Burmeier protects your personal data

Data protection statement

1. Data protection at a glance


General information

The following information will provide you with an overview of what happens with your personal data when you visit this website. Personal data encompass all data that can be used to identify you personally. You will find detailed information on the topic of data protection in our Privacy Statement found below.

Data collection on this website

Who is responsible for data collection on this website?

The operator of the website is in charge of data processing on this website. You will find the operator’s contact data in section “Information on the data controller” within this Privacy Statement.

 

How do we collect your data?

Firstly, we collect the data that you provide for us. This can be data that you enter in a contact form, for example.

Our IT systems collect other data during your visit to our website, either automatically or after receiving your consent. This is predominantly technical data (e.g. Internet browser, operating system or time of visit). Collection of such data takes place automatically as soon as you access this website.

 

What do we use your data for?

Part of your data is collected to ensure that the website functions without errors. Other data can be used to analyse your user behaviour.

 

What are your rights with regard to your data?

You have the right to obtain, free of charge, information on the origin, the recipient and the purpose of your stored personal data at all times. You also have the right to demand rectification or erasure of this data. If you have given your consent to data processing, you can revoke this consent at any time with future effect. You also have the right, in certain circumstances, to demand the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

If you have any other questions on the topic of data protection, you can contact us at any time.

 

Analysis tools and third-party tools

Your surfing behaviour can be statistically analysed during your visit to this website. This is mostly done using analysis programs.

You will find detailed information on these analysis programs in the following Privacy Statement.

 

2. Hosting


We host the contents of our website with the following provider: Mittwald.

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter called Mittwald). You can find more details in Mittwald’s privacy statement: https://www.mittwald.de/datenschutz. The use of Mittwald is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the reliable presentation of our website. Should consent have been requested in this regard, data processing shall take place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunication and Media Data Protection Act), insofar as the consent includes the storing of cookies or access to information on the device of the user (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

We have concluded an agreement on contract data processing for the use of the aforementioned service. This agreement is required by data protection law and ensures that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

3. General information and mandatory information


Privacy statement

The operators of these pages take the protection of your personal data very seriously. We shall treat your personal data as confidential and use it in compliance with data protection regulations as well as with this Privacy Statement.

Various personal data is collected when you use this website. Personal data encompasses data that can be used to identify you personally. This Privacy Statement explains what data we collect and what we use it for. It also explains how and for what purpose we do so.

Please note that data transmission over the Internet (e.g. communication by email) can be subject to security breaches. It is not possible to ensure seamless protection from third-party access.

 

Information on the data controller

The data controller responsible for data processing on this website is:

 

Burmeier GmbH & Co. KG
Industriestraße 53
32120 Hiddenhausen

Telefon +49 (0) 5223 9769 - 0
E-Mail: info@burmeier.com

 

The data controller is a natural or legal person who decides, either alone or together with others, on the purpose and means of the processing of personal data (e.g. names, email addresses, etc.).

 

Storage period

Insofar as no special storage period has been stated within this Privacy Statement, we will store your personal data until the purpose of data processing has been fulfilled. Should you make a justified erasure claim or revoke your consent to data processing, your data shall be erased insofar as we do not have any other legally permissible grounds for storing your personal data (e.g. retention periods pursuant to tax or commercial law); in which latter case erasure shall take place after said grounds have expired.

 

General information on the legal basis for data processing on this website

Insofar as you have consented to data processing, we will process your personal data on the basis of Art. 6(1)(a) and Art. 9(2)(a) GDPR, insofar as special data categories are processed on the basis of Art. 9(1) GDPR. In case of explicit consent regarding transmission of personal data in third countries, data processing shall take place on the basis of Art 49(1)(a) GDPR. Should you have consented to the storing of cookies or access to information on your device (e.g. via device fingerprinting), data processing will be exclusively based on § 25(1) TTDSG. Consent can be revoked at any time. Should we require your data for the performance of a contract or pre-contractual measures, we shall process your data on the basis of Art. 6(1)(b) GDPR. We shall also process your data insofar as it is required to fulfil a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing can also take place on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. You will find information on the relevant legal basis in each individual case in the following sections of this Privacy Statement.

