ZEP privacy policy

Privacy statement

With the following privacy policy, we would like to explain to you how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).

‍

1. Responsible person

‍

Responsible within the meaning of the GDPR is

ZEP GmbH

Stuttgarter Strasse 41

71254 Ditzingen

Telephone: +49 7156/43623-0

email: support@zep.de

‍

2. Data Protection Officer

‍

You can contact our data protection officer as follows:

secjur GmbH

Steinhoeft 9

20459 Hamburg

Telephone: +49 40 228 599 520

email: dsb@secjur.com

You can contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection and to exercise your rights.

‍

3. Definition

‍

This privacy policy is based on the terms of the GDPR. To make things easier, we would like to explain some important terms in this context in more detail:

‍

• personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more particular characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• Affected person is any identified or identifiable natural person whose personal data is processed by the controller.
• workmanship means any process or series of operations carried out with or without the aid of automated processes in connection with personal data, such as collection, collection, organization, ordering, storage, adjustment or modification, reading, querying, use, disclosure through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
• transceivers is a natural or legal person, authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data as part of a specific investigation mandate under Union or Member State law are not considered recipients.
• third is a natural or legal person, authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorized to process personal data.

‍

4. Data for providing the website and creating log files

‍

If you use this website for purely informational purposes without otherwise transmitting data to us (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, including:

• date and time of access
• IP address
• host name of the accessing computer
• Web page from which the website was accessed; web pages that were accessed via the website
• Page visited on our website; amount of data transferred • Information about the browser type and version used
• operating system
• Access status (e.g. whether the website was easily accessed or whether you received an error message)
• Using website features
• search terms entered
• Frequency of visits to each web page
• amount of data transferred
• other websites that you visit from this website, either by clicking on a link on this website or by directly entering the domain in the input bar in the same window of your browser

‍

The temporary storage of data is necessary for a website visit to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is therefore Article 6 (1) (f) GDPR in order to guarantee the provision, security and stability of our website.

‍

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When providing the website, this is the case when the respective session has ended. The log files are kept directly and exclusively accessible to administrators for up to 24 hours. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.

‍

‍Diese Website wird bei dem externen Dienstleister "Webflow" gehostet (Hoster). Die personenbezogenen Daten, die auf dieser Website erfasst werden, werden auf den Servern des Hosters gespeichert. Hierbei kann es sich v. a. um IP-Adressen, Kontaktanfragen, Meta- und Kommunikationsdaten, Vertragsdaten, Kontaktdaten, Namen, Websitezugriffe und sonstige Daten, die über eine Website generiert werden, handeln.Der Einsatz des Hosters erfolgt zum Zwecke der Vertragserfüllung gegenüber unseren potenziellen und bestehenden Kunden (Art. 6 Abs. 1 lit. b DSGVO) und im Interesse einer sicheren, schnellen und effizienten Bereitstellung unseres Online-Angebots durch einen professionellen Anbieter (Art. 6 Abs. 1 lit. f DSGVO).Unser Hoster wird Ihre Daten nur insoweit verarbeiten, wie dies zur Erfüllung seiner Leistungspflichten erforderlich ist und unsere Weisungen in Bezug auf diese Daten befolgen.

‍

5. Email delivery and web hosting

‍

The web hosting services we use at Amazon Web Services Emea Sàrl also include sending, receiving and storing emails, e.g. when providing our contact form or newsletter registrations]. For these purposes, the addresses of recipients and senders as well as other information regarding email delivery (e.g. the providers involved) and the content of the respective emails are processed. The above data may also be processed for the purpose of detecting SPAM. Please note that emails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server. The legal basis for providing these services is our legitimate interest in accordance with Art. 6 (1) (f) GDPR to ensure the provision, security and stability of the email service.

‍

6. Content Delivery Network (CDN)

‍

We use a “content delivery network” (CDN) one. A CDN is a service that allows content from an online offering, in particular large media files, such as graphics or program scripts, to be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. This means that the website is not hosted on a single server, but delivered via a network of spatially distributed, possibly interconnected servers. In each case, the server that is closest to you as a user is used. As a result, the CDN processes all of the above personal data that is necessary to provide the website.

