General Information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. Detailed information on data protection can be found in our privacy policy at the bottom of this page.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “About Us” section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may include, for example, data you enter in a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., internet browser, operating system, or time the page was viewed). This data is collected automatically as soon as you visit this website.
What do we use your data for?
Some data is collected to ensure that the website is displayed correctly. Other data is used to analyze your user behavior. If contracts can be concluded or initiated via the website, the data provided is also processed for contract offers, orders, or other order requests.
What rights do you have regarding your data?
You have the right to receive information at any time, free of charge, regarding the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you may revoke this consent at any time with future effect. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority.
You can contact us at any time if you have any further questions regarding data protection.
We host the content of our website with the following provider:
External hosting
This website is hosted externally. The personal data collected on this website is stored on the servers of the host(s). This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.
External hosting is carried out for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient delivery of our online services by a professional provider (Art. 6(1)(f) GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Our hosting provider(s) will process your data only to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.
We use the following hosting provider(s):
Signet B.V.
Achtseweg Zuid 241 B
5651 GW, Eindhoven, North Brabant
Netherlands
Order Processing
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal requirements regarding data protection and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g., when communicating via email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Note on the data controller
The controller responsible for data processing on this website is:
Heisterborg GmbH & Co. KG Steuerberatungsgesellschaft
Heisterborg Holding GmbH Tax Consulting Firm
Heisterborg Audit GmbH Auditing Firm Tax Consulting Firm
Heisterborg Legal Consulting GmbH
Heisterborg International Tax Consulting GmbH
Heisterborg International Law Firm, LLC
Registered office:
Eschstraße 111
48703 Stadtlohn
Phone +49 (0) 25 63 / 922 0
Fax +49 (0) 25 63 / 922 999
info@heisterborg.de
www.heisterborg.de
The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).
Retention Period
Unless a more specific retention period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons to retain your data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted as soon as these reasons no longer apply.
General information about the legal basis for data processing on this website
If you have given your consent to data processing, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, insofar as special categories of data are processed in accordance with Article 9(1) of the GDPR. In the case of explicit consent for the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have given your consent to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing is also carried out on the basis of Art. 25 (1) TDDDG. Consent may be withdrawn at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Article 6(1)(b) of the GDPR. Furthermore, we process your data if this is necessary to comply with a legal obligation based on Article 6(1)(c) of the GDPR. Data processing may also be carried out based on our legitimate interest in accordance with Art. 6(1)(f) of the GDPR. Information regarding the relevant legal bases in each individual case is provided in the following sections of this privacy policy.
Recipients of Personal Data
As part of our business operations, we collaborate with various external organizations. In some cases, it is also necessary to transfer personal data to these external organizations. We only transfer personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., transferring data to the tax authorities), if we have a legitimate interest in the transfer in accordance with Article 6(1)(f) of the GDPR, or if another legal basis requires the transfer of data. When processing data, we only transfer our customers’ personal data on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are only possible with your explicit consent. You may withdraw your consent at any time. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(e) or (f) of the GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATED TO YOUR SPECIFIC SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA IN QUESTION, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).
YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES; THEREFORE, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) OF THE GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged violation. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on your consent or to fulfill a contract transferred to you or to a third party in a commonly used, machine-readable format. If you request direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Information, Correction, and Deletion
Within the framework of applicable legal provisions, you have the right at any time to receive free information about your stored personal data, its origin and recipients, and the purpose of data processing, and, if necessary, the right to have this data corrected or deleted. You may contact us at any time if you have further questions regarding personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time to do so. The right to restriction of processing applies in the following cases:
|
If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request that the processing of your personal data be restricted. If the processing of your personal data was/is unlawful, you may request that restriction of data processing instead of erasure. If we no longer need your personal data, but you need it for the exercise, defense, or enforcement of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure. If you have lodged an objection in accordance with Art. 21(1) GDPR, a balancing of interests must be carried out between your interests and ours. As long as it has not yet been determined whose interests— —prevail, you have the right to request the restriction of the processing of your personal data. |
If you have restricted the processing of your personal data, this data—apart from its storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the European Union or of a Member State.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.
When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.
Objection to promotional emails
We hereby object to the use of contact information published in connection with our legal obligation to provide information for the unsolicited sending of advertising and informational materials. The operators of this website expressly reserve the right to take legal action in the event of unsolicited transmission of advertising information, such as spam emails.
