We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data with which we can identify you. In addition, you will occasionally also find information on data processing processes outside of this website (e.g. video conferences or newsletters).
Person responsible for data processing
Person responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
GOD Gesellschaft für Organisation und Datenverarbeitung mbH (“GOD mbH“)
Roseliesstraße 1
38126 Braunschweig
DE
+49 (0)531 – 23 76 7-0
hostmaster@god.de
Data Protection Officer
exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
E-Mail: datenschutz@god.de
General information
This privacy policy fulfils the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot establish a connection to your person (or only with disproportionate effort), e.g. anonymised information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the sections on individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.
Information in accordance with Article 13 GDPR
This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:
Categories of recipients of the personal data
Within our company, only those employees have access to the data who absolutely need it to fulfil their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected and data protection-compliant service providers based within the EEA or, if service providers are based outside the EEA, where we have implemented data protection mechanisms to secure the transfer of data. If service providers commissioned by us gain access to personal data in the performance of their services, order processing contracts have been concluded with them in accordance with Art. 28 para. 3 GDPR.
Duration of data storage
The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are in particular commercial and tax retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as required for the specific purpose.
Your rights as a data subject
Under the provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
If you have any questions about data protection, please send an e-mail to datenschutz@god.de.
Cookies
Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). We only use these technically unnecessary cookies in accordance with Section 25 (1) TTDSG if you have given us your consent to do so.
If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programmes or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.
Consent with Borlabs Cookie
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of technically unnecessary cookies in your browser or to the use of certain technologies and to document them in accordance with data protection regulations. The provider is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
A cookie is set in your browser in order to be able to assign and document your consent or your revocation of consent. This data is stored until you delete the cookie, request us to delete the data or the purpose for the data processing no longer applies. Statutory retention obligations remain unaffected. This data is not passed on to the provider of Borlabs Cookie.
Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of technically unnecessary cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Data processing in detail
Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, whether there is an obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.
Provision of the website
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).
We use the following hoster:
EWE TEL GmbH
Cloppenburger Str. 310
26133 Oldenburg
Contact form
Type and scope of processing
If you send us enquiries (e.g. via contact form, e-mail or telephone), we store all the data that results from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. You are not obliged to provide us with this data. However, we cannot process your enquiry without this data. We will forward the data from the contact form to our affiliated company, MT GmbH. Under data protection law, MT GmbH is jointly responsible with us for processing the data. We have set out the details of the joint data processing and the question of who fulfils which data protection obligations under the GDPR in an agreement.
Purpose and legal basis
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if you have previously given it.
Storage duration
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Heyflow
On this website, we have integrated so-called click funnels from the provider Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg. All data entered in these forms is forwarded to the provider’s servers. In order to ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider. You can find more information on data protection at Heyflow at https://heyflow.app/de/datenschutz.
Contact form for applicants
Type and scope of processing
You have the opportunity to apply to us on our website (e.g. by e-mail, post or online application form).
Purpose and legal basis
We process the personal data of applicants in accordance with the legal requirements for the purpose of initiating an employment relationship (Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG). You are not obliged to provide us with this data. However, we cannot carry out an application process with you without this data.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG or, if you provide us with special categories of personal data such as health information, on the basis of Art. 9 para. 2 lit. b, § 26 para. 3 sentence 1 BDSG for the purpose of implementing the employment relationship.
We also use the services of the professional networks LinkedIn and XING to contact potential applicants. In this respect, the operators of the networks act as processors for us in accordance with our instructions. The legal basis for data processing when approaching potential applicants on our behalf is Art. 6 para. 1 lit. f GDPR (our legitimate interests). If you send us your application as a result of such an approach, we process your data for the purpose of initiating an employment relationship as described above on the basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG.
The data transmitted on our applicant portal (https://bewerbung.karriere.god.de/) is transmitted via TLS encryption and stored in a database. This database is operated by Recruitee B.V., Keizersgacht 313, 1016 EE Amsterdam, Netherlands, which offers personnel administration and applicant management software. Recruitee is our processor in this context in accordance with Art. 28 GDPR. The basis for the processing is an order processing contract between us as the controller and Recruitee. You can find more information on data processing in Recruitee’s privacy policy at https://recruitee.com/de/privacy-policy
Storage duration
Your data will be stored for a period of 6 months after the end of the application process. This is done to protect our legitimate interests in order to check whether we need the data for the defence of any claims in connection with the application process. We are then obliged to delete or anonymise your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical analyses (e.g. proportion of women or men in applications, number of applications per period, etc.).
