Thank you for your interest in our websites and the services we offer. We take the protection of your personal data (hereinafter referred to in short as “data”) very seriously. The purpose of this document is to inform you about the type of data we collect when you visit our website and use the website content and how we subsequently process or use this data, as well as the technical and organisational measures we have implemented to protect your data.
Section 1 Information on the collection of personal data
1.1 The purpose of this document is, therefore, to provide you with information about the data we collect when you use our services. Personal data means any information relating to you personally, e.g. name, address, email addresses, user behaviour, IP address.
1.2 The data controller within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Veganz Group AG, Warschauer Str. 32, 10243 Berlin, firstname.lastname@example.org(for further details, please refer to our Company and Legal information).
You can contact our data protection officer at email@example.com or at our postal address, by addressing your correspondence to the “Data protection officer”.
1.3 If you contact us by email or using our contact form, we will store the information you provide us with (your name and email address, or telephone number) to respond to your query. We will erase the data we collected on this basis when it is no longer required or we will restrict the processing where we have to comply with statutory retention requirements.
1.4 Where we use contractors to provide individual functions and features of our website or if we wish to use your data for advertising purposes, we will inform you about the respective processes below. In doing so, we also specify the criteria determining the length of storage.
Section 2 Your rights
2.1 You have the following rights with respect to personal data concerning you:
– Right of access,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.
2.2 You also have the right to lodge a complaint with the competent supervisory authority about our processing of your personal data.
Section 3 Collection of personal data when visiting our website
3.1 If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data that are technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Article 6 (1) (f) GDPR):
– IP address
– Date and time of access
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/ HTTP status code
– Amount of data transferred
– The referring website from which you accessed our website
– Browser used to access the website
– Operating system and its interface
– Language and version of the browser software
– The last page you visited
This includes the making of backup copies in our backup systems.
This website uses the following types of cookies, the scope and functionality of which will be explained below:
– Transient cookies (see a)
– Persistent cookies (see b).
a) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies, which store a so-called session ID that can be used to assign different browser requests to the entire session, thereby enabling us to recognise your computer if you visit our website again. Session cookies are deleted when you log out or close your browser.
b) We use persistent cookies to identify you when you return to our website. This only works if you have an account with us. Otherwise you would have to log in again when you return to our website. Persistent cookies are automatically deleted after a specified period, which can differ from cookie to cookie. You can delete cookies in the security settings of your browser at any time.
We also use HTML5 storage objects which are stored on your device. These objects store the necessary data independently of the browser you are using and have no automatic expiry date. You can prevent HTML5 storage objects being used by setting your browser to private mode. In addition, we recommend that you regularly delete your cookies and the browser history manually.
3.3 affilinet tracking
We use affilinet tracking cookies to promote our products more effectively. affilinet tracking cookies do not store any personal data whatsoever; instead, they merely store the ID of the partner acting as the intermediary and the organizational number of the advertising material clicked on by the user (banner, text link, etc.), which are needed to process payments. The partner ID is used, when a transaction is finalised, to allocate the commission payable to the partner acting as an intermediary.
Section 4 Other features and content of our website
4.1 In addition to information, our website also offers various services, which you can use if interested. If you decide to do so, you will have to provide us with additional personal data for us to provide you with the respective service which will be governed by the aforementioned data processing principles.
4.2 We may use external service providers to process your data. These have been carefully selected and mandated by us, are bound by our instructions and are subject to regular checks.
4.3 Furthermore, we may disclose your personal data to third parties if we offer promotions, competitions, contracts or similar services together with partners. You will receive further information in the description of our services. Where required, we will provide you with further details and ask for your consent.
4.4 If the service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the implications of this fact in the description of the service.
Section 5 Objection or withdrawal of consent to processing your data
5.1 If you have given consent to the processing of your data, you can withdraw it at any time. The withdrawal of consent affects the lawfulness of processing of your personal data after its withdrawal.
5.2 To the extent that we base the processing of your personal data on the balance of interests, you may object to the processing of your data. This is, in particular, the case where the processing is not necessary for the performance of a contract with you, which we describe in the descriptions of functions. When you exercise your right to object, we ask you to explain the reasons why we should not process your personal data. If your objection is valid, we will review the facts of the case and will either stop or adjust the data processing or demonstrate to you that we have legitimate grounds for continuing to process your data.
5.3 You have the right to object to the use of your personal data for advertising and data analysis purposes at any time. You can use the following contact details to notify us of your decision to object to the processing of your data: firstname.lastname@example.org.