 

Data protection officer

We have appointed a data protection officer.

 

Aulinger Datenschutz & Consulting GmbH
Dr. Ralf Heine
Frankenstraße 348
45133 Essen

Phone: +49 (0) 201 9598662
Email: datenschutz@stiegelmeyer.com

 

Information on data transmission to the USA and third countries

Some of the tools we use are from companies based in the USA or other third countries which are not safe with regard to data protection. When these tools are active, your personal data may be transmitted to these third countries and processed there. Please note that in these countries, we cannot guarantee a level of data protection that is comparable to that of the EU. For example, US companies are obligated to hand over personal data to security agencies. The data subject has no means of recourse against this. Therefore, it cannot be excluded that US authorities (such as the secret services) will process, analyse and permanently store your personal data on their US servers for monitoring purposes We have no influence over these processing activities.

 

Revoking your consent to data processing

Many data processing activities are only possible with your explicit consent. You can revoke the consent you have given at any time. The legality of data processing that took place before the time of revocation shall remain unaffected.

 

Right to object to data collection in special cases as well as to direct advertising (Art. 21 GDPR)

Should data processing have taken place on the basis of Art. 6(1)(e) or (f) GDPR, you shall have the right, at any time, to object to the processing of your personal data for reasons arising from your special situation; this also applies to profiling based on these provisions. You will find the corresponding legal basis for processing in this Privacy Statement. If you object to data processing, we shall no longer process your personal data, unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is required to establish, exercise or defend legal claims (right to object pursuant to Art. 21(1) GDPR).

Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which also includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes (right to object pursuant to Art. 21(2) GDPR).

 

Right to lodge a complaint with a supervisory authority

In case of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in their Member State of habitual resistance, their place of work or the place of suspected violation. The right to lodge a complaint is without prejudice to other remedies under administrative law or other judicial procedures.

 

Right to data portability

You have the right to receive the data that we automatically process on the basis of your consent or to fulfil an agreement in a commonly used and machine-readable format, and have the right to transfer it to third parties. Insofar as you request direct transmission of your data to another data controller, this shall take place only if it is technically feasible.

 

Access, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to obtain, free of charge and at any time, information on your stored personal data, its origin, the recipients and the purpose of data processing, as well as a right to rectification or erasure of such data. If you have any other questions on this topic or on personal data, you can contact us at any time.

 

Right to restriction of processing

You have the right to demand restriction of the processing of your personal data. You can contact us at any time in this regard. The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of the personal data we have stored, we usually require some time to verify the accuracy of the personal data. For the duration of the verification, you have the right to demand that processing of your personal data be restricted.
  • If the processing of your personal data is or was unlawful, you can demand that processing of your personal data be restricted instead of having your personal data erased.
  • If we no longer need your personal data, but you still need it to establish, exercise or defend legal claims, you have the right to demand that processing of your personal data be restricted instead of having your personal data erased.
  • If you have objected to processing pursuant to Art. 21(1) GDPR, we will verify whether our legitimate interests override your own. As long as it has not been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data can only be processed – other than storing – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

 

SSL and TLS encryption

For security reasons and to protect the transmission of confidential contents such as orders or requests that are sent to us as the website’s operator, this website uses SSL and TLS encryption. You will be able to recognize an encrypted connection since your browser’s address bar will switch from “http://” to “https://” and will display a padlock symbol.

When SSL or TLS encryption is activated, the data that you send us cannot be read by third parties.

 

4. Data collection on this website


Cookies

Our websites use so-called “cookies”. Cookies are small packets of data that are not harmful to your device. They are stored on your device either temporarily for the duration of one session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies will remain stored on your device until you erase them yourself or until your browser automatically deletes them.

Cookies can originate from us (first-party cookies) or from a third-party company (third-party cookies). Third-party cookies allow us to integrate specific third-party services within our web pages (e.g. cookies for the processing of payment services).

Cookies can have different functions. Many cookies are necessary for technical reasons, as some webpage features would not function without them (e.g. shopping cart feature or displaying of videos). Other cookies can be used to assess user behaviour or for advertising purposes.

