Privacy Policy

Privacy Notice of
MRM Distribution GmbH & Co. KG

Status: February 2021

We comply with the applicable data protection regulations, in particular the requirements of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). We process your personal data only where the law permits such processing or where you have given your consent to the processing of your data. Transparency in data processing is important to us; therefore, we would like to provide you with comprehensive information on data protection through the following privacy notice.

Overview

1. CONTROLLER

2. DATA PROTECTION OFFICER

3. GENERAL INFORMATION ON DATA PROCESSING

4. YOUR RIGHTS

5. SERVERS AND LOG FILES

6. USE OF COOKIES

7. CONTACTING US

8. (PRE-)CONTRACTUAL SERVICES

9. DATA PROCESSING FOR MARKETING PURPOSES

10. WEBSITE OPTIMIZATION, REACH ANALYSIS AND ONLINE MARKETING

11. ADVERTISING PARTNERS

12. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT

13. TRANSFER OF DATA; PROCESSING IN THIRD COUNTRIES

14. APPLICANT DATA

15. CHANGES

16. GOOGLE FONTS (LOCAL HOSTING)

17. DEFINITIONS

In detail:

1. CONTROLLER

The controller responsible for processing your personal data on this website is:

MRM Distribution GmbH & Co. KG
Represented by the personally liable partner:
MRM Distribution Verwaltungs GmbH, represented by the Managing Director Melanie Achten
Carl-von-Linde-Strasse 38
85716 Unterschleißheim
Germany
https://mrm-distribution.com
info@mrm-distribution.com

Data Protection Officer
Regier Thomas
DataCo GmbH
Dachauer Straße 65
80339 Munich
Germany
datenschutz@dataguard.de
089740045840

2. DATA PROTECTION OFFICER

You can contact our data protection officer at datenschutz@mrm-distribution.com or by phone at +49 (0)89 2488 369-0.

3. GENERAL INFORMATION ON DATA PROCESSING

a) Scope and purpose of processing personal data
As a user of this website, we generally process your personal data only to the extent necessary to provide a functional website as well as our content and services. Your personal data will only be processed after your purpose-related consent unless data processing is permitted by law without prior consent. The purposes of processing arise from the processing activities described in more detail below.

b) Legal basis for processing personal data
Where we obtain your consent for the processing of personal data, the legal basis is Art. 6(1)(a) GDPR.

If processing of your data is necessary for the performance of a contract to which you are a party, the legal basis is Art. 6(1)(b) GDPR. This also applies to processing required to carry out pre-contractual measures.
If processing is necessary for compliance with a legal obligation to which we are subject, the legal basis is Art. 6(1)(c) GDPR.
If processing is necessary to protect vital interests of you or another natural person, the legal basis is Art. 6(1)
If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party and your interests, fundamental rights and freedoms do not override those interests, the legal basis is Art. 6(1)(f) GDPR.

c) Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by laws or other regulations to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless further storage is necessary for the conclusion or performance of a contract.

d) Types of processed data
– Master data (e.g. name, address);
– Contact data (e.g. email address, telephone number);
– Content data (e.g. text entries, photographs, videos);
– Usage data (e.g. website visits, access times, personal interests);
– Communication and metadata (e.g. IP addresses, device information).

e) Purposes of processing
– Provision of the online offering, its functions and content;
– Responding to contact requests and communication with users;
– Security measures;
– Reach measurement / marketing.

f) Categories of data subjects
Visitors and users of the online offering (hereinafter referred to as “users”).

g) Regulations regarding the provision of data and consequences of non-provision
Providing personal data may be required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information about the contractual partner). For a contract to be concluded, it may be necessary for you to provide personal data which must subsequently be processed by us. For example, you are obliged to provide personal data when our company concludes a contract with you. Failure to provide personal data would mean that the contract could not be concluded.

h) Automated decision-making
Automated decision-making does not take place.

4. YOUR RIGHTS

When your personal data is processed, you have the following rights, about which we would like to inform you below. You may contact us as the controller for this purpose; the contact details can be found above under section 1.

a) Right of access (Art. 15 GDPR)
Upon request, we will confirm whether personal data concerning you is being processed. If this is the case, you have the right to receive information about:

• the purpose(s) of the data processing,
• the categories of processed data
• the recipients or categories of recipients to whom data has been disclosed, particularly recipients in third countries
• the planned storage period or the criteria used to determine this period
• the existence of the right to rectification or erasure of your personal data or restriction of processing or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where personal data was not collected from you, any available information about the source of the data: the existence of automated decision-making, including profiling, and meaningful information about the logic involved and the significance and consequences of such processing
• in the event of transfer to a third country or international organization, the appropriate safeguards relating to the transfer.

