Privacy Statement

(As of February 2020)

This privacy statement applies to the use of www.tim-vad.com (hereinafter referred to as the “website”). It also applies to our TIM companies in Austria and Switzerland.

We believe that data protection is an important matter. Your personal data is always collected and processed in accordance with the applicable data protection regulations, particularly the EU General Data Protection Regulation (GDPR). We collect and process your personal data to offer you the portal indicated above. This privacy statement describes how and for what purpose your data is collected and used, as well as your options with regard to personal data.

By using our website, you consent to the collection, use and transfer of your data in accordance with this privacy statement. Download Privacy Statement

Content

  1. Name and Contact Details of the Controller and Data Protection Officer
  2. Collection and Storage of Personal Data & Nature and Purpose of the Use of Personal Data
  3. Links
  4. Disclosure of Data
  5. Potential Recipients of Personal Data
  6. Cookies
  7. YouTube
  8. Newsletter
  9. Google Analytics
  10. Google reCAPTCHA
  11. Google Fonts
  12. Google Maps
  13. Social Media Presence
  14. Online Job Applications / Job Advertisements
  15. Rights of Data Subjects
  16. Right to Object
  17. Data Security
  18. Relevance and Amendment of this Privacy Statement

1. Name and Contact Details of the Controller and Data Protection Officer

This privacy statement applies to data processing performed by:

Controller:

TIM AG
Schoßbergstraße 21
65201 Wiesbaden
Tel: +49 611 2709 0
Email: [Um diese E-Mailadresse zu sehen, müssen Sie Javascript in Ihrem Browser aktivieren.]

The controller has appointed the following data protection officer:

Gräf & Centorbi Rechtsanwaltsgesellschaft mbH
Isaac-Fulda-Allee 5
55124 Mainz
Tel: +49 6131 95009 0
Fax: +49 6131 95009 91

If you have any questions or suggestions about data protection, you can contact the data protection officer at the above address or at [Um diese E-Mailadresse zu sehen, müssen Sie Javascript in Ihrem Browser aktivieren.]

2. Collection and Storage of Personal Data & Nature and Purpose of the Use of Personal Data

a) When visiting the website

When you visit our website, information will be sent automatically from your browser to our website server. This information will be temporarily stored in a so-called “log file”. We take the protection of personal data seriously and strictly adhere to the relevant legal regulations and this privacy statement when collecting and processing personal data. If the purpose for which your personal data was collected no longer applies, or if the statutory retention period has expired, the collected data will be blocked or deleted. The following data will be collected and stored until its automatic deletion without any action on your part:

  • The IP address of the requesting computer;
  • The date and time of access;
  • The name and URL of the accessed file;
  • The website from which the file is accessed (referrer URL);
  • The browser used and, if applicable, the operating system of your computer and the name of your access provider.

We will process this data for the following purposes:

  • To ensure a smooth connection to our website;
  • To ensure the comfortable use of our website;
  • To evaluate the security and stability of our system; and
  • To perform other administrative tasks.

The legal basis for data processing is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the purposes of data collection listed above. We will never use your personal data to draw conclusions about your person.

We also use cookies and analytical services for visits to our website. More detailed information can be found in this privacy statement.

b) When using our contact form or contacting us via email

If you send us an enquiry via the contact form or via email, the information you provide – including your contact details – will be stored to enable us to process and respond to your enquiry. We will not share this data without your consent.

We will only ever process the data you enter in the contact form with your consent (point (a) of Art. 6 (1) GDPR). You may withdraw your consent at any time. You can do this by notifying us informally via email. This will have no bearing on the legality of any data processing performed before the withdrawal of your consent.

We will retain your data entered in the contact form until you request its deletion, until you withdraw your consent to its storage, or until the purpose for which your data was collected no longer applies (e.g. once your enquiry has been fully processed). This has no bearing on mandatory legal provisions, particularly retention periods.

c) Customer account / registration function

If you create a customer account on our website, we will only collect and store the data you enter during registration (e.g. your name, address or email address) to provide pre-contractual services, perform a contract or provide customer support. Users can receive information via email regarding our services or registration process, such as changes to the scope of our services or technical circumstances. We will also save your IP address and the date and time of your registration. Needless to say, this data will not be disclosed to third parties.