‍

The legal basis for using a CDN is our legitimate interests in accordance with Article 6 (1) (f) GDPR in order to guarantee you the best and fastest connection, from which you as a user also benefit.

‍

‍Diese Website wird bei einem externen Dienstleister gehostet (Hoster). Die personenbezogenen Daten, die auf dieser Website erfasst werden, werden auf den Servern des Hosters gespeichert. Hierbei kann es sich v. a. um IP-Adressen, Kontaktanfragen, Meta- und Kommunikationsdaten, Vertragsdaten, Kontaktdaten, Namen, Websitezugriffe und sonstige Daten, die über eine Website generiert werden, handeln.Der Einsatz des Hosters erfolgt zum Zwecke der Vertragserfüllung gegenüber unseren potenziellen und bestehenden Kunden (Art. 6 Abs. 1 lit. b DSGVO) und im Interesse einer sicheren, schnellen und effizienten Bereitstellung unseres Online-Angebots durch einen professionellen Anbieter (Art. 6 Abs. 1 lit. f DSGVO).Unser Hoster wird Ihre Daten nur insoweit verarbeiten, wie dies zur Erfüllung seiner Leistungspflichten erforderlich ist und unsere Weisungen in Bezug auf diese Daten befolgen.As a CDN, we use the provider Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. The personal data is transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this resolution, data transfers to organizations based in the USA that are certified accordingly are permitted. Cloudflare Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

‍

Wir setzen folgenden Hoster ein:

Webflow, Inc.,

398 11th Street, 2nd Floor

San Francisco CA 94103, United States of America.

‍

Um die datenschutzkonforme Verarbeitung zu gewährleisten, haben wir einen Vertrag über Auftragsverarbeitung mit unserem Hoster geschlossen. Dieser ist hier abrufbar.

‍

Für weitere Informationen und eine Kopie der Sicherheit wenden Sie sich bitte an support@zep.de.

‍

7. Test account and demo agreement

‍

If you wish, you can create a ZEP trial version or arrange a demo. When creating a test account under “Test for free” or arranging a demo under “Request a demo”, the personal data you provide, such as your first name, last name, e-mail, telephone number and other communication data, will be processed. As part of registration and subsequent logins and use of the test account, we also store your IP address and access times in order to be able to prove registration and prevent possible misuse of the customer account.

‍

The legal basis is Art. 6 (1) (b) GDPR, as the aforementioned processing is necessary either to provide you with your test account, in which you can test modules, for example, or to initiate a contract with you by means of the demo. Data processing is limited to personal data that is necessary to fulfill the scope of services agreed in our general terms and conditions — in particular the provision of the test account.

‍

To provide the forms for setting up a test account or signing up for a demo, we use the services of HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. The personal data is transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this resolution, data transfers to organizations based in the USA that are certified accordingly are permitted. Hubspot Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

‍

8. Contact form

‍

On our website, you can contact us using the “contact form”. As part of contacting you and responding to your request, we process the following personal data from you:

• First and last name
• email address
• phone number
• Date and time of request
• IP address
• Communication content

‍

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or other services, the personal data you provide will be processed for the purpose of processing and answering your contact request in accordance with Art. 6 (1) (b) GDPR. In addition, to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR to answer customer/contact inquiries properly.

‍

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected. In the context of contact requests, this is generally the case if the circumstances show that the specific issue has been finally dealt with.

‍

To provide the contact form, we use the services of HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA. The personal data is transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this resolution, data transfers to organizations based in the USA that are certified accordingly are permitted. Hubspot Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

‍

9. Newsletters and electronic notifications

‍

If you would like to receive information about our new products and services, you can subscribe to our newsletter. As part of sending out the newsletter, we process the following personal data, among others:

• email address
• First and last name
• Metadata (e.g. device information, IP address, date and time of login)

‍

The advertised goods and services are specified in the declaration of consent. We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have signed up, we will send you an email to the email address provided, in which we ask you to confirm that you are the owner of the email address provided and would like to receive notifications. If you do not confirm your subscription within 90 days, your information will be blocked and automatically deleted after one month. In addition, we save the IP addresses you use and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

‍

The legal basis for sending our newsletter is your consent in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to receive our newsletter at any time by clicking on the unsubscribe link in the emails or by sending the revocation by e-mail to our e-mail address or by post to the contact details provided in the legal notice. Your personal data will then be removed from the mailing list.