Upon request, you will receive a copy of the data collected and processed about you. This is generally provided free of charge.

b) Right to rectification (Art. 16 GDPR)
You have the right to request the immediate correction of inaccurate personal data concerning you. You also have the right to request completion of incomplete personal data, including by means of a supplementary statement.

c) Right to erasure (Art. 17 GDPR) (“Right to be forgotten”)
Upon request or after fulfillment or termination of the contract with us, your personal data will be deleted immediately unless statutory retention obligations or the protection of the legitimate interests of the controller prevent deletion.

A right to erasure exists in particular under the following conditions:

• the personal data is no longer necessary for the purposes for which it was collected or otherwise processed
• you withdraw your consent on which the processing was based and there is no other legal basis for the processing
• you object to the processing and there are no overriding legitimate grounds for the processing
• the personal data has been processed unlawfully
• deletion is required to comply with a legal obligation under EU or member state law
• the personal data was collected in relation to information society services offered to a child.

d) Right to restriction of processing (Art. 18 GDPR)
You have the right to request restriction of processing under the following conditions:

• you contest the accuracy of the personal data
• die Verarbeitung ist unrechtmäßig, Sie lehnen die Löschung der personenbezogenen Daten ab und verlangen stattdessen die Einschränkung der Nutzung der personenbezogenen Daten.
• the processing is unlawful but you oppose deletion and request restriction instead
• the controller no longer needs the personal data but you require it for legal claims
• you have objected to the processing and verification is pending.

e) Right to data portability (Art. 20 GDPR)
Upon request, your data may be provided in a structured, commonly used and machine-readable format so that it can be transferred to another service provider. This applies where the processing is based on consent or a contract and is carried out by automated means.

f) Right to withdraw consent (Art. 7(3) GDPR)
You may withdraw your consent at any time with effect for the future.

g) Right to lodge a complaint (Art. 77 GDPR)
If you believe that data protection regulations have been violated, you have the right to lodge a complaint with the competent supervisory authority.

h) Right to object (Art. 21 GDPR)
You also have the right to object to the processing of your personal data. If processing is carried out for the purpose of direct marketing (e.g. newsletters), this right applies at any time. Otherwise, you may object at any time on grounds relating to your particular situation where processing is based on Art. 6(1)(e) or (f) GDPR.

To exercise your right of withdrawal or objection, you may send an informal message to us using the contact details listed in section 1 or 2.

5. SERVERS AND LOG FILES

Logfiles
When using the website purely for informational purposes, meaning if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website and to ensure stability and security (legal basis is Art. 6(1) sentence 1 lit. f GDPR):

Date and time of access, name of the pages accessed, anonymized IP address of the requesting device, referrer URL (origin URL from which visitors arrived at our website), amount of data transferred, loading time, browser type, language and version, name of the visitor’s access provider, operating system and interface. The log data is stored for a period of 60 days.

Hosting
We use a hosting provider to provide certain services related to the operation of this website. In particular, this includes IT infrastructure, computing capacity, database services, email delivery, security services, server storage space and technical maintenance services. In this context, we or our hosting provider process master data, contact data, content data, contract data, usage data, meta and communication data of our website visitors on our behalf in accordance with Art. 28 GDPR based on our legitimate interest in the professional and secure provision of our website in accordance with Art. 6(1) sentence 1 lit. f GDPR.

6. USE OF COOKIES

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you use and that allow certain information to be transmitted to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.

Use of cookies:
a) Temporary cookies are automatically deleted when you close the browser. These include in particular session cookies. They store a so-called session ID with which various requests from your browser can be assigned to the same session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

b) Permanent cookies remain stored even after the browser is closed. This allows settings or preferences to be stored, for example.

c) First-party cookies are set by the website operator itself, whereas third-party cookies are used by third parties (e.g. advertising partners).

d) Necessary cookies (also called essential cookies) are required for the operation of a website (e.g. to store logins or other user inputs) or are necessary for security reasons.

e) In addition, cookies may be set for personalization, statistical purposes and marketing.

