Data Security & Cookies - DFGE - Institute for Energy, Ecology and Economy

The protection of your privacy is an important concern for us. We only process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and other statutory data protection provisions, in particular the Federal Data Protection Act (BDSG). It goes without saying that all data will be treated confidentially. With the following data protection information, we would like to explain to you in more detail how your data is handled when using our websites.

A. General information on the collection of personal data

In principle, the collection, processing and use of personal data for the use of our website is limited to the necessary extent and the necessary data. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour. In addition, we use the widespread SSL (Secure Socket Layer) procedure within our website in conjunction with the highest encryption level supported by your web browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

Responsible institution

The responsible party for the collection, processing and use of your personal data pursuant to Art. 4 (7) GDPR is:

DFGE – Institute for Energy, Ecology and Economy GmbH

Phone: +49 8192 99 7 33-20

Fax: +49 8192 99 7 33-29

E-Mail:

B. Purposes and legal basis of the processing of your personal data as well as further information on the specific data processing

I. General processing of our business partners’ data

1. Description and scope of data processing

We also store your personal data (e.g. e-mail address, postal address, telephone number, …) for the purpose of processing business relationships with our business partners (customers, suppliers, other business partners). The personal data that we collect for this purpose is used internally by the departments that are involved in the processing of the business relationship.

This data may be combined and stored with the data of other orders, enquiries and business correspondence that you send to us by other means (fax, post, telephone, …).

2. Purposes of data processing

We process your personal data for the purposes that are necessary for the performance of the business relationship between you and us in each case, such as for the following purposes:

preparing quotations to customers for services
determination of your individual prices
internal processing of your order
contract negotiations
clarification of all technical aspects of the products and services from the business relationship
payment transactions
general business correspondence

If necessary, we also use the help of service providers (e.g. banks for payment processing). We will only pass on your data to such third parties to the extent necessary for the fulfilment of these tasks.

Our legitimate interest in using external service providers, such as financial service providers, is to provide our services as efficiently and effectively as possible and thus as quickly and cost-effectively as possible for you. Third parties who receive personal data from our business partners are obliged to comply with data protection regulations.

We reserve the right to pass on your personal data to external service providers for the purpose of carrying out a credit check in order to safeguard our legitimate interest in securing our receivables. We receive information from these credit agencies about your previous payment history and credit ratings. This data enables us to evaluate our business relationship and is used by us to decide on a delivery and for our protection against payment defaults.

3. Legal basis for data processing

The legal basis for the processing of your data is sect. 6 para. 1 p. 1 lit. a and f GDPR. The processing is based on implied consent and on our legitimate interests. Our legitimate interests follow from the purposes for data collection described above. If the business relationship is specifically aimed at concluding a contract, the additional legal basis for the processing is sect. 6 (1) sentence 1 lit. b GDPR.

4. Duration of storage

We store your personal data for the duration of our business relationship or in accordance with the statutory retention periods.

II. Visit our websites

1. Description and scope of data processing

Each time you visit our website, our systems automatically collect data and information from the computer system of the calling computer (personal data that your browser transmits to our server). This also occurs if you do not register or otherwise transmit information to us, for example by actively entering it. The following data is collected in any case when you visit our websites:

IP address of the user
Date and time of the request or access
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes (from which the user’s system accesses our website)
Website that is called up by the user’s system via our website
Information about the type of browser and the version used
Operating system and its interface
Language and version of the browser software

This data is stored in the log files of our system. Storage together with other of your personal data does not take place on a regular basis.

2. Purposes of data processing

The storage of the aforementioned data, in particular the IP address by our systems, is generally only carried out temporarily for the duration of the session and is necessary to enable the proper operation and presentation of the website. This processing of your data also serves the purposes of evaluating and continuing to ensure system security and system stability, as well as other administrative purposes.

If your data is stored in our log files, this is also only done to ensure the functionality of our websites. In addition, we use the data to optimise and ensure the security of our information technology systems.

An evaluation of the data for marketing purposes does not take place in this context.

3. Legal basis for data processing

The legal basis for the processing and temporary storage of your personal data is sect. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interests follow from the purposes for data collection described above.

4. Duration of storage

Your data will be deleted as soon as it is no longer required to achieve the purpose. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of your data in log files, this is the case after seven days at the latest. Storage beyond this period is only provided for in exceptional cases, for example if this is necessary for technical reasons or to improve our systems. In this case, the IP addresses of the users are deleted or alienated so that an assignment is no longer possible.