During the further registration process, you will be asked to consent to data processing and reference will be made to this privacy statement. The data we collect during the registration process will only be used to make the customer account available.

If you consent to this form of data processing, the legal basis will be point (a) of Art. 6 (1) GDPR.

If the customer account is also opened to perform pre-contractual measures or perform a contract, the legal basis for this form of data processing will also be point (b) of Art. 6 (1) GDPR.

In accordance with Art. 7 (3) GDPR, you may withdraw your consent to the opening and maintenance of the customer account with future effect at any time. All you have to do is notify us of your intention to withdraw your consent.

The data collected will be deleted as soon as the processing is no longer necessary. However, we must comply with the retention periods stipulated in tax and commercial law.

d) Performance of a contract

Any data you provide to use our range of goods and services will be processed for the purpose of performing a contract and is therefore necessary. A contract cannot be concluded or performed if you do not provide your data. We will disclose your delivery address to a logistics company commissioned for the purpose of executing the purchase agreement.

The legal basis for this form of processing is point (b) of Art. 6 (1) GDPR.

We will delete your data once the contract has been fully performed; however, we must comply with the retention periods stipulated in tax and commercial law.

When performing a contract, we will disclose your data to the haulier commissioned to deliver the goods or to the financial service provider, provided the disclosure of this information is necessary for the delivery of the goods or for payment purposes.

The legal basis for the disclosure of this data is point (b) of Art. 6 (1) GDPR.

e) Processing orders in the online store and customer account

We process our customers’ data when they place orders on our online store, so that they can select and order products and services, and to enable payment and delivery of the products and services.

The processed data includes inventory data, communication data, contract data and payment data; the data subjects include our customers, prospective customers and other business partners. This data is processed to provide the contractual services involved in the operation of an online store, as well as for billing purposes, delivery and customer services. We use session cookies to remember the content of your shopping cart and permanent cookies to remember your log-in status.

We process this data to provide our services and perform contractual measures (e.g. order processes) and if prescribed by law (e.g. the mandatory archiving of business transactions stipulated in commercial and tax law). The information marked as “required” is needed to establish and execute the contract. We will only disclose this data to third parties during delivery and payment, within the scope of our legal permissions and duties, or on the basis of our legitimate interests; we will inform you about such disclosures in this privacy statement (e.g. to legal and tax advisers, financial institutions, freight companies and public authorities).

All users must register and create a customer account (see Section 2 c). The required information is highlighted to users during the registration process. The user accounts are not publicly accessible and cannot be indexed by search engines. Once users have closed their user account, their user account data will be deleted, unless it has to be retained for reasons pertaining to commercial or tax law. Information in the customer account will be retained until its deletion, and it may be subsequently archived to comply with a legal obligation or to safeguard our legitimate interests (e.g. in the event of legal disputes). It is the responsibility of users to back up their data if they terminate the contract before the end of its term.

When you register, sign in and use our online services, we will store your IP address and the time of your activity. This data is stored to pursue our legitimate interests and safeguard our users’ interest in the prevention of misuse and other forms of unauthorised use. This data will generally not be disclosed to third parties, unless we are legally obliged to do so or unless this is necessary on the basis of our legitimate interest in pursuing our legal claims.

The data will be deleted upon expiry of statutory warranty rights and other contractual rights or obligations (e.g. payment claims or obligations to provide services arising from contracts with customers), and the need to retain such data is checked every three years; if the data is retained to comply with statutory archiving obligations, it will be deleted at the end of the respective retention period.

f) Registering for events

TIM hosts regular events that are attended by its customers, prospective customers and suppliers. We offer online registration to such events on our website.

If you register for an event, we will need you to provide certain information depending on the type of event. The information requested in the invitation or registration form will be marked as either required or voluntary. Your data will not be disclosed to third parties. Any exceptions (e.g. in the case of jointly organised events) will be clearly communicated during the registration process.