Section 6 Use of our online store
6.1 If you would like to place an order in our online store, you will have to provide us with your personal data to process your order and to conclude the contract. The mandatory information for performance of the contract is marked separately; any further details are voluntary. We use the data you provide to process your order. We may pass your payment data on to our bank. The legal basis for this is Article 6 (1) (b) GDPR.
You have the option to create a customer account that allows us to store your information for future purchases. If you create an account under “My Account”, the data you provide and the orders you have placed will be revocably stored. If you wish to have your data erased, please contact our customer service at email@example.com or create an erasure order to delete your customer account in your customer area.
6.2 Pursuant to Article 7 (3) of the German Act against Unfair Competition (UWG), we may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information if you have not objected to the use of your data for advertising purposes.
6.3 Under the provisions of the applicable commercial and tax laws, we are obliged to retain your address, payment and order data for a period of ten years. However, after two years we restrict the processing of your data, i.e. your data will only be used to comply with legal requirements.
6.4 To prevent unauthorised access of third parties to your personal data and in particular, financial data, the ordering process is encrypted using TLS.
Section 7 Use of the blog functions and features
You can make public comments on our blog, where we publish various articles on topics related to our activities. Your comment will be published with your username. We recommend that you use a pseudonym instead of your legal name. Only the username and email address are required, all other information is optional. If you leave a comment, we will continue to store your IP address, which we will delete after one week. The storage is necessary for us to be able to defend ourselves against any potential liability claims due to the publication of illegal content. We need your email address to contact you if a third party objects to your comment and flags it as illegal. The legal basis for this is Article 6 (1) (b) and (f) GDPR. The comments will be unlocked if they comply with our ethical standards and are not obviously illegal. We reserve the right to delete comments which have been objected to and flagged as illegal.
Section 8 Newsletter
8.1 We use the provider MailChimp, The Rocket Science Group, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (hereinafter referred to in short as “Rocket”). The data stored during registration will be transmitted to Rocket and stored by Rocket. The data entered during registration will not be transmitted to other third parties.
8.2 By giving your consent, you can subscribe to our newsletter, which we use to inform you about our latest interesting offers. The promoted goods and services are specified in the declaration of consent.
8.3 We use the so-called double opt-in process for subscriptions to our newsletter. This means that once you have subscribed to our newsletter, we will send you an email to the email address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your subscription within 24 hours, your information will be blocked and automatically deleted. In addition, we store your IP addresses and the date and time of your subscription and confirmation. This process allows us to demonstrate that you have subscribed to the newsletter and to investigate any possible misuse of your personal data.
8.4 The only mandatory information you need from you is your email address. The specification of additional, separately marked data is voluntary and will be used to address you individually. We store your email address for the purpose of sending you the newsletter. The legal basis for this is Article 6 (1) (a) GDPR.
8.5 You can withdraw your consent and unsubscribe from the newsletter at any time. You can withdraw your consent by clicking on a link provided in every newsletter, by completing this form on the website or by sending us a message using the contact details specified in company and legal information.
8.6 We point out that we analyse usage patterns when sending the newsletter. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels that represent one-pixel image files stored on our website. For evaluation purposes, we link the above data (Section 3.1) and web beacons to your email address and your individual ID. Links included in the newsletter also contain this ID.
The information will be stored as long you are subscribed to the newsletter. Such tracking is also not possible if you have deactivated the display of images in your email program by default. In this case, the newsletter will not be displayed completely and you may not be able to use all the functions and features. If you display the external content manually, the above-mentioned tracking will work.
Section 9. Google Analytics
9.1 Use of Google Analytics
a) This website uses Google Analytics a website analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be truncated within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google uses this information to analyse your use of this website, compile reports on activity on the website and to provide other services relating to website activity and internet use.
b) You can prevent the storage of cookies by changing the relevant settings in your browser. However, please note that if you do this you may not be able to use all the functions and features of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in provided under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
c) This website uses Google Analytics with a setting to anonymise IP addresses. As a result, IP addresses are further processed in a truncated form to prevent them from being traced back to any particular individual. If the data collected about you is personally identifiable, it will be blocked immediately.
d) We use Google Analytics to analyse the use of our website and to enhance the user experience on an ongoing basis. Using the statistics obtained, we can improve the products and services we offer and make them more appealing to you as a user. To cover those exceptional cases where personal data are transmitted to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 (1) (f) GDPR.
9.2 Facebook Pixel
a) As part of our online communications, we also use the services of the social media platform Facebook for interest-based user communication. We use “Facebook Pixel” from the provider Facebook Ireland, 4 Grand Canal Square, Dublin 2, Ireland.
