To Umadum GmbH, data privacy is a matter of particular concern. Our efforts to comply in particular with the requirements of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act in its current version aim first and foremost at respecting your private and personal sphere.
These days, for modern enterprises such as Umadum GmbH it is indispensable to use electronic data processing equipment (EDP). It is self-evident that we apply highest standards in order to comply with legal regulations.
Generally, it is possible to make use of the Umadum GmbH websites without entering any personal data. If a data subject wants to use special company services offered on our website, this may require the processing of personal data. In case the processing of personal data is required and there is no legal basis for it, we shall, as a matter of principle, ask the data subject for his/her consent.
On no account shall we sell or rent out your personal data to third parties for their marketing or other purposes. In case you do not agree with the data protection regulations, please do not send any personal data to us.
1. General remarks / definitions of terms
This data privacy statement is based on the terms as mentioned in the GDPR and is intended to be legible and understandable to any person. Therefore, we explain various terms beforehand:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as „data subject“). An identifiable natural person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person.
Controller means the natural person or corporate body, which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or member state law, the controller or the specific criteria for his/her nomination may be provided for by Union or member state law.
Processor/data processor means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular inquiry in accordance with Union or member state law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Information about the collection of personal data
(1) Hereinafter, we inform about the collection of personal data when using our website. Personal data are any data that can be attributed to you personally, e.g. name, address, e-mail address, user behavior, etc.
(2) Controller in accordance with Article 4(7) EU GDPR is
vertr. d. d. GF Herr Michael Meier
Frankfurter Ring 193
Tel: +49 (0)89 143 777 395
(3) Our data protection officer is:
(4) When you contact us via e-mail or contact form, the data provided by you (your e-mail address, your name and phone number, if applicable) are automatically stored by us in order to answer your questions. Any such personal data deliberately transmitted by the data subject to the controller are stored exclusively for processing the inquiry or to get in contact with the data subject. We shalll erase any data received in this context once they are no longer required to be stored, or we shall restrict processing in case a legal obligation to preserve records applies.
(5) In case we make recourse to service providers commissioned by us for individual functions of our offer or want to use your data for advertising purposes, we shall inform you in detail about the respective procedures as stated below. In this context, we shall also inform you about the determined criteria of the storage period.
(6) In our capacity as controller we have implemented numerous technical and organizational measures to ensure end-to end protection of the data processed via this website to the highest possible extent. Nonetheless, internet-based data transmissions may have security flaws so that absolute protection cannot be ensured. For this reason, any data subject may feel free to transmit personal data via alternative communication channels, for instance by phone.
(7) As a responsible company we abdicate automatic decision making or profiling.
3. Your rights
(1) Regarding your personal data, you have the following rights toward us:
– Right of access:
Any data subject whose personal data are processed is entitled by the GDPR to the right of receiving free-of-charge information at any time about the personal data concerning him or her that have been stored and to receive a copy of this information. Furthermore, the European directive and regulation legislator has conceded access to the following information to the data subject:
a) the purposes of the processing
b) the categories of personal data concerned
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
e) the existence of the right to request from the controller rectification or erasure of personal data relating to the data subject, or restriction of processing by the controller, or the right to object to such processing
f) the existence of the right to lodge a complaint with a supervisory authority
g) where the personal data are not directly obtained from the data subject: all available information as to their source
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
Moreover, the data subject has the right to be informed whether personal data have been transferred to a third country or an international organization. If this is the case, the data subject also shall have the right to be informed of the appropriate safeguards applied in connection with the transmission.
In case a data subject wants to make use of this right of access, he or she may contact a staff member of the controller at any time.
– Right to withdrawal of a consent regarding data protection:
Any data subject whose data are processed has the right to withdraw his or her consent regarding the processing of personal data at any time.
In case a data subject wants to make use of the right to withdraw the consent, he or she can contact a staff member of the controller via any communication channel and at any time.
– Right to rectification:
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed – including by means of providing a supplementary statement.
In case a data subject wants to make use of this right to rectification, he or she may contact a staff member of the controller at any time.
– Right to erasure / right to be forgotten:
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b) the data subject withdraws his or her consent on which the processing was based pursuant to point (a) of Article 6(1) or point (a) of Article 9(2), and there is no other legal ground for the processing.
c) the data subject lodges an objection to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject lodges an objection to processing pursuant to Article 21 (2).
d) the personal data have been unlawfully processed.
e) the erasure of personal data is required to comply with a legal obligation in Union or member state law to which the controller is subjected.
f) the personal data have been collected in relation to information society services referred to in Article 8(1).