We will use your data for the following purposes:

  • To organise, host and manage the event;
  • To network event participants by issuing name badges and displaying guest lists: Your name badge will only contain your name; the guest list will feature your name, position and institution, unless you object to this;
  • To plan future events and invite you to them;
  • To prove that we are processing your data and that we may send you information via email;
  • To fulfil our obligations and interests in accordance with our articles of association, tax regulations and budgeting requirements, including controlling, the prevention of fraud and corruption, and the documentation of our work; if you receive catering services or reimbursements during the event, we must store your registration data and, if applicable, your billing and payment data;
  • To document the event through photographs and film recordings, which may also be used in TIM’s public relations.

We will not use your data for automated decision-making or profiling, as described in Art. 22 GDPR.

Please note that events may also be attended by journalists or photographers.

If you are attending an event, you should expect images (static or moving pictures) and film recordings to be taken and published. They may be published on the Internet, on social media, in our newsletter or even in other publications as part of TIM’s public relations.

Our visitors are encouraged to bear this in mind and behave accordingly, e.g. by not walking in or through recordings and avoiding any areas in which pictures are likely to be taken or in which they are likely to appear in the pictures.

By registering for an event, you consent to the processing of your data for the event and the purposes indicated above in accordance with point (a) of Art. 6 (1) GDPR. The legal basis for the creation and subsequent processing of photographs and film recordings is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the documentation and publication of the activities carried out by TIM, and photographs and film recordings are often required for this purpose in the modern world; we also have a legitimate interest in the documentation and publication of the entire content – or the essential content – of appropriate events.

Your data will be made accessible to our distribution managers, conference managers and those entrusted with the organisation, hosting and management of events and, if technically necessary, our IT administrators. The entrusted employees will have access to invitation mailing lists and guest lists for the purpose of planning future events and inviting you to them. Your name, position and institution will also be made accessible to the other guests for networking purposes. Photographs and film recordings that are published or otherwise processed for the purpose of documentation or public relations may be accessed by anyone. We may sometimes entrust a processor with certain activities; the processor will only ever use your data for such activities on our behalf. The processor will be strictly bound by our instructions and may not process or disclose the data for its own purposes.

The data collected will be deleted as soon as the processing is no longer necessary. However, we must comply with the retention periods stipulated in tax and commercial law. Photographs and film recordings taken for the purpose of documenting events or improving public relations are generally processed for an indefinite period. However, we check whether photographs and film recordings are still required by 31 December of the year following the end of each event and, if so, whether a time limit can be set for the processing. If we determine that no time limit can be set for the processing due to the importance of the event, we carry out another check by 31 December of the year following the last check.

Our website contains links to other websites. Please note that we are not responsible for the data protection practices of other websites. Data will only be transmitted to the link destination when you click on such a link. This is technically necessary. The transmitted data will include your IP address, the time at which you clicked on the link, the page on which you clicked on the link, and details about your web browser. If you do not want this data to be transmitted to the link destination, please do not click on the link. We would advise you to carefully read the privacy statements of any website that collects personal information. This privacy statement only applies to the data collected on our website.

4. Disclosure of Data

We will not disclose your personal data to third parties for any purposes other than those listed below.

We will only disclose your personal data to third parties if:

  • You have given your explicit consent (point (a) of Art. 6 (1) GDPR);
  • The disclosure of such information is necessary for the establishment, exercise or defence of legal claims and we have no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data (point (f) of Art. 6 (1) GDPR);
  • We are legally obliged to disclose the information (point (c) of Art. 6 (1) GDPR); and
  • This is legally permissible and necessary for the performance of a contract with you (point (b) of Art. 6 (1) GDPR).

5. Potential Recipients of Personal Data

We are a global company with cross-border, legally independent entities, business processes, management structures and technical systems. The data on this website is generally collected and processed by TIM AG. Your data may be shared with our affiliated companies if required within the scope of our necessary business processes.

It is particularly likely that personal data will be shared with our affiliated companies in Austria and Switzerland. Our affiliated company in Austria is Total-Information-Management TIM AG (Triester Straße 14, IKANO Bürohaus 2, 1st Floor, Top 158, AT-2351 Wiener Neudorf); our affiliated company in Switzerland is TIM Storage Solutions AG (Oberneuhofstr. 3, CH-6340 Baar). The contact details of these companies can be found in our imprint.

