Data protection declaration
Accordingly, complete protection against access by third parties is not possible. We use technical and organisational measures to protect our website and other systems against the loss, destruction, access, modification and distribution of your data by unauthorised persons. Despite regular checks, however, it is not possible to provide complete protection against all risks.
Certain parts of this website utilise the industry standard SSL (Secure Sockets Layer). This ensures the confidentiality of your personal information as sent via the internet. A closed key or lock symbol in the lower status bar of your browser shows you if an individual page of our website is being transmitted in an encrypted format.
We would like to remind you that data transmission via the internet (e.g. communication by email) can entail security risks.
I. Name and address of the data processing controller
Controller for data processing within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection:
II. Name and address of the Data Protection Officer
Data Protection Officer and data processing controller:
ds² Unternehmensberatung GmbH & Co. KG
33775 Versmold, Germany
T +49 5423 95 99 320
Any affected individual (= ‘data subject’) is welcome to direct their enquiries or feedback to our Data Protection Officer at any time.
III. Provision of the website and creation of server log files
We use the following hosts to make our website available:
20097 Hamburg, Germany
T +49 40 605 900 399
An order processing agreement has been concluded with WebGo GmbH pursuant to Art. 28 GDPR. The legal basis is our legitimate interest within the meaning of Article 6(1)(1)(f) GDPR in the operation and maintenance of the operational security of these websites. The server location is Germany.
2. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
- Referrer (previously visited website)
- Requested website or file
- Browser type and version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form (only used to determine the access location)
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
3. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR. The provision of personal data is in part in our legitimate interest, and the provision of this data is partly required by law (see point 5, second paragraph). Not providing the data is not an option.
4. Purpose of the data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to guarantee the security of our IT systems. We also have a legitimate interest in this data processing in accordance with Article 6(1)(f) GDPR. The data is not evaluated for marketing purposes in this context.
5. Categories of recipients of personal data and data processing outside the European Union
We do not pass on personal data to third parties unless we are obliged to do so by law or we have given consent to do so.
This does not include the involvement of service providers, e.g. for the hosting of the website, which we carefully select in particular with regard to data protection and security of the data and for which we have taken all measures required under data protection law for permissible data processing. Data is not processed outside the European Union.
6. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For data collected for the provision of the website, this is deleted when the respective session has ended, or within a maximum of seven days.
7. Possibility of objection and elimination
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no right to object.
IV. Content delivery network (CDN)
We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. A CDN is a network of (globally) distributed servers that is able to deliver optimised content to the website user. Personal data may be processed in Cloudflare server log files for this purpose.
Cloudflare is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Article 6(1)(1)(f) GDPR, not to operate a Content Delivery Network ourself and to have the page displayed in a fault-free and optimised manner.
You have the right to object to this processing. Whether the objection is successful must be determined in the context of a balance of interests.
Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.
You can find more information on the options for objection and elimination relating to Cloudflare at: https://www.cloudflare.com/gdpr/introduction/
We have concluded a corresponding agreement on order processing or standard contractual clauses with Cloudflare on the basis of GDPR. The data is processed in Germany or countries within the European Union. If processing takes place in third countries in certain cases, processing shall only take place if the level of data protection in the third country has been deemed by the EU Commission to be adequate in accordance with Article 45 GDPR, on the basis of the EU standard contractual clauses or if an adequate level of data protection is ensured by the data recipient in another way.
More information is available at: https://www.cloudflare.com/cloudflare-customer-dpa/
The data generated with etracker is processed and stored by etracker exclusively in Germany. etracker has been assessed by an independent body in this respect, certified and awarded the privacy seal ePrivacyseal
The legal basis for the data processing is Art. 6(1)(f) GDPR. Our legitimate interest is the optimisation of our online service and our website. The data that may be attributable to a specific individual, such as the IP address, login or device identifiers, is anonymized or pseudonymized as soon as possible. No other use, combination with other data or disclosure to third parties takes place.<br>
You can object to the aforementioned data processing at any time. The objection has no adverse consequences.
