General

As the operator of this website and as a company, we process your personal data—i.e., any information relating to an identified or identifiable natural person. This Privacy Policy explains how, for what purposes, and on which legal bases we process your personal data.

Controller (within the meaning of Art. 4(7) GDPR)

General notices

SSL/TLS encryption

When you enter data on websites, place online orders, or send emails over the internet, unauthorised third parties may in principle gain access. While complete protection against such access is not possible, we take appropriate measures to protect your data and close potential security gaps.

One key measure is SSL/TLS encryption of our website. This prevents third parties from reading data you transmit to us. You can recognise encryption by the lock icon in your browser’s address bar and the URL beginning with https:// rather than http://.

How long do we store your data?

Where this Privacy Policy specifies storage periods, we (or processors acting on our behalf) store your data for that period. If no period is specified, we store your data until the purpose of processing ceases to apply, you object to the processing, or you withdraw your consent.

In the event of an objection or withdrawal, we may continue processing if at least one of the following applies:

• We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (only for objections under Art. 21(1) GDPR; this exception does not apply to direct marketing).
• The processing is necessary for the establishment, exercise or defence of legal claims (does not apply where you object to processing for direct marketing).
• We are legally obliged to retain the data.

In such cases, we delete the data once the relevant condition(s) no longer apply.

Your rights

Right to object to processing

IF THIS PRIVACY POLICY STATES THAT WE PROCESS YOUR DATA ON THE BASIS OF LEGITIMATE INTERESTS PURSUANT TO ARTICLE 6(1)(f) GDPR, YOU HAVE THE RIGHT UNDER ARTICLE 21 GDPR TO OBJECT TO SUCH PROCESSING, INCLUDING PROFILING BASED ON THAT PROVISION. THIS REQUIRES THAT YOU STATE GROUNDS RELATING TO YOUR PARTICULAR SITUATION. NO JUSTIFICATION IS REQUIRED IF YOUR OBJECTION CONCERNS DIRECT MARKETING (INCLUDING RELATED PROFILING).

IF YOU OBJECT, WE MUST NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS:
WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS; OR
THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS.
THESE EXCEPTIONS DO NOT APPLY WHERE YOUR OBJECTION RELATES TO DIRECT MARKETING OR TO PROFILING IN CONNECTION WITH SUCH MARKETING.

Further rights

Withdrawal of consent (Art. 7(3) GDPR).
If processing is based on your consent—for example, by ticking a box in an online form or by allowing certain cookies—you may withdraw your consent at any time with effect for the future. From the moment of withdrawal, we will no longer process the data concerned unless we are legally required to retain it (e.g., under tax or commercial law).

Right to lodge a complaint (Art. 77 GDPR).
If you consider that we are infringing the GDPR, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement. This is without prejudice to other administrative or judicial remedies.

Right to data portability (Art. 20 GDPR).
Where processing is based on consent or a contract and is carried out by automated means, you have the right to receive the personal data you provided in a structured, commonly used and machine-readable format, and to have those data transmitted to another controller where technically feasible.

Right of access, rectification and erasure (Arts. 15–17 GDPR).
You have the right to request information about the personal data we store about you, their source, recipients and the purposes of processing. If data are inaccurate, you may request rectification; under the conditions of Art. 17 GDPR you may request erasure.

Right to restriction of processing (Art. 18 GDPR).
In certain cases you may request that we restrict processing. Apart from storage, data may then only be processed:

• with your consent;
• for the establishment, exercise or defence of legal claims;
• for the protection of the rights of another natural or legal person; or
• for reasons of important public interest of the European Union or of a Member State.

You may request restriction in particular where:

• you contest the accuracy of the data (for the time necessary for verification);
• processing is unlawful but you oppose erasure;
• we no longer need the data, but you require them for legal claims; or
• you have objected under Art. 21(1) GDPR and a balance of interests is pending.

Hosting and Content Delivery Networks (CDN)

External hosting

Our website is hosted by the following provider:
Strato AG
Otto-Ostrowski-Straße 7
10249 Berlin, Germany

How do we process your data?

The hosting provider stores all data related to our website, including personal data that are collected automatically or provided by you—for example, IP addresses, pages accessed, names, contact details and enquiries, as well as metadata and communication data. The provider processes such data strictly on our instructions and only insofar as necessary to fulfil its contractual obligations to us.