Your data may also be disclosed to third parties involved in the execution of our orders, such as IT service providers, to help us provide our services. We will only provide such third parties with the personal information required for the provision of their services. This will be done with the necessary level of data security. TIM AG will only disclose your personal data to third parties who are obliged to process and protect your data in accordance with the applicable laws.

Our service providers and foreign companies sometimes process personal data outside the EU. In such cases, we comply with the requirements of European law by ensuring an adequate level of data protection (this is usually ensured through the use of the EU standard contractual clauses published by the European Commission).

TIM AG may be forced to disclose your data and related information by order of a court or official body. We also reserve the right to use your data to assert legal claims or defend ourselves against legal claims asserted by third parties.

In the event of a takeover or merger with another company, your data may have to be disclosed or passed on to potential or actual buyers. In such cases, TIM AG will aim to ensure the best possible protection of your data and comply with the legal provisions.

6. Cookies

a) Session cookies

We use cookies on our website. Cookies are small text files or other memory technologies that are stored on your device by the web browser you use. These cookies process certain information about you, such as your browser details, location data and IP address. Some of our cookies include authentication cookies, language / country cookies and consent cookies.

This processing makes our website more user-friendly, effective and secure, such as by allowing our website to be displayed in different languages and by enabling the shopping cart function.

The legal basis for this form of processing is point (b) of Art. 6 (1) GDPR, provided these cookies process data for the initiation or performance of a contract.

Where your data is not processed to initiate or perform a contract, we have a legitimate interest in improving the functionality of our website. The legal basis for this is point (f) of Art. 6 (1) GDPR.

All cookies will generally be deleted when you log out. Apart from that, authentication cookies will be deleted after 20 minutes of inactivity (end of session), consent cookies will be deleted after 1 year, and language / country cookies will be deleted when you close your browser or after 20 minutes of inactivity.

b) Third-party cookies

We also use third-party cookies to create advertising, conduct analysis and improve the functionality of our website.

The following paragraphs contain more information on the purposes and legal basis for the processing performed by such third-party cookies.

Since cookies are automatically accepted by most browsers, we have activated an upstream function that allows you to choose whether you would like to only enable technically necessary cookies or also third-party cookies before using our website. This means you can configure your browser in such a way that only session cookies – and no third-party cookies – are stored on your computer. You can also allow all cookies but withdraw your consent at any time to delete any cookies that have already been saved. The necessary steps and actions depend on your specific browser. If you have any questions, please use the help function or documentation in your browser or contact your browser provider or support team. The processing performed by so-called “Flash cookies” cannot be stopped via the browser settings. You will have to change your Flash Player settings instead. The necessary steps and actions depend on the specific version of Flash Player you are using. If you have any questions, please use the help function or documentation in your version of Flash Player or contact your provider or user support team.

If you prevent or restrict the installation of cookies, however, this may affect the full functionality of some of our website functions.

c) Removing cookies

You may prevent or restrict the installation of cookies by changing your browser settings. You may also delete saved cookies at any time. The necessary steps and actions depend on your specific browser. If you have any questions, please use the help function or documentation in your browser or contact your browser provider or support team. The processing performed by so-called “Flash cookies” cannot be stopped via the browser settings. You will have to change your Flash Player settings instead. The necessary steps and actions depend on the specific version of Flash Player you are using. If you have any questions, please use the help function or documentation in your version of Flash Player or contact your provider or user support team.

If you prevent or restrict the installation of cookies, however, this may affect the full functionality of some of our website functions.

d)Storage period

We have limited the storage period of our global settings cookies to one year to minimise data while maintaining a pleasant user experience. This means that any consent you give to the use of certain cookies on our website will remain valid for one year. The cookies will then be automatically deleted.

Of course, this does not apply if you change your cookies settings beforehand, which you may do at any time.

7. YouTube

Our website features videos provided by YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA), which is represented by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

We have embedded YouTube videos in such a way that users first have to consent to the use of cookies by YouTube via an upstream interface. In other words, no cookies will be transferred to YouTube without your prior consent to each YouTube video. The cookies will only be transferred to YouTube within the embedded video once you have consented to the use of such cookies.

This is currently a technical requirement for you to watch the videos. In other words, you must accept the cookies to be able to watch the videos.

