Privacy Policy

Thank you very much for your interest in our company. Data privacy is extremely important to the management of STAR Deutschland GmbH. As a general rule, you do not need to provide personal data in order to use the STAR Deutschland GmbH website. If a data subject wishes to make use of particular services of our company through our website, this may require personal data processing, however. If personal data processing is necessary and there is no legal basis for such processing, we will obtain the consent of the data subject as a general rule. The processing of personal data, such as names, addresses, e-mail addresses or phone numbers associated with a data subject, is always carried out in line with the GDPR and in accordance with the country-specific data protection provisions that apply to STAR Deutschland GmbH. The objective of this Privacy Policy is to provide information to the public on the nature, scope and purpose of the personal data we collect, use and process. The Privacy Policy also explains the rights of data subjects. As the controller, STAR Deutschland GmbH has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this website is afforded the most complete protection possible. However, data transfers over the Internet may entail security vulnerabilities and 100% protection is impossible to guarantee. For that reason, every data subject has the option to share personal data with us by alternative means, such as by phone.

1. Definition of terms

The Privacy Policy of STAR Deutschland GmbH contains terms that were used by the European regulator when drawing up the General Data Protection Regulation (GDPR). Our Privacy Policy should be easy for the public and our customers and business partners to read and understand. In order to ensure that this is the case, we wish to begin by explaining some of the terms we will be using. Some of the terms we use in this Privacy Policy are:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject means each identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing refers to any process – with or without the assistance of an automated procedure – or any such series of processes executed in relation to personal data, such as collection, recording, organisation, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available in some other way, alignment or combination, limitation, deletion or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the objective of limiting its processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or member state law, the controller or the specific criteria for its nomination may be provided for by European Union or member state law.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or other body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with European Union or member state law are not regarded as recipients.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent means any specific, informed and unambiguous indication of the data subject’s wishes given voluntarily by the data subject, by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the European Union members states and other provisions in force for the purposes of data protection is:

STAR Deutschland GmbH
Umberto-Nobile-Str. 19
71063 Sindelfingen
Germany
E-mail: info@star-deutschland.net
Website: https://www.star-deutschland.net

3. Name and address of the data protection officer

The controller’s data protection officer is:

Mr Christian Pfirrmann
STAR Deutschland GmbH
Umberto-Nobile-Str. 19
71063 Sindelfingen
Germany
Telephone: +49 7031 2170-50
E-mail: datenschutz@star-deutschland.net

Any data subject can contact our data protection officer directly at any time regarding data privacy queries or suggestions.

4. Cookies

The STAR Deutschland GmbH website uses cookies. Cookies are text files placed and stored on a computer system by a web browser. Cookies are commonly used on websites and servers. Many cookies contain a cookie ID. A cookie ID is a unique cookie identifier. It consists of a string of characters through which websites and servers can be associated with the particular web browser on which the cookie is stored. This allows the websites and servers visited to distinguish the data subject’s individual browser from other web browsers that contain different cookies. A specific web browser can be recognised again and identified via the unique cookie ID. By using cookies, STAR Deutschland GmbH can offer users of this website more user-friendly services, which would not be possible without setting cookies. By using cookies, we can optimise the information and services on our website for the user. As mentioned above, cookies enable us to recognise users of our website. The purpose of recognising them is to make it easier for visitors to use our website. For example, a visitor to a website that uses cookies does not have to log in again every time they visit the website, because the login data is stored by the website and the cookie is set on the user’s computer system. Another example of a cookie is the shopping basket in an online shop. The online shop uses a cookie to remember the items a customer has placed in their online shopping basket. Data subjects can prevent the placement of cookies by our website at any time by adjusting the relevant setting in the web browser they use, thereby permanently objecting to cookies being placed on their computer. In addition, cookies that have already been set can be erased at any time via a web browser or other software programs. This is possible in all commonly used web browsers. If the data subject disables cookies in their web browser, it may mean that they cannot fully use all of the functions on our website.

This website uses cookies. We use cookies to personalise content and advertisements, to offer social media functions and to analyse activity on our website. In addition, we pass on information on your use of our website to our partners for social media, advertising and analyses. Our partners may combine this information with other data that you have given them or that they have collected during your use of the services.

