Privacy policy

We are pleased that you are visiting our website. The protection and security of your personal information when using our website and the services we provide are very important to us. Therefore, we would like to inform you at this point about which of your personal data we process and for what purposes it is used.

Who is responsible and how do I contact you?

Person in charge
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

edoc solutions ag
Metternicher Str. 4
53919 Weilerswist, Germany
+49 2254 9643 0
datenschutz@edoc.de

Data Protection Officer
We have appointed a data protection officer who can be reached via the e-mail address datenschutz@edoc.de or via the contact details mentioned above. Please provide postal messages to the data protection officer with the addition "Data protection – personal / confidential".

What is it about?
This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour when visiting a website. Information for which we cannot (or only with a disproportionate effort) relate to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal data in individual cases to assert, exercise or defend legal claims and in the presence of statutory retention obligations.

Who gets my data?
We only pass on your personal data, which we process on our website, to third parties if this is necessary for the fulfilment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, we pass on personal data to third parties in individual cases if this serves the establishment, exercise or defence of legal claims. Possible recipients can then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who process personal data on our behalf in accordance with Art. 28 GDPR, they may be recipients of your personal data. Further information on the use of processors and web services can be found in the overview of the individual processing operations.

Cookiefirst

Type and scope of processing
We have integrated Cookiefirst on our website. Cookiefirst is a consent solution of Digital Data Solutions B.V., Plantagemiddenlaan 42A, 1018 DH Amsterdam, The Netherlands, with which consent to the storage of cookies can be obtained and documented. Cookiefirst uses cookies or other web technologies to recognize users and to store the consent given or revoked.

Purpose and legal basis
The use of the service is based on the legally required consent to obtain the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Digital Data Solutions B.V. Further information can be found in the privacy policy for Cookiefirst: cookiefirst.com/legal/data-processing-agreement/.

What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:
Information pursuant to Article 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
Correction pursuant to Article 16 GDPR of incorrect or incomplete data stored by us;
Deletion in accordance with Article 17 GDPR of the data stored by us, insofar as the processing is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Restriction of processing in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you reject its deletion because you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Article 21 GDPR.
Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transmit the data directly to another person responsible, as far as this is technically feasible.
Objection pursuant to Art. 21 GDPR against the processing of your personal data, insofar as this is based on Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing are proven or the processing is carried out to assert, exercise or defend legal claims. Insofar as the right to object to individual processing operations does not exist, this is stated there.
Revocation in accordance with Article 7 (3) GDPR of your consent with effect for the future.
Complaint pursuant to Article 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?
Below we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by ourselves, but by a service provider who uses the aforementioned data on our behalf pursuant to Art. 28 GDPR.

Purpose and legal basis
The processing takes place to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 para. lit. f GDPR. The collection of data and the storage in log files is absolutely necessary for the operation of the website. A right of objection to the processing exists due to the exception according to Art. 21 para. 1 GDPR. Insofar as the further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to access our website without providing the data.

Storage period
The aforementioned data will be stored for the duration of the display of the website and, for technical reasons, for a maximum of [7 days].

Contact

Type and scope of processing
On our website we offer you to contact us via a form provided. The information collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the contact request.

Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and processing of your request on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Insofar as your request relates to an existing contractual relationship with us, the processing for the purpose of fulfilling the contract is carried out on the basis of Art. 6 para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage period
We store the data you enter in the contact form until you revoke your consent to storage, submit a request for deletion or the purpose for the processing no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Contact form for applicants

Type and scope of processing
On our website, we offer you the opportunity to submit an application to us using a form provided. The information collected via mandatory fields is required to process the request. In addition, you can voluntarily provide additional information that you believe is necessary for processing the contact request. If you have given us your separate consent, which is independent of the use of the application form, we will forward your application to our affiliated companies. Apart from our affiliated companies, the application form is not passed on to third parties.
Your request will be processed by a processor used by us in accordance with Art. 28 GDPR.