These allow the behavior of website visitors to be tracked after they click on a Facebook ad to be taken to the provider’s website. This process is designed to evaluate the effectiveness of Facebook ads for statistical and market research purposes and may help to optimise future advertising activities.
If you wish to opt-out of using Facebook ads, you can do so in the user settings of your Facebook account. You can also prevent the storage of cookies used for profiling purposes by changing the relevant settings in your browser software. Depending on your browser, you may have the option to install a browser plug-in that prevents tracking.
You can disable (opt-out) Facebook pixel tracking with the following settings.
We also use HTML5 storage objects which are stored on your device. These objects store the necessary data independently of the browser you are using and have no automatic expiry date. You can prevent HTML5 storage objects being used by setting your browser to private mode. In addition, we recommend that you regularly delete your cookies and the browser history manually.
Our website uses the web analysis service Hotjar of Hotjar Ltd. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, Phone: +1 (855) 464-6788).
With this tool, movements on the websites where Hotjar is used can be traced (so-called heat maps). For example, you can see how far users scroll and which buttons users click on how often. Furthermore, the tool also makes it possible to obtain feedback directly from the users of the website. Above all, Hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, more valuable and easier for end users to use.
When using this tool, we pay special attention to the protection of your personal data. For example, we can only track which buttons are clicked, the course of the mouse, how far it scrolls, the screen size of the device, device type and browser information, geographic location (country only) and the preferred language to display our website. Areas of the websites where personal data of you or third parties are displayed are automatically hidden by Hotjar and therefore cannot be traced at any time. In order to exclude a direct personal relationship, IP addresses are only stored and processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser in the context of web page requests. This could be cookies or your IP address, for example. In these exceptional cases, in accordance with Art. 6 para. 1 letter a GDPR, this processing is carried out on the basis of the consent you have given for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.
Hotjar offers each user the possibility of preventing the use of the Hotjar tool by means of a “Do Not Track” header, so that no data about the visit of the respective website is recorded. This is a setting that is supported by all common browsers in current versions. To do this, your browser sends a request to Hotjar to disable tracking for that user. If you use our websites with different browsers/computers, you must set up the “Do Not Track” header for each of these browsers / computers separately. You can use the Opt-Out for this website by using the following button:
You may prevent Hotjar from collecting your information at any time when you visit a Hotjar-based website by going to the opt-out page https://www.hotjar.com/legal/compliance/opt-out/ and clicking on “Disable Hotjar”.
For more information about Hotjar Ltd. and about the Hotjar tool, see
a) We use the software “Matomo” (www.matomo.org) on this website, a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The software sets a cookie (a text file) on your research, with which your browser can be recognized. If subpages of our website are called up, the following data is stored:
- the IP address of the user, shortened by the last two bytes (anonymized)
- the sub-page called up and the time of the call-up
- the page from which the user accessed our website (referrer)
- which browser with which plugins, which operating system and which screen resolution is used
- the time spent on the website
- the pages that are visited from the accessed sub-page
The data collected with Matomo is stored on our own servers. It is not passed on to third parties.
The legal basis on which we process personal data using Matomo is Art. 6 (1) lit. f of the DSGVO.
We need the data to analyze the surfing behavior of users and to obtain information about use of the individual components of the website. This enables us to continuously optimize the website and its user-friendliness. These purposes are the basis of our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. By anonymizing the IP address, we take into account the interest of users in the protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.
The data is deleted when it is no longer needed for our purposes.
b) You can object to the recording of data in the manner described above in three different ways:
- you can completely prevent the storage of cookies in your browser. However, this means that you may no longer be able to use some functions of our website that require identification (shopping cart, orders, personal settings, etc.).
You can activate the “Do-not-track” setting in your browser. Our Matomo system is configured to respect this setting.
You can create a so-called opt-out cookie with a mouse click below, which is valid for two years. It has the effect that Matomo will not register your further visits. Note, however, that the opt-out cookie will be deleted if you delete all cookies.