Cookies that are required for electronic communication, to provide specific features to users (e.g. shopping cart feature), or to optimise the website (e.g. cookies to measure the website’s public audience) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, insofar as no other legal basis is specified. The website’s operator has a legitimate interest in the storage of necessary cookies to ensure the technically sound and optimised provision of its services. Insofar as consent was requested for the storing of cookies and similar recognition technologies, processing will take place exclusively on the basis of this consent (Art. 6 (1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can change your browser’s settings so that you will be informed when cookies are created and you will be able to only allow certain cookies, to accept cookies for specific cases, to reject cookies in general, or to activate automatic deletion of cookies when you close your browser. Should you deactivate cookies, certain features of the website may be restricted.

You can find out what cookies and services are used on our website in this Privacy Statement.

 

Consent with CookieFirst

Our website uses CookieFirst’s cookie consent technology in order to ask for your consent to store specific cookies on your device and to document them in compliance with data protection laws. This solution is provided by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, website: https://cookiefirst.com/ (hereinafter called “CookieFirst”).

The following personal data is transmitted to CookieFirst when you visit our website:

  • Your consent(s) and the revocation of such consent(s)
  • Your IP address
  • Information about your browser
  • Information about your device
  • Time of visit to our website

Furthermore, CookieFirst stores a cookie in your browser in order to attribute your consents or revocation of said consents. We shall store the data collected in this manner until you ask us to erase it, you delete the CookieFirst cookie yourself, or the purpose for data storage has ended. Mandatory legal retention requirements remain unaffected.

We use CookieFirst to ask for your consent to the use of cookies, as required by law. The legal basis is Art. 6(1)(1)(c) GDPR.

We have concluded a contract processing agreement with CookieFirst. This agreement is required by data protection law and ensures that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

Server log data

The provider of the website automatically collects and stores information in so-called server log files that your browser automatically transfers to us. This includes:

  • The type and version of the browser
  • The used operating system
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address

This data is not merged with other sources of data.

This data is collected on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically fault-free presentation and optimisation of this website – for which server log files must be collected.

 

Contact form

If you send us requests via the contact form, we will store your information entered in the contact form as well as your contact information in order to process your request and answer any follow-up questions. We shall not transmit this data without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR insofar as your request pertains to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient processing of the requests that are sent to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) in the event that we have asked for it; consent can be revoked at any time.

We shall retain all the data you have entered in the contact form until you ask us to erase it, you revoke your consent to storage of your data, or the purpose for the data storage has ended (e.g. after we have finished processing your request). Mandatory legal provisions, in particular retention periods, remain unaffected.

 

Request by email, telephone or fax

If you contact us by email, telephone or fax, we will store and process your request along with all personal data arising therefrom (name, request) in order to process your request. We shall not transmit this data without your consent.

This data is processed on the basis of Art. 6(1)(b) GDPR insofar as your request pertains to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient processing of the requests that are sent to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) in the event that we have asked for it; consent can be revoked at any time.

We shall retain all the data you sent when contacting us until you ask us to erase it, you revoke your consent to storage of your data, or the purpose for the data storage has ended (e.g. after we have finished processing your request). Mandatory legal provisions, in particular legal retention periods, remain unaffected.

 

Use of chatbots

We use chatbots to communicate with you. Chatbots can react to your questions and other entries without human intervention. To do so, chatbots analyse your entries as well as other data in order to provide you with a suitable answer (e.g. names, email addresses and other contact information, customer numbers and other identifiers, orders and chat logs). It is also possible to collect your IP address, log data, location information and other metadata through the chatbot. This data is stored on the servers of the provider of the chatbot.

User profiles can be created on the basis of the collected data. The data can also be used to display interest-based advertising, insofar as all other legal conditions for this are fulfilled (in particular if we have your consent). To do so, the chatbots can be linked to analysis and advertising tools.

The collected data can also be used to improve our chatbots and their response behaviour (machine learning).