Purpose and legal basis
The processing of your data on the basis of the use of the application form takes place for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of § 26 BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information in the mandatory fields. If you do not wish to provide this data, please use other ways of applying to us.

Storage period
We store the collected data for the duration of the application process and, in the event of non-employment, for a period of six months from the date of rejection.

Personio for the application process

We use the "Personio" service. The provider is Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich.

Purpose of data processing

We use Personio to integrate job advertisements into our homepage. When you access our job advertisements, a connection is established between your browser and the company Personio. Personio stores a cookie required to display the website in your browser, which is deleted at the end of the session. Cookies are text files that are stored on your computer and enable an analysis of your use of the website. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
Legal basis for data processing

The use of Personio on our homepage is based on our legitimate interest (Art. 6 para. 1 f GDPR). We have a legitimate interest in presenting our job advertisements as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Information on data protection at Personio and for the application process can be found via the following link: www.personio.de/datenschutzerklaerung/ edocag.jobs.personio.de/privacy-policy
We have concluded an order processing contract (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Duration of data storage
Application documents will be deleted no later than 6 months after rejection. If the storage is based on your consent, we will delete your personal data if you revoke your consent.

Type and scope of processing
If you register on our website to receive our newsletter, we collect your e-mail address and, if applicable, other data. We store this information along with the date of registration and your IP address. You will then receive an e-mail in which you must confirm your registration for the newsletter (double opt-in). To send the newsletter, we use a service of the service provider who processes your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to third parties. In the chapter "Newsletter" you can find out about the processing of the processor.

Purpose and legal basis
We process your data for the purpose of sending newsletters on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. By unsubscribing from the newsletter, you can revoke your revocation at any time with effect for the future in accordance with Art. 7 (3) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without the provision of your data.

Storage period
After registering for the newsletter, we store the data for a maximum of until confirmation of registration. After successful confirmation, we store your data until you revoke your consent (unsubscribing from the newsletter) [and for technical reasons beyond that for a maximum of [7 days].]

Registration of a customer account

Type and scope of processing
As part of the order processing, we collect your personal data to register a customer account. You can choose whether you want to order as a guest or register a permanent user account. The information collected during registration via the mandatory fields is identical in both cases and is required for the processing of the order in the online shop. When registering a permanent user account, we also collect a password of your own choosing. In addition, you can voluntarily provide additional information that you believe is necessary for the processing of the order.
A transfer of your personal data to third parties (e.g. payment service providers, shipping service providers, freight forwarders) and processors pursuant to Art. 28 GDPR only takes place insofar as this is necessary for the processing of the order.

Purpose and legal basis
We process your personal data for the purpose of registering a customer account to fulfil a contract with you in accordance with Art. 6 para. 1 lit. b GDPR. There is a contractual obligation to provide your data as far as it relates to the mandatory fields, as this information is required to identify you personally and to fulfil the contract on our part. There is no legal obligation to provide the data. Without the provision of this information, the order in our online shop and thus a contract conclusion is not possible. There is no obligation to provide the additional information voluntarily provided. The order in our online shop is also possible without the disclosure of the voluntary information.
The additional processing of your password for the registration of the permanent user account takes place for the purpose of providing a customer account and for displaying your previous purchases as well as for storing your purchase-related data (e.g. storage of billing address, different delivery addresses) on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. By deleting your customer account, you can revoke your revocation at any time with effect for the future in accordance with Art. 7 (3) GDPR.

Storage period
If you order as a guest, your personal data will be stored until your order has been completed (end of contract). When registering a permanent customer account, we store the purchase-related data beyond the end of the contract, until the revocation of your consent (deletion of the customer account). In both cases, your data will only be stored further if there are statutory retention obligations (e.g. tax and commercial law).

Google Analytics

Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our online offer, visited subpages and the length of stay of visitors.
Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.
This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
We process data with the help of Google Analytics for the purpose of optimizing our website and for marketing purposes.
The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: policies.google.com/privacy.

