Menu Privacy Policy EN

Privacy Policy

Preamble

With the following privacy policy, we would like to inform you about which types of your personal data (hereinafter also briefly referred to as “data”) we process, for what purposes and to what extent. The privacy policy applies to all processing of personal data carried out by us, both as part of the provision of our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offering”).

The terms used are not gender-specific.

Status: 21 November 2025

Table of Contents

Preamble
Controller
Data Protection Officer Contact
Overview of Data Processing
Relevant Legal Bases
Security Measures
Transfer of Personal Data
General Information on Data Storage and Deletion
Rights of the Data Subjects
Business Services
Business Processes and Procedures
Providers and Services Used in the Course of Business
Credit Assessment
Provision of the Online Offering and Web Hosting
Use of Cookies
Contact and Request Management
Video Conferences, Online Meetings, Webinars, and Screen Sharing
Cloud Services
Presence on Social Networks (Social Media)
Plug-ins and Embedded Features and Content
Management, Organization, and Tools
Data Processing in the Context of Employment Relationships
Application Procedures
Changes and Updates
Definitions

Controller

IPS – Innovative Produktionssysteme GmbH
Rudolf-Diesel Straße 12
72250 Freudenstadt
Authorized representative: Rainer Wälde
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 07441/5282010
Imprint: https://ipstec.de/de/impressum

Data Protection Officer Contact

Can Samjeske
Rudolf-Diesel Straße 12
72250 Freudenstadt

Overview of Data Processing

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

Types of Data Processed

Master data
Employee data
Payment data
Contact data
Content data
Contract data
Usage data
Meta, communication, and procedural data
Social data
Applicant data
Image and/or video recordings
Audio recordings
Log data
Performance and behavioral data
Working time data
Creditworthiness data
Remuneration data

Special Categories of Data

Health data
Religious or philosophical beliefs
Trade union membership

Categories of Data Subjects

Recipients of services and customers
Employees
Interested parties
Communication partners
Users
Applicants
Business and contractual partners
Depicted persons
Third parties
Customers

Purposes of Processing

Provision of contractual services and fulfillment of contractual obligations
Communication
Security measures
Reach measurement
Tracking
Office and organizational procedures
Target group formation
Organizational and administrative procedures
Application procedures
Feedback
Marketing
Provision of our online offering and user-friendliness
Assessment of creditworthiness and credit standing
Establishment and execution of employment relationships
Information technology infrastructure
Financial and payment management
Public relations
Sales promotion
Business processes and business procedures

Automated Decision-Making in Individual Cases

Credit assessment

Relevant Legal Bases

Applicable Legal Bases under the GDPR

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or establishment. Should special legal bases be relevant in individual cases, we will inform you about them in this privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) – The data subject has given consent to the processing of personal data concerning them for a specific purpose or for several specified purposes.
Contract performance and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Application procedure as a pre-contractual or contractual relationship (Art. 6 para. 1 sentence 1 lit. b) GDPR) – Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (such as health data e.g. severely disabled status or ethnic origin) are requested from applicants so that the controller or the data subject can exercise rights arising from employment law and social security and social protection law and fulfill their obligations in this regard, processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in the case of protection of vital interests of applicants or other persons in accordance with Art. 9 para. 2 lit. c GDPR, or for the purposes of preventive health care or occupational medicine, for the assessment of the employee’s working capacity, for medical diagnosis, for health or social care or treatment or for the management of health or social care systems and services in accordance with Art. 9 para. 2 lit. h GDPR. In the case of voluntary disclosure of special categories of data, processing is based on consent in accordance with Art. 9 para. 2 lit. a GDPR.
Processing of special categories of personal data in relation to health, profession, and social security (Art. 9 para. 2 lit. h) GDPR) – Processing is necessary for the purposes of preventive health care or occupational medicine, assessment of the employee’s working capacity, medical diagnosis, health or social care or treatment or the management of health or social care systems and services based on Union law or the law of a Member State or a contract with a health professional.

National Data Protection Regulations in Germany

In addition to the data protection regulations of the GDPR, national regulations apply in Germany. These include in particular the Federal Data Protection Act (BDSG), which contains specific provisions concerning the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfer as well as automated individual decision-making, including profiling. The data protection laws of the individual federal states may also apply.

Note on the Application of the GDPR and Swiss DSG

This data protection information serves for information purposes both under the Federal Act on Data Protection (DSG) of Switzerland and the General Data Protection Regulation (GDPR). For general reasons of comprehensibility and the close link with the GDPR, the terms of the GDPR are used. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data” used in the Swiss DSG, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are adopted. The legal meaning is determined under the Swiss DSG insofar as the Swiss DSG applies.

Security Measures

In accordance with the legal requirements and taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as access to, input into, transfer of, safeguarding of availability of, and separation of the data.
Furthermore, we have implemented procedures that ensure the exercise of data subject rights, the deletion of data and appropriate reactions to threats to data.
We also take the protection of personal data into account from the stage of development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

IP Address Shortening

Where IP addresses are processed by us or by service providers and technologies that we use, and the processing of a full IP address is not required, the IP address is shortened (also referred to as “IP masking”).
In this process, the last two digits or the last part of the IP address after a dot are removed or replaced by placeholders.
Shortening the IP address is intended to prevent or substantially hinder the identification of an individual via their IP address.

Securing Online Connections via TLS/SSL Encryption (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet.
These technologies encrypt the information transmitted between the website or app and the user’s browser, or between two servers, thereby protecting the data from unauthorized access.
TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards.
When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL, which signals to users that their data is being transmitted securely and in encrypted form.

Transmission of Personal Data

In the course of our processing of personal data, it may occur that such data is transmitted to other entities, companies, legally independent organizational units or persons, or disclosed to them.
Recipients of this data can include, for example, service providers tasked with IT services, or providers of services and content that are embedded in a website.
In such cases, we comply with the legal requirements and, in particular, conclude contracts or agreements with the recipients of your data that serve to protect your data.

General Information on Data Storage and Deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist.
This includes cases where the original purpose of processing no longer applies or the data is no longer required for that purpose.
Exceptions apply if statutory obligations or particular interests require longer retention or archiving of the data.
In particular, data that must be retained for commercial or tax reasons, or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons, must be archived accordingly.

Our data protection notices contain additional information on the retention and deletion of data that applies specifically to certain processing activities.
Where multiple retention periods or deletion deadlines are stated for a given set of data, the longest period is always decisive.
Data that is no longer processed for the original purpose but is retained due to statutory requirements or other reasons is processed by us solely for those reasons that justify its continued retention.

Retention and Deletion of Data (Germany)

The following general retention and archiving periods apply under German law.

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the organizational documents required to understand these records (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
8 years – Booking records, such as invoices and cost documents (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO, and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents insofar as they are relevant for taxation, such as hourly wage slips, cost accounting sheets, calculation documents, price tags, as well as payroll documents insofar as they are not already booking records, and cash register receipts (§ 147 para. 1 nos. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 nos. 2 and 3 in conjunction with para. 4 HGB).
3 years – Data required to take into account potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and common industry practice, are retained for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Commencement of Periods at End of the Year

If a period does not explicitly begin on a specific date and is at least one year, it automatically starts at the end of the calendar year in which the event triggering the period occurred.
For ongoing contractual relationships in which data is stored, the event triggering the period is the effective date of the termination or other ending of the legal relationship.

Rights of Data Subjects

Rights of Data Subjects under the GDPR

As data subjects, you have various rights under the GDPR, in particular as set out in Articles 15 to 21 GDPR.

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw consent you have given at any time.
Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to such data and further information as well as a copy of the data, in accordance with the legal requirements.
Right to rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to request the immediate deletion of personal data concerning you, or alternatively to request restriction of processing of the data in accordance with the legal requirements.
Right to data portability: You have the right, in accordance with the legal requirements, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to request that this data be transmitted to another controller.
Right to lodge a complaint with a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Security Measures

IP Address Shortening

Securing Online Connections via TLS/SSL Encryption (HTTPS)

Transmission of Personal Data

General Information on Data Storage and Deletion

Retention and Deletion of Data (Germany)

The following general retention and archiving periods apply under German law.

10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets and the organizational documents required to understand these records (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
8 years – Booking records, such as invoices and cost documents (§ 147 para. 1 nos. 4 and 4a in conjunction with para. 3 sentence 1 AO, and § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
6 years – Other business documents: received commercial or business letters, copies of sent commercial or business letters, and other documents insofar as they are relevant for taxation, such as hourly wage slips, cost accounting sheets, calculation documents, price tags, as well as payroll documents insofar as they are not already booking records, and cash register receipts (§ 147 para. 1 nos. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 nos. 2 and 3 in conjunction with para. 4 HGB).
3 years – Data required to take into account potential warranty and compensation claims or similar contractual claims and rights, as well as to process related inquiries, based on past business experience and common industry practice, are retained for the duration of the regular statutory limitation period of three years (§§ 195, 199 BGB).

Commencement of Periods at End of the Year

Rights of Data Subjects

Rights of Data Subjects under the GDPR

As data subjects, you have various rights under the GDPR, in particular as set out in Articles 15 to 21 GDPR.

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to withdraw consent: You have the right to withdraw consent you have given at any time.
Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to such data and further information as well as a copy of the data, in accordance with the legal requirements.
Right to rectification: You have the right, in accordance with the legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
Right to erasure and restriction of processing: You have the right, in accordance with the legal requirements, to request the immediate deletion of personal data concerning you, or alternatively to request restriction of processing of the data in accordance with the legal requirements.
Right to data portability: You have the right, in accordance with the legal requirements, to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, or to request that this data be transmitted to another controller.
Right to lodge a complaint with a supervisory authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Business Services

We process data of our contractual and business partners, such as customers and prospective customers (hereinafter collectively referred to as “contractual partners”), in the context of contractual and comparable legal relationships, as well as associated measures and with regard to communication with the contractual partners (including pre‑contractual communication, for example to answer inquiries).
We use this data to fulfill our contractual obligations, which in particular include the provision of the agreed services, any update obligations, and remedying warranty and other performance issues.
In addition, we use the data to protect our rights and for administrative tasks associated with these obligations, as well as for business organization.
Furthermore, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations against misuse and against risks to their data, secrets, information and rights (for example through the involvement of telecommunications, transport and other auxiliary services, as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).
Within the scope of the applicable law, we only disclose data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations.
We inform contractual partners about further forms of processing, such as for marketing purposes, within this privacy policy.

Before or at the time of data collection, we inform the contractual partners which data is required for the aforementioned purposes, for example in online forms, by special markings (such as colors and symbols, e.g. asterisks), or personally.
We delete the data after the expiry of statutory warranty or comparable obligations, usually after four years, unless the data is stored in a customer account or must be retained for statutory archiving reasons (for example, for tax purposes usually ten years).
Data that is disclosed to us by the contractual partner as part of an assignment is deleted in accordance with the specifications, and generally after the end of the assignment.

Data Processing Details – Business Services

Types of data processed: Master data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of contract, term, customer category).
Data subjects: Recipients of services and customers; interested parties; business and contractual partners.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and business procedures.
Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: Contract performance and pre‑contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Business Processes and Procedures

Personal data of recipients of services and customers – including clients or, in specific cases, principals, patients, business partners and other third parties – is processed in the context of contractual and comparable legal relationships and pre‑contractual measures such as the initiation of business relationships.
This data processing supports and facilitates operational and economic processes in areas such as customer management, sales, payment transactions, accounting and project management.

The collected data serves to fulfill contractual obligations and to design business processes efficiently, including the handling of business transactions, management of customer relationships, optimization of sales strategies and the safeguarding of internal accounting and financial processes.
Moreover, the data supports the protection of the controller’s rights and promotes administrative tasks and the internal organization of the company.
Personal data may be passed on to third parties where this is necessary to fulfill the stated purposes or legal obligations.
After the expiry of statutory retention periods or if the purpose of processing ceases to apply, the data is deleted, including data that must be stored longer due to tax law or statutory obligations to preserve evidence.

Data Processing Details – Business Processes and Procedures

Types of data processed: Master data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts and related information, such as details of authorship or time of creation); contract data (e.g. subject matter of contract, term, customer category); log data (e.g. log files relating to logins or the retrieval of data or access times); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); employee data (information about employees and other persons in an employment relationship).
Data subjects: Recipients of services and customers; interested parties; communication partners; business and contractual partners; third parties; users (e.g. website visitors, users of online services); employees (e.g. employees, applicants, temporary staff and other workers); customers.
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and business procedures; communication; marketing; sales promotion; financial and payment management; security measures; information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers).
Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: Contract performance and pre‑contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR).

Additional Notes on Processing Operations, Procedures and Services

Customer management and Customer Relationship Management (CRM): procedures required in the context of customer management and CRM (e.g. customer acquisition in compliance with data protection, customer retention measures, effective customer communication, complaint management and customer service, data management and analysis to support the customer relationship, CRM system administration, secure account management, customer segmentation and target group formation).
Contact management and maintenance: procedures for organizing, maintaining and securing contact information (e.g. maintaining a central contact database, regular updates, monitoring data integrity, implementing data protection measures, ensuring access controls, carrying out backups and restorations, staff training, and reviewing communication history).
General payment processing: procedures for executing payment transactions, monitoring bank accounts and controlling cash flows (e.g. issuing and checking transfers, processing direct debits, checking account statements, monitoring incoming and outgoing payments, chargeback management, account reconciliation, cash management).
Accounting, accounts payable and accounts receivable: procedures for recording, handling and monitoring business transactions (e.g. creating and checking incoming and outgoing invoices, managing open items, processing payments, dunning, reconciliation of receivables and payables).
Financial accounting and taxes: procedures for recording, managing and monitoring financially relevant business transactions and for calculating, declaring and paying taxes (e.g. posting transactions, preparing interim and annual financial statements, payment transactions, dunning, account reconciliation, tax advice and filing tax returns).
Purchasing: procedures for procuring goods, raw materials or services (e.g. supplier selection and evaluation, price negotiations, placing and monitoring orders, checking deliveries, invoice verification, order management, inventory management, creating and maintaining purchasing guidelines).
Sales: procedures for planning, implementing and controlling measures for marketing and selling products or services (e.g. customer acquisition, preparing and tracking offers, order processing, customer consulting and support, sales promotion, product training, sales controlling and analysis, managing sales channels).
Marketing, advertising and sales promotion: procedures within marketing and advertising (e.g. market analysis, defining target groups, developing marketing strategies, planning and running advertising campaigns, designing and producing advertising materials, online marketing including SEO and social media campaigns, event marketing and trade‑fair participation, customer loyalty programmes, sales promotion measures, performance measurement and optimization, budget management and cost control).
Guest WLAN: procedures for setting up, operating, maintaining and monitoring a wireless network for guests (e.g. installation and configuration of access points, creating and managing guest accounts, monitoring connectivity, ensuring network security, troubleshooting connection problems, updating network software, and complying with data protection requirements).

Providers and Services Used in the Course of Business

In the course of our business activities, we use additional services, platforms, interfaces or plug‑ins from third‑party providers (“services”) in compliance with the legal requirements.
Their use is based on our interests in proper, lawful and economical management of our business operations and our internal organization.

Data Processing Details – Business Services Providers

Types of data processed: Master data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts, including related information such as authorship and time of creation); contract data (e.g. subject matter of contract, term, customer category).
Data subjects: Recipients of services and customers; interested parties; business and contractual partners; employees (e.g. employees, applicants, temporary staff and other workers).
Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; business processes and business procedures.
Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Notes on Specific Services

DATEV: software for accounting, communication with tax advisers and authorities and for document storage; provider: DATEV eG, Paumgartnerstr. 6–14, 90429 Nuremberg, Germany; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); a data processing agreement is provided by the service provider.

Credit Assessment

If we provide advance performance or assume comparable economic risks (e.g. orders on account), we reserve the right, in order to protect our legitimate interests, to obtain an identity and credit assessment from specialized service providers (credit agencies) on the basis of mathematical‑statistical procedures in order to assess the credit risk.
We process the information obtained from credit agencies about the statistical probability of a payment default as part of an appropriate discretionary decision on the establishment, performance and termination of contractual relationships.
In the event of a negative result of the credit assessment, we reserve the right to refuse payment on account or other advance performance.

The decision as to whether we provide advance performance is made, in accordance with the legal requirements, solely on the basis of an automated decision in the individual case, which our software takes using the information from the credit agency.
If we obtain express consent from contractual partners, the legal basis for the credit assessment and the transfer of customer data to credit agencies is consent.
If no consent is obtained, the credit assessment is based on our legitimate interests in safeguarding our claims.

Data Processing Details – Credit Assessment

Types of data processed: Master data (e.g. full name, home address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of contract, term, customer category); creditworthiness data (e.g. credit score received, estimated probability of default, risk classification based thereon, historical payment behavior); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions).
Data subjects: Recipients of services and customers; interested parties; business and contractual partners.
Purposes of processing: Assessment of creditworthiness and credit standing.
Retention and deletion: Deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Automated decision‑making in individual cases: Credit assessment (decision based on credit check).

Additional Notes on Specific Credit Agency

Verband der Vereine Creditreform e.V.: credit agency; provider: Verband der Vereine Creditreform e.V., Hammfelddamm 13, 41460 Neuss, Germany; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Provision of the Online Offering and Web Hosting

We process user data in order to provide them with our online services.
For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or end device.

Data Processing Details – Provision of Online Offering and Web Hosting

Types of data processed: usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); log data (e.g. log files relating to log‑ins or retrieval of data or access times).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offering and user‑friendliness; information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers); security measures.
Retention and deletion: deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Notes on Processing Operations, Procedures and Services – Hosting

Provision of the online offering on rented storage space: for the provision of our online offering, we use storage space, computing capacity and software that we obtain from a corresponding server provider (also called web host).
Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Collection of access data and log files: access to our online offering is logged in the form of so‑called server log files.
Server log files may include the address and name of the web pages and files accessed, date and time of access, data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP addresses and the requesting provider.
Server log files are used, on the one hand, for security purposes, e.g. to prevent server overload (especially in the event of abusive attacks such as DDoS attacks), and on the other hand, to ensure server utilization and stability.
Legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Deletion of data: log file information is stored for a maximum of 30 days and then deleted or anonymised.
Data whose further retention is required for evidence purposes is excluded from deletion until the respective incident has been finally clarified.
ALL‑INKL: services in the area of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); service provider: ALL‑INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Use of Cookies

The term “cookies” refers to functions that store and read information on users’ end devices.
Cookies can also be used for various purposes, such as ensuring the functionality, security and convenience of online offerings, as well as for creating analyses of visitor flows.
We use cookies in accordance with the statutory provisions.
Where necessary, we obtain the prior consent of users; if consent is not required, we rely on our legitimate interests.
This is the case when storing and reading information is absolutely necessary to provide content and functions explicitly requested by users, such as storing settings and ensuring the functionality and security of our online offering.
Consent can be withdrawn at any time, and we clearly inform users about the scope of consent and which cookies are used.