‍

In addition, you can also give your consent for us to evaluate your user behavior when sending the newsletter. Our newsletters contain so-called tracking links, which enable us to analyze the behavior of newsletter recipients. For example, it is possible to analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected through the tracking links is stored and evaluated by us in order to optimize newsletter delivery and to adapt the content of future newsletters even better to your interests.

‍

You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel, as shown above, and withdrawing your consent. The information is stored as long as you have subscribed to the newsletter. After you unsubscribe, we store the data purely statistically and anonymously.

‍

We use an external provider, HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA, to send our newsletter. This service provider receives your email address and other necessary data to send the newsletter on our behalf. The personal data is transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this resolution, data transfers to US-based organizations that are certified accordingly are permitted. HubSpot, Inc. is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

‍

10th ZEP blog

‍

In our ZEP blog, we publish various articles on topics related to our activities. You can read the blog without registration. You can comment on the blog posts by sending an email to our content marketing manager. In connection with your email, we process your email address.

‍

If you comment on a ZEP blog post as part of an existing contractual relationship, the personal data you provide will be processed for the purpose of processing and responding to your comment via email in accordance with Article 6 (1) (b) GDPR. In addition, we process your data to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR for the proper processing of comments.

‍

11. Online webinars

‍

We host online webinars for our customers and prospects. Registration requires the processing of personal data (name, email address).

‍

The data provided is processed for the purpose of providing services and is based on the legal basis of Article 6 (1) (b) GDPR.

‍

To broadcast our online webinars, we use the provider Microsoft Teams, Microsoft Ireland Operations Limited, Carmanhall Road, Sandyford Industrial Estate, Dublin 18, Ireland. It cannot be ruled out that personal data may be transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this resolution, data transfers to US-based organizations that are certified accordingly are permitted. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework. For more information and a copy of the security, please contact support@zep.de.

‍

12. Application process via Join

‍

Should you contact us electronically via our web form on our recruiting page join.com/companies/zep We will then collect and process your personal data for the purpose of processing the application process and carrying out pre-contractual measures.

‍

By submitting an application on our recruiting page, you are expressing your interest in working with us. In this context, you provide us with personal data, which we use and store exclusively for the purpose of your job search/application. In particular, the following data is collected:

• First and last name
• email address
• residence
• salary expectation
• availability
• phone number
• language level

‍

You also have the option of uploading informative documents such as a cover letter, your CV and certificates. This may contain other personal data such as date of birth, address, etc.

‍

Only authorized personnel employees or employees involved in the application process have access to your data.

‍

The legal basis for processing your data is the initiation of a contract in accordance with Article 6 (1) (b) GDPR, which is carried out at your request. After completion of the application process, the data will be stored for up to six months. At the latest after six months, your data will be deleted or anonymized. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, the proportion of women or men in applications, number of applications per period, etc.).

‍

If you receive an offer to work with us as part of the application process and accept it, we will store the personal data collected as part of the application process at least for the duration of the employment relationship.

‍

In the event of a legal obligation, the data will be stored within the framework of the applicable regulations. Longer storage is only possible if, as shown, we include the personal data in our pool of applicants after obtaining your consent.

‍

Your data will be passed on to the service provider JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, to the extent required.

‍

13. Presences on social networks

‍

We maintain publicly available profiles on various social networks. Your visit to these profiles triggers a variety of data processing processes. Below, we give you an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

‍

When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you do not have a profile on the respective social network yourself. The individual data processing processes and their scope differ depending on the operator of the respective social network and they are not necessarily comprehensible to us. For details about the collection and storage of your personal data and the nature, scope and purpose of its use by the operator of the respective social network, please refer to the following information.

‍

13.1 Facebook and Instagram

When you visit our Facebook/Instagram page, certain information about you is processed. We can only view the information stored in your public Facebook/Instagram profile (such as your profile picture or information that you share on a Facebook profile or on a public Instagram profile), and only if you have such a profile and are logged into it while you visit our Facebook/Instagram page.