We have no knowledge or control over the potential collection and use of your data by YouTube. You can find more detailed information in YouTube’s privacy statement at www.google.de/intl/de/policies/privacy/. This privacy statement contains general information on managing and disabling cookies. If you have configured your browser to disable all third-party cookies, these elements will not be saved. However, this may also prevent you from accessing YouTube videos.

You can withdraw your consent to download YouTube videos embedded on this website by clicking here.

We have limited your consent to the use of cookies by YouTube to one month, which means your consent to watch YouTube videos will remain valid for one month, unless you withdraw your consent beforehand, which you may do at any time. Your consent will expire after one month, when you will have to give it again.

8. Newsletter

We offer you the chance to subscribe to our free newsletter on our website.

We send our newsletter using inxmail, a service provided by Inxmail GmbH (Wentzingerstr. 17, D-79106 Freiburg); the company is referred to below simply as “Inxmail”.

Inxmail provides more detailed information on data protection at:

https://www.inxmail.de/datenschutz

If you subscribe to our newsletter, the data requested during the registration process will be processed by Inxmail (e.g. your email address and, optionally, your name and address). Furthermore, your IP address and the date and time of your registration will be saved. During the further registration process, you will be asked to consent to receiving the newsletter and reference will be made to this privacy statement.

Inxmail uses newsletter tracking. Recipient responses (opening a newsletter, clicking on text and image links, downloading images with an email programme) are recorded and saved in an anonymised form for statistical purposes. The saved data cannot be used to draw conclusions about individual users.

If you have given your explicit consent, your personal recipient responses will be recorded and saved. This will enable Inxmail to tailor the content of the newsletter to your personal interests.

The legal basis for the delivery of the newsletter and the analysis is point (a) of Art. 6 (1) GDPR.

In accordance with Art. 7 (3) GDPR, you may withdraw your consent to receiving the newsletter with future effect at any time. All you have to do is notify us of your intention to withdraw your consent or click on the “unsubscribe” link found in every newsletter.

9. Google Analytics

In order to continuously optimise our website and ensure a user-friendly experience, we use Google Analytics, a web analysis service provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland); the company is referred to below simply as “Google”. This involves the creation of pseudonymised user profiles and cookies (see Section 4). The information generated by cookies on your use of our website, such as

  • Browser type / version;
  • Operating system;
  • Referrer URL (previously visited page);
  • Host name of accessing computer (IP address); and
  • Time of server request,

will usually be transferred and stored on a Google server; the data may also be transmitted to the servers of Google LLC in the USA. This information will be used to analyse your use of the website, to compile reports on your website activities, and to provide other services related to your use of the website and Internet for the purpose of market research and the creation of a user-friendly website. This information may also be transferred to third parties if prescribed by law or if such third parties have been commissioned to process such data. Under no circumstances will your IP address be merged with other data held by Google. IP addresses are anonymised, which means they cannot be linked to individual users (IP masking).

Google is certified under the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

which means it complies with the EU data protection regulations when processing data in the USA.

We use Google Analytics to analyse user behaviour on our website. The legal basis for this is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the analysis, optimisation and cost-effective operation of our website.

You may prevent the installation of cookies by configuring your browser software accordingly; however, please note that this may affect the full functionality of some of our website functions.

If you would like to stop data on your use of the website (including your IP address) from being generated by cookies and processed by Google, you can download and install a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de)

As an alternative to the browser add-on, especially on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. This will install an opt-out cookie to prevent your data from being collected when you visit our website in the future. The opt-out cookie will be saved on your device, and it will only work in that specific browser and on our website. If you delete your cookies in that browser, you will have to reinstall the opt-out cookie.

More information on data protection related to Google Analytics can be found in the Google Analytics Help Centre:

https://support.google.com/analytics/answer/6004245?hl=en

10. Google reCAPTCHA

We use Google reCAPTCHA, a service provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), to ensure that our website is protected as adequately as possible for you and us. Google reCAPTCHA allows us to confirm that you are a human and not a robot or another piece of spam software.

As we have a legitimate interest in protecting our website against bots and spam, the legal basis for the use of Google reCAPTCHA is point (f) of Art. 6 (1) GDPR.

Whenever we use Google reCAPTCHA, data is transmitted to Google and used to determine whether the user is a human.