We, or the provider of the chatbot, shall retain all the data you entered in the course of our communication until you ask us to erase it, you revoke your consent to storage of your data, or the purpose for the data storage has ended (e.g. after we have finished processing your request). Mandatory legal provisions, in particular retention periods, remain unaffected.

The legal basis for the use of chatbots is Art. 6(1)(b) GDPR, insofar as the chatbot is used to initiate a contract or in the course of execution of a contract. Should consent have been requested in this regard, data processing shall take place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunication and Media Data Protection Act), insofar as the consent includes the storing of cookies or access to information on the device of the user (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time. In all other cases, we use the chatbot on the basis of our legitimate interest in efficient customer communications (Art. 6(1)(f) GDPR).

We use the services of Ubitec GmbH (Hasnerstraße 18, 4020 Linz, Austria, website: https://ubitec.at/de/), who provides us with the necessary software (Ubitec Bot Framework) to operate the chatbot. During system maintenance and/or troubleshooting, the sub-provider can have access to the processed data.

We have concluded a contract processing agreement with Ubitec. This agreement is required by data protection law and ensures that Ubitec will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

5. Analysis tools and advertising


Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow, Street Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform autonomous analyses. It is only used to manage and display the tools that it incorporates. Google Tag Manager will, however, collect your IP address, which can also be transmitted to the parent company Google in the United States.

Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the fast and uncomplicated integration and management of different tools on the website. Should consent have been requested in this regard, data processing shall take place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunication and Media Data Protection Act), insofar as the consent includes the storing of cookies or access to information on the device of the user (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

 

Google Analytics

This website uses functions of the web analysis tool Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow, Street Dublin 4, Ireland.

Google Analytics allows the operator of the website to analyse the behaviour of visitors of the website. The operator of the website receives different usage data such as page views, length of stay, used operating systems, and geographical origin of the users. This data is attributed to the user’s specific device. There is no attribution to a user ID.

We can also use Google Analytics to record your mouse and scrolling movements as well as clicks, etc. Google Analytics also uses different modelling approaches to complement the collected datasets and uses machine learning technologies during data analysis.

Google Analytics uses technologies that allow us to recognise the user in order to analysis their user behaviour (e.g. cookies or device finger printing). Information collected by Google on the use of this website is generally transmitted to a Google server in the USA where it is stored.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You can find details on this under: https://privacy.google.com/businesses/controllerterms/mccs/.

 

IP anonymisation

We have activated the IP anonymisation function on this website. This way, your IP address will be shortened by Google within Member States of the European Union or in other signatories of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address provided by your browser through Google Analytics will not be merged with other Google data.

 

Browser add-on

You can prevent Google from collecting and processing your data by downloading and installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on Google Analytic’s use of user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

Google Signals

We use Google Signals. When you visit our website, Google Analytics will collect information such as your location, your search history and your YouTube history, as well as demographic data (user data). Google Signals allows us to use this data to show you personalised ads. If you have a Google account, the user data from Google Signals will be linked to your Google account and used to display personalised advertising messages. This data is also used to create anonymised statistics on the user behaviour of our users.

 

Google Analytics Demographics

This website uses the Google Analytics’ “Demographics” feature to display appropriate advertising to the visitors of our website within the Google advertising network. This allows us to create reports that provide information on the age, gender and interests of the visitors of the website. This data originates from Google’s targeted advertising as well as visitor data from third parties. This data cannot be attributed to specific persons. You can deactivate this feature at any time via the display settings in your Google account or generally prevent Google Analytics from collecting your data by following the steps described in section “Objecting to data collection”.

We have concluded an order processing agreement with Google and fully apply the strict requirements of the German data protection authorities when using Google Analytics.

 

Google Ads

The operator of the website uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow, Street Dublin 4, Ireland.

Google Ads allows us to display ads in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). We can also display targeted ads (audience targeting) using the user data available to Google (e.g. location data and interests). As the operator of the website, we can create quantitative analyses of this data by analysing, e.g., what search terms have led to our advertisements being displayed, and how many ads have been clicked on.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

 

Google Ads Remarketing

This website uses the features of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow, Street Dublin 4, Ireland.