‍

In addition, the operator of the platform, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (meta) provides anonymous statistics and insights for our Facebook/Instagram page, which help us gain insights into the types of actions people take on our site (Page insights). These page insights are created based on specific information about people who have visited our site.

‍

The processing of your personal data in connection with the operation of our Facebook/Instagram company profile is based on a balance of interests in accordance with Art. 6 para. 1 lit. f GDPR in order to offer you a timely and supportive opportunity to provide you with information and interaction with and about us. Furthermore, the processing serves our legitimate interest to evaluate the types of actions taken on our Facebook/Instagram company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Article 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the legal basis for processing is Art. 6 para. 1 lit. b GDPR.

‍

The page insights are processed by Meta and us as joint controllers. We cannot assign the information received via Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have concluded a processing agreement with Meta as joint controller, which sets out the distribution of data protection obligations between us and Meta. Details about the processing of personal data to create page insights and the agreement concluded between us and Meta can be found here. With regard to this data processing, you also have the option of asserting your data subject rights (see “Your rights as a data subject”) against Meta as well. More information about this can be found in the Meta privacy policy. Meta offers the option to object to certain data processing; you can find relevant information and opt-out options here in your account.

‍

Please note that, in accordance with the Meta Privacy Policy, user data is also processed in the USA or other third countries. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this resolution, data transfers to US-based organizations that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.

‍

13.2 Linkedin

When you visit our LinkedIn company profile, certain information about you is processed. If you send us direct messages or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your username.

‍

LinkedIn also processes LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (linkedin) as an operator of personal data when you visit our LinkedIn company profile, follow this page or engage with the page in order to provide us with statistics and insights in an anonymous form. This gives us insights into the types of actions that people take on our site (Page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g. whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personal data about you with the page insights. We only have access to summarized page insights. It is also not possible for us to draw conclusions about individual members using the information from the page insights.

‍

The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balance of interests in accordance with Article 6 (1) (f) GDPR in order to offer you a timely and supportive opportunity to provide you with information and interaction with and about us. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.

‍

In addition, LinkedIn processes your data as a user to provide the services, communicate, develop services and research, as well as for advertising, customer support, analysis and security purposes. LinkedIn is generally solely responsible for processing personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes are listed in the LinkedIn data policy described. For more information about the processing of personal data by LinkedIn, please here.

‍

Please note that, in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries.

‍

13.3 XING

When you visit our XING profile at the operator New Work SE, Dammtorstraße 30, 20354 Hamburg (XING), certain information about you is processed. If you contact us via our XING profile, e.g. by commenting on a post on the XING profile or writing us a direct message via the XING platform, we process your personal data (e.g., your name, the communication content job title, company name, industry, education, contact options, photo (profile data)) to process your request. The names of the registered XING users who have visited our XING profile are visible to us. Processing is carried out on the basis of a balance of interests in accordance with Art. 6 (1) (f) GDPR in order to offer you a timely and supportive opportunity for information and interaction with and about us.

‍

If you send us an application via our Xing profile, we process the application data contained therein (such as name, email address, date of birth, postal address and telephone number), the documents you provide (such as curriculum vitae, certificates, cover letter, including information about yourself and qualifications contained therein) as well as additional information and communications provided by you (such as desired start date and employment, salary expectations, your cancellation period or your motivation as to why you would like to work for us). Processing is carried out for the purposes of processing the application, including preparing and conducting job interviews, recruitment tests and evaluating results and as otherwise necessary as part of the application process. We will contact you during the application process to inform you about the progress of your application or to invite you to an interview or a recruitment test. As part of the application process, the documents are first processed by the HR department. If appropriate, the personal data and documents will be forwarded to the responsible specialist department. The legal basis for the data processing described above is Art. 6 para. 1 S 1 lit. b GDPR. Data processing is necessary to process the application and to establish a potential employment relationship.

‍

If you register for an event organized by us via our XING profile, we will process your profile data to enable you to participate in the event. The legal basis is Art. 6 (1) (f) GDPR to enable you to easily register and participate.