In case a data subject wants to make use of his or her right to erasure / right to be forgotten, he or she may contact a staff member of the controller at any time.
In case we have made the personal data public and are obliged to erase them pursuant to Article 17(1) GDPR, we shall take adequate measures taking into account available technology and the cost of implementation, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replication of, those personal data. Our employees will initiate all necessary measures.
– Right to restriction of processing:
The data subject shall have the right to obtain from the controller restriction of processing where one of the following prerequisites applies:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing but they are required by the data subject for the enforcement, exercise or defense of legal claims, or
d) the data subject has lodged an objection to processing pursuant to Article 21(1) with the verification pending whether the legitimate grounds of the controller override those of the data subject.
In case a data subject wants to make use of his or her right to restriction of processing, he or she may contact a staff member of the controller at any time.
– Right to object to the processing:
Any data subject whose personal data are processed is entitled by the GDPR to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
We shall no longer process the personal data in case of objection, unless we can prove compelling reasons worth being protected for the processing which override the interests, rights, and liberties of the data subject, or if the processing serves for the enforcement, exercise or defense of legal claims.
Where we process personal data for direct marketing purposes, the data subject shall have the right at any time to lodge an objection to the processing of personal data for the purposes of any such marketing at any time. This shall also include profiling to the extent that it is related to such direct marketing. In case the data subject lodges an objection to the processing for direct marketing purposes, we shall no longer process the personal data for such purposes.
Furthermore, the data subject shall have the right to lodge an objection to the processing of personal data concerning him or her that is executed by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary to perform a task in the public interest.
For executing the right to object, the data subject may directly contact any staff member. Furthermore, the data subject shall be free to execute his or her right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EG, by automated means using technical specifications.
– Right to data portability:
The data subject shall have the right to receive the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
a) the processing is based on consent pursuant to point (a) of Article 6(1), or point (a) of Article 9(2), or on a contract pursuant to point
b) of Article 6(1); and the processing is carried out by automated means.
In exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and the rights and liberties of other persons are not adversely affected.
If a data subject wants to execute this right to data portability, he or she may contact an employee of the controller at any time.
– Automated individual decision-making, including profiling
Any data subject whose personal data are processed is entitled by the GDPR to the right of not being subjected to a decision based solely on automated processing – including profiling – which produces legal effects concerning him or her or similarly significantly affects him or her, insofar as the decision
(1) is not required for the conduct or fulfilling of a contract between the data subject and the controller, or
(2) is legitimate pursuant to legal regulations of the Union or the member states to which the controller is subjected, provided these legal regulations include appropriate measures for protecting the rights and liberties as well as the legitimate interests of the data subject, or
(3) is made with the data subject’s explicit consent.
In case the decision is required for concluding or fulfilling a contract between the data subject and the controller or in case it is made with the explicit consent of the data subject, we shall take appropriate measures to protect the rights and liberties as well as the legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, the right to express his or her view, and the right to contest the decision.
In case the data subject wants to execute his or her right regarding automated decisions, he/she may contact an employee of the controller at any time.
(2) Furthermore, you shall have the right to raise a complaint with a data protection supervisory authority against our processing of your personal data. The competent supervisory authority for our company is:
Bayerisches Landesamt für Datenschutzaufsicht
Tel.: 0981 / 180093-0
Fax: 0981 / 180093-800
4. Collection of personal data when visiting our website / cookies
(1) When you use our website for information purposes only, that means without registering or transmitting information to us in other ways, we shall only collect the personal data that your browser transmits to our server. If you want to view our website, we shall collect the following data that are technically necessary to display our website to you and to ensure stability and security (legal basis is point (f) of Article 6(1) clause 1 GDPR):
– IP address
– Date and time of the inquiry
– Time zone difference to Greenwich Mean Time (GMT)
– Internet service provider of the accessing system
– Content of request (concrete page)
– Access status/HTTP status code
– Data volume transmitted at a time
– Website from which the request is issued (referrer)
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the data as mentioned before, cookies will be stored on your computer when using our website. Cookies are small text files that are stored on your hard disc associated with your browser through which the body placing the cookie (here placed by us) receives certain information. Cookies cannot run a program or transfer viruses to your computer. They serve for making the internet offer as a whole more user-friendly and more effective.