Cookies are small text files that websites use to make the user experience more efficient. By law, we can store cookies on your device if they are essential for using the website. We need your consent for all other types of cookie. This website uses different types of cookie. Some cookies are placed by third parties that appear on our website. You can change or withdraw your consent in the cookie statement on our website at any time. Our Privacy Policy contains further information on who we are, how you can contact us and how we process personal data. Please provide your consent ID and the date when contacting us regarding your consent.

Your consent applies to the following domains: www.star-deutschland.net

Your user ID (UID):

Your consent history:

DateVersionConsents

Change consent

5. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, headquartered at 1600 Amphitheatre Parkway, Mountain View, California, USA (“Google”). Google Analytics uses cookies that allow us to analyse your use of the website. The information generated by the cookie about your usage of this website is generally transferred to a Google server in the USA and stored there. IP anonymisation is activated on this website, which means your IP address is truncated in advance by Google within member states of the European Union or in other states that are signatories to the Agreement on the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the USA and shortened there. Google uses this data on our behalf to evaluate your usage of the website, to produce reports on website activity and to perform further services for us in relation to website usage and Internet usage. This may include the creation of pseudonymous user profiles on the basis of the processed data. The truncated IP address transmitted by your browser within the scope of Google Analytics is not combined with other data held by Google. You can prevent cookies from being stored on your hard drive but this may stop you from being able to fully use all of the functions on this website. Furthermore, you can prevent the data generated by the cookie and related to your use of the website (including your IP address) being collected and processed by Google by downloading and installing the Google Analytics opt-out browser plug-in available from the link below. The current link is: https://tools.google.com/dlpage/gaoptout?hl=de. For browsers on mobile devices, please click on the following link: Disable Google Analytics for this website to set an opt-out cookie that will prevent Google Analytics from collecting data from this website in future. Please note that this opt-out cookie will only work for this browser and this domain. To erase your cookies in this browser, you must click on the link again. As stated in Google’s Privacy Shield certification (which can be found here https://www.privacyshield.gov/list under the search term “Google”), Google complies with the EU-US Privacy Shield Framework published by the US Department of Commerce and the Swiss-US Privacy Shield Framework on the collection, use and storage of personal data from European Union member states and Switzerland, respectively. Google, including Google LLC and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles. You can find further information on this hier. You can find further information on Google’s use of data for advertising purposes and on settings and objection options on the Google website.

6. Subscription to our newsletter

There is an option on the STAR Deutschland GmbH website for users to subscribe to our company’s newsletter. The personal data passed on to the controller when subscribing to the newsletter is clear from the data entry form used for the subscription. STAR Deutschland GmbH keeps its customers and business partners updated on the company’s news at regular intervals through a newsletter. Our company’s newsletter can only be sent to data subjects who (1) have a valid e-mail address and (2) have registered to receive the newsletter. For legal reasons, a confirmation e-mail is first sent to the e-mail address provided by the data subject when registering for the newsletter (double opt-in method). The purpose of the confirmation e-mail is to verify that the owner of the e-mail address, as the data subject, has signed up to receive the newsletter. During the newsletter subscription process, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject when subscribing to the newsletter, as well as the subscription time and date. It is necessary to collect this data so that it is possible to trace any possible misuse of a data subject’s e-mail address in the future, therefore this data collection is required for legal safeguarding by the controller. The personal data collected during the newsletter subscription process is used solely for sending our newsletter. In addition, subscribers to the newsletter may be sent information by e-mail if required for operating the newsletter service or if required for registration purposes, which may be the case if the newsletter service is modified or the technical requirements change. The personal data collected for the newsletter service is not passed on to third parties. Data subjects can cancel their newsletter subscription at any time. Data subjects can withdraw their consent to the storage of personal data provided for the newsletter service at any time. There is a link for withdrawing consent in every newsletter. In addition, it is possible at any time to unsubscribe from the newsletter directly on the controller’s website or to notify the controller about unsubscribing in another way.