‍

When you visit our XING profile, XING also collects so-called usage data. In doing so, XING also uses certain data that it has collected from users of the XING platform (e.g. whether a post has been marked with “Like”) to compile aggregate usage statistics and make them available to the respective operators of the XING profile (so-called “employer branding performance measurement”). We receive such aggregate usage statistics. The aggregated statistics do not allow any conclusions to be drawn about individual users. In particular, we have no access to personal data that XING processes for employer branding performance measurement. XING alone determines which data is processed and how to measure employer branding performance. We have no legal or actual influence on processing by XING. XING provides information on this in the XING privacy policy.

‍

XING also processes your data as a user to ensure security, provide the service, and measure and optimize advertising. XING is solely responsible for processing personal data when you visit our XING profile. The categories of personal data that XING processes in this context are listed in the XING's privacy policy described.

‍

13.4 X

If you use our X profile or profiles within the X platform of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX 07 Ireland (X), personal data is also processed by your X-Profl. If you contact us via the X profile, for example by commenting on a tweet or sending us a message via X direct messages, we process your data (e.g. your name and communication content) to process your request. Where necessary, we also process your data to assert legal claims and defend legal disputes as well as to prevent and investigate criminal offences. Processing is carried out on the basis of a balance of interests in accordance with Art. 6 (1) (f) GDPR in order to offer you a timely and supportive opportunity for information and interaction with and about us. If the contact is aimed at concluding a contract, the legal basis for processing is Art. 6 para. 1 lit. b GDPR.

‍

In addition, when you visit our X profile, X collects so-called usage data. This includes your IP address, the application used, information about your device (including device ID and application ID), information from websites accessed, your location and your mobile network provider. This data is assigned to the data in your X profile.

‍

X also uses certain data that it has collected from users of the X platform (e.g. “re-tweets”) to create aggregate usage statistics and to make them available to the respective operators of the X profile (X-Analytics). We also receive aggregate usage statistics. The information that we receive from X-Analytics does not allow any conclusions to be drawn about individual users. We ourselves have no access to personal data that X processes for X-Analytics. X determines which data is processed and how for X-Analytics. We have no legal or actual influence on the processing carried out by X. X provides information about this in their privacy policy.

‍

This processing serves our legitimate interest to evaluate the types of actions taken on our X-company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Article 6 (1) (f) GDPR.

‍

Please note that, in accordance with the X Privacy Policy, personal data is also processed by X in the USA or other third countries.

‍

14. YouTube channel

‍

We operate a “YouTube channel” to draw attention to our services and service offerings and to communicate with our customers and visitors to the YouTube channel (user) to interact. The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is a subsidiary of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (google)) affiliated company.

‍

If you contact us via our YouTube channel, for example by commenting on one of our videos, we process your data (e.g. your name and communication content) to process your request. Where necessary, we also process your data to assert legal claims and defend legal disputes in connection with your contributions. The legal basis for processing the data that we collect in connection with the use of our company website is our legitimate interests in accordance with Article 6 (1) (f) GDPR, in order to offer you a timely and supportive way of information and interaction with and about us and to better present our services and service offerings. If the contact is aimed at concluding a contract, the legal basis for processing is Art. 6 (1) (b) GDPR.

‍

When you visit our YouTube channel or other pages on the YouTube platform, Google Ireland collects so-called usage data. Google Ireland also uses certain data that they have collected from users of the YouTube platform (e.g. which videos users watch) to compile aggregate usage statistics and make them available to the respective operators of the YouTube channel (YouTube analytics). We also receive such aggregated usage statistics. The information that we receive through YouTube Analytics does not allow any conclusions to be drawn about individual users. We ourselves have no access to personal data that Google Ireland processes for YouTube Analytics. Google Ireland determines which data is processed for YouTube analytics and how.

‍

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision in accordance with Article 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this resolution, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

‍

15. cookie banner

‍

When you visit our website or a sub-website for the first time and contains these cookies, you will be shown a “cookie banner.” There you will be informed about the individual cookies that we use. You can find out about each individual cookie with regard to the name, provider, purpose of processing and storage period.