5. Possibility of objection and removal

The collection of your data for the provision of the website and the possible storage in log files is absolutely necessary for the operation of the website.

There is therefore no possibility to object.

III. Contact form, e-mail contact

1. Description and scope of data processing

Our website contains a contact form that you can use to get in touch with us. When you use the contact form, the data entered in the input mask is transmitted to us and stored:

Mandatory: e-mail address
Voluntary: Surname, first name

In addition, your IP address as well as the date and time of the request will be stored. Your consent is obtained for the processing of the data during the submission process and reference is made to this data protection declaration.

In addition, it is possible to contact us via e-mail addresses provided by us. In this case, your personal data transmitted with the e-mail will be stored and further processed by us, in particular in order to process your enquiry or the reason for your contacting us.

The data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis of the data processing

The legal basis for processing your data when using the contact form is your consent in accordance with sect. 6 (1) sentence 1 lit. a GDPR.

The legal basis for the processing of your data when sending us an e-mail is sect. 6 para. 1 p. 1 lit. a as well as f GDPR. The processing is based on an implied consent as well as on our legitimate interests. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is sect. 6 (1) sentence 1 lit. b GDPR.

3. Purposes of data processing

The processing of the personal data from the input mask or the e-mail sent to us only serves to process your contact with us. In the case of contacting us by e-mail, this constitutes the necessary legitimate interest for us to process the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

We will delete your data as soon as we no longer need it for the purposes described. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with you has ended. As a rule, the conversation is ended when the circumstances indicate that the reason for your contacting us has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of 7 days at the latest.

5. Possibility of objection and removal

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, however, it may not be possible to continue the conversation with you. All personal data stored in the course of contacting you will be deleted in this case.

IV. Integration Whistleblowing Form

1. Description and scope of data processing

Our website contains a whistleblowing form that you can use to contact us. In accordance with our Code of Conduct, you can report violations here. The topics you can cover here are: Environmental violations Labour / human rights violations, e.g. discrimination, harassment, social dialogue, working hours, forced labour, child labour, etc. Ethics: corruption, money laundering, conflict of interest, bribery, etc. Data security issues and any other issue you consider relevant. When using the form, the data entered in the input mask will be transmitted to us and stored:

Mandatory: email address, stakeholder, category, description of the incident.
Voluntary: Name

In addition, your IP address and the date and time of the request are stored. Your consent is obtained for the processing of the data during the submission process and reference is made to this data protection declaration.

The data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. Legal basis of the data processing

The legal basis for the processing of your data when using the whistleblowing form is your consent pursuant to sect. 6 (1) p. 1 lit. a GDPR.

3. Purposes of data processing

The processing of the personal data from the input mask only serves to process your contact with us. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

We will delete your data as soon as we no longer need it for the purposes described. For the personal data from the input mask of the contact form, this is the case when the respective conversation with you has ended. As a rule, the conversation is ended when the circumstances indicate that the reason for your contacting us has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of 7 days at the latest.

5. Possibility of objection and removal

V. Electronic newsletter

1. Description and scope of data processing

When sending our electronic newsletter, to which you can subscribe, we process the following of your personal data:

Mandatory: e-mail address
Optional: First name, last name

For sending the electronic newsletter, it is mandatory to provide the e-mail address. The processing of your further data serves the personalisation of these contacts as well as the specialisation of the offers and information and is voluntary.

2. Purposes of data processing

We process your e-mail address in order to contact you for the purpose of sending you our electronic newsletter, to inform you about current events and, if applicable, current developments and to maintain our contractual relationship with you. In addition, we use this data for advertising messages by e-mail and, if we have received your e-mail address in connection with our products and services, for advertising measures about our own similar products and services.

3. Legal basis for data processing

In order to send you our newsletter, we will always obtain your express declaration of consent. For this purpose, we use the so-called double opt-in procedure. After you have registered for the newsletter, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses used and times of registration and confirmation. The purpose of this procedure is to prove your registration and to be able to clarify a possible misuse of your personal data.

Insofar as we only process your data in exceptional cases not already based on your explicit consent, your personal data will only be processed to the extent that this is necessary to protect our legitimate interests or the legitimate interests of a third party and does not override your interests or fundamental rights and freedoms that require the protection of personal data (sect. 6 para. 1 p. 1 lit. f GDPR).