7. Newsletter tracking

The newsletters of STAR Deutschland GmbH contain tracking pixels. A tracking pixel is a miniature graphic embedded in an e-mail sent in HTML format to allow log files to be recorded and analysed. This allows a statistical analysis to be made of the success or failure of online marketing campaigns. Using the embedded tracking pixel, STAR Deutschland GmbH can identify whether and when a data subject opens an e-mail and which links in the e-mail the data subject clicks. This type of personal data collected via the tracking pixels in the newsletters is stored and analysed by the controller to optimise the newsletter service and to adapt the content of future newsletters to the data subject’s interests more effectively. This personal data is not passed on to third parties. At any time, data subjects are entitled to withdraw their consent to this data collection given via the double opt-in method. After consent is withdrawn, the controller will erase this personal data. STAR Deutschland GmbH automatically views unsubscribing from the newsletter as withdrawal of consent.

8. Recording general data and information

Each time the website of STAR Deutschland GmbH is accessed by a data subject or an automated system, the site collects a range of general data and information. This general data and information is stored in server log files. The data that may be collected includes (1) the browser type and version used, (2) the operating system used by the system accessing the site, (3) the website via which the system accessing the site reaches our website (i.e. a referrer), (4) the sub-websites accessed on our website by a system accessing the site, (5) the date and time at which the site is accessed, (6) the Internet Protocol address (IP address), (7) the Internet service provider for the system accessing the site and (8) other similar data and information used for security purposes in the event of attacks on our IT systems. STAR Deutschland GmbH does not identify the data subject in its use of this general data and information. Rather, this information is required (1) to deliver our website content correctly, (2) to optimise our website content and advertising, (3) to guarantee the continuity of our IT systems and website technology and (4) to provide law enforcement agencies with the information required for law enforcement in the event of a cyber attack. STAR Deutschland GmbH analyses this anonymous data and information for statistical purposes on the one hand and on the other hand to improve data privacy and data security within our company, ultimately to ensure an optimum protection level for the personal data we process. The anonymous data from the server log files is stored separately from all personal data supplied by data subjects.

9. Contact option on the website

Based on legal requirements, the STAR Deutschland GmbH website contains information that enables our company to be contacted quickly via electronic means and allows direct communication with us, which includes a general electronic mail (e-mail) address. If a data subject contacts the controller by e-mail or using a contact form, the personal data they provide is stored automatically. This personal data, given to the controller voluntarily by the data subject, is stored for the purpose of processing the enquiry or making contact with the data subject. This personal data is not shared with third parties.

10. Data transfer to other companies within the STAR Group or to external service providers (data processors)

As a general rule, your data is not transmitted to third parties outside of the STAR Group unless we are legally obligated to do so or the data transfer is required to perform the contract or you have expressly given your prior consent to the transfer of your data. Any processing of your personal data by external service providers is carried out within the scope of commissioned data processing in accordance with Article 28 GDPR. External service providers and partner companies will receive your data only to the extent required to process your enquiry. However, in these cases, the data transmitted is limited to the minimum extent required. Insofar as external service providers come into contact with your personal data, we have taken legal, technical and organisational measures and perform regular checks to ensure that these service providers also comply with the applicable data protection regulations. These service providers are prohibited from passing on your personal information or using it for other purposes, in particular for their own advertising purposes. We will not pass on your personal data to third parties for commercial purposes.

11. Routine erasure and blocking of personal data

The controller processes and stores personal data of the data subject only for as long as necessary in order to fulfil the purpose for which the data is stored, or in the event that this is provided for in legislation or regulations by the European regulator or other legislator under whose jurisdiction the controller lies. If the purpose of storage no longer applies or a storage period prescribed by the European regulator or other competent legislator expires, the personal data is, routinely and in accordance with the statutory requirements, either erased or blocked.