Google Ads Remarketing allows us to attribute the people who have interacted with our website to specific audiences, in order to show them interest-based ads within the Google advertising network (remarketing and retargeting).

We can also link advertising audiences created with Google Ads Remarketing to Google’s cross-device features. This allows us to identify interest-based, personalised ads that we tailored to you according to your previous use and surfing behaviour on one device (e.g. your mobile phone) and show these to you on your other devices (e.g. your tablet or PC).

If you have a Google account, you can object to personalised ads via this page: https://www.google.com/settings/ads/onweb/.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

You can find further information and data protection provisions in Google’s privacy policy on this page: https://policies.google.com/technologies/ads?hl=de.

 

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow, Street Dublin 4, Ireland.

Google Conversion Tracking allows us and Google to see if users have performed specific actions. This allows us for example to determine what buttons are frequently clicked on our website and what products are often viewed or bought. This information allows us to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have performed. We receive no information that would allow us to personally identify a user. Google itself uses cookies or similar recognition technologies for identification purposes.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

You can find more information on Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

 

Meta Pixel (previously Facebook Pixel)

This website uses Facebook/Meta for the conversion tracking of visitor interactions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transmitted to the USA and third countries.

This means that the behaviour of visitors to our website is tracked after they have been forwarded to the website of the provider after clicking on a Facebook ad on our website. This makes it possible to analyse the efficiency of Facebook ads for statistical and market research purposes as well as to optimise future advertising measures.

The collected data remains anonymous to us as the operator of this website and we cannot identify individual users. However, the data is stored and processed by Facebook in order to establish a link to the corresponding user profile, and Facebook can use the data for its own advertising purposes according to the Facebook Privacy Policy (https://de-de.facebook.com/about/privacy/). This allows Facebook to display ads on Facebook pages as well as outside of Facebook. As the website operator, we cannot influence this use of the data.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Where personal data has been collected and transmitted to Facebook using the tools described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint controllers for this data processing (Art. 26 GDPR). This joint responsibility is exclusively limited to the collection of data and transmission of this data to Facebook. Any processing performed by Facebook after the transmission is not part of our joint responsibility. The obligations that affect us jointly are laid down in an agreement on joint processing. You will find the text of the agreement under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook tools and for the safe implementation of the tool on our website in accordance with data protection laws. Facebook is responsible for the data safety of Facebook products. The rights of data subjects (e.g. information requests) regarding the data processed by Facebook can be asserted directly with Facebook. If you decide to assert your data subject rights with us, we shall be obliged to pass them on to Facebook.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.

The Facebook Privacy Policy contains more information on the protection of your privacy: https://facebook.com/about/privacy/.

You can also deactivate the remarketing feature “Custom Audiences” in the Ad preferences section https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do so.

If you do not have a Facebook account, you can deactivate usage-based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

Facebook Conversion API

We have integrated the Facebook Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transmitted to the USA and third countries.

Facebook Conversion API allows us to collect the interactions of visitors with our website and to transmit them to Facebook in order to improve Facebook’s advertising performance.

To do so, the tool collects data such as the time of viewing, the viewed pages, your IP address and your user agent as well as other specific data (e.g. products purchased, value of your shopping cart and currency). You will find an overview of the collectable data under: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Where personal data has been collected and transmitted to Facebook using the tools described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are joint controllers for this data processing (Art. 26 GDPR). This joint responsibility is exclusively limited to the collection of data and transmission of this data to Facebook. Any processing performed by Facebook after the transmission is not part of our joint responsibility. The obligations that affect us jointly are laid down in an agreement on joint processing. You will find the text of the agreement under: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook tools and for the safe implementation of the tool on our website in accordance with data protection laws. Facebook is responsible for the data safety of Facebook products. The rights of data subjects (e.g. information requests) regarding the data processed by Facebook can be asserted directly with Facebook. If you decide to assert your data subject rights with us, we shall be obliged to pass them on to Facebook.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.

The Facebook Privacy Policy contains more information on the protection of your privacy: https://facebook.com/about/privacy/.