This website uses the following cookies, some of which are necessary for the operation of our website:

Controller Name Purpose Storage Duration Recipient Required
Ziff. 1 _ga, _gat, -gid Analyse / Tracking (Google Analytics) 14 months Google No
Ziff. 1  _ga, _gat, -gid Analyse / Tracking (Google Tag Manager) 14 months Google No
Ziff. 1 mrm-cookie  Consent 1 year  Yes
Ziff. 1 googtrans Multilingualism (Google Translate) Session Google No
Ziff. 1 NID Google Maps 6 months Google No
Ziff. 1 NID Youtube – content 6 months Google No

If these cookies are not required and/or contain personal data, the legal basis for processing is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR, which is stored via a cookie. You provide your consent via our cookie notice. This groups cookies into certain purpose-related categories. The category of required cookies is preselected and cannot be deselected.

If these cookies are required cookies and/or contain personal data, the legal basis for processing is Art. 6(1) sentence 1 lit. f GDPR. Our interest in maintaining the functionality of our website is considered legitimate within the meaning of the aforementioned provision.

If processing is based on your consent, you may withdraw it at any time with effect for the future by deselecting optional cookie categories or cookies in the cookie settings. If you do not consent or withdraw your consent, the collection of data through optional cookies requiring consent and the associated processing will not take place. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You can also configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. Please note that you may then not be able to use all functions of this website. You can also generally object to the use of cookies for online marketing at https://www.youronlinechoices.com/de/

Details regarding the aforementioned third-party services can be found in the sections below.

7. CONTACTING US

Contact via Email, Post & Telephone
You have the option to contact us in several ways: by email, by telephone or by post. When you contact us, we use the personal data you voluntarily provide solely for the purpose of contacting you and processing your request. The legal basis for this processing is Art. 6(1)(b) GDPR. Your data will be deleted when it is no longer required for the purpose of processing and no statutory retention obligations exist.

Contact Form
A contact form is available on our website which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us in encrypted form and stored.

The legal basis for the processing of your data is Art. 6(1) sentence 1 lit. a GDPR if consent has been given. If no individual consent has been given, we process your data on the basis of Art. 6(1) sentence 1 lit. b GDPR. The processing of personal data from the input form serves solely to process your request.

8. (PRE-)CONTRACTUAL SERVICES

Processing in connection with the online shop
We process your personal data as a registered and approved business customer only to the extent necessary for processing your orders in the online shop or for handling your inquiries.

We only process the personal data you provide to us, such as your name, contact details, payment data and order data.

Data processing is carried out for the purpose of fulfilling a contract and carrying out pre-contractual measures on the legal basis of Art. 6(1) sentence 1 lit. b GDPR. In the case of purchases via our websites/applications, we are also obliged under statutory provisions of the German Civil Code (BGB) to send an electronic order confirmation (Art. 6(1) lit. c GDPR).

To provide maximum convenience, we offer you the permanent storage of your personal data in a password-protected customer/user account.

Creating a customer account is voluntary and based on your consent pursuant to Art. 6(1) lit. a GDPR. After creating a customer account, you do not need to re-enter your data. You can also view and change the data stored about you at any time in your account.

In addition to the data requested when placing an order, you must specify a password of your choice when creating a customer account. This password, together with your email address, allows access to your customer account. Please treat your personal login credentials confidentially and do not disclose them to unauthorized third parties. You can delete your customer account at any time. Please note that this does not simultaneously delete the data stored in the account if you have previously placed orders with us. Your data will be deleted automatically after the expiration of statutory commercial and tax retention periods.

To process purchase contracts, delivery address data may be passed on to logistics companies and shipping partners commissioned by us. The data is transmitted solely for the respective purpose and deleted after delivery has been completed.

If we do not use your data for advertising purposes, we store the data collected for contract processing until the expiry of statutory or contractual warranty and guarantee rights. After this period, we retain the information required under commercial and tax law for the legally prescribed periods. During this period, the data will only be processed again in the event of an audit by the tax authorities.