12. Rights of data subjects

a) Right to confirmation Every data subject has the right, conferred by the European regulator, to request confirmation from the controller as to whether personal data concerning the data subject is processed. If a data subject wishes to exercise this right to confirmation, they can contact an employee of the controller at any time for this purpose. b) Right of access by the data subject Every data subject whose personal data is processed has the right, conferred by the European regulator, to gain free-of-charge access from the controller to the personal data stored about them and to obtain a copy of this data at any time. The European regulator has also given data subjects the right of access to the following information:

  • The purposes of processing
  • The categories of personal data processed
  • The recipients or categories of recipient to whom the personal data has been or will be disclosed, including recipients in third countries or international organisations
  • If possible, the approximate length of time that the personal data will be stored or, if this cannot be calculated, the criteria applied to how long it will be stored
  • The right to the rectification or erasure of the data subjects’ personal data, to the restriction of processing by the controller, or to object to such processing
  • The right to lodge a complaint with a supervisory authority
  • If the personal data is not collected directly from the data subject: All available information on the origin of the data
  • The right to automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, in such cases at least, to conclusive information regarding the logic involved as well as the consequences and the anticipated impact of such processing for the data subject

Furthermore, data subjects have the right to information on whether personal data has been transferred to a third country or an international organisation. If this is the case, data subjects also have the right to information about the appropriate safeguards taken in relation to the transfer. If a data subject wishes to exercise this right of access, they can contact an employee of the controller at any time for this purpose. c) Right to rectification Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, data subjects have the right to have incomplete personal data completed ‒ including by means of a supplementary statement ‒ taking into account the purposes of the processing. If a data subject wishes to exercise this right to rectification, they can contact an employee of the controller at any time for this purpose. d) Right to erasure (right to be forgotten) Every data subject affected by the personal data processing has the right, conferred by the European regulator, to request the immediate erasure of personal data concerning them from the controller if one of the following reasons applies and the processing is not essential:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • The data subject withdraws the consent on which the processing was based in accordance with Article 6(1a) or Article 9(2a) GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Article 21(1) GDPR and there are no overriding legitimate interests for the processing, or the data subject objects to the processing in accordance with Article 21(2) GDPR.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased in order to comply with a legal obligation in European Union or member state law to which the controller is subject.
  • The personal data has been collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.

If one of the grounds above applies and a data subject wishes to instigate the erasure of personal data stored by STAR Deutschland GmbH, they may contact an employee of the controller at any time for this purpose. The STAR Deutschland GmbH employee will arrange for the erasure request to be met without delay. In the event that the personal data has been disclosed by STAR Deutschland GmbH and our company is obliged as the controller to erase the personal data in accordance with Article 17(1) GDPR, STAR Deutschland GmbH will take appropriate measures, including those of a technical nature and taking into account the available technology and costs of implementation, to make other parties responsible for processing the disclosed personal data aware that the data subject has demanded from these responsible parties the erasure of all links to this personal data or copies or replicas thereof, insofar as the processing thereof is not necessary. The STAR Deutschland GmbH employee will take the necessary steps in each individual case. e) Right to restriction of processing Every data subject affected by personal data processing has the right, conferred by the European regulator, to request that the controller restrict the processing in the event that one of the following conditions is met:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
  • The controller no longer needs the personal data for the purposes of processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing in accordance with Article 21(1) GDPR pending the verification whether the legitimate interests of the controller override those of the data subject.