Legal basis

Because our website is used to address potential customers and to maintain contact with existing customers, processing by our hosting provider serves contract initiation and performance and is based on Art. 6(1)(b) GDPR. In addition, we have a legitimate interest in providing a professional online offering that meets requirements of security, speed and efficiency; processing is therefore also based on Art. 6(1)(f) GDPR.

Data collection on this website

Use of cookies

Our website places cookies on your device. Cookies are small text files used for various purposes. Some are technically necessary for the website to function; others enable specific actions or features (functional cookies—e.g., the use of a shopping cart). Other cookies are used to analyse user behaviour or optimise advertising. Where we use third-party services on our website (e.g., for payment processing), those providers may also place cookies (third-party cookies) when you access our site.

How do we process your data?

Session cookies are stored only for the duration of your session and are deleted when you close your browser. Persistent cookies remain on your device until you delete them; among other things, they may enable long-term analysis of user behaviour. You can control cookie handling via your browser settings, e.g.:

• receive a notice when cookies are set;
• block cookies in general or in specific cases;
• automatically delete cookies when closing the browser.

If you disable cookies, some website functionality may be limited.

Where we use cookies from other providers or for analytics purposes, we inform you in this Privacy Policy and request your consent when you visit our website.

Legal basis

We have a legitimate interest in ensuring that our online services function without technical issues and provide all desired features. Storing necessary and functional cookies is therefore based on Art. 6(1)(f) GDPR. All other cookies are set on the basis of Art. 6(1)(a) GDPR (your consent), which you can withdraw at any time with effect for the future. If you consented to necessary/functional cookies via our consent banner, their storage is likewise based on your consent.

Cookie consent with “Borlabs Cookie”

What is Borlabs Cookie?
A cookie plugin used to comply with the GDPR and the ePrivacy rules.

Who processes your data?
Only we do—not the provider of Borlabs Cookie.

Where can you find information from Borlabs Cookie?
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

How do we process your data?

We use Borlabs Cookie to obtain your consent to store cookies on your device. When you visit our website and close the Borlabs consent window, a Borlabs cookie with the following contents is stored in your browser:

• cookie lifetime;
• cookie version;
• domain and path of the website;
• the consents you have given;
• a randomly generated ID.

These data are not transmitted to the provider of Borlabs Cookie.

We store the data until the purpose of storage ceases to apply, you delete the Borlabs cookie, or you ask us to delete the data, unless we are legally obliged to retain them.

Legal basis

We are legally required to obtain consent for the use of certain cookies. We therefore use Borlabs Cookie to meet this obligation. The legal basis is Art. 6(1)(c) GDPR.

Server log files

Server log files record all requests and access to our website and log error messages. They also include personal data, in particular your IP address, which our provider anonymises shortly after collection so that we cannot attribute the data to you personally. The data are transmitted automatically by your browser.

How do we process your data?

Our provider stores server log files to reconstruct activities on our website and to identify errors. The files contain:

• browser type and version;
• operating system used;
• referrer URL;
• host name of the accessing device;
• time of the server request;
• IP address (where applicable, anonymised).

We do not combine these data with other data; they are used solely for statistical evaluation and to improve our website.

Legal basis

We have a legitimate interest in the error-free operation of our website and in obtaining an anonymised overview of website access. Processing is therefore lawful under Art. 6(1)(f) GDPR.

Contact form

You can contact us via the contact form on this website.

How do we process your data?

We store your message and the details you provide in the form to process your enquiry, including follow-up questions. We do not share this data with third parties without your consent.

Storage period

We delete your data when the earliest of the following occurs:

• your enquiry has been fully processed;
• you request deletion;
• you withdraw consent (where applicable).

This does not apply where we are legally obliged to retain the data.

Legal basis

If your enquiry is connected to an existing contractual relationship or serves the performance of pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. In all other cases, our legitimate interest is to process incoming enquiries efficiently; the legal basis is Art. 6(1)(f) GDPR. If you consent to storage, the legal basis is Art. 6(1)(a) GDPR, and you may withdraw consent at any time with effect for the future.

Enquiries by email, telephone or fax

You can contact us by email, fax, or telephone.

How do we process your data?

We store your message and the contact details you provide (or your phone number) to process your enquiry, including follow-up questions. We do not share this data with others without your consent.