We have concluded an agreement on contract data processing for the use of the aforementioned service. This agreement is required by data protection law and ensures that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

If you visit or use our websites and apps, make use of our free or paid offers, transmit data to us or interact with our company’s Facebook contents, we will collect your personal data. Insofar as you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook, and Facebook will be able to use this data to show you personalised ads. It is also possible to define audiences using your data (“lookalike audiences”).

Facebook processes this data as our processor. You can find detailed information in Facebook’s user agreement: https://www.facebook.com/legal/terms/customaudience.

Use of this service takes place on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.

 

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

 

Data processing via LinkedIn Insight Tag

LinkedIn Insight Tag provides us with information on the visitors of our website. If a visitor to our website has a LinkedIn account, we can analyse their professional information (e.g. career level, company size, country, location, branch and professional title) in order to better tailor our website to the different target groups. With LinkedIn Insight Tag, we can also measure whether visitors to our website make a purchase or perform another action (conversion tracking). Conversion tracking can also take place across different devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to show our website visitors targeted ads outside of our website. According to LinkedIn however, there is no identification of the recipients of the ads.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). IP addresses are either shortened or – if they are used to reach LinkedIn members across different devices – hashed (pseudonymised). Direct identifiers of LinkedIn members are erased by LinkedIn after seven days. The remaining pseudonymised data is erased after 180 days.

We, as the operator of the website, cannot attribute the data collected by LinkedIn to any specific person. LinkedIn stores the collected personal data of visitors to the website on its servers in the USA and uses the data for its own advertising purposes. You can find more details in LinkedIn’s privacy statement at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

 

Legal basis

Insofar as your consent has been received, the aforementioned services are used exclusively on the basis of Art. 6(1)(a) GDPR and § 25 TTDSG. Consent can be revoked at any time. Where no consent has been received, use of these services is based on Art. 6(1)(f) GDPR; the operator of the website has a legitimate interest in efficient advertising measures, which include the use of social media.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

 

Objection to the use of LinkedIn Insight Tag

You can object to the analysis of user behaviour and to targeted advertising by LinkedIn under the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

LinkedIn members can also control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, log out of your LinkedIn account before visiting our website.

We have concluded an agreement on contract data processing for the use of the aforementioned service. This agreement is required by data protection law and ensures that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

6. Newsletter


Newsletter data

If you wish to receive the newsletter offered on the website, we will require your email address as well as information that will allow us to check that you are the owner of the indicated email address and that you consent to receiving the newsletter. We will not collect other data, or only with your consent. We use the newsletter service provider described below for the processing of our newsletters.

 

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter called “CleverReach”). CleverReach is a service that allows us to organise and analyse newsletter mailing. The data entered by you in order to receive the newsletter (e.g. your email address) is stored on CleverReach’s servers in Germany or in Ireland.

Our newsletters sent with CleverReach allow us to analyse the behaviour of the recipient of the newsletter. We can then, for example, analyse how many recipients have opened the newsletter, and how often specific links in the newsletter were clicked. Conversion tracking also helps us analyse whether a predefined action (e.g. purchase of a product on this website) was performed after clicking a link in the newsletter. You can find more information on the data analysis performed using CleverReach under: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

This data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke your consent at any time by unsubscribing from the newsletter. The lawfulness of data processing that has already taken place remains unaffected by the revocation.

If you do not wish for CleverReach to analyse your data, you must unsubscribe from the newsletter. A corresponding link is provided to this effect in every newsletter.

We or the newsletter service provider will store your data that we need in order to send you the newsletter until you unsubscribe from the newsletter. This data will be erased after you unsubscribe from the newsletter mailing list. Data that we have stored for other purposes remains unaffected.

After you have unsubscribed from the newsletter, your email address will be added to a blacklist by us or the newsletter service provider, insofar as this is required to prevent any future mailings. The data from the blacklist shall only be used for this purpose and shall not be combined with any other data. This is done in your interest as well as our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the blacklist is not subject to any time limit. You can object to this storage in the blacklist if your interests outweigh our legitimate interests.

You will find more information in CleverReach’s privacy policy under: https://www.cleverreach.com/de/datenschutz/.