4. Duration of storage

We will delete your data as soon as we no longer need it to achieve the purposes described. We will store your personal data for advertising and information purposes, i.e. sending information and offers about services, for a maximum period of one year from the last relevant contact with you. Relevant contact is, for example, when there is verbal, telephone or reciprocal written communication between us.

5. Possibility of objection and removal

You can revoke your consent at any time and thus unsubscribe from receiving information about current and future products, services or other information about us. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to by sending a message to our contact details provided. If you object to the use of your data, we will no longer send you promotional communications.

VI. General information on the use of cookies

When you visit and use our website, cookies are stored on your computer. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

Some of them are essential, i.e. they are technically necessary for the operation of our website. Other cookies are used for statistical purposes or to analyse access to our website, or for marketing purposes or to offer you the use of external media. Both temporary/session cookies and longer stored cookies (so-called permanent cookies) are used. Temporary cookies are deleted as soon as you close your browser. Permanent cookies remain for a longer period of time, but can be deleted manually at any time. Some of the cookies are placed by third parties.

The legal basis for data processing when using essential cookies is sect. 6 para. 1 p. 1 lit. f GDPR, when using all other cookies the legal basis is your consent according to sect. 6 para. 1 p. 1 lit. a GDPR. If we do not process your data on the basis of your explicit consent, your personal data will only be processed to the extent that this is necessary to protect our legitimate interests or the legitimate interests of a third party and does not override your interests or fundamental rights and freedoms that require the protection of personal data.

Detailed information about the use of the respective cookies, in particular about their purpose, the respective function duration and to what extent they are placed by third parties or third parties have access to the data collected via the cookies, can be found in our “Cookie settings” in addition to the present information of our data protection declaration. Here you will also find detailed information on the legal basis for the respective data processing, depending on the category of cookies used.

You can consent to the use of the respective categories of cookies individually; you can also change your consent given in each case at any time under the “Cookie settings” subpage or revoke it from us.

VII. External links

Insofar as our websites link to the pages of other providers or partners, our data protection declaration does not apply to their content. We have no influence on the compliance with legal data protection regulations by these third-party providers. Information about the data protection of the operators of these sites can be found on the respective websites.

C. Applicant data

I. Description and scope of data processing

If you apply for a job offer or send us a speculative application, you agree that we may store the documents sent to us and use the information contained therein to process your application. As a rule, your documents contain special categories of personal data (e.g. information on marital status; information on health; a photo that allows conclusions to be drawn about your ethnic origin and, if applicable, eyesight and/or religion; similarly sensitive data within the meaning of sect. 9 GDPR), which may only be processed in the present form with your consent. You consent to us processing the special categories of personal data contained in your letter of application and the enclosed documents for the purpose of carrying out the application procedure.

II. Purposes of data processing

This consent is solely for the purpose of being able to consider the application in its present form. The information will not be taken into account in the application process unless there is a legal obligation to do so. You can refuse your consent to the processing of the application in the application process without giving reasons and revoke any consent given at any time, for example by e-mail. In the event of revocation, your data covered by the consent will be deleted immediately. This has the consequence that the data processing that was based on this consent may no longer be continued for the future. In the event of non-granting or revocation of consent, an application already submitted cannot be considered in its present form.

III. Duration of storage

If your application is unsuccessful, you can consent to your personal data provided throughout the application process (e.g. in cover letters, CVs, certificates, applicant questionnaires, applicant interviews) being stored beyond the end of the specific application process. To this end, you can consent to us using this data to contact you at a later date and to continue the application process should you be considered for another position. If special categories of personal data pursuant to sect. 9 of the GDPR have been provided via the application documents (e.g. a photo that reveals ethnic origin, information on severely disabled status, etc.), the consent also applies to this data. This consent also applies to data about your qualifications and activities from generally accessible data sources (in particular professional social networks) that we have permissibly collected as part of the application process. Your data will not be passed on to third parties. This consent is voluntary and has no effect on your chances in the current application process. You can also revoke your consent at any time. In this case, your data will be deleted immediately after completion of the application process. This has the consequence that we may no longer continue the data processing based on this consent for the future.

IV. Legal basis of the data processing

The legal basis for data processing in the case of applications is your consent in accordance with sect. 6 para. 1 p. 1 lit. a GDPR.