Storage period

We delete your data when the earliest of the following occurs:

• your enquiry has been fully processed;
• you request deletion;
• you withdraw consent (where applicable).

This does not apply where we are legally obliged to retain the data.

Legal basis

If your enquiry relates to a contract or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. Otherwise, our legal basis is Art. 6(1)(f) GDPR (legitimate interest in efficient handling of enquiries). If you consented to storage, processing is based on Art. 6(1)(a) GDPR; you may withdraw consent at any time with effect for the future.

Google Fonts (local hosting)

We use fonts provided by Google LLC on our website. The fonts are hosted locally, so no connection is made to Google servers when you visit our website.

For more information on Google Fonts, see https://developers.google.com/fonts/faq and Google’s Privacy Policy: https://policies.google.com/privacy.

Our services / Other

Handling of applicant data

If you would like to work with us, we welcome your application. We treat all personal data you submit in strict confidence, including any data collected later during the recruitment process.

How do we process your data?

We store and use all data collected during the application process insofar as necessary to decide on the establishment of an employment relationship. In addition to contact and communication data and application documents, this may include, for example, notes taken during interviews. Within our company, your data are shared only with persons involved in processing your application.

If your application is successful, we store the data required to perform the employment relationship in our systems.

Storage period

If we are unable to offer you a position, you decline an offer, or you withdraw your application, we reserve the right to retain your documents and other application data for up to 6 months after the end of the recruitment process in order to use them as evidence in the event of a legal dispute. After this period, we delete the data and destroy physical documents. If a legal dispute is imminent or pending, we delete the data when it is no longer required as evidence.

Deletion always presupposes that we are not legally obliged to retain the data for a longer period.

Legal basis

We process applicant data based on Section 26 BDSG (German Federal Data Protection Act—initiation of an employment relationship) and Art. 6(1)(b) GDPR (contract initiation in general). The same applies where your application is successful.

Suppose we cannot offer you a position, you decline an offer, or you withdraw your application, we have a legitimate interest in retaining your data for evidence in potential legal disputes. In that case, processing is therefore based on Art. 6(1)(f) GDPR.

Where you have explicitly consented to the storage of your data, processing is based on Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

Data processing on social media

What do we mean by “social media”?

By social media we mean the social networks for which we maintain publicly accessible profiles. The specific networks we use are listed below.

Who processes your data?

The respective operators of the social networks. You will find details below for each network.

How are your data processed?

Social network operators can usually collect and analyse extensive data about the behaviour of visitors and users of the network. We cannot track all processing operations carried out by the operators; there may be additional processing not listed here. Please refer to the terms of use and privacy policies of the respective networks for details.

Processing may be triggered by your visiting the website of the social network or our profile page there. If you visit a website that includes content from a network (e.g., Like or Share buttons), data may already be transmitted to the network operator. If you are a registered user and logged in, your visit to our profile page can be associated with your account. Even if you are not registered or logged in, operators may still collect personal data (e.g., by recording your IP address or setting cookies). Operators may create user profiles tailored to your behaviour and interests and show you interest-based advertising both inside and outside the network. If you are a registered user, interest-based advertising may be shown on all devices on which you are or were logged in.

Legal basis

Our profiles on social networks aim to ensure the broadest possible online presence of our company; this constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

Processing and analyses performed by the operators themselves may be based on other legal bases, which the operators must indicate.

Joint controllership / exercising your rights

When you visit one of our profiles, we and the respective operator are joint controllers for the processing triggered by that visit. You can generally exercise your rights both against us and against the operator. However, our influence on the operator’s processing is limited and depends primarily on the operator’s specifications.

Storage period

Data we collect via our profiles are deleted from our systems when the purpose of storage ceases to apply, when you request deletion, or when you withdraw consent. Cookies remain on your end device until you delete them. Statutory retention obligations remain unaffected.

We have no control over how long operators store data they collect for their own purposes. Please consult the operators’ privacy notices.

Which social media do we use?

Facebook

What is Facebook?
A social network.

Who processes your data?
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Are data transferred to third countries?
Yes, to the United States and other third countries.

Further information on data protection at Facebook:
https://www.facebook.com/about/privacy/

Where can you adjust your advertising settings as a Facebook user?
If you are a registered Facebook user, you can adjust your advertising settings in your account:
https://www.facebook.com/settings?tab=ads