Cookies
Our web pages use so-called “cookies.” Cookies are small data packets that do not harm your device. They are stored on your device temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third parties (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services into websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary, as certain website features would not work without them (e.g., the shopping cart feature or the display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you have requested (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web traffic) (necessary cookies) are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Art. 25(1) TDDDG); consent may be withdrawn at any time.
You can configure your browser to be notified when cookies are set and to allow cookies only in specific cases, to block the acceptance of cookies in certain cases or generally, and to enable the automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of this website may be limited.
In this privacy policy, you can read about which cookies and services are used on this website.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically sends to us. These are
This data is not merged with other data sources.
This data is collected on the basis of Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website—the server log files must be recorded for this purpose.
Contact Form
If you submit an inquiry via the contact form, we will store the data from the inquiry form, including the contact information you provide there, to process the inquiry and for use in the event of follow-up questions. We will not disclose this data without your consent.
This data is processed on the basis of Art. 6(1)(b) of the GDPR if your inquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR), or on your consent (Art. 6(1)(a) GDPR) if requested; consent may be withdrawn at any time.
We retain the data you enter in the contact form until you request its deletion, withdraw your consent to its storage, or the purpose for its storage no longer applies (e.g., after your request has been fulfilled). Mandatory legal provisions—in particular retention periods—remain unaffected.
Inquiries via email, phone, or fax
If you contact us via email, phone, or fax, we will store your inquiry and all personal data (name, inquiry) to process your request. We will not disclose this data without your consent.
This data is processed on the basis of Art. 6(1)(b) of the GDPR if your request relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR), or on your consent (Art. 6(1)(a) GDPR) if requested; consent may be withdrawn at any time.
The data you send us via contact requests will remain with us until you ask us to delete it, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.
Audio and video conferences
Data processing
To communicate with our customers, we use, among other things, online meeting tools. The specific tools we use are listed below. If you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by us and the provider of the respective conference program.
The conferencing tools collect all data you provide or enter to use the tools (email address and/or phone number). The conferencing tools also process the duration of the conference, the start and end times of your participation in the conference, the number of participants, and other “contextual information” related to the communication process (metadata).
In addition, the tool provider processes all technical data necessary to handle online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and connection type.
If content is exchanged, uploaded, or provided within the tool in any other way, it is also stored on the tool provider’s servers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing of the tools used. Our options are largely determined by the corporate policies of the respective provider. More information about data processing by the conferencing tools can be found in the privacy policies of the tools used, which we have listed below this text.
Purpose and Legal Basis
The conferencing tools are used to communicate with potential or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and expedite communication with us or our company (legitimate interest within the meaning of Art. 6(1)(f) GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent may be withdrawn at any time with future effect.
Retention Period
The data collected directly by us via the video and conferencing tools will be deleted from our systems as soon as you request that we delete it, withdraw your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no influence over the storage period of your data, which is stored by the administrators of the conferencing tools for their own purposes. For more information, please contact the administrators of the conferencing tools directly.
Conference Tools Used
We use the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Further information on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the US, intended to ensure compliance with European data protection standards for data processing in the US. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/6474
Order Processing
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law that ensures the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Communication via WhatsApp
For communication with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication takes place via end-to-end encryption (peer-to-peer), which means that WhatsApp or other third parties cannot access the content of the communication. However, WhatsApp does have access to metadata generated during the communication process (e.g., sender, recipient, and time). We would also like to point out that, according to its own statement, WhatsApp shares its users’ personal data with its parent company Meta, which is based in the U.S.
Further details regarding data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.
WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, stakeholders, and other business and contractual partners (Art. 6(1)(f) GDPR). If corresponding consent has been requested, data processing takes place exclusively on the basis of that consent; this consent may be revoked at any time with future effect.
The content of communications exchanged via WhatsApp remains with us until you request that we delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g., after the processing of your request has been completed). Mandatory legal provisions—in particular retention periods—remain unaffected.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/7735.
We use the “WhatsApp Business” version of WhatsApp. Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum
We have configured our WhatsApp accounts so that they do not automatically sync data with the address book on the smartphones used.
We have entered into a data processing agreement (DPA) with the aforementioned provider.
Microsoft Forms
We use Microsoft Forms. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
Microsoft Forms is a service that can be used to analyze responses to forms. The data you enter to obtain information is stored on Microsoft’s servers in the U.S. or Ireland. This tool is used on the basis of Art. 6(1)(f) of the GDPR. We have a legitimate interest in processing the data to facilitate the performance of the contract. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of of the TDDDG. Consent may be withdrawn at any time. For more information, please refer to Microsoft’s privacy policy at: https://privacy.microsoft.com/de-de/privacystatement.