1. Basically, a distinction is made between the following cookie types / functions:
a) Transient cookies are automatically deleted when you close the browser. This includes in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
b) Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete cookies at any time in the security settings of your browser.
c) Necessary cookies are those that are absolutely necessary for the operation of a homepage.
e) You can configure your browser settings according to your wishes and e.g. reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
g) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your device. These objects save the required data regardless of the browser you are using and have no automatic expiry date. If you do not want the Flash cookies to be processed, you must install a corresponding add-on, e.g. B. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using the private mode in your browser. We also recommend that you regularly delete your cookies and browser history manually.
5. Further functions and offers of our website
(1) Besides the mere use of our website for information purposes we offer various services which you may use if you are interested. To this end, as a rule you will have to enter further personal data which we use for the performance of the respective service and which are subjected to the previously mentioned principles of data processing.
(2) We partly commission external service providers for the processing of your data. These were carefully selected by us and commissioned, are bound to our instructions, and undergo regular checks.
(3) The hosting services we make use of serve for providing the following services: infrastructure and platform services, computing capacity, memory space and database services, security service and technical maintenance services, which we use for the operation of this online offer.
To this end, we or our hosting service provider, respectively, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested persons and visitors of this online offer based on our justified interests in an efficient and secure provision of this online offer in accordance with point (f) of Article 6(1) GDPR in connection with Article 28 GDPR.
(4) Moreover, we shall be entitled to transmit your data to third parties in case we offer campaign participations, prize games, and conclusion of contracts or similar services jointly with partners. You will receive detailed information on this when submitting your personal data or below in the description of the offer.
(5) If our service providers or partners have their place of business in a state outside the European Economic Area (EEA), we will inform you about the consequences arising thereof in the description of the offer.
6. Data protection in case of applications for employment
The controller collects and processes the personal data of job applicants for the purpose of running the application procedure. The processing can also be executed by electronic means. This is particularly the case when an applicant transmits the corresponding résumé and references to the controller by electronic means, for example, via e-mail or a contact form on the website. In case the controller concludes an employment contract with an applicant, the transmitted data are stored for the purpose of execution of the employment contract in accordance with the legal regulations. If no employment contract is concluded by the controller with the applicant, the application papers are automatically erased, unless there are other justified opposed interests of the controller. Other justified interest in this sense includes, for example, a burden of proof in proceedings pursuant to the General Equal Treatment Act.
The processing of personal data of applicants is executed in order to fulfil our (pre-)contractual duties within the framework of the application procedure pursuant to point (b) of Article 6(1) GDPR and point (f) of Article 6(1) GDPR, inasmuch the data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, in addition Section 26 of the Federal Data Protection Act shall apply).
7. Objection to the processing of your data or withdrawal of consent
(1) In case you have given your consent for processing your data, you can revoke this consent at any time and via any communication channel. Such revocation affects the legitimacy of processing your personal data as soon as you have expressed it towards us.
(2) Insofar as we base the processing of your personal data on weighing of interests, you are entitled to lodge an objection to the processing. This shall be the case if, in particular, the processing is not needed for fulfilling a contract with you, which is described by us in each of the function descriptions hereinafter. If you execute your right to object, we will ask you to state the reasons why we should not process your personal data the way we have done it. In case your objection is substantiated, we shall check the factual situation and shall either cease or adjust data processing, or inform you about our compelling reasons worth being protected, based on which we shall continue processing.
(3) As a matter of course, you shall be entitled to lodge an objection to the processing of your personal data for advertising purposes and data analysis at any time. ) For lodging your objection to data processing for advertising purposes, you may contact us at the address as mentioned in item 2. (2).
8. Legal or contractual regulations for the provision of personal data / necessity for the conclusion of a contract / consequences in case of non-provision
(1) We would like to draw your attention to the fact that the provision of personal data is partly required by law. It may also be possible that a data subject has to provide personal data for the execution of a contract. Non-provision would have the consequence that the contract could not be concluded. Our staff will be ready to answer any questions you may have in the individual case.
(2) The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements. If the data are not deleted because they are required for other legally permissible purposes, their processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons.
According to legal requirements, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, documents relevant for taxation, etc. .) and 6 years according to § 257 Paragraph 1 No. 2 and 3, Paragraph 4 HGB (commercial letters).
(1) By giving your consent, you can subscribe to our newsletter, which contains information about our current interesting offers. The advertised goods and services are specified in the declaration of consent.