‍

With our cookie banner, we inform you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of unnecessary cookies. You can also allow us to use cookies that are not necessary and reverse this decision there. The following are processed:

• usage data (e.g. websites visited, time of access)
• Meta and communication data (e.g. IP address)

‍

The legal basis for the use of the cookie banner is Art. 6 (1) (f) GDPR. We have an overriding legitimate interest in using the cookie banner, which allows us to obtain the legally required consent for the use of unnecessary cookies and to comply with our obligation to provide information regarding cookies.

‍

The cookie banner stores the preferences until you reset or adjust them.

‍

The cookie banner is provided by Usercentrics A/S VhavneGade 39, 1058 Copenhagen, Denmark.

‍

16. use of cookies

‍

16.1 General Information

We use cookies on our website. These are text files that your browser automatically creates and that are stored on your IT system when you visit our site. Through cookies, certain information flows to the person setting the cookie. By using cookies, it is not possible to run programs or transfer viruses to your device. If you do not want cookies to be used, you can switch them off under settings.

‍

From a legal point of view, a distinction must be made between necessary and unnecessary cookies.

‍

• Necessary cookies

We use necessary cookies. These are cookies that are technically necessary to provide all functions of our website. The legal basis for data processing is our legitimate interest within the meaning of Article 6 (1) (f) GDPR. We have an overriding legitimate interest in being able to offer our offer in a technically flawless manner. The legal basis for the use of cookies by our contractual partners who use services contractually owed by us via our website is Art. 6 (I) lit. b GDPR, the provision of our contractual services.

‍

• Cookies that are not necessary

We also use unnecessary cookies (e.g. analysis and marketing cookies). These are cookies that are not technically necessary. We use them to understand your behavior on our website and to improve our offerings. The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. The cookies are only set after you have given your consent via our “cookie banner”.

‍

16.2 Storage period

With regard to storage time, the following types of cookies are differentiated:

‍

• Temporary cookies (also: Session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed their device (e.g. browser or mobile application).
• Persistent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. User data collected with the help of cookies can also be used to measure reach. Unless we provide users with explicit information about the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that the storage period can be up to two years.

‍

For more information, please see the information we provide in the cookie banner.

‍

17. Transfer of personal data

‍

As part of our processing of personal data, the personal data may be transferred to other recipients or disclosed to them. Recipients of this personal data may include, for example, service providers tasked with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your personal data with the recipients of your personal data.

‍

18. Deletion of data

‍

The personal data processed by us will be deleted in accordance with legal requirements as soon as their consent permitted for processing is withdrawn or other permits no longer apply (e.g. if the purpose of processing this personal data has ceased to apply or they are not necessary for the purpose). Unless the personal data is deleted because it is necessary for other and legally permitted purposes, its processing will be limited to these purposes. This means that personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

‍

Our privacy policy also contains further information on the storage and deletion of personal data, which applies primarily to the respective processing operations.

‍

19. Your rights as a data subject

‍

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR. If you would like to exercise any of your rights, please contact us using the contact addresses given above or our data protection officer.

‍

19.1. Right to object

For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data relating to you based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

‍

19.2. Right to information

You have the right to request confirmation as to whether relevant personal data is being processed and to request information about this personal data as well as further information and a copy of the personal data in accordance with legal requirements.

‍

19.3. Right to rectification

In accordance with legal requirements, you have the right to request the completion of personal data concerning you or the correction of incorrect personal data concerning you.

‍

19.4. Right to delete and restrict processing

You have the right to request that we delete personal data concerning you immediately if one of the reasons provided for by law applies and insofar as processing or storage is not necessary.

‍

19.5. Restriction of processing

You have the right to ask us to restrict processing if one of the legal requirements is met.

‍

19.6. Right to data portability

You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format in accordance with legal requirements or to request that it be transmitted to another person responsible.

‍

19.7. Right of withdrawal in case of consent

You have the right to withdraw your consent at any time.

‍

19.8. Complaint to supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is contrary to the requirements of the GDPR.

‍

20. Amendment and update of the privacy policy

‍

We will adjust the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

‍

If we continue to develop our website and offerings or if legal or regulatory requirements change, it may be necessary to change this privacy policy. You can access the latest data protection information here at any time.

‍

Status: October 2024

‍