the future if you set an opt-out cookie in your browser via the link

http://www.quantcast.com/opt-out

If you delete all your browser cookies, the process must be repeated.

13.9 Gravatar (Profile Pictures)

Within our online services and particularly in the blog services we use the service Gravatar of Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA.

13.9.1 Data storage

Gravatar is a service that allows users to register and store profile pictures and their email addresses. When users with the respective email address leave posts or comments on other websites (especially blogs), their profile picture can be displayed next to the posts or comments. For this purpose, the email address indicated by the user is transmitted in encrypted mode to Gravatar in order to check whether a profile is associated with it. This is the only purpose of the transfer of the email address and it is not used for other purposes, but is deleted afterwards.

The use of Gravatar is made on the basis of our legitimate interests in accordance with article 6(1)(f) GDPR, as we allow the authors  of articles and comments to personalize their posts with a profile picture using Gravatar.

By displaying the pictures, Gravatar makes the IP address of users known, as this is necessary for communication between a browser and an online service. More information on the collection and use of data by Gravatar can be found in the privacy policies of Automattic:

https://automattic.com/privacy/

13.9.2 Prevention of processing

If users do not want their profile picture linked with their email address at Gravatar to appear in the comments, you should use an email address which is not deposited at Gravatar when commenting. We also point out that it is also possible to use no email address at all or an anonymous one if the users do not wish to have their own email address sent to Gravatar. Users can prevent the transmission of the data completely by not using our comment system.

13.10 Akismet (anti-spam check)

Our online offer uses the service Akismet which is offered by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110, USA. Use is at the basis of our legitimate interests in accordance with article 6(1)(f) GDPR.

13.10.1 Data storage

With the help of this service, comments of real people are distinguished from spam comments. For this, all information of a comment is sent to a server in the US, where it is analyzed and stored for purposes of comparison for the duration of four days. If a comment has been classified as spam, the data is stored beyond that time. This information contains the entered name, email address, IP address, the content of the comment, the referrer, information on the browser and the computer system used as well as the time of the entry.

More information on the collection and use of data by Akismet can be found in the privacy notices of Automattic:

https://automattic.com/privacy/

13.10.2 Prevention of processing

Users are welcome to use pseudonyms or may refrain from entering their name or email address. You can completely prevent the transfer of data by not using our comment system.

14. Rights of the person concerned

If your personal data is processed, you are affected in accordance with the GDPR and you have the following rights towards the party responsible:

14.1 Right to disclosure

You may ask the party responsible to confirm whether personal data concerning you is being processed. If such processing has taken place, you can request the following information from the party responsible:

  • the purposes for which the personal data is processed
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data concerning you have been disclosed or are still being disclosed
  • the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period
  • the existence of a right to have personal data concerning you rectified or deleted, a right to have the processed data restricted by the person responsible or a right to object to such processing
  • the existence of a right to appeal to a supervisory authority
  • any available information on the origin of the data if the personal data is not collected from the person concerned
  • the existence of automated decision-making, including profiling in accordance with article 22(1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the person concerned

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees in accordance to article 46 GDPR concerning the transmission.

14.2 Right to correction

You have a right to correction and/or completion towards the party responsible if the processed personal data concerning you is incorrect or incomplete. The party responsible shall carry out the correction without delay.

14.3 Right to limitation of processing

Under the following conditions, you may request that the processing of personal data concerning you be restricted:

  • if you dispute the accuracy of the personal data concerning you for a period of time that enables the party responsible to verify the accuracy of the personal data;
  • the processing is unlawful and you reject the deletion of the personal data and instead demand that the use of the personal data be restricted;
  • The party responsible no longer needs the personal data for the purposes of the processing, but you do need them to assert, exercise or defend legal claims, or
  • if you have filed an objection to the processing in accordance to article 21(1) GDPR
  •  and it has not yet been determined whether the legitimate reasons of the party responsible outweigh your reasons.

Where the processing of personal data regarding you has been restricted, such data may only be processed – apart from being stored – with your consent or for the purpose of asserting, exercising or defending rights or for the protection of the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

14.4 Right to deletion

14.4.1 Obligation to delete

You may request that the party responsible delete the personal data regarding you without delay and the person responsible is obliged to delete this data without delay if one of the following reasons applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent on which the processing was based in accordance with article 6(1)(a) or article 9(2)(a) GDPR and there is no other legal basis for the processing.
  • You file an objection against the processing in accordance with article 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you file an objection against the processing in accordance with article 21(2) GDPR.
  • The personal data concerning you has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the person responsible is subject.
  • The personal data concerning you has been collected in relation to information society services offered in accordance with article 8(1) GDPR.

14.4.2 Information transfer to third parties

If the party responsible has made the personal data concerning you public and is obligated to delete it in accordance with article 17(1) GDPR, it takes adequate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data processors who process the personal data that you as the person concerned have requested the deletion of all links to this personal data or of copies or replications of this personal data.

14.4.3 Exceptions

The right to deletion does not exist if the processing is necessary for the following reasons:

  • for the exercise of the right to freedom of expression and information
  • for the performance of a legal obligation required for processing under the law of the Union or of the Member States to which the person responsible is subject or for the performance of a task in the public interest or in the exercise of official authority conferred on the party responsible
  • for reasons of public interest in the field of public health in accordance with article 9(2)(h) and (i) as well as article 9(3) GDPR
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89(1) GDPR
  • , insofar as the right referred to in Section 14.4.1 is likely to render impossible or seriously impair the attainment of the objectives of such processing
  • for asserting, exercising or defending legal claims

14.5 Right to information

If you have exercised your right to have the party responsible correct, delete or limit the processing, it is obligated to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of such recipients by the party responsible.

14.6 Right to data transferability

You have the right to receive the personal data concerning you that you have provided the party responsible with in a structured, common and machine-readable format. In addition, you have the right to pass this data on to another party responsible without obstruction by the party responsible to whom the personal data was provided, as long as

  • processing is based on consent in accordance with article 6(1)(a) GDPR or article 9(2)(a) GDPR or on a contract in accordance with article 6(1)(b) GDPR and
  • processing is carried out using automated methods.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one data controller to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to transferability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller.

14.7 Right to objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on article 6(1)(e) or (f) of the DSGVO; this also applies to profiling based on these regulations.

The data controller no longer processes the personal data regarding you, unless he can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right to objection in connection with the use of Information Society services by means of automated procedures using technical specifications, regardless of Directive 2002/58/EC.

14.8 Right to revoke the privacy policy consent

You have the right to revoke your privacy policy consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until revocation.

14.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the party responsible,
  • is admissible by law of the Union or of the Member States to which the party responsible is subject and that law contains appropriate measures to safeguard your rights, freedoms and legitimate interests, or
  • is based on explicit consent.

However, these decisions must not be based on special categories of personal data in accordance with article 9(1) GDPR, unless article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

In the above cases, the person responsible takes appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person by the party responsible, to state his own position and to challenge the decision.

14.10 Right to appeal to a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect the place of infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.

The supervisory authority to which the complaint has been lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy based on article 78 GDPR.

15. Legal age and legal competence

Only when you reach legal age and become legally competent can you effectively consent to the collection, processing and use of your data. For this reason we cannot store your data in this system unless you are at least 16 years of age. With the consent to this privacy policy you declare your legal competence after reaching legal age.

If you are not of legal age or legally competent, we do not want to lose you as an applicant. For this reason, we look forward to welcoming you in our office to receive your application personally.

16. Security measures

We use the most common SSL (Secure Socket Layer) method in combination with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.