Section 10 Social media
10.1 Use of social media plug-ins
a) We currently use the following social media plugins by the social media platforms Facebook, WhatsApp, Twitter and Google+. To protect your data when you visit our website, these plugins are not directly integrated into our website but are embedded into the page via an HTML link (using the Shariff solution developed by c’t). This ensures that when you visit one of the pages of our website that contains such plugin, no connection is automatically established with the servers of the respective social network providers. Instead, when you click on one of the buttons, a new browser window will open and display the page of the respective social media platform, where you can, for example, click the like or share button (if necessary, after entering your login data). In addition, the data specified in Section 3.1 of this policy will be transmitted. In the case of Facebook and Xing, the IP address is anonymised immediately after collection according to information provided by the respective providers in Germany. By activating the plug-in, you will therefore transmit personal data to the respective plug-in provider and stored there (in the case of US-based providers, the data will be stored in the US). Since the plug-in provider collects data mainly through cookies, we recommend that you delete all cookies before clicking on the greyed-out box using your browser’s security settings.
b) We have no influence over the collected data and data processing, nor are we aware of the full scope of data collection, the purposes of data processing and the storage periods. We also have no information on erasure of the data collected by the plug-in providers.
c) The plug-in provider stores the data collected in user profiles and uses it for advertising, market research purposes and/or customise its website. Such an evaluation is carried out in particular (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, please contact the plug-in provider directly. By using the plug-ins, we provide you with the opportunity to interact with social networks and other users, which allows us to improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Article 6 (1) (f) GDPR.
d) The data is passed on regardless of whether you have an account with the plug-in provider and you are logged in there. If you are logged into the plug-in provider, the provider will be able to link the data collected at our website with your existing account with the plug-in provider. If you press the activated button and if you, e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts.
e) For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of these providers, which are provided below. There you will also find further information about your rights and configuration options for protecting your privacy.
f) Addresses of the plug-in providers and the URL of their respective privacy policies:
– Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
– Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
– WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; https://www.whatsapp.com/legal/#privacy-policy. Terms of service: https://www.whatsapp.com/legal/#terms-of-service. WhatsApp’s parent company in the US has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
10.2 Integration of YouTube videos
a) We have embedded YouTube videos on our website. YouTube is a platform owned by Google (see Section 10.2 d)). The videos are stored on http://www.youtube.com and can be directly viewed on our website. These are all integrated and embedded in the “enhanced privacy mode”, i.e. no data about you as user are transferred to YouTube if you do not play the videos. Only when you play the videos, the data referred to in Section 10.2 b) will be transmitted. We have no influence over this data transmission.
b) When you visit this website, YouTube receives the information that you have accessed a particular sub-page of our website. In addition, the data specified in Section 3.1 of this policy will be transmitted. This takes place irrespective of whether you have a YouTube account that you are logged in or not. When you are logged into Google, your data will be directly linked with your account. If you do not wish this data to be linked to your YouTube profile, you have to log out before clicking on the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and /or customisation of its website. Such an evaluation is carried out in particular (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, please contact YouTube directly.
d) Information on the third-party provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, email: firstname.lastname@example.org. Represented by: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). The authorised recipient on behalf of YouTube LLC within the meaning of Article 5 (1) of the Network Enforcement Act (NetzDG) is Google Germany GmbH, Legal Department, ABC-Straße 19, 20354 Hamburg, Germany. This authorisation relates exclusively to communications in relation to social networks within the meaning of Article 1 (1) NetzDG and illegal content within the meaning of Article 1 (3) NetzDG.
10.3 Integration of Google Maps
a) We use Google Maps functions and features on this website. This allows us to display interactive maps directly on our website to enhance the user experience.
b) When you visit this website, Google receives the information that you have accessed a particular sub-page of our website. In addition, the data specified in Section 3.1 of this policy will be transmitted. This takes place irrespective of whether you have a Google account that you are logged in or not. When you are logged into Google, your data will be directly linked with your account. If you do not wish this data to be linked to your Google profile, you have to log out before clicking on the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and /or customisation of its website. Such an evaluation is carried out in particular (even for non-logged-in users) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, please contact Google directly.
Section 11 Online advertising
11.1 Use of Google Adwords
a) We use the offer of Google Adwords to draw attention to our attractive offers with the help of advertising materials (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising activities are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting to you and to achieve a fair calculation of advertising costs.
b) These advertising materials are delivered by Google through so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success can be measured, such as the display of advertisements or of clicks by users. If you access our website through a Google ad, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and cannot be traced back to you. This cookie will typically store the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant to post-view conversions), and opt-out information (mark that the user no longer wishes to receive info).
c) These cookies enable Google to recognise your Internet browser. If a user visits certain pages of an Adwords customer’s website and the cookie stored on their computer has not expired, Google and the customer will be able to detect that the user clicked on the ad and was redirected to that page. Each Adwords customer is assigned a different cookie. Thus, cookies cannot be tracked using the websites of Adwords customers. We do not process any personal data ourselves in the aforementioned advertising measures. We receive only statistical evaluations provided by Google. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.
d) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence over the extent and further use of the data collected by the use of this tool by Google and therefore, the information we provide you with is based on our current understanding: by integrating AdWords, Google receives the information that you accessed the relevant part of our website or clicked on an ad from us. If you’re registered with a Google service, Google may link your visit with your account. Even if you are not registered with Google or you are not logged in, there is a chance that the provider will find and store your IP address.
e) You can prevent participation in this tracking process in several ways: a) by setting your browser software accordingly, in particular, by blocking third-party cookies will prevent you from receiving any third-party ads; b) By disabling the cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.com/settings/ads, whereby this setting is deleted if you delete your cookies; c) by deactivating interest-based advertisements of the providers that are part of the “About Ads” self-regulation campaign via the link ww.aboutads.info/choices, whereby this setting is deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that if you do this, you may not be able to use all the functions and features of this website.
f) The legal basis for the processing of your data is Article 6 (1) (f) GDPR. For more information about privacy at Google, please refer to: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org. Google has submitted to the EU-US privacy shield (https://www.privacyshield.gov/EU-US-Framework)
11.2 Facebook Custom Audiences
a) This website uses the remarketing function “Custom Audiences” of Facebook Inc. “(“Facebook”). This is a function offered by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. This allows users of the website to see interest-based advertisements (“Facebook ads”) when visiting the social media platform Facebook or other websites that also use this process. We are interested in showing you advertisements that are of interest to you in order to make our website more appealing.
b) Due to the marketing tools used, your browser automatically establishes a direct connection to the Facebook server. We have no influence over the extent and further use of the data collected by the use of this tool by Facebook and therefore, the information we provide you with is based on our current understanding: by integrating Facebook Custom Audiences, Facebook receives the information that you accessed the relevant part of our website or clicked on an ad from us. If you’re registered with a Facebook service, Facebook may link your visit with your account. Even if you are not registered with Facebook or you are not logged in, there is a chance that the provider will find and store your IP address and other
c) The “Facebook Custom Audiences” function can be deactivated for logged in users at https://www.facebook.com/settings/?tab=ads#_.
Section 12 Applications to job Postings
12.1 Personal data collected as part of the application process
Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes information such as, for example, your name, address, telephone number and date of birth, but also data relating to your specific career etc. by reference to which a specific individual can be identified with reasonable effort. However, information which cannot be (in)directly associated with your real-life identity is not personal data.
12.2 Fundamentals and purposes of processing personal data collected from application documents and during the application process
If you apply to us electronically, i.e. via e-mail or using our online form, we will collect and process your personal data for the purpose of executing the application process and preparing contracts.
By submitting an application via our recruitment website, you express your interest in taking up work with us. In this context, you transmit personal data, which we will use and store exclusively for the purpose of your job search / application process.
In particular, the following data is collected during this process:
- name (first and last names)
- e-mail addressphone number
- LinkedIn profile (optional)
- channel through which you found us
Furthermore, you can choose to upload expressive documents such as a cover letter, your CV and reference letters. These may contain additional personal data such as date of birth, address etc.
Only authorized HR staff and/or staff involved in the application process have access to your data.The personal data is stored, as a rule, exclusively for the purpose of filling the vacancy for which you have applied.Your data will be stored for a period of 90 days after the application process has been concluded. This is usually done to fulfill legal requirements and/or defending ourselves against any claims arising from legal provisions. After this period, we are obligated to delete or anonymize your data. In case of anonymization, the data will only be available to us in the form of so-called metadata, without any direct personal reference, for statistical analysis (for example, share of male and/or female applicants, number of applications per specified period of time etc.).
Furthermore, we reserve the right to store your data for 90 days after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, applications for apprenticeships or internships. By accepting the data privacy statement, you consent to any further storage of your data as well as its inclusion in our Talent Pool.Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application process for at least the duration of your employment.
12.3 Disclosure of data to third parties
Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers a human resource and applicant management software solution (https://www.personio.com/legal-notice/). In this context, Personio is our processor under article 28 of the GDPR. In this case, the processing is based on an agreement for the processing of orders between us as the controller and Personio.
12.4 Rights of data subjects
If we as the controller process personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR.To assert your rights as a data subject in relation to the data processed during this online application process, please refer to our Data Protection Officer (see item 2).
Section 13 Other user environments
In addition to our website, we also have a presence on various platforms, e.g. social media such as Facebook, Twitter and Instagram. In these user environments, we only use typical data used in communications, such as your username. We do not store this data and we do not use this data for any other purpose.