(2) We use the so-called double opt-in procedure for the registration for our newsletter. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically erased after one month. We also store the IP addresses you used, the computer system used and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to investigate any possible misuse of your personal data.
(3) The personal data collected as part of the registration for the newsletter are only used to send our newsletter. In addition, subscribers to the newsletter may receive information by email if this is necessary for the operation of the newsletter service or for newsletter registration, as could be the case in the event of modifications to the newsletter offer or if technical conditions change. The personal data collected within the scope of the newsletter service will not be disclosed to third parties.
(4) Your email address is the only mandatory information we require for sending you the newsletter. Providing further, separately marked data is voluntary and these data are only used to address you personally. After your confirmation, we will store your email address to send you the newsletter. The legal basis is Art. 6(1) No. 1 a) GDPR.
(5) You can withdraw your consent to receiving the newsletter at any time and unsubscribe from the newsletter. You may withdraw your consent by any means of communication, for example by clicking on the link provided in each newsletter email, by sending an email to email@example.com or by sending a message to the contact data provided in the legal notice.
(6) We would like to point out that we analyse your user behaviour when sending the newsletter. For this analysis, the sent emails contain so-called web beacons and/or tracking pixels which represent one-pixel image files stored on our website. For analysis purposes, we link the data mentioned in item 4 and the web beacons with your email address and an individual ID.
You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via any other means of contact. The information is stored as long as you are subscribed to the newsletter. After you unsubscribe, we store the data anonymously and for statistical purposes. Such tracking is also not possible if you have disabled the display of images in your email programme by default. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. If you display the images manually, the tracking mentioned above will take place.
(7) Newsletter – Mailchimp
The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimisation of dispatch and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to disclose the data to third parties.
10. Web Analytics
1. Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help analyse how you use the website. The information about your use of this website generated by the cookie will usually be transferred to a server operated by Google in the USA and stored there. But in the event of the activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and shortened by a Google server in the USA. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports about website activities and to render other services related to website use and Internet use to the website operator.
(2) The IP address transmitted by your browser in the scope of Google Analytics will not be merged with any other data held by Google.
(3) You can prevent the placement of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to fully use all functions of this website. Furthermore, you can prevent Google’s collection of data generated by the cookie and the use of the website (incl. your IP address) and Google’s processing of these data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This allows IP addresses to be processed in a shortened form to prevent them from being linked to a particular individual. If the data collected about you contains a personal reference, this reference is immediately excluded and the personal data are immediately erased. Data sent by us and linked to cookies, user information (e.g. user ID) or advertising IDs are automatically erased after 14 months. Data whose retention period has been reached are automatically erased once a month.
(5) We use Google Analytics to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1) 1 f) GDPR.
(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can disable the cross-device analysis of your use in your customer account under “My Data”, “Personal Data”.
Opt-out cookies prevent the future collection of your data when visiting this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use.
If you click here, you can make the settings.
11. Social media / Google Maps
1. Use of social media plug-ins
(1) We are currently using the following social media plug-ins:
Facebook, Xing, Instagram
We use the so-called two-click solution. This means that when you visit our site, no personal data are initially passed on to the providers of the plug-ins. You can identify the provider of the plug-in by the indication in the box above its initial letters or logo. We give you the opportunity to communicate directly with the provider of the plug-in by clicking the button. Only if you click on the marked box, thereby activating it, the plug-in provider will receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under item 4 of this declaration will be transmitted. In the case of Facebook and Xing, the IP address will be anonymised in Germany immediately after collection, according to the respective providers. By activating the plug-in, your personal data are therefore transmitted to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.
(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing and the storage periods. We also have no information about the erasure of the collected data by the plug-in provider.
(3) The plug-in provider stores your collected data as user profiles and uses them for advertising, market research and/or preference-based design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to provide preference-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles; however, in order to exercise any such right, you have to contact the respective provider of the plug-in. Via the plug-ins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6(1) sent. 1 f) GDPR.
(4) The data transfer is independent of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collected will be directly allocated to your existing account with the plug-in provider. If you click on the activated button and, for example, link the page, the plug-in provider will also save this information in your user account and publicly shares it with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid the allocation to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and their processing by the plug-in provider can be found in the following privacy policies of these providers. There you will also find further information about your rights and settings options to protect your privacy.