Google DoubleClick

Type and scope of processing
We have integrated components of DoubleClick by Google on our website. DoubleClick is a brand of Google, under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression, click, or other activity.
Each of these data transmissions triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick places a cookie in your browser.
DoubleClick uses a cookie ID, which is required to handle the technical procedure. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. Furthermore, it is possible for DoubleClick to record conversions through the cookie ID. Conversions are recorded, for example, if a user has previously been shown a DoubleClick advertisement and subsequently makes a purchase on the advertiser's website using the same Internet browser.
A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify campaigns with which you have already been in contact on other websites. As part of this service, Google gains knowledge of data that Google also uses to create commission statements. Among other things, Google can understand that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at policies.google.com/privacy.

Purpose and legal basis
We process your data with the help of the double-click cookie for the purpose of optimizing and displaying advertising on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You give your consent by setting the use of cookies (cookie banner / consent manager), with which you can also revoke your revocation at any time with effect for the future in accordance with Art. 7 (3) GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. Furthermore, the cookie serves to avoid multiple displays of the same advertisement. Each time you visit one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and the settlement of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, it is possible to visit our website without restriction, but not all functions may be fully available.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google DoubleClick: policies.google.com/privacy.

Google Tag Manager

Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through an interface and allows us to control the exact integration of services on our website
This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis
The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

HubSpot API

Type and scope of processing
We use HubSpot API from HubSpot, Inc., Cambridge, Massachusetts, US to access other HubSpot, Inc. services and data. Your IP address is transmitted to HubSpot, Inc. Please note that a separate section of this Privacy Policy is located for each additional service we use from HubSpot, Inc.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot API Privacy Statement: legal.hubspot.com/privacy-policy.

HubSpot Analytics

Type and scope of processing
We use HubSpot Analytics from HubSpot, Inc., Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offer. This includes, for example, the number of visits to our online offer, visited subpages and the length of stay of visitors.
HubSpot Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.
This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
We process data with the help of HubSpot Analytics for the purpose of optimizing our website and for marketing purposes. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Analytics Privacy Statement: legal.hubspot.com/privacy-policy.

HubSpot CDN

Type and scope of processing
We use HubSpot CDN to properly provide the content of our website. HubSpot CDN is a service of HubSpot, Inc., which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot, Inc. services. For said services, you will find a separate section in this Privacy Policy. This section is only about using the CDN.
A CDN helps to make content of our online offer, especially files such as graphics or scripts, available faster with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of HubSpot, Inc., Cambridge, Massachusetts, US, transmitting your IP address and, if applicable, browser data such as your user agent. This data is processed solely for the purposes set out above and to maintain the security and functionality of HubSpot CDN.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in secure and efficient provision as well as the optimization of our online offer. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot CDN Privacy Statement: legal.hubspot.com/de/privacy-policy.

HubSpot Chat

Type and scope of processing
We have integrated components of the customer communication platform HubSpot Chat on our website. HubSpot Chat is a service of HubSpot, Inc. and offers us the opportunity to communicate with visitors to our website via chat and to provide targeted help with questions. HubSpot Chat uses cookies and other browser technologies to evaluate user behavior and recognize users. HubSpot Chat is also used to store and transmit data entered into chats using cookies, including your IP address. In this case, your data will be passed on to the operator of HubSpot Chat, HubSpot, Inc., Cambridge, Massachusetts, US.

Purpose and legal basis
The use of HubSpot Chat is based on our legitimate interests, i.e. interest in optimizing our online offer. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Chat Privacy Statement: legal.hubspot.com/privacy-policy.

HubSpot Cookie Banner

Type and scope of processing
We have integrated HubSpot cookie banners on our website. HubSpot Cookie Banner is a consent solution provided by HubSpot, Inc., Cambridge, Massachusetts, US, with which consent to the storage of cookies can be obtained and documented. HubSpot Cookie Banner uses cookies or other web technologies to recognize users and store consent given or withdrawn.

Purpose and legal basis
The use of the service is based on the legally required consent to obtain the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Cookie Banner Privacy Statement: legal.hubspot.com/privacy-policy.