Provided that one of the grounds above applies and a data subject wishes to request that the processing of personal data stored by STAR Deutschland GmbH be restricted, they may contact an employee of the controller at any time for this purpose. The STAR Deutschland GmbH employee will arrange for the restriction of processing. f) Right to data portability Each data subject affected by the processing of personal data has the right, conferred by the European regulator, to obtain the personal data concerning them that has been given to a controller by the data subject, in a structured, commonly used and machine-readable format. They also have the right to transmit the data to another controller without hindrance from the controller to which the personal data has been provided, as long as the processing is based on consent in accordance with Article 6(1a) or Article 9(2a) GDPR or on a contract in accordance with Article 6(1b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Furthermore, in exercising their right to data portability in accordance with Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, wherever technically feasible and provided that this does not adversely affect the rights and freedoms of others. The data subject may contact a STAR Deutschland GmbH employee at any time if they wish to exercise their right to data portability. g) Right to object Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is based on Article 6(1e) or Article 6(1f) GDPR. This includes profiling based on these provisions. STAR Deutschland GmbH will cease processing the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where the processing is used for the establishment, exercise or defence of legal claims. In cases where STAR Deutschland GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This includes profiling, to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes by STAR Deutschland GmbH, STAR Deutschland GmbH will cease to process the personal data for such purposes. In addition, where personal data is processed by STAR Deutschland GmbH for scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR, the data subject, on grounds relating to their particular situation, has the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest. The data subject may contact any STAR Deutschland GmbH employee or any other employee directly if they wish to exercise their right to object. In the context of the use of information society services, and irrespective of Directive 2002/58/EC, the data subject may also exercise their right to object by automated means using technical specifications. h) Automated individual decision-making, including profiling Every data subject affected by the processing of personal data has the right, conferred by the European regulator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This does not apply if the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorised by European Union or member state statutory provisions to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent. If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller or (2) is based on the data subject’s explicit consent, STAR Deutschland GmbH will take suitable measures to safeguard the data subject’s rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision. If the data subject wishes to exercise their rights with regard to automated decision-making, they may contact an employee of the controller at any time for this purpose. i) Right to withdraw consent under data protection law Every data subject affected by the processing of personal data has the right, conferred by the European regulator, to withdraw consent for the processing of their personal data at any time. If the data subject wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time for this purpose. j) Right to complain Under Article 77 GDPR, the data subject affected by the processing has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data is unlawful.

13. Privacy policy on the use of Facebook

The controller has integrated components provided by Facebook on this website. Facebook is a social network. A social network is a social meeting point on the Internet – an online community that enables users to communicate with each other and interact virtually. A social network can be used as a platform for sharing opinions and experiences or enable the online community to provide personal or corporate information. Facebook allows its users to create private profiles, upload photos and network via friend requests, for example. Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Each time an individual page is accessed on this website ‒ which is operated by the controller and on which a Facebook component (Facebook plug-in) has been integrated ‒ the respective Facebook component automatically causes the web browser on the data subject’s IT system to download an image of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins is available at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific sub-websites on our website are visited by the data subject. If the data subject is logged into Facebook at the same time, Facebook identifies which specific sub-websites are visited by the data subject, both each time our website is accessed by the data subject and throughout the duration of the respective stay on our website. This information is collected by the Facebook component and matched to the data subject’s Facebook account by Facebook. If the data subject clicks on one of the Facebook buttons integrated into our website, for example the “Like” button, or if the data subject leaves a comment, Facebook matches this information to the data subject’s personal Facebook account and stores this personal data. Through the Facebook component, Facebook is notified every time the data subject visits our website if the data subject is logged into Facebook when they visit our website; this happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish this information to be transferred to Facebook, they can prevent such transfers by logging out of their Facebook account before accessing our website. The data policy published by Facebook, which can be viewed at https://de-de.facebook.com/about/privacy/, sets out how Facebook collects, processes and uses personal data. It also explains what settings Facebook offers to protect the privacy of data subjects. In addition, different applications are available that enable data transfers to Facebook to be suppressed. Data subjects can use such applications to suppress data transfers to Facebook.