9. DATA PROCESSING FOR MARKETING PURPOSES

Advertising to Existing Customers

We generally have a legitimate interest in using the data of our existing customers for marketing purposes. For our own marketing purposes, we collect the following data from our existing customers: first name, last name, postal address, email address, and year of birth. The legal basis for the use of personal data for marketing purposes is Art. 6(1) sentence 1 lit. f GDPR.

If you are not an existing customer, we process your data for marketing purposes only on the basis of your explicit consent for these purposes in accordance with Art. 6(1) sentence 1 lit. a GDPR.

We have concluded proper data processing agreements with service providers that we engage for the delivery of advertising and that process data strictly in accordance with our instructions.

Notice of the Right to Object
You may object to the use of your personal data for the above-mentioned marketing purposes at any time, free of charge, with effect for the future using the contact options provided in section 1 or 2.

If you object, your data will be blocked for further advertising data processing. Please note that in exceptional cases advertising material may still be sent temporarily after receipt of your objection. This is technically due to the necessary lead time required during the selection process and does not mean that we have not implemented your objection.

Advertising Based on Consent

We process your data for marketing purposes only on the basis of your explicit consent for these purposes in accordance with Art. 6(1) sentence 1 lit. a GDPR.

We have concluded proper data processing agreements with service providers that we engage for the delivery of advertising and that process data strictly in accordance with our instructions.

Notice of the Right of Withdrawal
You may withdraw your consent at any time free of charge with effect for the future.

To exercise this right of withdrawal, you may send us an informal message using the contact options listed in section 1 or 2 expressing your intention to withdraw consent. Withdrawal does not affect the lawfulness of processing carried out on the basis of consent before the withdrawal.

Newsletter

If you would like to receive the newsletter offered on our website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. We use the so-called double opt-in procedure for registration. This means that after you register, we send an email to the email address provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, clarify any possible misuse of your personal data. Your data is used exclusively for sending the newsletter. The legal basis for this data processing is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.

The newsletters are sent based on our legitimate interests in an effective, secure, and user-friendly newsletter system in accordance with Art. 6(1) sentence 1 lit. f GDPR via the service provider dskom GmbH, Reginhardstraße 34, 13409 Berlin, Germany under a data processing agreement (Art. 28 GDPR). The privacy policy of the service provider can be found at: https://www.dskom.de/werbung-marketing/kontakt/datenschutz.php.

The newsletters contain a so-called web beacon. These are small graphics that allow log file recording and analysis used for statistical evaluations for online marketing when the newsletter email is opened and retrieved from dskom. During this retrieval, technical information such as information about the browser, your system, and the time of access is collected. This information is used to technically improve our services based on the technical data, target groups, and their reading behavior. Statistical analysis includes information about whether a newsletter is opened, the time it is opened, and the links clicked. If you wish to object to data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.

The data you provide for the purpose of receiving the newsletter will be stored by us or by dskom until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after cancellation. Data stored for other purposes by us remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist by us or by dskom in order to prevent future mailings. The data from the blacklist is used only for this purpose and not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest pursuant to Art. 6(1) sentence 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to this storage if your interests outweigh our legitimate interest.

Notice of the Right of Withdrawal
You may withdraw your consent to receive the newsletter at any time with effect for the future and unsubscribe from the newsletter. You can withdraw your consent by clicking the link provided in each newsletter email or, for example, by sending us an email (see section 1 or 2).

10. WEBSITE OPTIMIZATION, REACH ANALYSIS AND ONLINE MARKETING

Google (Universal) Analytics
On our website we use Google (Universal) Analytics based on the consent you provide in the cookie banner pursuant to Art. 6(1) sentence 1 lit. a GDPR for the analysis, improvement, and commercial design of our online offering. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), with the extension “IP anonymization” (also known as the “IP masking method”). Google uses cookies. The information generated by the cookie about the use of the online service by users is generally transmitted to a Google server in the USA and stored there. Information generated by the cookie regarding your use of this website includes for example:

• Browser type and version,
• Operating system used,
• Referrer URL (the previously visited page),
• Hostname of the accessing computer (IP address),
• Time of the server request.

Details about cookies can be found above in section 5.

The data collected within the scope of Google Analytics may be stored and processed in the United States or in any other country where Google or Google’s subcontractors maintain facilities. Through the IP masking method used by us, the IP address is shortened within EU member states or other states that are party to the EEA agreement before transmission to a Google server in the USA, so that a complete IP address is not transmitted and identification of a person is prevented or significantly hindered. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

Google will use this information on our behalf to evaluate the use of our online offering by users and to compile reports on activities within this online offering as well as to provide further services related to the use of the online offering. Pseudonymous user profiles may be created from the processed data.