Further information on data protection at etracker is available here: https://www.etracker.com/en/data-privacy/
VI. E-mail contact and contact form
1. Description and scope of data processing
You can contact us on our website using the e-mail address or contact form provided. In this case, the personal data of the user transmitted with the e-mail or form is stored. Other personal data will be collected only if the user consents to this collection in accordance with applicable regulations or there is a legal basis for such collection. We use this personal data to answer the user’s enquiries, to process contracts concluded with the user and for any technical administration purposes that may be necessary.
In this context – with the exception of the purposes of fulfilling the contract, cf. Clause 8 – no transfer of data to third parties takes place. The data is used exclusively for communication with the user.
2. Legal basis for data processing
Data processing for the purpose of making contact is carried out based on point (a) of Art. 6(1) GDPR and your freely given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail or using the contact form is also Art. 6(1)(f) GDPR to enable us to contact you. If the contact is aimed at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of the data processing
Personal data is processed solely for the purpose of processing the contact.
4. Categories of recipients of personal data and data processing outside the European Union
We do not pass on personal data to third parties unless we are obliged to do so by law or we have given consent to do so. Exceptions to this are the involvement of the service provider, which enables hosting of the website. Data is not processed outside the European Union.
5. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by e-mail or contact form, this is when the respective conversation with the user has ended.
The conversation ends when it can be concluded from the circumstances that the matter in question has been clarified. Further retention periods may arise from the German Fiscal Code or the German Commercial Code.
6. Possibility of objection and elimination
If the user contacts us by e-mail, they can object to the storage of their personal data at any time. If the user objects, the conversation cannot be continued. In this case, all personal data stored in the course of contacting us will be deleted, unless statutory retention periods prevent this.
VII. Career / job portal
In our Careers section, you can use our online form to apply for advertised vacancies or submit a speculative application. For this purpose, we use the applicant platform rexx systems (https://www.rexx-systems.com/), which is operated by rexx systems GmbH, Süderstrasse 75–79, 20097 Hamburg, Germany. This is an online platform for handling job applications. When you access the Careers section on our website, the link integrated in this page establishes a connection to rexx systems in order to enable the technical transfer of the application documents. Data is transferred to rexx systems when this connection to rexx systems is made. On any visit to the rexx systems website, rexx systems will normally save the IP address as assigned to you by your internet service provider (ISP). Personal data that we exclusively for the purpose of processing your application will only be stored if you provide us with this data yourself in the context of your application. In this case, the information is entered either voluntarily or, where indicated with an asterisk (*), as required information. We require these fields to be completed so that we can process your application and stay in contact during the application process. Your digital candidate file contains all of the data you entered as a candidate as well as our entire contact history. The data is processed exclusively for the purpose of processing the application in line with point (a) of Art. 6(1) GDPR, based on your freely given consent, or for making a decision to establish an employment relationship in accordance with section 26(1) sent. 1 of the German Data Protection Act (BDSG). The personal data that we collect from the completed form as well as the other files you upload to us will be stored for 6 months after completion of the application process (rejection or employment) and then erased.
For webinars, we use WebinarGeek.com’s webinar platform (Chroomstraat 12, 2718 RR Zoetermeer, The Netherlands).
In order to log in to and carry out the online seminars, we use the data you provide to us when registering for the respective seminar, namely first name, surname, e-mail, company/employer and postcode.
After registration, we will use your e-mail address to confirm registration, send dial-in information and remind you of the upcoming event shortly before the webinar. After a webinar, we will use your e-mail address and name once to send you an e-mail and give you access to the recordings of the online seminar.
We will receive the following data from you as part of the online seminar: Surname, first name, e-mail address for identification and login, country, IP address and cookies to manage the web session and ensure the provision of the webinar. Your data will only be processed as part of the online seminar.
The legal basis for the aforementioned data processing is Art. 6(1)(b) GDPR. The processing is solely for the purpose of fulfilling the contract in the form of the execution as well as preparation and follow-up of the participation agreement for the respective webinar.
An order processing agreement has been concluded with Webinargeek. Webinargeek processes the data exclusively in the European Union. Your personal data will not be transferred to third countries.
Further information on data protection at Webinargeek can be found at: https://www.webinargeek.com/privacy
IX. Forwarding of data
Your personal data will not be shared with third parties for any reason except the purposes as listed below. We share your personal data with third parties in the following cases:
- If you have given your express consent pursuant to point (a) of Art. 6(1) GDPR, such a transfer in accordance with point (f) of Art. 6(1) GDPR is necessary for the establishment, exercising or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in not having your data shared in this way
- In cases where there is a legal obligation to share the data pursuant to point (c) of Art. 6(1) GDPR
- Transfer is legally permissible and is also required for processing contractual relationships with you pursuant to point (b) of Art. 6(1) GDPR
X. Rights of the Data Subject
You are granted the following rights:
- Pursuant to Art. 15 GDPR, the right to request information about the type and scope of the personal data we collect, in particular its processing, planned retention period, continuation and disclosure
- Pursuant to Art. 16 GDPR, the right to demand the immediate rectification of your personal data that is stored by us if this data is incorrect or incomplete
- Pursuant to Art. 17 GDPR, the right to demand the erasure of your personal data stored with us, unless the processing of this data is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims; or alternatively, pursuant to Art. 18 GDPR, you have the right to demand that the processing of the data be restricted
- Pursuant to Art. 20 GDPR, the right to receive your personal data and to demand its transfer to other controllers
- Pursuant to Art. 7(3) GDPR, the right to withdraw your consent as given to us at any time As a result of this withdrawal of consent, we will no longer be allowed to continue the data processing that was based on this consent.
- Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. The normal procedure here is to contact the state supervisory authority.
- On the basis of GDPR Art. 21, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data about you, where such processing is based on point (e) or (f) of Art. 6(1) of the GDPR.
XI. Social media services
We operate a presence on the social career network Xing (hereinafter referred to as "Xing"), which is operated exclusively by New Work SE, Am Strandkai 1, 20457 Hamburg. The reference is identified by the Xing logo (no Xing plug-in). When you click on a Xing link, your browser establishes a direct connection with Xing’s servers. If you are already logged in to Xing via your personal user account, the information about your visit to our website is automatically forwarded to LinkedIn. It is then possible for Xing to assign the visit to the website to your account. We would like to point out that we do not receive any knowledge of the content of the transmitted data or its use by Xing.
If you want to prevent this transfer and storage of data about you and your usage of our website by Xing, then you must log out of your personal Xing account before your visit our website.
We operate a presence on the social career network LinkedIn, hereinafter referred to as "LinkedIn"), LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. which is exclusively owned by LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA; hereinafter: "LinkedIn"). The reference is identified by the LinkedIn logo (no LinkedIn plug-in). When you click on a LinkedIn link, your browser establishes a direct connection with LinkedIn’s servers. If you are already logged in to LinkedIn via your personal user account, the information about your visit to our website is automatically forwarded to LinkedIn. It is then possible for LinkedIn to assign the visit to the website to your account. We would like to point out that we do not receive any knowledge of the content of the transmitted data or its use by LinkedIn.
If you want to prevent this transfer and storage of data about you and your usage of our website by LinkedIn, then you must log out of your personal LinkedIn account before your visit our website.
We have integrated YouTube videos into our website. These videos are stored at http://www.YouTube.com and can be played directly from our website. The videos are all embedded in "enhanced privacy mode", which means that if you do not play the videos, no data about you as a user will be transferred to YouTube. Only when you play the videos will personal data be transferred. We have no control over this data transfer. It is possible that your data on YouTube or Google may be transferred to the USA and thus to an unsecure third country under data protection law. Unsecure third countries do not offer a level of data protection comparable to EU standards. No other guarantees are offered to compensate for this deficit. There is a risk that the transfer could result in government bodies accessing your data without you having effective legal protection
If you are logged in to Google, your data will be directly associated with your account. If you do not wish the data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluations are carried out (even for users who are not logged in) in particular to deliver needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to these user profiles being created. To exercise this right, you must contact YouTube.