14. Privacy policy on the use of Google Analytics (with anonymisation function)

The controller has integrated a Google Analytics component (with an anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics refers to the collection, compilation and evaluation of data concerning the behaviour of visitors to websites. A web analytics service collects data about the website from which a data subject accesses another website (the referrer), which sub-websites on the website are accessed and how often and for how long sub-websites are viewed, among other data. Web analytics is primarily used to optimise a website and to carry out a cost-benefit analysis of online advertising. The operator of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. The controller uses the extension “_gat._anonymizeIp” for web analytics via Google Analytics. This extension is used by Google to shorten and anonymise the IP address of the data subject’s Internet connection when our website is accessed from a member state of the European Union or other states party to the Agreement on the European Economic Area. The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information it obtains to evaluate use of our website in order to compile online reports for us showing activity on our website and in order to provide additional services relating to the use of our website, among other uses. Google Analytics places a cookie on the data subject’s IT system. The definition of cookies was described above. By placing this cookie, Google is able to analyse the use of our website. Each time an individual page is accessed on this website ‒ which is operated by the controller and on which a Google Analytics component has been integrated ‒ the respective Google Analytics component automatically causes the web browser on the data subject’s IT system to transfer data to Google for online analysis purposes. As part of this technical process, Google receives information about personal data such as the IP address of the data subject, which Google uses to trace the origin of visitors and clicks and subsequently facilitate commission billing, among other uses. Cookies are used to store personal information, such as the time of access, location from which access originated and the regularity of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the USA. This personal data is stored by Google in the USA. Google may share this personal data, collected using the aforementioned technical process, with third parties. The data subject can prevent the placement of cookies by our website, as set out above, at any time by adjusting the relevant setting in the web browser they use, thereby objecting to cookies being placed on their computer in all cases. Changing the settings of the web browser used in this way would also prevent Google from placing a cookie on the data subject’s IT system. In addition, a cookie already placed by Google Analytics can be deleted at any time through a web browser or alternative software program. The data subject also has the option to object to collection of the data concerning use of this website generated by Google Analytics and the processing of this data by Google, and can prevent this from taking place. To do so, the data subject must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics, via JavaScript, that no data or information concerning visits to websites is permitted to be transferred to Google Analytics. The installation of this browser add-on is interpreted as an objection by Google. If the data subject’s IT system is later erased, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. In the event that the browser add-on is uninstalled or deactivated by the data subject or someone else within their sphere of influence, there is the option to reinstall or reactivate the browser add-on. Further information and Google’s current data privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and https://www.google.com/analytics/terms/de.html. A more detailed explanation of Google Analytics is available at https://www.google.com/intl/de_de/analytics/.

15. Privacy policy on the use of Google AdWords

The controller has integrated Google AdWords into this website. Google AdWords is an online advertising service that allows advertisers to place adverts both in Google search engine results and in the Google advertising network. Google AdWords enables advertisers to stipulate specific key words in advance, using which an ad is only displayed in Google search engine results if the user calls up a key word-related search result using the search engine. The ads are distributed on relevant websites in the Google advertising network using an automatic algorithm, taking into account the key words stipulated beforehand. The operator of Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. The purpose of Google AdWords is to advertise our website by showing advertisements of interest on the websites of third-party companies and in Google search results, and to show third-party advertising on our website. If a data subject accesses our website via a Google ad, Google sets a conversion cookie on the data subject’s IT system. The definition of cookies was described above. A conversion cookie expires after thirty days and is not used to identify the data subject. Conversion cookies that have not yet expired make it possible to tell whether certain sub-websites, for example the shopping cart of an online shop, have been visited on our website. Conversion cookies enable us and Google to tell whether a data subject who visited our website through an AdWords ad generated revenue, i.e. whether they purchased goods or aborted a purchase. Google uses the data and information collected through the use of conversion cookies to create visit statistics for our website. We then use these statistics to determine the total number of users who have reached us through AdWords ads so we can calculate the success or failure of the AdWords ad and optimise our AdWords ads for the future. Google does not pass on information to our company or other advertising customers of GoogleAds that could be used to identify the data subject. Personal data, for example the websites visited by the data subject, is stored through the conversion cookie. Each time our website is visited, personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google in the USA. This personal data is stored by Google in the USA. Google may share this personal data, collected using the aforementioned technical process, with third parties. The data subject can prevent the placement of cookies by our website, as set out above, at any time by adjusting the relevant setting in the web browser they use, thereby objecting to cookies being placed on their computer in all cases. Changing the settings of the browser used in this way would also prevent Google from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already placed by Google AdWords can be deleted at any time through a web browser or alternative software program. Furthermore, the data subject has the right to object to targeted advertising by Google. To do so, the data subject must visit www.google.de/settings/ads using each of the web browsers they use and change the settings there. Further information and Google’s current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