D. Webinars/ Use of gotowebinar

I. Description, scope and purpose of data processing

In addition to webinars on various reporting standards such as the CDP or EcoVadis, we also offer online training for other products – for example, on our new complete solution on the topic of climate strategy. For this purpose, we use the gotowebinar tool, a service provided by LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland (hereinafter “LogMeIn”).

When visiting the Website(s) and/or using LogMeIn’s services, you provide the following categories of personal data:

Customer Account and Registration Data is data you provide when you create your account with LogMeIn, when you request support or technical assistance, or when you register for events, webinars, whitepapers and surveys, which typically includes first and last name, billing address and a valid email address. LogMeIn requires this information to provide services to you, to maintain and support your account, and to collect payments.

Service Data (including session, location and usage data): When you use the gotowebinar tool, LogMeIn receives data that you or others voluntarily enter, including schedules and attendee lists, as well as data that is automatically logged by the service – for example, session duration, connections made, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and other diagnostic data. LogMeIn needs this information to provide, operate and improve its services. LogMeIn collects location-based data for the purpose of providing, operating and supporting the Service, as well as for fraud prevention and security monitoring; you may opt-out of the transfer of location data on mobile devices at any time by disabling location data services through the settings menu on your device.

LogMeIn seeks to limit the types and categories of personal data collected from and processed on behalf of its users to include only information that is necessary to achieve the purpose(s) for which it was collected and LogMeIn does not use personal data for additional purpose(s) incompatible with its original collection. LogMeIn has implemented measures and policies designed to ensure that it only collects information from users that LogMeIn believes is necessary to provide a quality service to the user.

II. Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of sect. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of sect. 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist to ensure that data protection is sufficiently guaranteed in the US. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.

Although LogMeIn has submitted to corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against LogMeIn in the long term. Furthermore, the technical and organisational measures for the protection of personal data at LogMeIn may not fully meet the requirements of the GDPR in terms of quantity and quality.

There is thus the possibility that the standard contractual clauses of the European Commission used by LogMeIn do not constitute sufficient guarantees within the meaning of sect. 46 (2) a) of the GDPR.

By consenting to the collection of data by LogMeIn, you also expressly consent to the transfer of data as set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

III. Legal basis of the data processing

The legal basis for the processing of your data is sect. 6 para. 1 p. 1 lit. a and f GDPR. The processing is based on your explicit consent and on our legitimate interests.

IV. Duration of storage

The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected. We have no influence on the storage period of your data that is stored by LogMeIn for its own purposes.

V. Further information

Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this regard and setting options for protecting your privacy can be obtained from LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland and at https://www.logmein.com/de/legal/privacy/international.

E. Disclosure of your data to third parties

We do not share personal information with companies, organisations or individuals outside of our business except in one of the following circumstances:

I. With your consent

We disclose personal data to third companies, organisations or persons outside our company if you have given us your explicit consent to do so.

II. Processing by other bodies

We may provide your personal data to our third party business partners, other trusted companies or persons who process it on our behalf. This is always done on the basis of our instructions and in accordance with our privacy policy and other appropriate confidentiality and security measures.

III. For legal reasons

We will disclose your personal information to companies, organisations or individuals outside our organisation if we have a good faith belief that access, use, preservation or disclosure is reasonably necessary, in particular, to comply with any applicable law, regulation or legal process, or to comply with an enforceable governmental request.

F. Transfer of your data to a third country or an international organisation

Unless expressly stated in this privacy policy, your personal data will not be transferred to third countries or international organisations.

G. Automated decision making

Automated decision-making does not take place.

H. Social Media Plug-Ins

I. Facebook integration

1. Description and scope of data processing

Our website uses a social media plug-in from Facebook. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

We use the so-called two-click solution. When you visit our site, no personal data is initially passed on to the provider of the plug-ins or third parties. Only when you click on the marked field and thereby activate it, does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In this case, the information collected when you visit our website is transmitted to the third-party provider. Since the plug-in provider collects the data via cookies, we recommend that you check the cookie settings via the security settings of your browser and delete all cookies before clicking on the provider button.

We would like to point out that, according to our information, the data transfer to the plug-in provider takes place regardless of whether you have an account with the plug-in provider and/or are logged in there. If you are logged in to the plug-in provider, your data collected from us will be directly assigned to your account with the plug-in provider. If you click the activated button and, for example, link to the page, the plug-in provider also saves this information in your user account and, if applicable, shares it publicly with your contacts.