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Website: https://www.google.com/recaptcha/ Privacy policy: https://policies.google.com/privacy Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=de Ad settings: https://adssettings.google.com/authenticated

Google is certified under the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

which means it complies with the EU data protection regulations when processing data in the USA.

If you do not want any data to be transmitted to Google, you must fully log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. The data will be automatically transmitted to Google as soon as you visit our website. In order to delete the data, you must contact the Google Help Centre at https://support.google.com/?hl=de&tid=331580216536.

11. Google Fonts

We use Google Fonts to display third-party typefaces on our website. This service is provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland); the company is referred to below simply as “Google”.

Whenever you visit our website, a connection will be established to the Google servers in the USA to enable certain fonts to be displayed.

Your browser must establish a connection to the Google servers for this purpose, which may also involve the transfer of personal data to the servers used by Google LLC in the USA.

Google is certified under the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active which means it complies with the EU data protection regulations when processing data in the USA.

The legal basis for this is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the optimisation and cost-effective operation of our website.

The connection established with the Google servers during your visit to our website will enable Google to determine the website from which your request has been sent and the IP address to which the font should be sent.

Google provides additional information, particularly on how to prevent data usage, at:

12. Google Maps

This website uses Google Maps to display interactive maps and generate directions. This map service is provided by Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland); the company is referred to below simply as “Google”. If you use Google Maps, information about your use of our website, including your IP address and the (start) address entered in the route planner, may also be sent to Google in the USA.

Google is certified under the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active which means it complies with the EU data protection regulations when processing data in the USA.

The legal basis for this is point (f) of Art. 6 (1) GDPR. We have a legitimate interest in the optimisation and functionality of our website.

If you access a page containing Google Maps on our website, your browser will establish a direct connection to the Google servers. Google will send the map contents straight to your browser, and your browser will then embed the map contents in the website. We have no control over the amount of data collected by Google in this way. As far as we are aware, at least the following data is collected:

  • Date and time of your visit to the page;
  • Web address or URL of the page visited;
  • IP address; and
  • (Start) address entered in the route planner.

We have no control over any further processing or use of your data by Google, and so we cannot assume responsibility for any such actions.

If you want to stop Google from collecting, processing or using your personal data via our website, you can disable JavaScript in your browser settings. However, you will then be unable to use the maps function.

Please refer to Google’s privacy policy for more information as to why and to what extent the company collects, processes and uses data, as well as more details on your rights and settings to safeguard your privacy.

The terms of use for Google Maps can be found at http://www.google.com/intl/de_de/help/terms_maps.html. Extensive details can be found in the Google Privacy Centre: http://www.google.de/intl/de/privacy/ and http://www.google.de/intl/de/privacy/privacy-policy.html.

13. Social Media Presence

We have a presence on social media and other platforms to communicate with our current and future customers and other active users and to inform them about our services.

Please note that user data may be processed outside the European Union. This may pose risks to users because, for example, it may be difficult for them to assert their rights. Please note that providers in the USA who are certified under the Privacy Shield are obliged to observe the EU data protection standards.

User data is normally processed for market research and advertising purposes. For example, user behaviour may be analysed to determine interests and create user profiles. These user profiles can then be used, for example, to display targeted ads within and outside the platforms. For these purposes, cookies are usually installed on users’ computers to record their behaviour and interests. User profiles may also be used to store data on the users regardless of the browser they are using (especially if the users are members of the respective platforms and logged in to them).

The legal basis for the processing of users’ personal data is point (f) of Art. 6 (1) GDPR; we have a legitimate interest in effectively notifying and communicating with users. If the providers of the respective platforms ask users to consent to this form of data processing, the legal basis for the processing will be point (a) of Art. 6 (1) GDPR and Art. 7 GDPR.

If you would like a detailed description of the processing and opt-out methods, please refer to the information provided by each provider via the links below.

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). Privacy policy / opt-out: https://www.xing.com/app/share?op=data_protection.

Google / YouTube (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Privacy policy: https://policies.google.com/privacy. Opt-out: https://adssettings.google.com/authenticated. Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

This website does not use any mechanisms by which information might be automatically sent to social media providers when you visit our website (social plug-ins).