16. Privacy policy on the use of Instagram

The controller has integrated components provided by Instagram on this website. Instagram is a service that provides an audiovisual platform on which users share photos and videos and it also enables users to share the same data on other social networks. The operator of Instagram’s services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. Each time an individual page is accessed on this website ‒ which is operated by the controller and on which an Instagram component (“Insta-button”) has been integrated ‒ the respective Instagram component automatically causes the web browser on the data subject’s IT system to download an image of the corresponding Instagram component from Instagram. As part of this technical process, Instagram receives information about which specific sub-websites on our website are visited by the data subject. If the data subject is logged into Instagram at the same time, Instagram identifies which specific sub-websites are visited by the data subject, both each time our website is accessed by the data subject and throughout the duration of the respective stay on our website. This information is collected by the Instagram component and matched to the data subject’s Instagram account by Instagram. If the data subject uses one of the Instagram buttons integrated on our website, the data and information that is consequently transferred is matched to the data subject’s personal Instagram user account and stored and processed by Instagram. Through the Instagram component, Instagram is always notified that the data subject has visited our website if the data subject is logged into Instagram when they visit our website; this happens regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not wish this information to be transferred to Instagram, they can prevent such transfers by logging out of their Instagram account before accessing our website. Further information and Instagram’s current privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ .

17. Privacy policy on the use of LinkedIn

The controller has integrated components provided by LinkedIn Corporation into this website. LinkedIn is an online social network that enables users to connect with existing business contacts and to make new business contacts. LinkedIn has more than 400 million registered users in over 200 countries. This means LinkedIn is currently the world’s biggest platform for business contacts and one of the most visited websites globally. The operator of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data privacy matters outside the USA. Every time a data subject visits our website, which has an integrated LinkedIn component (LinkedIn plug-in), the component causes the data subject’s browser to download an image of the LinkedIn component. Further information on LinkedIn plug-ins is available at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific sub-websites on our website are visited by the data subject. If the data subject is logged into LinkedIn at the same time, LinkedIn identifies which specific sub-websites of our website are visited by the data subject, both each time our website is accessed by the data subject and throughout the duration of the respective stay on our website. This information is collected by the LinkedIn component and matched to the data subject’s LinkedIn account by LinkedIn. If the data subject uses a LinkedIn button integrated on our website, LinkedIn matches this information to the data subject’s personal LinkedIn user account and stores this personal data. Through the LinkedIn component, LinkedIn is always notified that the data subject has visited our website if the data subject is logged into LinkedIn when they visit our website; this happens regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not wish this information to be transferred to LinkedIn, they can prevent such transfers by logging out of their LinkedIn account before accessing our website. By visiting https://www.linkedin.com/psettings/guest-controls, data subjects can unsubscribe from e-mail communications and SMS communications, opt out of targeted advertising and manage ad settings. LinkedIn also users partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame that may set cookies. These cookies can be disabled at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s current privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

18. Privacy policy on the use of Xing

The controller has integrated Xing components into this website. Xing is an online social network that enables users to connect with existing business contacts and to make new business contacts. Individuals can create their own personal profile on Xing. Companies can create company profiles, for example, or publish job ads on Xing. The operator of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. Each time an individual page is accessed on this website ‒ which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated ‒ the respective Xing component automatically causes the web browser on the data subject’s IT system to download an image of the corresponding Xing component from Xing. Further information on Xing plug-ins is available at https://dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific sub-websites on our website are visited by the data subject. If the data subject is logged into Xing at the same time, Xing identifies which specific sub-websites are visited by the data subject, both each time our website is accessed by the data subject and throughout the duration of the respective stay on our website. This information is collected by the Xing component and matched to the data subject’s Xing account by Xing. If the data subject uses one of the Xing buttons integrated into our website, for example the “Share” button, Xing matches this information to the data subject’s personal Xing user account and stores this personal data. Through the Xing component, Xing is always notified that the data subject has visited our website if the data subject is logged into Xing when they visit our website; this happens regardless of whether the data subject clicks on the Xing component or not. If the data subject does not wish this information to be transferred to Xing, they can prevent such transfers by logging out of their Xing account before accessing our website. The privacy policy published by Xing, available at https://www.xing.com/privacy, sets out how Xing collects, processes and uses personal data. In addition, Xing has published a privacy policy for the XING share button at https://www.xing.com/app/share?op=data_protection.