2. Purposes of data processing

The data transfer to the plug-in provider takes place in order to simplify the use of the plug-in provider’s websites. Via the plug-ins, we offer you the opportunity to interact with the social networks and other users so that we can improve our offer and make it more interesting for you as a user.

3. Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of sect. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of sect. 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies to third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Although Facebook has submitted to corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against Facebook in the long term. Furthermore, the technical and organisational measures for the protection of personal data at Facebook may not fully meet the requirements of the GDPR in terms of quantity and quality.

It is therefore possible that the standard contractual clauses of the European Commission used by Facebook do not constitute sufficient guarantees within the meaning of sect. 46 (2) a) of the GDPR.

By consenting to the collection of data by Facebook, you expressly agree to the transfer of data as set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis for data processing

The legal basis is your explicit and voluntary consent in accordance with sect. 6 para. 1 p. 1 lit. a) GDPRto the processing of your personal data for presentation and advertising purposes.

5 . Duration of storage; possibility of objection and elimination

The cookies we use are stored on your computer and transmitted from it to our site. Therefore, you have control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted by you at any time. If you deactivate the use of cookies for our website or delete cookies that have been set, it may no longer be possible to use all the functions of the website to their full extent.

6. Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider. However, the plug-in provider may store the data collected about you as a usage profile and use it for the purposes of advertising, market research and/or designing its website to meet your needs. Such an evaluation is carried out (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective plug-in provider. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

7. Further information

For more information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, please contact: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications sowie http://www.facebook.com/about/privacy/your-info#everyoneinfo.

II. Integration of Youtube

1. Description and scope of data processing

Our website uses a social media plug-in from YouTube. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

2. Purposes of data processing

3. Consent to the transfer of personal data to a third country

Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.

Although Google has submitted to corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against Google in the long term. Furthermore, the technical and organisational measures for the protection of personal data at Google may not fully meet the requirements of the GDPR in terms of quantity and quality.

It is therefore possible that the standard contractual clauses of the European Commission used by Google do not constitute sufficient guarantees within the meaning of sect.46 (2) (a) of the GDPR.

By consenting to the collection of data by Google, you expressly agree to the transfer of data as set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis of the data processing

The legal basis is your explicit and voluntary consent in accordance with sect. 6 Para. 1 S. 1 lit. a) GDPR to the processing of your personal data for presentation and advertising purposes.

5. Duration of storage; possibility of objection and elimination

6. Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

7. Further Information

For more information on the purpose and scope of data collection and processing, as well as further information on your rights in this regard and settings options for protecting your privacy, please contact: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA/ Google Ireland Limited Gordon House, Barrow Street Dublin 4.

III. Integration of LinkedIn

1. Description and scope of data processing

Our website uses a social media plug-in from LinkedIn. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

2. Purposes of data processing

3. Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of sect. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of sect. 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies to third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Although LinkedIn has submitted to corresponding standard contractual clauses of the European Commission, US companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against LinkedIn in the long term. Furthermore, the technical and organisational measures for the protection of personal data at LinkedIn may not fully meet the requirements of the GDPR in terms of quantity and quality.

It is therefore possible that the standard contractual clauses of the European Commission used by LinkedIn do not constitute sufficient guarantees within the meaning of sect. 46 (2) a) of the GDPR.

By consenting to the collection of data by LinkedIn, you expressly agree to the transfer of data as set out herein, and you have been informed above of the potential risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis of the data processing

The legal basis is your explicit and voluntary consent in accordance with sect. 6 para. 1 p. 1 lit. a) GDPR to the processing of your personal data for presentation and advertising purposes.

5. Duration of storage; possibility of objection and elimination

6. Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

7. Further Information

For more information on the purpose and scope of data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, please contact: LinkedIn Corporation, 1000 W. Maude Avenue,Sunnyvale, CA 94085,USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, and at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.

IV. Integration of XING

1. Description and scope of data processing

Our website uses a social media plug-in from XING. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

2. Purposes of data processing

3. Legal basis for data processing

The legal basis for the processing of the data is sect. 6 (1) sentence 1 lit. a GDPR if you have given your consent, as well as the protection of our legitimate interests according to sect. 6 (1) sentence 1 lit. f GDPR; our legitimate interests follow from the purposes for data processing described above.

4. Duration of storage; possibility of objection and elimination

5. Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

6. Further Information

Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this regard and setting options for protecting your privacy can be obtained from: Xing AG, Gänsemarkt 43, 20354 Hamburg. Further information on Xing’s social plugins is available at the following Internet address: http://www.xing.com/privacy.

V. Integration of Twitter

1. Description and scope of data processing

Our website uses a social media plug-in from Twitter. You can recognise the plug-in and its provider by the mark on the box above its initial letter or logo.

2. Purposes of data processing

3. Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of sect. 44 et seq. GDPR are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of sect. 45 (1) and (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies to third countries a level of data protection that is comparable to the recognised standard in the European Economic Area (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.

Twitter has submitted to corresponding standard contractual clauses of the European Commission, but US companies are still obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to assert or enforce your rights to information against Twitter in the long term. Furthermore, the technical and organisational measures for the protection of personal data at Twitter may not fully meet the requirements of the GDPR in terms of quantity and quality.

It is therefore possible that the standard contractual clauses of the European Commission used by Twitter do not constitute sufficient guarantees within the meaning of sect. 46 (2) a) of the GDPR.

By consenting to the collection of data by Twitter, you expressly agree to the transfer of data as set out here, whereby you have been informed above of the possible risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis of the data processing

The legal basis is your explicit and voluntary consent in accordance with sect. 6 para. 1 p. 1 lit. a) GDPR to the processing of your personal data for presentation and advertising purposes.

5. Duration of storage; possibility of objection and elimination

6. Purposes and legal basis of data processing, duration of storage, possibility of objection and removal with the plug-in provider

7. Further Information

Further information on the purpose and scope of the data collection and its processing as well as further information on your rights in this regard and setting options for protecting your privacy can be obtained from: Twitter Inc, 1355 Market Street, San Francisco, California and at https://twitter.com/de/privacy.

I. Integration of marketing and statistics tools

I. Integration of Google Analytics

1. Description and scope of data processing

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street Dublin 4 (hereafter: Google). Google Analytics uses cookies to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website (see below), however, your IP address will be truncated beforehand by Google within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (incl. your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Google Analytics is used on this website with the extension “_anonymizeIp()”. This means that IP addresses are processed in a shortened form, thus making it impossible to link them to a specific person. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.

2. Purpose of the data processing

We use Google Analytics to analyse and regularly improve our website. The statistics obtained enable us to improve our offer and make it more interesting for you.

3. Consent to the transfer of personal data to a third country

Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.

It is therefore possible that the standard contractual clauses of the European Commission used by Google do not constitute sufficient guarantees within the meaning of sect.46 (2) (a) of the GDPR.

By consenting to the collection of data by Google Analytics, you expressly agree to the data transfer outlined here, whereby you have been informed above of the possible risks of such data transfers without the existence of an adequacy decision and without appropriate safeguards.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis of the data processing

The legal basis is your explicit and voluntary consent pursuant to sect. 6 (1) p. 1 lit. a) GDPR to the processing of your personal data for the purposes of analysis and statistics on user behaviour by means of Google Analytics.

5. Further Information

For more information on the purpose and scope of data collection and processing, as well as further information on your rights in this regard and settings options for protecting your privacy, please contact: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://google.com/analytics/terms/de.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

II. Integration of Google reCAPTCHA

1. Description, scope and purpose of data processing

We use Google reCAPTCHA on this website. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google reCAPTCHA helps us to distinguish whether an input is made by a natural person or abused by machine and automated processing. The service involves sending the IP address and any other data required by Google for the reCAPTCHA service to Google. We use the service to prevent misuse and spam on our website. The use of Google reCAPTCHA may also involve the transmission of personal data to the servers of Google LLC. in the USA.

2. Consent to the transfer of personal data to a third country

Insofar as a data transfer between the USA and the EU takes place in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding corporate regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognised codes of conduct.

It is therefore possible that the standard contractual clauses of the European Commission used by Google do not constitute sufficient guarantees within the meaning of sect. 46 (2) (a) of the GDPR.

This consent may be revoked at any time. A revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

3. Legal basis for data processing

The legal basis is your explicit and voluntary consent in accordance with sect. 6 para. 1 p. 1 lit. a) GDPR to the processing of your personal data to prevent misuse and spam on our website.