If it is evident that further storage of the data after the 6-month period is necessary to safeguard our legitimate interests (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. The legal basis for this further data storage is our legitimate interests in the assertion, exercise or defence of civil law claims (Art. 6 para. 1 lit. f GDPR in conjunction with Art. 24 para. 1 no. 2 GDPR). § Section 24 para. 1 no. 2 BDSG or, insofar as special categories of personal data are stored, Art. 9 para. 2 lit. f GDPR in conjunction with Section 24 para. 2 BDSG). § Section 24 para. 2 BDSG).
Inclusion in the applicant pool
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 6 months on the basis of consent within the meaning of Art. 6 para. 1 lit. a, Art. 9 para. 2 lit. a GDPR. If you have provided special categories of personal data in your application, such as health information, your consent also extends to this data. You are not obliged to provide us with your application data for our talent pool. However, we will not be able to consider you for future vacancies without this data unless you submit a new application to us.
The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees by GOD mbH and our affiliated companies Ströhmer Software GmbH, GOD Nearshore SE, GOD Lithuania, UAB, G.O.D INDIA SOFTWARE SOLUTIONS PRIVATE LIMITED and MT GmbH. The aforementioned companies can access your data in the talent pool for this purpose. The companies are jointly responsible under data protection law for the processing of the data stored in the talent pool and have defined the details of the joint data processing and the question of who fulfils which data protection obligations under the GDPR in an agreement.
In particular, it stipulates that we (GOD mbH) operate the technical infrastructure of the talent pool, screen applications and respond to enquiries from data subjects on data protection issues. GOD mbH is available to data subjects at datenschutz@god.de as a point of contact for exercising data subject rights vis-à-vis all companies responsible for the talent pool, although you can also direct your enquiry to one of the other companies.
Consent to the inclusion of application data in the talent pool is voluntary and can be revoked at any time for the future. The withdrawal of consent does not affect the lawfulness of data processing based on consent before its withdrawal. You are welcome to send your cancellation to datenschutz@god.de or to one of the other responsible companies.
Your application documents will be deleted from the talent pool at the latest after expiry of the storage period or in the event of cancellation or acceptance of a job offer by one of the companies responsible for the talent pool.
If you receive and accept an offer of employment with us or another company that has access to the talent pool as part of the application process, we or this company will store the personal data collected during the application process for the purpose of implementing the employment relationship. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR, Section 26 para. 1 BDSG or, if you provide us with special categories of personal data such as health information, Art. 9 para. 2 lit. b, Section 26 para. 3 sentence 1 BDSG.
Newsletter
We offer you our newsletter on this website. If you would like to subscribe to it, we need your e-mail address and other data to prove that it is your e-mail address and that you agree to receive the newsletter. No other personal data is collected unless you provide it voluntarily (e.g. name, telephone number, place of residence, etc.). You are not obliged to provide us with this data. However, we cannot send you a newsletter without this data.
When processing the data you provide when registering for the newsletter, we rely exclusively on your consent in accordance with Art. 6 para. 1 lit. a GDPR as the legal basis. You can revoke your consent to the processing and storage of your personal data at any time (e.g. via the “unsubscribe” link in the newsletter) for the future.
We store your personal data that you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the mailing service provider commissioned by us. This does not apply if we are authorised to store this data for other purposes.
If you unsubscribe from the newsletter mailing list, your e-mail address will be stored by us or the mailing service provider commissioned by us in a blacklist for an indefinite period of time. This is done to prevent future mailings to you. The data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in order to comply with data protection regulations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.
Brevo
We use Brevo as a processor for sending newsletters. The service provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Brevo is a service that organises and analyses the sending of newsletters. Data that you enter to receive newsletters (e.g. your email address) is stored on Brevo’s servers.
Data analysis by Brevo
Brevo offers the possibility to analyse the performance of our newsletter. We can determine whether a newsletter was opened, which links were clicked on and which other actions were carried out after opening/clicking on the newsletter, e.g. a purchase. This allows us to analyse and evaluate our newsletter campaigns with the help of Brevo.
Brevo also offers the possibility to better customise the newsletter to our target groups by dividing the newsletter recipients into different categories, such as age, gender or place of residence. If you wish to prevent your data from being analysed by Brevo, you can unsubscribe from the newsletter by clicking on a link. This link is available in every newsletter you receive.
Legal basis
The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). This consent can be revoked at any time. The legality of the data processing operations already carried out remains unaffected by this.
Presence on social media platforms
Data processing by social networks
We operate publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively. When you visit our social media sites, the following data protection-relevant processing operations are triggered:
If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Irrespective of this, the operator may be able to process your data (e.g. IP address) even if you are not logged into your account or do not have an account there at all.