You will only ever be redirected to social media providers (e.g. Xing) via a link, which means any data about your visit to our website (e.g. IP address, date, URL) or data stored on your device (e.g. cookies information) will only be sent to the respective provider when you consciously click on the link.

14. Online Job Applications / Job Advertisements

We offer you the chance to apply for a job on our website. If you submit a digital application in this way, we will electronically collect and process your applicant and application data to run the application process.

The legal basis for this form of processing is Section 26 (1) Sentence 1 of the Federal Data Protection Act (BDSG) in conjunction with Art. 88 (1) GDPR.

If we conclude an employment contract with you after the application process, the data sent during your application will be stored in your personnel file as part of our standard organisational and administrative processes; when doing so, we will naturally take into account our further legal obligations.

The legal basis for this form of processing is also Section 26 (1) Sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.

If your application is rejected, we will automatically delete your data 6 months after notifying you of the rejection. However, we will not delete your data if it has to be stored for a longer period to comply with legal provisions, e.g. the obligation to provide evidence in accordance with the German General Equal Treatment Act (AGG).

In such cases, the legal basis is point (f) of Art. 6 (1) GDPR and Section 24 (1) No. 2 BDSG. We have a legitimate interest in the defence and exercise of our rights.

If you explicitly consent to the storage of your data for a longer period (e.g. for inclusion in a database of past or prospective applicants), your data will be processed on the basis of your consent. The legal basis for this is point (a) of Art. 6 (1) GDPR. In accordance with Art. 7 (3) GDPR, you may withdraw your consent with future effect at any time by declaring your intention to us.

15. Rights of Data Subjects

You have the right:

  • to request access to the personal data we are processing on you (Art. 15 GDPR). You may particularly request information on: the purposes of processing; the categories of personal data concerned; the categories of recipient to whom your personal data has or will be disclosed; the envisaged storage period; whether you have the right to request the rectification or erasure of your personal data or the restriction of processing or to object to such processing; whether you have the right to lodge a complaint; the source of any data not provided by yourself, and whether we carry out automated decision-making, including profiling, and meaningful information about any such processes;
  • to request the immediate rectification of any incorrect data or the immediate supplementation of any incomplete data we hold on you (Art. 16 GDPR);
  • to request the deletion of any personal data we hold on you (Art. 17 GDPR), unless our processing is necessary to exercise freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • to request the restriction of the processing of your personal data (Art. 18 GDPR) if you contest its accuracy, if the processing is unlawful but you oppose the deletion of your data, if we no longer need your data but you require it for the establishment, exercise or defence of legal claims, or if you have objected to processing in accordance with Art. 21 GDPR;
  • to receive any personal data you have provided to us in a structured, commonly used and machine-readable format, or to have this data transferred to another controller (Art. 20 GDPR);
  • to withdraw any consent you have previously given us (Art. 7 (3) GDPR). As a result, we will not be able to continue any data processing performed on the basis of this consent; and
  • to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can usually do this by contacting the supervisory authority in your habitual place of residence or at our place of business.

16. Right to Object

If your personal data is being processed on the basis of our legitimate interests pursuant to point (f) of Art. 6 (1) GDPR, you are entitled to object to the processing of your personal data, provided your reasons for doing so relate to your particular situation or your objection concerns direct marketing (Art. 21 GDPR). If the latter is the case, you have a general right to object, and we will honour your right without you having to name a specific situation.

If you would like to exercise your right to object or withdraw your consent, you just have to send an email to

[Um diese E-Mailadresse zu sehen, müssen Sie Javascript in Ihrem Browser aktivieren.]

17. Data Security

Whenever users visit our website, we use the widespread SSL protocol (Secure Sockets Layer) and the highest level of encryption supported by their browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a page on our website is transmitted in an encrypted form by the closed key or lock symbol in the lower status bar of your browser.

We also take the appropriate technical and organisational security measures to protect data against accidental or deliberate manipulation, full or partial loss, destruction, and unauthorised third-party access. Our safety measures are constantly improved in line with technical developments.

18. Relevance and Amendment of this Privacy Statement

This privacy statement is currently valid and was last updated in February 2020.

It may be necessary to change this privacy statement if our website and its features are developed, or if statutory and/or official regulations are amended.