We have concluded an agreement on contract data processing for the use of the aforementioned service. This agreement is required by data protection law and ensures that the processor will only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

 

7. Plugins und Tools


YouTube with privacy-enhanced mode

This website integrates videos from the YouTube website. The provider of these pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in privacy-enhanced mode. In this mode, YouTube does not store any information on visitors to this website before they view the video. However, transmission of data to YouTube partners is not necessarily excluded by the privacy-enhanced mode. This allows YouTube to create a connection with the Google DoubleClick network, regardless of whether you watched a video.

As soon as you start a YouTube video on this website, a connection to YouTube servers will be established, and the pages that you have visited on our website will be communicated to the YouTube servers. If you are logged into your YouTube account, YouTube will be able to directly attribute your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.

Moreover, YouTube can create various cookies or comparable recognition technologies (e.g. device fingerprinting) on your device after starting a video. This provides YouTube with information on visitors to this website. This information is, among other things, used to create video statistics, improve user-friendliness and prevent any attempted fraud.

In some cases, other data processing measures can be triggered after a YouTube video starts, over which we have no influence.

We use YouTube in the interest of offering an appealing website to users. This is considered a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Should consent have been requested in this regard, data processing shall take place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunication and Media Data Protection Act), insofar as the consent includes the storing of cookies or access to information on the device of the user (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

You will find more information on YouTube's data protection in YouTube’s privacy policy under: https://policies.google.com/privacy?hl=de.

 

Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow, Street Dublin 4, Ireland.

Your IP address must be stored in order to use the features of Google Maps. This information is generally transmitted to a Google server in the USA where it is then stored. The operator of this website has no influence over this data transmission. When Google Maps is activated, Google can use fonts from Google Fonts in order to ensure a uniform presentation. When Google Maps is called up, your browser will download the required web fonts to your browser cache in order to properly display texts and fonts.

We use Google Maps in the interest of offering an appealing website to users and of making our physical locations easier to find via the website. This is considered a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Should consent have been requested in this regard, data processing shall take place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG (German Telecommunication and Media Data Protection Act), insofar as the consent includes the storing of cookies or access to information on the device of the user (e.g. device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the use of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

 

Microsoft Bookings

We offer the opportunity to make an appointment with us online via the Microsoft Bookings website. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://learn.microsoft.com/en-us/microsoft-365/bookings/?view=o365-worldwide.

To book an appointment, enter the requested data and the desired date in the form provided. The data entered will be used for planning, conducting and, if necessary, for the follow-up of the appointment. The appointment data will be stored for us on the servers of Microsoft Bookings, whose privacy policy you can view here: https://privacy.microsoft.com/de-de/privacystatement.

The data recorded in this manner will be stored until you ask us to delete them, revoke your consent to the archiving of your data or until the purpose of archiving the data no longer exists. This does not affect mandatory statutory provisions – in particular those governing retention periods.

The legal basis for the processing of the data is Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in ensuring that appointments with customers and prospective customers can be scheduled as easily as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

Data transfer to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active.

 

8. Proprietary services


Use of candidate data

We offer you the possibility to apply to us for a job (e.g. by email or by post). You will find below information on the scope, purpose and use of personal data that we collect over the course of the application process. We make sure that the collection, processing and use of your data is compliant with the applicable data protection laws and all other legal provisions, and that your data is kept strictly confidential.

 

Scope and purpose of data collection

When you send us an application, we process your personal data related to the application (e.g. contact and communication data, application documents, notes made during interviews, etc.) insofar as this is required to make a decision regarding the conclusion of an employment relationship. The legal basis in this regard is § 26 BDSG (German Federal Data Protection Act) (Initiation of an employment relationship), Art. 6(1)(b) GDPR (general conclusion of contract) and – if we have your consent – Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data is transmitted within our company exclusively to persons who are involved in the processing of your application.

If the application is successful, the data you provided will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6(1)(b) GDRP for the purpose of executing the employment relationship.