The operator summarises this data in user profiles in which your preferences and interests are stored. These profiles are used to display personalised advertising within and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising can generally be displayed on all devices on which you are logged in or were logged in.
Depending on the platform, further processing operations may be carried out by the operators of the social media portals, over which we have no influence. For details, please refer to the terms of use and privacy policies of the respective social media portals.
Legal basis
Our social media presences are intended to ensure the broadest possible presence on the internet in line with our legitimate interests. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The analysis processes carried out by the operators of the social networks on their own responsibility may be based on different legal bases, which must be specified by the respective providers.
Responsible party and assertion of rights
If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.
Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing operations of the portals.
Storage duration
The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
For details on the storage period of the data collected by the social networks, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
Facebook page
Our company has a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). According to Meta, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
The company is certified according to the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
For more information, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
Instagram page
Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
The company is certified according to the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Further information on the handling of your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
X-side
We use the short message service X. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customise your X privacy settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
Details can be found in the privacy policy of X: https://twitter.com/de/privacy.
LinkedIn page
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
The company is certified according to the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active
Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
XING page
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
Medium
We have a profile on Medium. The provider is A Medium Corporation, 799 Market St FL 5, San Francisco, CA, 94103-2047, USA. Details on how they handle your personal data can be found in Medium’s privacy policy: https://policy.medium.com/medium-privacy-policy-f03bf92035c9.
GitHub
We have a profile on GitHub. The provider is GitHub Inc, 88 Colin P Kelly Junior St, San Francisco, California, 94107, USA. Details on how they handle your personal data can be found in GitHub’s privacy policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement.
Video conferencing
Data processing
We use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference, your personal data will be collected and processed by us and the provider of the respective tool.
The tools collect the data you provide, including your email address and phone number. They also collect information about the duration of the conference, when you attended the conference, number of participants and other metadata.
In addition, the provider of the tool processes all technical data required to organise the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If you share content on this service, it will be stored on the provider’s servers. This includes cloud recordings, chat messages, voice messages, photos and videos that you have shared while using this service.
Purpose and legal basis
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If you have previously given your consent to data processing, your data will be processed solely on the basis of Art. 6 para. 1 lit. a GDPR; consent can be withdrawn at any time.
Storage duration
The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory retention periods remain unaffected.
CDNJS
Type and scope of processing
We use CDNJS for the proper provision of content on our website. CDNJS is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of CDNJS.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.
Facebook Pixel
Type and scope of processing
We use the Facebook pixel on this website, which is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the Facebook pixel, we can analyse the behaviour of our website visitors when they are redirected to our website by clicking on a Facebook ad. We use the user data to measure the success of our ads on Facebook and to optimise the ads. As the website operator, we only receive anonymised data for this purpose so that we cannot identify you as a user.
Facebook, on the other hand, processes the data in such a way that it is assigned to a specific user and used for its own advertising purposes. This allows Facebook to place personalised advertisements on Facebook and other websites. As the website operator, we have no influence on this. You can find more information on data processing in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.
You can deactivate this remarketing function “Custom Audiences” from Facebook in your personal account at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screendeaktivieren. If you do not have a Facebook account but would like to deactivate this advertising function, you can do so via the website of the European Interactive Digital Advertising Alliance at http://www.youronlinechoices.com/de/praferenzmanagement/.
Purpose and legal basis
When using Facebook Pixel, we rely on your consent to data processing in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
The company is certified according to the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards when processing data in the USA. Certification in accordance with the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active
If this service collects personal data on this website and passes it on to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for the processing of your personal data (Art. 26 GDPR). However, we are only responsible for the collection of your data and its transmission to Facebook, while Facebook is responsible for what happens to the data afterwards. The obligations that we impose on each other in the context of joint responsibility are set out in a joint data processing agreement. You can find the exact text of the agreement at the following link: https://www.facebook.com/legal/controller_addendum. According to this agreement, we must provide you with information on data protection when using the Facebook tool and ensure that the tool is implemented on our website in compliance with data protection regulations.
Facebook itself is responsible for the security of its own products. If you wish to exercise your rights as a data subject and, for example, request information about your data processed by Facebook, you can contact Facebook directly. If you assert your rights as a data subject with us, we are obliged to forward your request to Facebook.
Google Analytics
Type and scope of processing
We use Google Analytics services and functions on this website, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we learn how often our website is accessed, how long visitors stay on the site and which devices or systems they use to access the website. In addition, we may use Google Analytics to track your mouse movements and clicks. This information may be stored and used by Google to create a profile about you. Google Analytics uses machine learning technologies to analyse and supplement your data. Google Analytics also uses technologies to recognise website visitors in order to analyse user behaviour. The data collected is generally processed on Google servers in the USA.