The shortened IP address transmitted by the user’s browser will not be merged with other Google data. You can prevent the storage of cookies through a corresponding setting in your browser software and also prevent the collection of data generated by the cookie related to your use of the online service and its processing by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, settings and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Users’ personal data is deleted or anonymized after 14 months.

Additional information about data transfers to the USA can be found in section 13.

Google-Signals
We have activated the Google Signals function in Google Analytics (see above). As a result, the existing Google (Universal) Analytics functions such as remarketing with Google Analytics, advertising reporting features, reports on interests and demographic characteristics, and cross-device reports are updated.

This allows us to receive aggregated and anonymized data from you if you have allowed personalized ads in your Google account. Individual user data is not disclosed. Google Signals enables cross-device tracking so that your data can also be analyzed across different devices. By activating Google Signals, data is collected and linked with your Google account.

Google can thus determine if you visit our website from different devices such as a smartphone and a PC. With Google Signals we can therefore launch cross-device remarketing campaigns (see section 11), enabling us to display our offers to you on other websites as well.

Google Analytics also collects additional visitor data through Google Signals about the course and actions on our website. This allows us to receive advertising reports and helpful information about your interests, geographical and demographic characteristics, and social criteria in order to define target groups.

With the help of these reports we can optimize and adapt our services and products for you. This data expires by default after 26 months. Data collection within Google Signals only takes place if you have allowed personalized advertising in your Google account. You can manage or delete this data in your Google account.

Otherwise, the information provided above regarding Google (Universal) Analytics applies.

Google Tag Manager
We inform you that we use Google Tag Manager based on the consent you provide in the cookie banner in accordance with Art. 6(1) sentence 1 lit. a GDPR. Google Tag Manager itself does not collect any personal data. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior, record the impact of online advertising and social channels, set up remarketing and target group orientation, and test and optimize websites.

We use the Tag Manager for the Google services Google Analytics and GA Audience. If you have deactivated tracking, this deactivation will be taken into account by Google Tag Manager.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
Website: https://marketingplatform.google.com;
Privacy policy: https://policies.google.com/privacy;
Further information about Google Tag Manager can be found at: https://www.google.com/intl/de/tagmanager/use-policy.html.
Additional information about data transfers to the USA can be found in section 13.

Calendly
On our website you have the option to schedule appointments with us. For appointment booking we use the tool “Calendly”. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (“Calendly”).

For the purpose of scheduling an appointment, you enter the requested data and the desired date into the form provided. The entered data is used for planning, conducting, and if necessary following up on the appointment. Appointment data is stored for us on Calendly’s servers. Their privacy policy can be viewed here: https://calendly.com/privacy.

The data you enter remains with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies. Mandatory statutory provisions – especially retention periods – remain unaffected.

The legal basis for data processing is Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in making it as easy as possible to schedule appointments with interested parties and customers. If consent has been requested, Art. 6(1) lit. a GDPR is the legal basis for processing; consent may be withdrawn at any time.

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here:
https://calendly.com/pages/dpa.

Data Processing Agreement
We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Hotjar
This website uses Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: https://www.hotjar.com).

Hotjar is a tool used to analyze your user behavior on this website. With Hotjar we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you stay with the mouse pointer at a certain position. From this information Hotjar creates so-called heatmaps that can be used to determine which website areas are viewed most frequently.

We can also determine how long you stayed on a page and when you left it. We can also determine at which point you stopped entering data into a contact form (so-called conversion funnels).

In addition, direct feedback from website visitors can be obtained through Hotjar. This function serves to improve the website operator’s online offering.

Hotjar uses technologies that enable the recognition of users for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting).

The use of this analysis tool is based on Art. 6(1) lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and advertising. If consent has been requested (e.g. consent to store cookies), processing takes place exclusively on the basis of Art. 6(1) lit. a GDPR; consent can be revoked at any time.

Disabling Hotjar
If you wish to disable data collection by Hotjar, please click the following link and follow the instructions there: https://www.hotjar.com/opt-out

If you wish to disable data collection by Hotjar, please click the following link and follow the instructions there:

Further information about Hotjar and the data collected can be found in Hotjar’s privacy policy at: https://www.hotjar.com/privacy

Data Processing Agreement
We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law that ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

11. ADVERTISING PARTNERS

We work with advertising partners in order to make the online offering on our website more interesting for you. For this purpose, the cookies mentioned above in section 5 are also set by our advertising partners when you visit our website (so-called third-party cookies). Information about your user behavior and interests when visiting our website is also stored in the cookies of our advertising partners using pseudonyms. In some cases, information is also collected that was generated on other websites before you visited our site. Based on this information, interest-based advertisements from our advertising partners are displayed to you. No personal data is stored and no user profiles are combined with personal data relating to you.

You can prevent interest-based advertising from our advertising partners by adjusting the cookie settings in your browser.

Google AdSense
On our website we use Google AdSense based on your consent given in the cookie banner in accordance with Art. 6(1) sentence 1 lit. a GDPR. Google AdSense is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, used to integrate advertisements. Google AdSense uses cookies, which are text files stored on your computer that allow an analysis of how the website is used. Google AdSense also uses so-called web beacons. These web beacons allow Google to analyze information such as visitor traffic on our website. This information, together with your IP address and the advertising formats displayed, is transmitted to Google in the USA, stored there, and may be shared by Google with contractual partners. However, Google will not combine your IP address with other data stored by you. You can prevent the installation of cookies by adjusting your browser settings accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent. You may object to the use of your information at any time.

Further information can be found at: https://policies.google.com/privacy?hl=de

Google Ads (Adwords)
Our website uses Google Ads based on your consent given in the cookie banner in accordance with Art. 6(1) sentence 1 lit. a GDPR. Google AdWords is an online advertising program provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA https://policies.google.com/privacy).

Within Google Ads we use the remarketing function (“Similar Audiences”). With the remarketing function we can present users of our website with interest-based advertisements on other websites within the Google Display Network (on Google itself, so-called “Google Ads”, or on other websites). For this purpose, the interaction of users on our website is analyzed, for example which offers the user has shown interest in, in order to display targeted advertising to users on other websites even after they have visited our website. For this purpose, Google stores a number in the browsers of users who visit certain Google services or websites in the Google Display Network. This number, referred to as a “cookie”, records the visits of these users. This number serves to uniquely identify a web browser on a specific computer and not to identify a person; no personal data is stored.

In addition, we measure the conversion of advertisements. However, we only learn the anonymous total number of users who clicked on our advertisement and were redirected to a page marked with a so-called “conversion tracking tag”. We do not receive any information that could personally identify users.

The legal basis for this data processing is Art. 6(1) lit. f GDPR.

You can deactivate the use of cookies by Google by following the link below and downloading and installing the plugin provided there: www.google.com/settings/ads/plugin.

Further information about Google remarketing and Google’s privacy policy can be found at: www.google.com/privacy/ads/.

12. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT

Within our website we use services and content provided by third-party providers either on the basis of your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR or, where consent is not required, on the basis of our legitimate interests (i.e., interest in analyzing the use of our website and improving the operation of our website within the meaning of Art. 6(1) sentence 1 lit. f GDPR). These services allow us to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).

This may require the respective third-party providers to process your IP address, since they cannot send the content to your browser without the IP address. The IP address is therefore required for the delivery and display of this content. Third-party providers may also use so-called “pixel tags” (invisible graphic files, also known as “web beacons”) for statistical or marketing purposes. Pixel tags allow the analysis of visitor behavior on this website. The pseudonymous information may be stored in cookies on your device and may include technical information about visit times, browser and operating system, previously visited website, as well as other information about the use of our website. This information is not linked with similar information from other sources.

If you do not want pixel tags to record your usage behavior, you may object to data collection at any time by notifying us (see section 1 or 2).

Google Maps
We may integrate maps from the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, provided that you have given your consent within the cookie consent banner. The legal basis is therefore your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. The data processed may include IP addresses and location data of users, which are not collected without their consent (usually via the settings of their mobile devices). The data may be processed in the USA. Their privacy policy can be found at: https://www.google.com/policies/privacy/. EYou can set an opt-out here: https://adssettings.google.com/authenticated.