HubSpot Forms

Type and scope of processing
We have integrated HubSpot Forms on our website. HubSpot Forms is a service of HubSpot, Inc. and provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics.
HubSpot Forms is used to store data entered in forms, e.g. when contacting us via contact form. The data provided may be stored in our Customer Relationship Management System (CRM System).
In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc., Cambridge, Massachusetts, US.

Purpose and legal basis
We process your data with the help of HubSpot Forms for the purpose of processing the contact request and its processing in accordance with Art. 6 para. 1 lit. b. GDPR.
The use of HubSpot Forms and the integrated services is subject to our legitimate interest according to Art. 6 para. 1 lit. f. GDPR, the optimization of our marketing measures and the improvement of our service quality on the website.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Forms Privacy Statement: legal.hubspot.com/privacy-policy.

Google reCAPTCHA

HubSpot Forms use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to determine whether data entered on this website (e.g., information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyzes the behavior of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google.
reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway.
Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the protection of the operator’s websites against abusive automated spying and against SPAM. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information about Google reCAPTCHA please refer to the Google Data Privacy Declaration and Terms Of Use under the following links: policies.google.com/privacy and https://policies.google.com/terms?hl=en.

Google Fonts

To ensure that fonts used on this website are uniform, this website uses so-called Google Fonts provided by Google. When you access a page on our website, your browser will load the required fonts into your browser cache to correctly display text and fonts.

To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

If your browser should not support Google Fonts, a standard font installed on your computer will be used.

For more information on Google Fonts, please follow this link: developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: policies.google.com/privacy.

HubSpot LeadFlow

Type and scope of processing
We have integrated HubSpot LeadFlow on our website. HubSpot LeadFlow is a service of HubSpot, Inc., Cambridge, Massachusetts, US, that identifies anonymous website visitors, provides full contact information and insight into the visit history.
HubSpot LeadFlow uses cookies and other browser technologies to evaluate user behavior and recognize users.
Among other things, HubSpot LeadFlow shows us which companies have visited our website, determines the history of your visit, including all pages you have visited and viewed, and the length of your stay on this website.
HubSpot LeadFlow collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, revenue, and key people on LinkedIn.

Purpose and legal basis
We process your data with the help of HubSpot LeadFlow for the purpose of optimising our website and for marketing purposes based on our legitimate interest. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot LeadFlow Privacy Statement: legal.hubspot.com/privacy-policy.

HubSpot Pixel

Type and scope of processing
We use HubSpot Pixel from HubSpot, Inc., Cambridge, Massachusetts, US, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, to determine conversion rates and then to optimize them. This happens especially when you interact with advertisements that we have served with HubSpot, Inc.

Purpose and legal basis
We process your data with the help of HubSpot Pixel for the purpose of optimizing our website and for marketing purposes. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. For more information, see the HubSpot Pixel Privacy Statement: legal.hubspot.com/privacy-policy.

Leadinfo and Leadinfo CDN

Type and scope of processing
We have integrated Leadinfo on our website as a tool for customer intelligence. Leadinfo is a service of Leadinfo B.V., Rotterdam, Netherlands, which identifies website visitors and, if necessary, enriches existing contact data. Leadinfo uses cookies and other browser technologies to evaluate user behavior and recognize users.
Among other things, Leadinfo recognizes visits by companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g. "leadinfo.com") in order to correlate IP addresses with companies and to improve the services. For more information, see www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be collected by Leadinfo.

Purpose and legal basis
We process your data with the help of Leadinfo for the purpose of optimising our website and for marketing purposes on the basis of our legitimate interest. The use is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Leadinfo. Further information can be found in the privacy policy for Leadinfo: www.leadinfo.com

LinkedIn Ads

Type and scope of processing
We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service provided by LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, US.
Web tracking technologies are used to create pseudonymised user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying advertisements.