 

Data retention period

Insofar as we do not make you a job offer, you decline the job offer or you withdraw your application, we shall reserve the right to retain the data you have transmitted on the basis or our legitimate interests (Art. 6(1)(f) GDPR) for a period of up to 6 months following the conclusion of the application procedure (rejection or withdrawal of an application). The data will then be erased and the physical application documents destroyed. This retention serves, in particular, as evidence in the event of a legal dispute. Insofar as it becomes evident that the data will be required after expiration of the 6-month period (e.g. due to an announced or pending lawsuit), erasure will only take place once the purpose of the extended retention no longer applies.

A longer retention can also take place if you have given us your consent to that effect (Art. 6(1)(a) GDPR) or if legal retention obligations oppose erasure.


 

Our social media profiles


This privacy statement is applicable to the following social media profiles

  •  

 

Data processing via social networks


We operate publicly accessible profiles in social networks. You will find below details on the social networks we use.

Social networks such as Facebook, LinkedIn, etc. can analyse your user behaviour in detail if you visit their website or a website with integrated social media contents (e.g. "Like" buttons or advertising banners). Visiting our social media profiles will trigger different processing operations that fall within the scope of data protection. In detail:

If you are logged into your social media account and visit our social media profile, the operator of the social media portal can attribute this visit to your user account. Under certain circumstances, your personal data can also be collected even if you are not logged in or if you do not possess an account on that social media portal. In this case, your data is collected via cookies that are stored on your device or by acquiring your IP address.

Data collected in this way can be used by the operators of social media portals to create user profiles in which your preferences and interests are saved. This allows them to show you interest-based advertising on and outside of the respective social media page. Insofar as you possess an account on a specific social network, interest-based ads can be displayed on all devices on which you are or were logged in.

Please also note that we cannot retrace all processing operations on social media portals. Therefore, other processing operations can take place on social media portals depending on the provider. You can find detailed information on this matter in the terms of use and the privacy policy of the respective social media portals.

 

Legal basis

Our social media profiles provide us with a broad presence online. This is considered a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by social networks can be based on deviating legal bases that must be indicated by the operators of the social networks (e.g. consent in accordance with Art. 6(1)(a) GDPR).

 

Controller and asserting rights

If you visit our social media profiles (e.g. Facebook), we act as joint controller with the operator of the social media platform for all data processing operations triggered by your visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability and complaints) with us as well as with the respective social media portal (e.g. Facebook).

Please note that, in spite of our joint responsibility with the operators of social media portals, we do not have total influence over the data processing operations undertaken on social media portals. Our possibilities largely depend on the respective provider’s company policy.

 

Storage period

Data that we directly collect via our social media profiles is erased as soon as you request us to erase it, you revoke your consent to data storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you erase them. Mandatory legal provisions, in particular retention periods, remain unaffected.

We have no influence on the retention period of your data that is stored by the operators of social networks for their own purposes. Please contact the operators of social networks directly to obtain more information on this (e.g. refer to their privacy policy, see below).

 

Your rights

You have the right to obtain, free of charge, information on the origin, the recipient and the purpose of your stored personal data at all times. You also have a right to object to data processing, a right to data portability, and a right to lodge a complaint with the competent supervisory authority. Moreover, you can demand that your data be rectified, blocked, erased and, under certain circumstances, that the processing of your personal data be restricted.


Social networks in detail

Facebook

We operate a Facebook profile. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter called Meta). According to Meta, the collected data is also transmitted to the USA and third countries.

We have concluded a joint controller agreement with Meta (controller addendum). This agreement, specifies which data processing operations we are responsible for and which Meta is responsible for when you visit our Facebook page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings individually in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.facebook.com/legal/EU_data_transfer_addendum and https://facebook.com/help/566994660333381.

See Facebook’s privacy statement for further details: https://www.facebook.com/about/privacy/.

 

LinkedIn

We operate a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to deactivate the LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. You will find more details under: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

You will find more information on LinkedIn’s handling of your personal data in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

 

YouTube

We operate a YouTube profile. The provider is Google Ireland Limited, Gordon House, Barrow, Street Dublin 4, Ireland. You will find more information on YouTube’s handling of your personal data in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.