YouTube
Based on the consent you may have given via the cookie notice, we may embed videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Their privacy policy can be found at: https://www.google.com/policies/privacy/

The legal basis for processing is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. You can opt out at: https://adssettings.google.com/authenticated or by adjusting your cookie settings.

Google Translator (Google Translate)
We integrate the Google Translator service based on your consent given via the cookie notice in order to offer our website in different languages. The legal basis for processing is your consent pursuant to Art. 6(1) sentence 1 lit. a GDPR. The service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Their privacy policy can be found at: https://www.google.com/policies/privacy/. You can set an opt-out here: https://adssettings.google.com/authenticated or by adjusting your cookie settings.

13. TRANSFER OF DATA; PROCESSING IN THIRD COUNTRIES

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if processing takes place in the context of using services of third parties or the disclosure or transfer of data to other persons, authorities, or companies, this is done only in accordance with legal requirements.

Subject to explicit consent or where required by contract or law, we process or have data processed only in third countries with a recognized level of data protection, on the basis of contractual obligations through so-called standard contractual clauses of the European Commission, in the presence of certifications, or binding internal data protection regulations (Art. 44–49 GDPR).

Data collected in connection with the Google products mentioned above may be stored and processed by Google, among other places, in the United States. We have no influence over further data processing by Google. For data transfers to a third country, meaning a country outside the EU or the EEA, appropriate safeguards for the protection of your personal data are generally required. After the European Court of Justice declared Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield invalid, the EU-US Privacy Shield can no longer be used as a guarantee for an adequate level of protection in the United States according to EU standards. Therefore, there is currently no level of data protection in the United States equivalent to that of the EU within the meaning of Art. 45 GDPR, and we are also unable to provide appropriate safeguards under Art. 46 GDPR to compensate for this deficit. Consequently, the transfer of data to the United States is only permissible with your explicit consent pursuant to Art. 49(1)(a) GDPR, which you may provide through the cookie notice by selecting optional cookie categories or cookies (detailed view). Possible risks of such data transfers include the possibility that government authorities, such as security agencies or intelligence services, may access your data and process it for national security, law enforcement, or other public interest purposes in the United States without informing you separately and without providing enforceable rights or effective legal remedies.

Apart from this, we only disclose your data to third parties if:

• you have given your explicit consent in accordance with Art. 6(1) sentence 1 lit. a GDPR,
• the disclosure is necessary pursuant to Art. 6(1) sentence 1 lit. f GDPR for the establishment, exercise, or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
• there is a legal obligation for disclosure pursuant to Art. 6(1) sentence 1 lit. c GDPR, or
• this is legally permissible and necessary pursuant to Art. 6(1) sentence 1 lit. b GDPR for the performance of contractual relationships with you.

Data is only transferred to tax authorities and social security institutions where a legal obligation exists; the legal basis is Art. 6(1) sentence 1 lit. c GDPR. Data is only transferred to service providers on the basis of a proper data processing agreement pursuant to Art. 28 GDPR.

14. APPLICANT DATA

We process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically, particularly if an applicant submits application documents to us electronically, for example by email. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of carrying out the employment relationship in compliance with statutory provisions. If no employment contract is concluded, the application documents will automatically be deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion.

15. CHANGES

The controller reserves the right to adapt security and data protection measures where this becomes necessary due to technical or legal developments. In such cases, the controller will also update this privacy notice accordingly. Please therefore note the current version of our privacy notice.

16. GOOGLE FONTS

This website uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. The Google Fonts are installed locally. No connection to Google servers takes place.

Further information about Google Fonts can be found at:
https://developers.google.com/fonts/faq and in Google’s privacy policy::
https://policies.google.com/privacy?hl=de.

17. DEFINITIONS

For better understanding, we would like to provide the relevant definitions of terms from the GDPR that are relevant to this privacy notice.

Supervisory authority “Supervisory authority” means an independent public authority established by a Member State pursuant to Art. 51 GDPR”.
Processor A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Third party A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Restriction of processing Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Consent Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Recipient Recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Personal data Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he or she can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

In simplified terms, personal data refers to individual information about personal or factual circumstances of an identified or identifiable natural person, i.e., not legal entities such as a limited liability company (GmbH). Personal data includes information such as name, address, email address, and also IP addresses.
Profiling Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Pseudonymization Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
Controller Controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processing Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.