(6) Addresses of the respective plug-in providers and URL with their privacy policies:
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; further information about data collection: https://en-gb.facebook.com/policy.php; https://www.facebook.com/about/privacy/your-info#everyoneinfo.
b) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; https://privacy.xing.com/en/privacy-policy.
2. Integration of Google Maps
(1) We use the services of Google Maps on this website. This way, we can display interactive maps directly on the website and enable you to use the map function easily.
(2) By visiting the website, Google receives information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under item 4 of this declaration will be transmitted. This happens regardless of whether Google provides a user account which you are logged into or whether no user account exists. If you are logged into Google, your data are directly linked to your account. If you do not want the data to be linked to your profile on Google, you have to log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and/or preference-based design of its website. Such an analysis is carried out in particular (even for users who are not logged in) to provide preference-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of such user profiles; however, in order to exercise any such right, you have to contact Google.
(3) Further information on the purpose and scope of data collection and their processing by the plug-in provider can be found in the privacy policies of the providers. There you will also find further information about your rights and settings options to protect your privacy: https://policies.google.com/privacy?hl=en&gl=de.
(4) There is the possibility to opt-out under: https://adssettings.google.com/authenticated.
12. Plug-ins and tools
1. Google Web Fonts
(1) This site uses so-called web fonts provided by Google for the uniform representation of fonts. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use has to connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) f) GDPR.
(2) If your browser does not support Web Fonts, a default font from your computer will be used.
2. Use of ajax.googleapis.com and jQuery
(1) On this site, we use Ajax and jQuery technologies, which optimises loading speeds. In this respect, programme libraries are accessed from Google servers. The CDN (Content Delivery Network) of Google is used. If you have used jQuery on another page of Google’s CDN before, your browser will use the cached copy. If this is not the case, this requires a download, whereby data from your browser are sent to Google Inc. (“Google”). Your data will be transferred to the USA. You can find more information on the pages of the providers.
(2) The legal basis for the processing of your data is Art. 6(1) sent. 1 point f of the GDPR.
3. Cookie consent with Cookie Script / consent management provider
(1) This website uses the cookie-content technology Cookie Script to obtain your consent to store certain cookies on your terminal device and to document this consent in accordance with data protection regulations; Cookie Script is a plug-in of Objectis Ltd, Zalgirio st. 88, 09303 Vilnius, Lithuania – website: https://cookie-script.com/
(2) When you access our website, the following personal data are transferred to Cookie Script:
• your consent(s) or the withdrawal of your consent(s)
• your IP address
• information about your browser
• information about your terminal device
• time of your visit to our website
(3) In addition, Cookie Script stores a cookie in your browser to allocate the given consent or its withdrawal to you. The data collected in this way are stored until you request us to erase them, delete the Cookie Script cookie yourself or the purpose for which the data is stored no longer applies. Mandatory legal retention obligations remain unaffected.
13. Use of our web shop
(1) If you would like to order in our web shop, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory information required for processing the contracts is marked separately; further information is voluntary. We process the data you provide to process your order. We can also pass on your payment details to our house bank. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.
(2) Due to commercial and tax law requirements, we are obliged to save your address, payment and order data for a period of ten years. However, after [two years] we will restrict the processing, i. H. Your data will only be used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, especially financial data, the order process is encrypted using TLS technology.
(4) We use external payment service providers, through whose platforms the user and we can carry out payment transactions (each with a link to the data protection declaration: PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full) , Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html), immediate transfer (https://www.sofort.com/ger-DE/general/fuer-kaeufer/fragen-und-antworten/ and https://www.klarna.com/sofort/#cq-0.
As part of the fulfillment of contracts, we use the payment service providers on the basis of Art. 6 Para. b. GDPR. In addition, we use external payment service providers on the basis of our legitimate interests in accordance with. Art. 6 para. 1 lit. b. GDPR in order to offer our users effective and secure payment options.
The data processed by the payment service providers include inventory data, such as the name and address, bank details such as IBAN or credit card numbers, TANs as well as the contract, sums and recipient-related information. The information is required to carry out the transactions. However, the data entered will only be processed and stored by the payment service providers. I.e. We do not receive any account or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data will be transmitted to credit agencies by the payment service provider. The purpose of this transmission is to check your identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.
For payment transactions, the terms and conditions and the data protection notices of the respective payment service providers apply, which can be called up within the respective websites or transaction applications. We also refer to these for the purpose of further information and assertion of rights of revocation, information and other data subjects.