Purpose and legal basis
When using Google Analytics, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to data processing on this website by Google Analytics, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.
The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.
IP anonymisation
When using Google Analytics on this website, we use a function in which Google shortens your IP address before it is transmitted to Google servers in the USA. This only happens if you are located in the European Union or in a country of the European Economic Area. Your full IP address will only be transmitted to the USA in exceptional cases and then shortened there. Google Analytics uses this information to track how you use our website. Your IP address will not be merged with other data held by Google.
Browser plugin
You can prevent Google from collecting and processing data about you. To do this, you must download the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de and install it in your browser.
You can find more information on the processing of user data in the Google Analytics privacy policy at https://support.google.com/analytics/answer/6004245?hl=de
Order processing
When using Google Analytics, we comply with the strict regulations of the German data protection authorities, as we have concluded a contract with Google for order processing.
Storage duration
Google stores data that is linked to cookies, user IDs or advertising IDs. This data is stored for two months and then anonymised or deleted. You can find more information on the storage period and the deletion of your data at https://support.google.com/analytics/answer/7667196?hl=de.
Google Fonts
Type and scope of processing
This website uses web fonts for the standardised display of fonts. These are provided by Google. Your browser loads the required web fonts into your browser cache when you call up the page so that texts and fonts are displayed correctly. To do this, the browser you are using establishes a connection to Google’s servers. Google thereby gains knowledge of your IP address.
If your browser does not support web fonts, a standard font will be used by your computer.
You can find more information about Google Web Fonts here: https://developers.google.com/fonts/faq.
You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de.
Purpose and legal basis
The use of Google Web Fonts is based on our legitimate interest in a uniform presentation of the typeface of our website (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested (e.g. consent to the storage of cookies), the data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time.
Google Tag Manager
Type and scope of processing
We use Google Tag Manager services and functions on this website, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to use other tools on our website. It does not create any user profiles, it does not store any cookies and it does not carry out any independent analyses. However, your IP address is recorded and may be transmitted to the USA. The Google Tag Manager itself is only used to manage these tools that are integrated via it.
Purpose and legal basis
When using Google Tag Manager on this website, we rely on Art. 6 para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website quickly and easily. If you have previously given your consent to data processing on this website by Google Tag Manager, the processing of your data takes place solely on the legal basis of Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.
Heyflow
Type and scope of processing
Our website was created using the Heyflow modular website system. Heyflow is a service of Heyflow GmbH and offers web development technology, web design and layout tools and other applications for marketing such as multi-level forms and lead funnels.
We use Heyflow for web hosting and the presentation of our website, among other things. In addition, Heyflow collects statistical data about visits to our website.
The following data is usually transmitted: the website accessed, the date and time of access, the amount of data transferred, notification of whether access was successful, browser type and version, the user’s operating system, the website previously visited (referrer) and the IP address.
This log data is processed exclusively for the above-mentioned purposes and to maintain the security, functionality and optimisation of Heyflow’s offering.
Purpose and legal basis
The use of the service is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Heyflow GmbH. Further information can be found in the privacy policy for Heyflow: https://heyflow.app/legal/data-privacy.
NitroPack CDN
Type and scope of processing
We use NitroPack CDN to properly provide the content of our website. NitroPack CDN is a service provided by NitroPack Ltd, which acts as a content delivery network (CDN) on our website.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of NitroPack Ltd, 3 Prof. Georgi Bradistilov, entr. A, 3rd floor, Sofia, Bulgaria, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of NitroPack CDN.
Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
Unpkg CDN
Type and scope of processing
We use Unpkg CDN to properly provide the content of our website. Unpkg CDN is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.
A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Unpkg CDN.
Purpose and legal basis
The Content Delivery Network is used on the basis of our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.
YouTube video
Type and scope of processing
This website embeds videos from YouTube. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When you start a YouTube video on this website, a connection to its servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you also enable YouTube to assign your surfing behaviour to your personal profile. You can prevent this by logging out of your account.
After starting a video, YouTube can store various cookies on your end device or use comparable recognition technologies, such as device fingerprinting. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.
Not excluded are further data processing operations after the start of a video, over which we have no influence.
Further information about data protection at YouTube can be found in the privacy policy:
https://policies.google.com/privacy?hl=de.
Purpose and legal basis
The use of YouTube is based on our legitimate interest in an appealing presentation of our online offers (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time.