19. Privacy policy on the use of YouTube

The controller has integrated YouTube components into this website. YouTube is an online video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows all types of videos to be published, meaning both entire film and television broadcasts as well as music videos, trailers and videos made by users can be accessed via the online portal. The operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland. Each time an individual page is accessed on this website ‒ which is operated by the controller and on which a YouTube component (YouTube video) has been integrated ‒ the respective YouTube component automatically causes the web browser on the data subject’s IT system to download an image of the corresponding YouTube component from YouTube. Further information on YouTube is available at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about which specific sub-websites on our website are visited by the data subject. If the data subject is logged into YouTube at the same time, YouTube detects which specific pages of our website the data subject visits when they access a page that contains a YouTube video. YouTube and Google collect this information and match it to the data subject’s YouTube account. Through the YouTube component, YouTube and Google are always notified that the data subject has visited our website if the data subject is logged into YouTube when they visit our website; this happens regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish this information to be transferred to YouTube and Google, they can prevent such transfers by logging out of their YouTube account before accessing our website. The privacy policy published by YouTube, available at https://www.google.de/intl/de/policies/privacy/, sets out how YouTube and Google collect, process and use personal data

20. Data privacy for job applications and during the application process

The controller collects and processes personal data of applicants for the purpose of carrying out the application process. The data may be processed electronically as well as manually. This applies in particular if an applicant submits application documents to the controller electronically, for example by e-mail or via a web form on our website. If the controller enters into an employment contract with the applicant, the data transmitted for the purposes of establishing the employment relationship is stored in accordance with legal regulations. If the controller does not enter into an employment contract with the applicant, the application documents are deleted automatically two months after the applicant is notified of the decision not to recruit them, unless other legitimate interests of the controller conflict with the deletion. In this context, other legitimate interests are, for example, a burden of proof in legal proceedings in accordance with the German General Act on Equal Treatment (AGG).

21. Legal basis of processing

Article 6(1a) GDPR provides our company with a legal basis for processing operations where consent must be obtained for a specific purpose of processing. If personal data processing is necessary to perform a contract to which the data subject is party, such as processing operations required for the delivery of goods or provision of another service or return service, the processing is based on Article 6(1b) GDPR. The same applies to processing operations necessary for the performance of measures prior to the conclusion of a contract, such as in the case of enquiries concerning our products and services. Should our company be subject to a legal obligation under which it is necessary to process personal data, for example tax obligations, this processing is based on Article 6(1c) GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our company was injured and their name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. In such cases, the processing would be based on Article 6(1d) GDPR. Lastly, processing operations may be based on Article 6(1f) GDPR. This legal basis provides grounds for processing operations not covered by any of the aforementioned legal bases, if the processing is necessary to protect the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. We are therefore permitted to carry out such processing operations in particular, because they have been specifically referenced by the European legislator. The legislator stipulated that a legitimate interest can be assumed if the data subject is a customer of the controller (Recital 47, second sentence GDPR).

22. Legitimate interests in processing pursued by the controller or a third party

If the personal data processing is based on Article 6(1f) GDPR, our legitimate interest is the performance of our business activity for the good of all our employees and shareholders.

23. Personal data retention period

The criterion indicating how long personal data may be stored is the legal retention period. At the end of this period, the relevant data is routinely deleted, provided it is no longer required for contract performance or contract initiation purposes.

24. Legal or contractual requirements for the provision of personal data; necessity for entering into contracts; obligation of the data subject to provide personal data; possible consequences of failure to provide personal data

It is important to note that the provision of personal data may be required by law (e.g. tax regulations) or by contractual provisions (e.g. information about the contracting party). Sometimes, in order to enter into a contract it may be necessary for a data subject to give us personal data which we must then process. For example, a data subject is obliged to give us personal data if our company is entering into a contract with them. If the personal data were not provided, it would not be possible to enter into the contract with the data subject. Before a data subject provides personal data, they must contact one of our employees. Our employee will explain to the data subject, on a case by case basis, whether their personal data needs to be provided by law or under a contract or is necessary for entering into a contract, whether they are obliged to provide the personal data and what consequences would arise if they did not provide the personal data.

25. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling. This Privacy Policy has been created by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, an external Berlin-based data protection officer, in cooperation with the data protection (GDPR) lawyers of law firm WILDE BEUGER SOLMECKE | Rechtsanwälte.