Purpose and legal basis
The use of LinkedIn Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. Further information can be found in the privacy policy for LinkedIn Ads: www.linkedin.com/legal/privacy-policy

LinkedIn Insight-Tag

Type and scope of processing
We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US, to create target groups, segment visitor groups of our online offering, determine conversion rates and then optimize them. This happens in particular when you interact with advertisements that we have served with LinkedIn Corporation. For this purpose, LinkedIn Corporation offers retargeting for website visitors in order to display targeted advertising outside our website.
LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent), and timestamps. This data is used to provide anonymous reports on the website audience and ad performance.

Purpose and legal basis
The use of LinkedIn Insight Tag is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. For more information, see the LinkedIn Insight Tag Privacy Policy: www.linkedin.com/legal/privacy-policy

YouTube Video

Type and scope of processing
We have integrated YouTube video on our website. YouTube Video is a component of YouTube, LLC's video platform where users can upload content, share it over the Internet, and receive detailed statistics.
YouTube Video allows us to integrate content from the platform into our website.
YouTube Video uses cookies and other browser technologies to evaluate user behavior, recognize users and create user profiles. This information is used, among other things, to analyze the activity of the listened content and to create reports. If a user is registered with YouTube, LLC, YouTube Video can associate the videos played with the profile.
When you access this content, you establish a connection to servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis
The use of the service is based on your consent in accordance with Art. 6 para. 1 lit. a. DSGVO and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. In cases where there is no adequacy decision of the European Commission (e.g. in the USA), we have other suitable guarantees within the meaning of Art. 44 ff. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at eur-lex.europa.eu/legal-content/DE/TXT/HTML/.
In addition, prior to such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of transfers to third countries, risks unknown in detail (e.g. data processing by security authorities of the third country, the exact scope and consequences of which we do not know for you, over which we have no influence and of which you may not be aware) may exist.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. For more information, see the privacy policy for YouTube video: policies.google.com/privacy.

Conferencing tools used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the privacy statement of Microsoft Teams: privacy.microsoft.com/de-de/privacystatement.
Conclusion of a contract for data processing
We have concluded a contract processing agreement with the provider of Microsoft Teams and fully implement the strict requirements of the German data protection authorities when using Microsoft Teams.

Microsoft Bookings

We use Microsoft Bookings for appointment management and callback service. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
Microsoft Bookings is a service that can be used to place appointment and product requests. The data you enter for the purpose of the request (name, e-mail address, telephone number, address, website URL and notes or notes). Your request) are stored on the servers of Microsoft USA or Ireland.
The use of this tool is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in scheduling and product management in order to optimize our offer. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
For more information, see the Microsoft Privacy Statement at: privacy.microsoft.com/de-de/privacystatement.
Conclusion of a contract for data processing
We have concluded a contract processing agreement with Microsoft and fully implement the strict requirements of the German data protection authorities when using Microsoft Bookings.

Microsoft FindTime

We use Microsoft FindTime for scheduling and managing appointments. Provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
Microsoft FindTime is a service that can be used to implement scheduling. The data entered by you for the purpose of coordination (preference, confirmation and/or rejection of appointment proposals, as well as suggestions at other times) as well as the personal data (e-mail address, first and last name, possibly subject and place of the appointment) provided by us are stored on the servers of Microsoft USA or Ireland. The survey data is stored in the organizers' mailbox and encrypted by Microsoft.
With the function "Show availability" you may have the possibility to display your own appointments in the FindTime, this allows you to log in with your account at Microsoft, we are not responsible for this processing.
The use of this tool is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in scheduling and managing appointments in order to optimize our processes. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
For more information, see the Microsoft Privacy Statement at: privacy.microsoft.com/de-de/privacystatement or support.microsoft.com/de-de/office/datenschutz-und-schutz-pers%C3%B6nlicher-daten-in-uhrzeit-finden-7dbbeb41-245c-4573-97ea-50fcb8610cde.

Order processing
We have concluded a contract processing agreement with Microsoft and fully implement the strict requirements of the German data protection authorities when using Microsoft FindTime.