Note on data transfer to the U.S.: Your personal data may be transferred to Microsoft’s servers in the U.S. We would like to point out that the U.S. is not a safe third country within the meaning of EU data protection law. U.S. companies are required to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that U.S. authorities (e.g., intelligence agencies) may process, analyze, and permanently store your data on U.S. servers for surveillance purposes. We have no influence over these processing activities. The transfer of data to the U.S. is based on the European Commission’s Standard Contractual Clauses. In addition, Microsoft is certified in accordance with the EU-U.S. Data Privacy Framework (EU-US DPF) (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active).
Retention Period: The data you enter on the form will remain with us until you ask us to delete it, withdraw your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular retention periods—remain unaffected.
Order processing: We have entered into an order processing agreement with Microsoft and fully implement the strict requirements of the German data protection authorities when using Microsoft Forms.
Data transfer: Data is transferred to locations in countries outside the EU or the European Economic Area (EEA)—so-called third countries—if this is necessary for the fulfillment of an order/contract, if it is legally required, if it is within the scope of a legitimate interest, or if consent has been given. The processing of personal data in a third country may also occur in connection with the involvement of service providers as part of order processing. If the EU Commission has not adopted a decision on an adequate level of data protection in the country in question, EU data protection regulations ensure that the rights and freedoms of business partners and stakeholders are adequately protected and safeguarded through appropriate contracts.
Cookies: The Microsoft Forms site sometimes uses so-called cookies. These cookies include:
|
Name |
Recipient |
|
MUID |
.office.com |
|
MSO |
.microsoft.com |
|
fptctx2 |
.microsoft.com |
|
MicrosoftApplicationsTelemetryDeviceId |
forms.microsoft.com |
|
bm_sv |
.microsoft.com |
|
ak_bmsc |
.microsoft.com |
|
MSFPC |
forms.microsoft.com |
|
ai_session |
forms.microsoft.com |
|
RpsAuthNonce |
forms.microsoft.com |
|
__RequestVerificationToken |
forms.microsoft.com |
|
FormsWebSessionId |
forms.microsoft.com |
|
RpsAuthNonce |
forms.microsoft.com |
|
_ga_KF2MST0C8W |
.microsoft.com |
|
_ga_2V1LWVMFEQ |
.microsoft.com |
|
_ga |
.microsoft.com |
|
MC1 |
.microsoft.com |
|
MSCC |
.microsoft.com |
You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to block the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of this website may be limited.
Cookies that are necessary to carry out the electronic communication process or to provide certain functions you have requested are stored pursuant to Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically flawless and optimized delivery of its services.
Newsletter Information
If you wish to receive the newsletter offered on the website, we require your email address, as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter subscription form is processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, e.g., via the “unsubscribe” link in the newsletter. The lawfulness of the data processing that has already taken place remains unaffected by the revocation.
The data you provide to us to subscribe to the newsletter is stored by us or the newsletter service provider until you unsubscribe from the newsletter and is deleted from the newsletter distribution list after you have unsubscribed or after the purpose no longer applies. We reserve the right, at our discretion, to remove or block email addresses from our newsletter distribution list in the context of our legitimate interest in accordance with Art. 6(1)(f) of the GDPR.
Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data in the blacklist is used solely for this purpose and is not combined with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6(1)(f) of the GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.
Adobe fonts
This website uses Adobe web fonts for the standardized display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you visit this website, your browser loads the required fonts directly from Adobe to display them correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the U.S. As a result, Adobe knows that this website has been visited via your IP address. According to Adobe, no cookies are stored when the fonts are delivered.
The data is stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the uniform presentation of the font on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Art. 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
Data transfers to the U.S. are based on the European Commission’s Standard Contractual Clauses.
Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.
For more information about Adobe Fonts, visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.
You can find Adobe’s privacy policy at: https://www.adobe.com/de/privacy/policy.html
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the US, intended to ensure compliance with European data protection standards for data processing in the US. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5660.
We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to verify whether data entry on this website (e.g., in a contact form) is performed by a human or by an automated program. To do this, reCAPTCHA analyzes the website visitor’s behavior based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various data (e.g., IP address, duration of the website visitor’s stay on the website, or the user’s mouse movements). The data collected during the analysis is transmitted to Google.
The reCAPTCHA analyses take place entirely in the background. Website visitors are not notified that an analysis is taking place.
The storage and analysis of the data are based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its website from abuse by automated spying and from spam. If consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be withdrawn at any time.
For more information about Google reCAPTCHA, please refer to Google’s Privacy Policy and Terms of Service via the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de .
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. You can find more information on this from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780 .
Processing of applicant data
We offer you the opportunity to apply for a position with us (e.g., via email, mail, or an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed, and used in accordance with applicable data protection laws and all other legal provisions, and that your data will be treated as strictly confidential.
Scope and Purpose of Data Collection
When you submit an application to us, we process your associated personal data (e.g., contact and communication details, application documents, notes from job interviews, etc.) to the extent necessary to make a decision regarding the establishment of an employment relationship. The legal basis for this is Section 26 TDDDG under German law (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general contract initiation), and—if you have given your consent—Article 6(1)(a) of the GDPR. Consent may be withdrawn at any time. Your personal data will only be shared within our company with those involved in processing your application.
If the application is successful, the data you provided will be stored in our data processing systems pursuant to Art. 26 TDDDG and Art. 6(1)(b) GDPR for the purpose of fulfilling the employment relationship.
Data Retention Period
If we do not offer you a job, you decline a job offer, or you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months after the end of the application process (rejection or withdrawal of the application).
After that, the data will be deleted and the physical application documents will be destroyed. The data is retained primarily as evidence in the event of a legal dispute. If it becomes clear that the data is still needed after the 6-month period has expired (e.g., due to an impending or pending legal dispute), the data will not be deleted until the purpose for further storage no longer applies.
Data may also be retained for a longer period if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent its deletion.
Wir bieten Ihnen die Möglichkeit, sich bei uns zu bewerben (z. B. per E-Mail, Post oder über das Online-Bewerbungsformular). Im Folgenden informieren wir Sie über den Umfang, den Zweck und die Verwendung Ihrer personenbezogenen Daten, die im Rahmen des Bewerbungsverfahrens erhoben werden. Wir versichern Ihnen, dass Ihre Daten in Übereinstimmung mit den geltenden Datenschutzgesetzen und allen anderen gesetzlichen Bestimmungen erhoben, verarbeitet und genutzt werden und dass Ihre Daten streng vertraulich behandelt werden.
Wenn Sie uns eine Bewerbung zusenden, verarbeiten wir Ihre damit verbundenen personenbezogenen Daten (z. B. Kontakt- und Kommunikationsdaten, Bewerbungsunterlagen, Notizen aus Vorstellungsgesprächen usw.), soweit dies erforderlich ist, um eine Entscheidung über die Aufnahme eines Arbeitsverhältnisses zu treffen. Rechtsgrundlage hierfür ist § 26 TDDDG nach deutschem Recht (Anbahnung eines Arbeitsverhältnisses), Art. 6 Abs. 1 lit. b DSGVO (allgemeine Vertragsanbahnung) und – sofern Sie Ihre Einwilligung erteilt haben – Art. 6 Abs. 1 lit. a DSGVO. Die Einwilligung kann jederzeit widerrufen werden. Ihre personenbezogenen Daten werden innerhalb unseres Unternehmens nur an Personen weitergegeben, die an der Bearbeitung Ihrer Bewerbung beteiligt sind.
Im Falle einer erfolgreichen Bewerbung werden die von Ihnen übermittelten Daten auf der Grundlage von § 26 TDDDG und Art. 6 Abs. 1 lit. b DSGVO in unseren Datenverarbeitungssystemen zum Zwecke der Durchführung des Arbeitsverhältnisses gespeichert.
Wenn wir Ihnen keine Stelle anbieten, Sie eine Stelle ablehnen oder Ihre Bewerbung zurückziehen, behalten wir uns das Recht vor, die von Ihnen übermittelten Daten auf Grundlage unserer berechtigten Interessen (Art. 6 Abs. 1 lit. f DSGVO) bis zu 6 Monate nach Ende des Bewerbungsverfahrens (Ablehnung oder Rücknahme der Bewerbung) zu speichern.
Danach werden die Daten gelöscht und die physischen Bewerbungsunterlagen vernichtet. Die Aufbewahrung dient insbesondere als Nachweis im Falle eines Rechtsstreits. Sollte sich herausstellen, dass die Daten nach Ablauf der 6-Monats-Frist noch benötigt werden (z. B. aufgrund eines drohenden oder anhängigen Rechtsstreits), werden die Daten erst gelöscht, wenn der Zweck für die weitere Speicherung nicht mehr gegeben ist.
Daten können auch länger gespeichert werden, wenn Sie Ihre Einwilligung erteilt haben (Art. 6 Abs. 1 Buchstabe a DSGVO) oder wenn gesetzliche Aufbewahrungspflichten einer Löschung entgegenstehen.
JSDELIVR.NET-CDN
We use the jsdeliver.com service (a Content Delivery Network) on our website to optimize download speed, design, and content presentation. Jsdeliver is an open-source service provided by Prospectone Sp.z.o.o., ul. Krolweska 65A, 30-081, Krakow, Poland.
This service uses so-called JavaScript libraries. To do this, files are loaded from a third-party server. We have no control over whether your IP address is processed by third parties.
Prospectone Sp.z.o.o. provides more information about data protection at https://www.jsdelivr.com/privacy-policy-jsdelivr-net.
The legal basis is Art. 6(1)(f) of the GDPR. Our legitimate interest lies in accelerating the loading times of our website and optimizing it.
To completely prevent the execution of the JavaScript code from jsdeliver.net, you can install a so-called JavaScript blocker, such as ghostery.com. However, if you prevent or restrict the execution of the JavaScript code, this may mean that, for technical reasons, not all content and functions of our website are available
We use the Amazon CloudFront CDN content delivery network. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “Amazon”).
Amazon CloudFront CDN is a globally distributed Content Delivery Network. Technically, data transmission between your browser and our website is routed through this Content Delivery Network. This allows us to improve the global accessibility and performance of our website.
The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6(1)(f) GDPR).
Data transfers to the U.S. are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
More information about Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US designed to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF commits to complying with these data protection standards. You can find more information about this from the provider via the following link: https://www.dataprivacyframework.gov/participant/5776.
We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is an agreement required by data protection law that ensures the service provider processes the personal data of our website visitors exclusively in accordance with our instructions and in compliance with the GDPR
This Privacy Policy is current as of January 2025.
We reserve the right to update the Privacy Policy from time to time to improve data protection and/or adapt it to changes in government practice or case law. Information about our data protection agreement between us and our customers can be found here.
This Privacy Policy applies to the following social media sites
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, X, etc., can generally analyze your user behavior in detail when you visit their website or a website with integrated social media content (e.g., “Like” buttons or advertising banners). Visiting our social media presence results in numerous data processing activities relevant to data protection. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In that case, this data collection takes place, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media platforms can create user profiles that store your preferences and interests. This allows interest-based advertising to be displayed to you both on and outside the respective social media platforms. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing may therefore be carried out by the operators of the social media platforms. For more information, please refer to the terms of use and privacy policies of the respective social media platforms.
Legal Basis
Our social media presence is intended to ensure the broadest possible online presence. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on various legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) of the GDPR).
Data Controller and Enforcement of Rights
When you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing initiated during this visit. You may exercise your rights (right to information, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) against both us and the operator of the relevant social media portal (e.g., Facebook).
Please note that, despite our joint responsibility with the operators of the social media portals, we do not have full control over the data processing procedures of the social media portals. Our options are largely determined by the company policies of the respective provider.
Retention Period
The data collected directly by us through our social media presence is deleted from our systems as soon as you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.
We have no influence over the storage period of your data that is stored by the social network operators for their own purposes. For more information, please contact the social network operators directly (e.g., in their privacy policies, see below).
Your Rights
You have the right to receive information at any time, free of charge, regarding the origin, recipient, and purpose of your stored personal data. You also have the right to object, the right to data portability, and the right to file a complaint with the competent supervisory authority . In addition, you may request the rectification, blocking, erasure, and, under certain circumstances, restriction of the processing of your personal data.
Social Networks in Detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platform Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the collected data is also transferred to the United States and other countries.
We have entered into a joint controller agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your ad settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The transfer of data to the United States is based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.
More information can be found in Facebook’s privacy policy:
https://www.facebook.com/about/privacy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452
Instagram
We have a profile on Instagram. The provider of this service is Meta Platform Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/4452
XING
We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. For more information on how they handle your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn’s advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfers to the United States are based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.
For more information on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5448
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF commits to complying with these data protection standards. More information on this can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/5780
TikTok
We have a profile on TikTok. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Details on how they handle your personal data can be found in TikTok’s privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.
Data transfers to non-secure third countries are based on the European Commission’s Standard Contractual Clauses. Details can be found here:
Please feel free to inquire about what we can do for you.