4. Further Information

Further information on the purpose and scope of the data collection and its processing, as well as further information on your rights in this regard and setting options for protecting your privacy, can be obtained from: Google Ireland Limited Gordon House, Barrow Street Dublin 4 or Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA as well as at policies.google.com/privacy?hl=de.

III. Integration of HubSpot CRM Software

1. Description and scope of data processing

This website uses HubSpot, a customer relation management system of HubSpot Inc, 25 First Street, Cambridge, MA 02141 USA. (hereinafter: HubSpot). HubSpot uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a HubSpot server in the USA and stored there. On behalf of the operator of this website, HubSpot will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

Please refer to our cookie guidelines to find out which data is collected by cookies.

2. Purpose of the data processing

We use HubSpot to analyse and regularly improve our website. The statistics obtained enable us to improve our offer and make it more interesting for you.

3. Consent to the transfer of personal data to a third country

Subject to legal or contractual permissions, personal data may in principle only be processed in a third country if the special requirements of Art. 44 et seq. DS-GVO are met. Accordingly, data may be transferred if the European Commission has determined by way of a decision within the meaning of Article 45 (1), (3) of the GDPR that an adequate level of data protection is provided in the third country concerned. By means of such so-called adequacy decisions, the European Commission certifies to third countries a level of data protection that is comparable to the recognized standard in the European Economic Area (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

To the extent that data is transferred between the USA and the EU in exceptional cases, it should be noted that no such adequacy decision exists for the USA. Therefore, other suitable guarantees would have to exist in principle to ensure that data protection is sufficiently guaranteed in the USA. This would generally be possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

Although HubSpot has submitted to corresponding standard contractual clauses of the European Commission, U.S. companies are nevertheless obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities. Furthermore, you may not be able to sustainably assert or enforce your rights to information against HubSpot. Furthermore, the technical and organizational measures for the protection of personal data at HubSpot may not fully meet the requirements of the GDPR in terms of quantity and quality.

There is thus the possibility that the standard contractual clauses of the European Commission used by HubSpot do not constitute sufficient guarantees within the meaning of Art. 46 (2) a) DS-GVO.

HubSpot cannot control cookies placed on your website by third-party scripts. However, when a visitor accepts cookies via the home page banner, they are only consenting to HubSpot’s cookies.

This consent can be revoked at any time. A revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

4. Legal basis of the data processing

5. Further Information

IV. Integration of Google Web Fonts as part of reCAPTCHA, Google Maps and Youtube

In principle, the Google web fonts integrated on this website are obtained via a local hosting process.

Certain Google-based services (such as Google reCAPTCHA, Google Maps and Youtube) operate with their own Google Web Fonts integrations, which cannot be disabled. When using these services, fonts are loaded via a connection to Google in order to display them in the view fields of the services themselves and to ensure correct visualization. This may result in the transmission of user IPs to Google.

However, these Google services already originally transmit the IP addresses of users to Google via their functional core activities (Cf. H, II and I, II) and can generally invoke the GDPR legal basis for this. The double transmission through the integrated web fonts is therefore no longer of independent significance and does not need to be evaluated separately in terms of data protection law.

J. Your rights

You have the right

to request information about your personal data processed by us in accordance with sect. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
in accordance with sect. 16 GDPR, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
in accordance with sect. 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
in accordance with sect. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with sect. 21 GDPR;
pursuant to sect. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
revoke your consent at any time in accordance with sect. 7 (3) GDPR(see also section 7.1). This has the consequence that we may no longer continue the data processing based on this consent for the future; and
complain to a supervisory authority in accordance with sect. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

K. Objection or revocation against the processing of your data

If you have given your consent to the processing of your data, you may revoke this consent at any time in accordance with sect. 7 (3) GDPR. Such a revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

Insofar as the processing of your personal data is based on our legitimate interests pursuant to sect. 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing pursuant to sect. 21 GDPR. This is the case if the processing is not necessary, in particular, for the fulfilment of a contract with you, which is shown by us in each case in the description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details above.

L.Change to our data protection regulations

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.

M. Questions for data protection officer

If you have any questions about data protection, please write us an e-mail and contact our data protection officer directly.

These guidelines have been tranlsated with the help of DeepL.com – No liability is accepted for any changes or translation errors.

The underlying basis for the English data protection declaration is the actual and valid German data protection declaration.