Notes on Data Protection Legal Bases for Cookies

Whether we process personal data using cookies depends on whether users have given consent.
If consent has been given, it serves as the legal basis for processing; if not, processing is based on our legitimate interests as explained in this section and in the context of the respective services and procedures.

Storage Duration of Cookies

With regard to the storage duration, the following types of cookies are distinguished.

Temporary cookies (also: session cookies): temporary cookies are deleted at the latest after a user has left an online offering and closed their end device (e.g. browser or mobile application).
Permanent cookies: permanent cookies remain stored even after the end device has been closed.
For example, the log‑in status can be stored and preferred content can be displayed directly when the user visits a website again, and usage data collected with the help of cookies can be used for reach measurement.
If users are not explicitly informed about the type and storage duration of cookies (e.g. as part of obtaining consent), they should assume that cookies are permanent and that the storage duration can be up to two years.

General Information on Withdrawal and Objection (Opt‑out)

Users can withdraw the consents they have given at any time and also object to processing in accordance with the statutory provisions, including via the privacy settings of their browser.

Data Processing Details – Cookies

Types of data processed: meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offering and user‑friendliness.
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Additional Notes on Specific Cookie‑Related Processes

Processing of cookie data on the basis of consent: we use a consent management solution to obtain user consent for the use of cookies or for the procedures and providers mentioned within this solution.
This procedure is used to obtain, log, manage and withdraw consents, in particular relating to the use of cookies and comparable technologies for storing, reading and processing information on users’ end devices.
Within this procedure, user consents are obtained for the use of cookies and the processing of related information, including the specific processing operations and providers named as part of the consent management process.
Users can also manage and withdraw their consents, and the consent declarations are stored to avoid repeated queries and to be able to prove consent in accordance with legal requirements.
Storage takes place on the server side and/or in a cookie (opt‑in cookie) or using comparable technologies to be able to assign the consent to a specific user or device.
If no specific information on consent management providers is given, the following applies: the storage period for consent is up to two years, and a pseudonymous user identifier is created which is stored together with the time of consent, the details of the scope of consent and information on browser, system and end device used.
Legal basis: consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Cookie opt‑out: in the footer of our website, users will find a link via which they can change their cookie settings and withdraw corresponding consents.

Contact and Request Management

When contacting us (e.g. by post, contact form, email, telephone or via social media) and in the context of existing user and business relationships, we process the information of the inquiring persons insofar as this is necessary to respond to the contact requests and any requested measures.

Data Processing Details – Contact and Request Management

Types of data processed: master data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts and related information, such as authorship information or time of creation); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: communication partners.
Purposes of processing: communication; organizational and administrative procedures; feedback (e.g. collecting feedback via online form); provision of our online offering and user‑friendliness.
Retention and deletion: deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); contract performance and pre‑contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Additional Notes – Contact Form

When contacting us via our contact form, by email or through other communication channels, we process the personal data transmitted to us to answer and handle the respective request.
This generally includes information such as name, contact details and, where necessary, additional information that is communicated to us and required for adequate processing.
We use this data exclusively for the stated purpose of contact and communication.
Legal bases: contract performance and pre‑contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use platforms and applications of other providers (“conference platforms”) for the purpose of holding video and audio conferences, webinars and other types of video and audio meetings (collectively “conferences”).
When selecting conference platforms and their services, we comply with the legal requirements.

Data Processed via Conference Platforms

When participating in a conference, the conference platforms process the following personal data of the participants, the scope of which depends on which data is required for a specific conference and which optional information participants provide.
In addition to processing for the purpose of holding the conference, participant data can also be processed by conference platforms for security purposes or to optimise their services.
Processed data includes personal details (first and last name), contact details (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional position or function, the IP address of the internet access, information on participants’ end devices, their operating system, browser and its technical and language settings, information on communication content processes (chat entries, audio and video data) and use of other available functions (e.g. polls).
The content of communications is encrypted to the extent that this is technically provided by the conference providers.
If participants are registered with the conference platforms as users, additional data may be processed in accordance with their agreement with the respective conference provider.

Logging and Recordings

If text entries, participation results (e.g. from polls) or video or audio recordings are logged, this is communicated to participants transparently in advance and, where required, they are asked for their consent.