Cookies
Some of the Microsoft FindTime pages use so-called cookies. These cookies include:
Description Expiry date of the cookie Recipient
OutlookSession Session outlook.office.com
ShCLSessionID session outlook.office.com
OpenIdConnect.nonce.v3. 1 day outlook.office.com
OpenIdConnect.nonce.v3. 1 day outlook.office.com
OIDC 173 Day outlook.office.com
X-OWA-RedirectHistory 2 days outlook.office.com
OpenIdConnect.nonce.v3. 1 day outlook.office.com
ClientId 357 days outlook.office.com
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website. Cookies that are required to carry out the electronic communication process or to provide certain functions desired by you are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.

Presence on social media platforms

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.
Social networks such as Facebook, Twitter etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by collecting your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and data protection provisions of the respective social media portals.

Legal basis
Our social media appearances are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and .dem operators of the respective social media portal (e.g. Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – esp. Retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook page

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data will also be transferred to the USA and other third countries.
We have entered into a joint processing agreement with Facebook (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. This agreement can be viewed at the following link: www.facebook.com/legal/terms/page_controller_addendum. In accordance with its Data Policy (https://www.facebook.com/about/privacy), Facebook processes personal data on the following legal bases: "- as necessary to comply with our Facebook Terms of Service or the Instagram Terms of Service; in accordance with your consent, which you can withdraw at any time through Facebook Settings and Instagram Settings; as necessary to comply with our legal obligations; to protect your vital interests or those of others; as required in the public interest; and as necessary for our legitimate interests (as well as those of others), including our interest in providing innovative, personalised, secure and profitable services to our users and partners, except where those interests are overridden by your interests or fundamental rights and freedoms that require the protection of personal data." Facebook uses this information acc. https://www.facebook.com/about/privacy to "provide, personalize and improve our products, provide measurement, analytics and other business services, promote safety, integrity and security, communicate with you, research and innovation for social purposes."
The rights of data subjects vis-à-vis Facebook Ireland can be exercised under the Facebook Ireland Privacy Policy under www.facebook.com/about/privacy. You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: www.facebook.com/settings.
Details can be found in Facebook's privacy policy: www.facebook.com/about/privacy/.

Instagram page

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram's privacy policy: help.instagram.com/519522125107875.

Twitter page

We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter is certified according to the EU-US Privacy Shield.
You can adjust your Twitter privacy settings independently in your user account. To do this, click on the following link and log in: twitter.com/personalization.
Details can be found in Twitter's privacy policy: twitter.com/de/privacy.

LinkedIn page

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified according to the EU-US Privacy Shield. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Details on how they handle your personal data can be found in LinkedIn's privacy policy: www.linkedin.com/legal/privacy-policy.

XING page

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: privacy.xing.com/de/datenschutzerklaerung

Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail or post). In the following we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated as strictly confidential.

Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu according to German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be processed on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship in our data processing systems.

Data retention period
If we are unable to make you a job offer, reject a job offer or withdraw your application, we reserve the right to store the data transmitted by you on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data will be deleted and the physical application documents destroyed. The storage serves in particular for purposes of proof in the event of a legal dispute. If it can be seen that the data will be required after expiry of the 6-month period (e.g. due to an imminent or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.
Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory storage obligations preclude deletion.

Handling of data of business partners (customers, interested parties, suppliers)
We collect personal data for the purpose of executing the contract, fulfilling contractual and pre-contractual obligations and for direct advertising. The data collection and data processing is necessary for the execution of the contract and is based on Article 6 (1) (b) GDPR. The use of personal data for advertising purposes represents a legitimate interest of our company (Art. 6 para. 1 f) GDPR). A transfer of the data to third parties takes place if this is necessary for the fulfillment of the order (e.g. complaints). The data will be deleted as soon as they are no longer necessary for the purpose of their processing. You have the right to object to the use of your data for direct marketing purposes at any time. In addition, you are entitled to request information about the data stored by us about you and to request the correction of the data in the event of inaccuracy or, in the event of inadmissible data storage, the deletion of the data. To assert your rights, please use the above contact details.

Consent Management - CookieFirst: