Privacy and cookie policy

Disclaimer: This document is the English version of the German privacy and cookie policy and it is only intended as a courtesy to English-speaking readers. If there are any inconsistencies between this version of the privacy and cookie policy and the original German version, then the German language version shall prevail.
 

At Pointsharp GmbH, we take the protection of personal data very seriously. At this point we would like to explain what data we store, when we store data, and how we use it. We are subject to the terms of the European General Data Protection Regulation (GDPR) as well as the regulations of the supplementary Bundesdatenschutzgesetz (BDSG), the German federal data protection act. In order to guarantee our as well as our external service providers’ compliance with said terms and regulations on data protection, we implemented the appropriate technical and organisational measures.

This privacy and cookie policy is valid for our online presence, including website, features and contents as well as external online presences, e.g. our social media. Furthermore, this privacy and cookie policy informs you about the processing of your personal data and serves to fulfil our obligation to inform you.

The terminology used in this privacy and cookie policy, such as controller and personal data, are applied according to the definitions in the GDPR. To improve readability and therefore deliver information in a more comprehensible way, specific articles, paragraphs, etc. in this privacy and cookie policy has been forgone in most instances.

Contact information

Controller

The controller in the sense of the GDPR and other national data protection acts of member states of the European Union and other data protection regulation is

Pointsharp GmbH
Schwarzwaldstr. 151
79102 Freiburg
Germany
Phone: +49 761 38913 100
Email: privacy@pointsharp.de
 

Data protection officer

The controller has appointed a data protection officer. The contact details are

Holger Hermann
Phone: +49 761 8832 215
Email: ds-team.freiburg@bechtle.com

For any questions, suggestions, or comments on data protection as well as on the enforcement of your rights as listed below, please refer to our supervisory authority.

General information on data processing

Scope of the processing of personal data

As a general principle, we only process personal data to the extent to which it is necessary to provide a functioning internet presence, our contents, and services. The processing of your personal data takes place regularly only after your consent.

In cases where prior consent is not possible for actual reasons and processing personal data is permitted by legal regulations, exceptions to this rule can be made.

Legal basis for processing personal data

In the framework of the data protection regulations, processing personal data is not permitted as a general principle unless there is a legally permissible reason for doing so. We are obligated to inform you about the legal basis of data processing.

As far as we require your consent for processing personal data, the consent serves as the legal basis.

When processing data is necessary for the performance of the contract, of which you are a contracting party, the performance of the contract serves as the legal basis. This is also the case for processing data necessary for executing pre-contractual measures.

Regarding the processing of personal data necessary for the compliance with a legal obligation our company is subject to, this serves as the legal basis.

If processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, this serves as the legal basis.

If processing of personal data is necessary to protect a legitimate interest of our company or a third party and if the interest of protecting your basic rights and fundamental freedoms does not outweigh those former interests, this serves as the legal basis for the processing of data. 

Children

Generally, our services are aimed at adults. Persons under the age of 16 should not transmit any personal data to us without the consent of their parents or legal guardians.

Erasure of data and data retention periods

Once the purpose for storing data no longer applies, we erase or block your personal data. However, such data can be stored beyond that period if the legal regulations we are subject to require us to do so. This affects data, for example, that needs to be retained due to commercial or fiscal law, such as delivery receipts or billing data. 

Blocking or erasing your data is therefore undertaken at the earliest after a retention period determined by such regulations has expired, unless it is necessary to continue storing data for the conclusion or performance of a contract.

Transfer of data to third parties

As a general principle, we do not transfer personal data to third parties without your express consent. Within the Pointsharp Group, data of existing and potential customers is exchanged on the basis of legitimate interest. If, in the course of processing, we disclose or send your data to third parties or give them any other access to it, this will exclusively take place on one of the previously mentioned legal bases.

If necessary for the performance of a contract, we transmit data to entities such as billing companies or suppliers. If obligated by law or a court order, we have to transmit your data to the respective entity with the right of access.

As Cryptshare is a so-called dual-use good within the meaning of Article 2(1) of the EU Dual-Use Goods Regulation, we are subject to the statutory documentation obligations, export control, as well as processing obligations within the framework of fraud and terrorism prevention and sanctions control.

To some extent, we may use carefully selected external service providers to process your data. If data is transferred to service providers as part of a so-called processing agreement, this is based on the guidelines of the GDPR. Our processors have been carefully selected, are bound to our instructions, and are checked regularly. We only use processors who offer sufficient guarantees that appropriate technical and organisational measures are implemented to ensure that data is processed in accordance with the requirements of the GDPR and BDSG and that your rights are being protected.

Transfer of data to third countries

The GDPR ensures an equally high level for data protection within the European Union. Therefore, we prioritise European partners in our selection of service providers and cooperation partners for the processing of your personal data. When employing the services of third parties, your data will only be processed outside the European Union on rare occasions.

We only permit the processing of your data in a third country if the specific requirements of the GDPR are met, meaning your data may only be processed on the basis of special guarantees. Among these guarantees are the official recognition by the EU Commission of a level of data protection equivalent to that of the EU, the compliance with officially recognised specific contractual obligations (the so-called standard contractual clauses ) or other agreements between the EU and third countries.

Automated decision-making

We abstain from automated decision-making or profiling.

The rights of data subjects

According to the GDPR, you are a data subject if your personal data gets processed. You are entitled to the following rights.

To exercise these rights, please refer to our supervisory authority.

The right to withdraw consent

If the processing of your personal data is based on your consent, you have the right to withdraw consent at any time. All data processing up to the point of withdrawal of consent remains unaffected.