Data Protection Measures for Participants

Please refer to the privacy information of the respective conference platforms for details on the processing of your data and select the security and privacy settings that are optimal for you within the platform settings.
Please also ensure, for the duration of a video conference, that privacy and data protection are maintained in the background of your recording (e.g. by informing roommates, closing doors and using functions to blur the background, where technically possible).
Links to conference rooms and access data must not be passed on to unauthorised third parties.

Notes on Legal Bases – Conferences

Where we process user data in addition to the conference platforms and ask users for their consent to the use of the conference platforms or certain functions (e.g. recording of conferences), the legal basis for processing is that consent.
Furthermore, our processing may be necessary to fulfil our contractual obligations (e.g. for participant lists or processing the results of discussions).
Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

Data Processing Details – Conferences

Types of data processed: master data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts and related information, such as authorship or time of creation); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions); image and/or video recordings (e.g. photographs or video recordings of a person); audio recordings; log data (e.g. log files relating to log‑ins or retrieval of data or access times).
Data subjects: communication partners; users (e.g. website visitors, users of online services); persons depicted.
Purposes of processing: provision of contractual services and fulfilment of contractual obligations; communication; office and organizational procedures.
Retention and deletion: deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Notes on Specific Conference Services

Microsoft Teams: used for conducting online events and conferences and for communication with internal and external participants, including voice transmission, direct messages, group communication and collaboration functions.
Name, business contact details, work profile, participation and content (audio/video, speech, chat, files, speech transcription) are processed for purposes such as efficiency and productivity improvements, cost efficiency, flexibility, mobility, improved communication, IT security, use of a central platform and business processing by Microsoft.
Audio signals are generally not stored unless recording is activated; meeting and conference recordings are stored by default for 90 days unless a different duration is set, while chat and file contents are stored according to policies determined by admins or users.
In addition, system‑generated log, diagnostic and metadata and diagnostic data for product stability, security and improvement are processed.
TeamViewer: conference and communication software used for remote access and online meetings; service provider: TeamViewer GmbH, Jahnstr. 30, 73037 Göppingen, Germany.

Cloud Services

We use software services accessible via the internet and operated on the servers of their providers (“cloud services,” also referred to as Software as a Service) for the storage and management of content (e.g. document storage and management, sharing of documents, content and information with specific recipients, or publication of content and information).
In this context, personal data may be processed and stored on the providers’ servers where such data is part of communication processes with us or is otherwise processed by us as set out in this privacy policy.
This data may in particular include master data and contact data of users, data relating to processes, contracts and other procedures and their content.
Cloud service providers also process usage data and metadata, which they use for security purposes and to optimize their services.

Where we provide forms or other documents and content for other users or for publicly accessible websites via cloud services, the providers may store cookies on users’ devices for purposes of web analysis or to remember user settings (e.g. for media control).

Data Processing Details – Cloud Services

Types of data processed: master data (e.g. full name, home address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and posts and related information, such as authorship or time of creation); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, types of devices and operating systems used, interactions with content and functions).
Data subjects: interested parties; communication partners; business and contractual partners.
Purposes of processing: office and organizational procedures; information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers).
Retention and deletion: deletion in accordance with the information in the section “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Notes on Specific Cloud Services

Microsoft 365 and Microsoft cloud services: used for the provision of applications, protection of data and IT systems and the use of system‑generated log, diagnostic and metadata for contract performance by Microsoft.
Processed data includes contact data (name, email address), content data (files, comments, profiles), software setup and inventory data, device connectivity and configuration data, work interactions (e.g. badge swipes) as well as log and metadata.
Processing is carried out for purposes such as efficiency and productivity improvements, cost efficiency, flexibility, mobility, improved communication, integration of Microsoft services, IT security and business processing by Microsoft.
Data retention depends on the respective documents and company policies (for example, Defender data up to 12 months and print management data for 10 days), and diagnostic data is additionally collected for product stability and improvement.

Presence on Social Networks (Social Media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.
We point out that user data may be processed outside the territory of the European Union, which can entail risks for users, for example because enforcing user rights might be more difficult.

User data within social networks is generally processed for market research and advertising purposes.
For example, user profiles may be created based on user behaviour and the resulting interests, and these profiles can in turn be used to display advertisements inside and outside the networks that are presumably aligned with users’ interests.
Cookies that store user behaviour and interests are usually stored on users’ devices, and data may also be stored in user profiles regardless of the devices used, especially when users are members of the respective platforms and logged in there.

For a detailed description of the respective forms of processing and the options to object (opt‑out), we refer to the privacy policies and notices of the operators of the respective networks.
In the case of information requests and the exercise of data subject rights, we also point out that these can most effectively be asserted directly with the providers, since only they have access to the user data and can take corresponding measures and provide information.
If you nonetheless require assistance, you may contact us.

Data Processing Details – Social Media Presences

Types of data processed: contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and posts, including related information such as authorship or time of creation); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, device types and operating systems used, interactions with content and functions).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: communication; feedback (e.g. collecting feedback via online forms); public relations.
Retention and deletion: deletion in accordance with “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Additional Notes on Specific Platforms

Instagram: social network that enables sharing of photos and videos, commenting and liking posts, sending messages, subscribing to profiles and pages; provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Facebook Pages: profiles within the social network Facebook; the controller is jointly responsible with Meta Platforms Ireland Limited for the collection and transmission of data of visitors to our Facebook page (“fan page”) that is used for “Page Insights” statistics; this includes information on user behaviour (viewed or interacted‑with content, actions taken) and device data (IP address, operating system, browser type, language settings, cookie data).
LinkedIn: social network; we are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not further processing) of data of visitors used to create “Page Insights” statistics of our LinkedIn profiles; this includes information about viewed or interacted‑with content and actions taken, as well as device data and profile data such as job function, country, industry, seniority, company size and employment status.
YouTube: social network and video platform; provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
Xing: social network; provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Plug‑ins and Embedded Functions and Content

We integrate functional and content elements obtained from the servers of their respective providers (“third‑party providers”) into our online offering, such as graphics, videos or maps (collectively “content”).
This always requires that the third‑party providers of this content process the users’ IP address, since they could not send the content to their browser without the IP address.
The IP address is therefore required for the display of this content or functions.
We endeavour to use only content whose respective providers use the IP address solely to deliver the content.

Third‑party providers can also use so‑called pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes.
Pixel tags enable the evaluation of information such as visitor traffic on the pages of this website, and pseudonymous information may be stored in cookies on user devices and may include technical information about the browser and operating system, referring websites, visit time and further information on the use of our online offering, and may be linked with such information from other sources.

Legal Bases – Plug‑ins and Embedded Content

Where we ask users for their consent to the use of third‑party providers, the legal basis for data processing is this consent.
Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient‑friendly services).
In this context, please also refer to the information on the use of cookies in this privacy policy.

Data Processing Details – Plug‑ins and Embedded Content

Types of data processed: usage data (e.g. page views and time spent, click paths, frequency and intensity of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: users (e.g. website visitors, users of online services).
Purposes of processing: provision of our online offering and user‑friendliness; reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest‑ or behaviour‑based profiling, use of cookies); target group formation; marketing.
Retention and deletion: deletion according to “General Information on Data Storage and Deletion”; cookies may be stored on user devices for up to two years unless otherwise stated.
Legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR); legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Examples of Specific Services

Font Awesome (self‑hosted): provision of icons and fonts from our own server; no data is transmitted to the external Font Awesome provider; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
OpenStreetMap: integration of maps from the OpenStreetMap service (Open Data Commons ODbL, OpenStreetMap Foundation); data such as IP addresses and location data may be processed for displaying maps, whereby location data is generally collected only with user consent via device or browser settings; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
YouTube videos: video content from YouTube; provider: Google Ireland Limited; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Management, Organization and Auxiliary Tools

We use services, platforms and software from other providers (“third‑party providers”) for purposes of organization, administration, planning and the provision of our services.
In selecting third‑party providers and their services, we observe legal requirements.

In this context, personal data may be processed and stored on the servers of third‑party providers.
This can affect various data categories processed by us in accordance with this privacy policy, in particular master and contact data of users, data relating to processes, contracts and other procedures and their content.
If users are referred to third‑party providers or their software or platforms in the context of communication, business or other relationships with us, third‑party providers may process usage data and metadata for security, service optimization or marketing purposes.
We therefore ask you to observe the privacy information of the respective third‑party providers.

Data Processing Details – Management/Organization Tools

Types of data processed: content data (e.g. text or image messages and posts and related information such as authorship or time of creation); usage data (e.g. page views and time spent, click paths, frequency and intensity of use, device types and operating systems used, interactions with content and functions); meta, communication and procedural data (e.g. IP addresses, time stamps, identification numbers, persons involved).
Data subjects: communication partners; users (e.g. website visitors, users of online services).
Purposes of processing: communication; provision of contractual services and fulfilment of contractual obligations; office and organizational procedures.
Retention and deletion: deletion in accordance with “General Information on Data Storage and Deletion.”
Legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Example – File Transfer Service

WeTransfer: online file transfer service used to transfer files over the internet; provider: WeTransfer BV, Oostelijke Handelskade 751, 1019 BW Amsterdam, Netherlands; legal basis: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Processing of Data in the Context of Employment Relationships

In the context of employment relationships, personal data is processed with the aim of effectively managing the establishment, performance and termination of such relationships.
This data processing supports various operational and administrative functions required for managing employee relations, from contract initiation through contract execution to termination.

It includes, for example, the organization and management of daily working hours, management of access rights and permissions, and handling of staff development measures and employee reviews.
Processing also serves payroll administration and the management of salary and wage payments, which are essential aspects of contract performance.
Furthermore, data processing takes into account the legitimate interests of the employer, such as ensuring workplace security or collecting performance data for evaluating and optimizing operational processes.

Employee data may also be disclosed in the context of external communication and publication processes where necessary for operational or legal purposes.
Examples include naming employees as contact persons in correspondence, on the website or in public registers, or the publication of photos in the context of public relations work, provided this is necessary or based on consent or legitimate interests.

Purposes of Data Processing – Employees

Employee personal data is primarily processed for establishing, performing and terminating the employment relationship, and to comply with statutory obligations in tax and social security law.
In addition, data is used to meet regulatory and supervisory requirements, to optimize electronic data processing and to compile internal and cross‑company data, potentially including statistical data.
Employee data may also be processed to assert legal claims and to defend against claims in legal disputes.

Duty to Provide Data

The controller informs employees that providing their data is required where the data is necessary for establishing and performing the employment relationship or where its collection is legally mandated.
The provision of data may also be necessary when employees assert claims or when claims are due to them, and the execution of such measures or fulfilment of benefits depends on providing this data (for example, providing data for receiving salary payments).

Examples of Specific Procedures in Employment Context

Working time recording: procedures for recording working hours, including in‑ and out‑times, breaks, overtime and absences, validation of times against schedules, and generation of reports (e.g. timesheets, overtime reports, absence statistics).
Authorization management: definition, administration and control of access rights and user roles (e.g. creating permission profiles, role‑based access control, auditing user activities, security policies).
Staff development, performance assessment and employee reviews: needs analysis for training, planning and carrying out training measures, performance reviews, target‑setting and feedback meetings, career planning and talent management, succession planning.

Legal bases for these processes include contract performance and pre‑contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legal obligations (Art. 6 para. 1 sentence 1 lit. c GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) and, for certain health‑related topics, Art. 9 para. 2 lit. h GDPR.

Application Procedures

The application process requires applicants to provide the data necessary for their evaluation and selection.
Which information is required results from the job description or, in the case of online forms, from the details provided there; this generally includes personal details (name, address, contact details) and evidence of the qualifications required for the position.

On request, we are pleased to indicate which information is mandatory.
Applicants may send additional information voluntarily that they believe is beneficial for their application.

We process applicant data exclusively for purposes related to the application process and in line with the legal requirements.
The legal basis is primarily Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with national employment law provisions, and Art. 9 para. 2 lit. b GDPR for special categories of data where relevant.

Where available, applicants are welcome to submit their applications via our encrypted online form, which complies with the latest state of the art.
Alternatively, applications can be sent to us by email, though email transport is generally not fully encrypted end‑to‑end and we cannot assume responsibility for transmission security between the sender and our server.

We may use applicant management or recruitment software and third‑party platforms in compliance with statutory requirements for applicant acquisition, submission and selection.
Applicants may contact us if they have questions on the method of submission or prefer to send their application by post.

Applicant Pool

If offered, inclusion in an applicant pool is based on the applicant’s consent.
Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no effect on the ongoing application process, and can be withdrawn at any time with effect for the future.

Data Processing Details – Applications

Types of data processed: master data (e.g. name, address, contact information); contact data; content data (e.g. cover letters, free‑text answers); applicant data (e.g. CV, references, certificates and any other information provided in relation to a specific position or voluntarily).
Data subjects: applicants.
Purposes of processing: application procedures; establishment and any subsequent performance and possible termination of an employment relationship.
Retention and deletion: deletion in accordance with “General Information on Data Storage and Deletion,” subject to statutory retention and evidence obligations.
Legal bases: application procedure as a pre‑contractual or contractual relationship (Art. 6 para. 1 sentence 1 lit. b GDPR).

Changes and Updates to this Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy.
We will amend the privacy policy as soon as changes in our data processing activities make this necessary.
We will inform you if the changes require an act of cooperation on your part (e.g. renewed consent) or other individual notification.

If we provide addresses and contact details of companies and organizations in this privacy policy, please note that these details may change over time; we therefore ask you to check the information before making contact.

Privacy Policy

We are closed from 21/12/2023 till 05/01/2024. Vom 21.12.2023 bis einschließlich 05.01.2024 haben wir Betriebsruhe.

We are closed from 21/12/2023 till 05/01/2024.
Vom 21.12.2023 bis einschließlich 05.01.2024 haben wir Betriebsruhe.