I. Who is the responsible body (“controller” in terms of the GDPR) and how can I contact the data protection officer?
Our data protection officer is JURANDO GmbH (https://www.jurando.de). You can contact them or us by sending an email to firstname.lastname@example.org or al letter to our address:
Att. data protection officer
II. Which are the rights you are entitled to?
You are entitled to the following rights which you can assert against us with respect to the personal data concerning you:
- Right to information/ access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object to the processing (Art. 21 GDPR).
In addition, you have the right to lodge a complaint about us with a supervisory authority according to Art. 77 GDPR.
Where you have consented to the processing, you have the right to withdraw the consent at any time; however, the withdrawal of consent will not affect the lawfulness of processing based on the consent before its withdrawal.
III. For what purposes do we process personal data and what is the legal basis for the processing?
When You Visit Our Website
When you visit our website for mere information purposes, i.e. when you do not register or otherwise transfer or disclose information to us, we only collect those personal data which your browser transfers to us. This includes:
• IP address
• Date and time of access
• Details of the query (specific page accessed)
• Access status/HTTP status code
• Website from which the query is made (so-called “referrer”)
• Operating system and its surface
• Language and version of the browser software
This data is also stored as log data.
We require this data for technical reasons to be able to display our website, ensure stability and security and optimize our presentation.
The legal basis for this is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the afore-mentioned purposes.
We erase this data after seven days at the latest. We will only store data beyond that time after the personal data has been erased or anonymized. In the case of IP addresses, anonymization can be procured by appropriate shortening of the IP address.
We use transient and persistent cookies on our website. Transient cookies are deleted automatically when you close the browser. These comprise in particular session cookies. They store a so-called session ID which enables several queries from your browser to be allocated to one and the same session. This enables us to recognize your computer when you visit our website again. The session cookies are deleted when you log out from our website or close the browser. Persistent cookies are deleted automatically after expiry of a pre-defined validity which can vary, depending on the cookie used from time to time. You can delete the cookies at any time in the security settings of your browser.
You can set your browser as you wish, and you may, for instance, refuse to accept third-party cookies or even all cookies. However, please be aware that, if you do so, you might be unable to use all features and functions of this website.
If you give us your consent, you can subscribe to our newsletter.
To enable subscription to our newsletter, we use the so-called double opt-in procedure; this means that, after you have subscribed, we send you an email to the email address you have indicated in which we will ask you to confirm that you want us to send you the newsletter. If you do not confirm your subscription within 24 hours, your data will be deleted automatically. In addition, we also store the IP addresses you have used from time to time as well as the time of subscription and confirmation. The purpose of this procedure is to evidence your subscription and, where required, clarify any potential misuse of your personal data.
The only required field to be filled in by you to enable transmission of the newsletter is your email address. After you have confirmed the subscription, we will store your email address for sending you the newsletter.
The legal basis for this is Art. 6 subs. 1 a) GDPR because you have given your consent.
You may at any time revoke your consent to the transmission of the newsletter and unsubscribe. You can revoke your consent by clicking the link which is contained in every newsletter email or by sending an email to email@example.com. If you unsubscribe, we will immediately delete your data.
We use our newsletter to analyse your user behaviour. For such purpose, our newsletter contains so-called web beacons resp. tracking pixels which are one-pixel image files which are stored on our website. For analysing your user behaviour, we combine the data we collect when you visit our website with your email address and a personal ID. Also the links which you have received in the newsletter might contain this ID. Based on this data, we prepare a user profile to tailor the newsletter and the services we offer to your personal interests. We thereby gather information about when you read our newsletters, and which links you click. We combine this data with your activities on our website.
The legal basis for the tracking is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the purposes mentioned above.
When you use one of our contact forms, for example to book an appointment for a meeting or to recruit a new customer, we will use the data you have transferred to us in order to answer your request. The information you disclose to us may be stored in a Customer Relationship Management System (“CRM system”) or similar software.
Data processing for the purposes of communication is based on Art. 6 subs. 1 b) GDPR if and to the extent that your request pertains to the performance of contractual duties or initial approaches for contract conclusion (“taking steps prior to entering into a contract”). In other cases, the legal basis is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the purposes mentioned above.
The personal data we collect when you use the contact form are deleted automatically after your request has been settled unless we are required by law to retain the data or we need the data for contract performance. You may also at any time object to the processing when the processing is based on a legitimate interest.
When you contact us via the email addresses we have indicated for such purpose, we will store the personal data you have transferred to us in order to answer your requests. The information you have provided to us might be stored in a Customer Relationship Management System (“CRM system”) or similar software.
In the course of transporting or delivering your email, log data is also generated on a regular basis, which, for example, also contains the IP address of the e-mail server you are using. These log data are necessary for ensuring the proper operation of our e-mail server and also serve as proof of server problems or security incidents.
The legal basis for this is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the purposes mentioned above. Where the email by which you contact us is aimed at contract conclusion or when you send us an email in the context of an existing contractual relationship, the legal basis is Art. 6 subs. 1 b) GDPR.
The data is deleted after the request has been finally settled unless we are required by law to retain the data or we need the data for contract performance. You can also at any time object to the processing when the processing is based on a legitimate interest. Log data is deleted after seven days at the latest.
If you transfer an application to us via our job/career page, we will process the transferred data to perform our (pre-)contractual duties in the context of the application procedure. If your application is successful, we further process the data for the purpose of handling and executing the employment relationship.
The legal basis is Art. 6 subs. 1 b) GDPR as well as § 26 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). If you voluntarily transfer to us special categories of personal data such as health data or religion, also Art. 9 subs. 2 b) GDPR serves as a legal basis.
If your application is not successful, we will delete your data after six months at the latest.
Until that time, the data is stored to answer any possible queries relating to the application procedure and to comply with our documentation duties under the German Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG). If you withdraw your application, we will delete your data immediately.
Social Media Plug-ins
We currently use the following social media plug-ins: Facebook, Twitter, LinkedIn, Pinterest.
For such purposes, we use the so-called double-click solution or another technically equivalent solution. This means that, when you visit our website, as a rule, no personal data is transferred to the plug-in provider at first. You can recognize the provider by the mark in the box above the provider’s initial letter or by its logo. We offer you the possibility to communicate directly with the plug-in provider via the button. Only when you click the marked field and thus activate it, the plug-in provider is informed that you have accessed the relevant website of our online presentation. In addition, the data collected during your visit to our website is transferred, too. In the case of Facebook, pursuant to the information provided by the relevant providers in Germany, the IP address is anonymized immediately after collection. This means that, when you activate the plug-in, your personal data is transferred to the relevant plug-in provider and stored there (in the case of US-American providers in the USA).
We have no influence on the collected data or data processing activities nor are we aware of the scope of data collection, the purposes of the processing and the duration of data storage. We do not know about deletion of the collected data by the plug-in provider either.
The plug-in provider stores the data collected from you in the form of user profiles and uses them for advertising and market research purposes and/or to tailor its website to the users’ demands. The analysis in particular serves to display customized advertisements (also for users who are not logged in) and to inform other users of the social network about your activities on our website. You have the right to object to, and thus prevent, the preparation of user profiles; if you want to exercise this right, you have to address the relevant plug-in provider. We offer you the possibility, via the plug-ins, to interact with the social networks and other users which enables us to improve our presentation and services and offer you as the user a more interesting design.
The legal basis for the use of the plug-ins is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the marketing purposes we pursue. When you click the plug-in and thus give your consent, the legal basis is Art. 6 subs. 1 a) GDPR.
The data is transferred regardless of whether or not you have an account with the plug-in provider and whether or not you are logged-in there. When you are logged-in to the plug-in provider, the data we have collected from you is immediately allocated to your account with the plug-in provider. When you click the activated button and, for instance, set a link on the page, the plug-in provider will also store this information in your user account and publicly communicate it to your contacts. We recommend that you generally log out when you have visited a social network, especially before you activate the social media plug-in button to prevent any allocation to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and data processing by the plug-in provider is available in the privacy policies of these providers set out below. These also contain further information on the rights to which you are entitled in this context and the possible settings to protect your privacy.
Addresses of the relevant plug-in providers and URL and their data protection information
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook joined the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA,
Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland;
Google joined the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy
Twitter joined the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy
LinkedIn joined the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA; https://about.pinterest.com/de/privacy-policy
We embed videos from the “Vineo” platform. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. The data collected during your visit to our website is transferred to this provider. In particular, the IP address needs to be transferred to enable the provider to transfer the contents.
The legal basis for embedding the Vimeo videos is Art. 6 subs. 1 f) GDPR. Our legitimate interest consists in the marketing purposes we pursue.
This website uses the Google services described in more detail below, which are provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
General information on privacy: http://www.google.com/intl/de/analytics/learn/privacy.html
The information generated as part of the use of the services can be transmitted to a Google server in the USA and stored there.
For the exceptional cases in which personal data are transferred to the USA, Google has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
This website uses Google Analytics, a web analysis service provided by Google Inc. (”Google”). Google Analytics uses so-called “cookies” which are small text files which are stored on your computer and enable us to analyse how you use the website. We use Google Analytics to analyse and continuously improve the use of our website. The statistics we gain thereby help us improve our presentation and services and offer you as the user a more interesting design.
If IP anonymization is activated on this website, your IP address is shortened within the European Union Member States or other countries party to the Agreement on the European Economic Area before it is transferred to the USA. This website uses Google Analytics with the supplementary feature called “_anonymizeIp()”. This makes sure that only shortened IP addresses are processed further which prevents IP addresses from being allocated to specific persons. This means that, if and to the extent the data collected from you refer to you personally, allocation of the data to you personally is prevented right from the beginning and the personal data is thus deleted immediately. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and only shortened there. Google, on instruction and on behalf of the operator of this website, uses this information to analyse how you use the website, to compile reports on the website activities and render further services to the website operator relating to the use of the website and the use of the Internet.
The IP address which is transferred by your browser in the context of Google Analytics services is not combined or pooled with other data of Google.
You can set your browser software to prevent the storage of cookies; However, in this case, please be aware that you might possibly be unable to use all features and functions of this website without restrictions. You can also prevent the collection and transfer to Google of the data generated by the cookie about your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout
This website uses Google Analytics also for the purposes of cross-device analysis of visitor streams (in which case the website is accessed from different terminals) which is implemented by means of a user ID. You can deactivate this analysis of your user behaviour in your customer account under “My data”, “personal data”.
The legal basis for the use of Google Analytics is Art. 6 subs. 1 sentence 1 f) GDPR. Our legitimate interest consists in the optimization and marketing purposes for which we use the results obtained via Google Analytics. Where you have consented to the use of your data, the legal basis is Art. 6 a) GDPR.
Google Ads (Google AdWords)
We use the services of Google AdWords to draw the visitors’ attention to our attractive offers by advertising means (so-called Google AdWords) on external websites. We can determine the success of the various advertising measures by the data gained by the advertising campaigns. We thereby pursue the purpose to show you advertisements that are interesting for you, offer you a more interesting website design and ensure fair calculation of advertising costs.
Google distributes these advertising means via so-called “Ad Servers”. For such purpose, we use Ad Server cookies which enable the measurement of certain parameters for success measuring such as displays of advertisements or clicks by users. If you are referred to our website from a Google advertisement, Google AdWords stores a cookie on your PC. These cookies usually expire after 30 days and are not meant to identify you personally. With this cookie, usually the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (which is important for post-view conversions) and opt-out information (check mark making clear that the user no longer wants to be addressed) are stored as analysis values.
These cookies enable Google to recognize your Internet browser. If a user visits certain pages of the website of an AdWords client and the cookie stored on his computer has not expired yet, Google and the client are able to see that the user clicked the advertisement and was referred to this page. Every AdWords client is assigned another cookie. Thus, cookies cannot be tracked through the websites of AdWords clients. We ourselves do not collect and process personal data by the said advertising measures. We only receive statistical analyses from Google. We can see by these analyses which of the advertising measures we use are particularly effective. We do not obtain any other data from these advertising measures; in particular, we are not able to identify the user by the said information.
The marketing tools we use cause your browser to automatically establish a direct connection with the Google server. We have no influence on the scope and further use of the data which Google collects by this tool, and therefore we inform you about what we actually know: Where AdWords Conversion is used, Google is informed that you have accessed the relevant part of our Internet presentation or clicked an advertisement we have posted. If you are registered with a Google service, Google can allocate your visit to your account. Even if you are not registered with Google or are not logged in to Google, the provider might identify and store your IP address.
You can prevent participation in this tracking procedure in different ways: a) you can set your browser software to prevent the installation of cookies; the suppression of third-party cookies in particular prevents receipt of advertisements from third-party providers; b) you can deactivate conversion tracking cookies by setting the browser to block cookies from the domain “www.googleadservices.com“, https://www.google.de/settings/ads; this setting will however be deleted when you delete your cookies; c) you can deactivate interest-based advertisements from providers which are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices; this setting will however be deleted when you delete your cookies; d) you can permanently deactivate this function in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin.
Please be aware that, if you do so, you might be unable to use all features and functions of this website without restrictions.
The legal basis for the processing of your data is Art. 6 subs. 1 f) GDPR; our legitimate interest consists in the afore-mentioned marketing purposes.
This website uses the online advertising service Google AdSense which allows us to show you advertisements which are tailored to your interests. We thereby pursue the objective to show you advertisements which might be interesting for you to offer you a more interesting website presentation. For such purpose, statistical information is collected about you who are processed by our advertising partners. The advertisements can be identified as such by the note “Google advertisements” shown in the relevant advertisement.
When you visit our website, Google is informed that you have accessed our website. In this context, Google uses a web beacon to place a cookie on your computer. The data collected during your visit to our website is transferred. We have no influence on the data collected nor do we know about the scope of data collection and the duration of data storage. Your data is transferred to the USA and analysed there. When you are logged in to your Google account, your data can be directly allocated to your account. If you do not want your data to be allocated to your Google profile, you have to log out. It is also possible that this data is disclosed and transferred to contractual partners of Google, third parties and authorities.
The legal basis for the processing of your data is Art. 6 subs. 1 f) GDPR. Our legitimate interest consists in the afore-mentioned marketing purposes.
This website does not show advertisements from third-party providers via Google AdSense.
You can prevent the installation of cookies by Google AdSense in different ways: a) you can set your browser software to prevent the installation of cookies; the suppression of third-party cookies in particular prevents receipt of advertisements from third-party providers; b) you can deactivate interest-based Google advertisements via the link http://www.google.de/ads/preferences; this setting will however be deleted when you delete your cookies; c) you can deactivate interest-based advertisements from providers which are part of the self-regulation campaign “About Ads” via the link http://www.aboutads.info/choices; this setting will however be deleted when you delete your cookies; d) you can permanently deactivate the cookies in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin.
Please be aware that, if you do so, you might be unable to use all features and functions of this website without restrictions.
Google Web Fonts
This website uses so-called Web Fonts provided by Google to ensure uniform display of various fonts. When you access a page, your browser loads the required web fonts to your browser cache to correctly display texts and fonts.
For such purpose, the browser you use establishes a connection to the Google servers. Google thereby becomes aware that our website was accessed from your IP address.
We use Google Web Fonts to ensure uniform and appealing presentation of our online offers. This constitutes a legitimate interest in terms Art. 6 subs. 1 f) GDPR which is the appropriate legal basis.