Access to personal data

You have the right to enquire if we process your personal data. If this is the case, you may request the following information:

  • the purposes of the processing;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipients that the personal data was disclosed to or will be disclosed to;
  • the planned period for which the personal data will be stored, or if that is not possible in concrete terms, the criteria used to determine that period;
  • the right to rectification or erasure of your personal data, the right to restriction of processing by us or the right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • the right to all information concerning the origin of the data if the personal data was not obtained from you;
  • the existence of automated decision-making, including profiling, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences such processing has for you.

You have the right to enquire if your personal data will be transferred to a third country or international organisation. In this context you have the right to demand information about the suitable guarantees regarding the transfer.

We will provide you with a copy of the personal data that is subject to processing within one month of having received your enquiry. If you made your enquiry electronically, we will provide you the information in a common electronic format, unless requested otherwise.

Right to rectification

You have the right to demand from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

Right to erasure (‘right to be forgotten’)

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we are obligated to erase personal data without undue delay if one of the following reasons applies: 

  • The personal data is no longer necessary to the purposes for which it was processed.
  • You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
  • You object to the processing and there are no overriding legitimate reasons for the processing.
  • The personal data has been processed unlawfully.
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law.
  • The personal data has been collected in relation to the services according to article 4 of the GDPR.
  • Where we have made your personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

The right to erasure (‘right to be forgotten’) does not apply if processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation we are subject to or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the area of public health;  
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of the processing, or;
  • for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You have the right to obtain from us restriction of processing your personal data where one of the following conditions applies:

  • you contest the accuracy of the personal data pertaining to you, for a period enabling us to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing pending the verification whether the legitimate grounds of us override those of you.
  • Where processing has been restricted under the above-mentioned conditions, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained a restriction of processing under the above-mentioned conditions, you will be informed by us before the restriction of processing is lifted.

Right to data portability

You only have this right with respect to personal data that you have provided voluntarily. You have the right to request that we transfer this personal data directly to another data controller. 
Alternatively, you have the right to request that we provide you with your data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract and the processing is carried out with the help of automated procedures.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data after a weighing of interests, including profiling based on these terms. We will then no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override the interest, rights and freedoms of you or for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent to which it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

In the context of the use of services according to article 4 of the GDPR, you may exercise your right to object by automated means using technical specifications.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  • is necessary for entering into, or performance of, a contract between yourself and us,
  • is authorised by Union or Member State law to which we are subject to and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

We implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on part of the controller, to express his or her point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

Use of our website

You can generally use our website without disclosing your identity. In the following section, we will explain when and in what context we process data relating to the use of our website, what offers of service providers and cooperating partners we have implemented, how these work, and what happens with your data.

Data collection when visiting our website 

As long as you use our website exclusively for the purposes of gathering information and do not register for an offer, conclude a contract with us, or disclose information to us in some other way, we only collect the personal data that is transmitted to our servers by your browser.

When visiting our website, we collect the following data that is technically necessary for us to be able to display our website to you and to ensure stability and security:

  • IP address of the visitor
  • Date and time of the request
  • Content of the requested URL (specific website)
  • Access status/HTTP status code
  • Specific transmitted data volume
  • Website from which the request originates
  • The visitor’s operating system
  • Language and version of the browser software.

This data is temporarily stored in our systems’ log files and erased after it has served its purpose. Storing data beyond that is possible; in this case, however, IP addresses are shortened or distorted so that it is no longer possible to identify the requesting client. There is no storing of log files with other, personal data relating to you in this context. The legal basis for this data processing is our legitimate interest.

Storage of log files also takes place to produce operational functionality of our website and to make their availability as reliable as possible. Our legitimate interest in data processing is also due to these aforementioned purposes.

Use of cookies

General information for the use of cookies

When visiting our website, cookies are stored on your device besides the previously discussed data.
Cookies are small packages consisting of text that can be sent from a website to the browser. The browser then stores them and sends them back to the website. In cookies, various details can be stored that can be read by the entity that set the cookie. They are commonly assigned a particular string of characters (ID) that allow for a clear identification of the browser when returning to the website or leaving it. Their primary function is to make our website more user-friendly and more effective. The data that is collected in cookies are pseudonymised by technical provisions which generally make the assigning of the data to the requesting user no longer possible. If an identification is possible, as is the case with login cookies where the session ID is necessarily linked to the account of the user, we will notify you about this at the respective time.

We use various cookies on our website:

  • So-called “session cookies” are cookies that are deleted after you leave our website and close the browser. In such cookies, language settings and the content of the shopping cart are saved.
  • “Permanent cookies” are stored after the browser has been closed so that for instance the login status or entered search terms can be saved. We also use such cookies for measuring the success of our marketing activities as well as for our marketing purposes.
    Permanent cookies are automatically deleted after a set period of time that can be different for each cookie. You can, however, delete such cookies at any time with your browser.
     

Besides so-called “first-party cookies” that are set by us as the controller for data processing, there are also “third-party cookies” provided by other vendors.

  • We as controller set so-called “first-party cookies”:

The legal basis for the processing of your personal data in this context is our legitimate interest.

  • External service providers, who do web tracking or measure the success of our marketing activities for us, may also set cookies.

The legal basis for processing your personal data in this context is your consent.


Note:

A general objection to the use of cookies for marketing purposes can be declared for a number of services on the EU website https://www.youronlinechoices.com or the US website https://www.aboutads.info/choices/. You can also configure your browser settings accordingly and for instance block the acceptance of “third-party cookies” or all cookies or activate the option “do not track”. However, you may then no longer be able to use all of our website’s features.

Information on the processing and use of cookies

HubSpot

We use HubSpot for our website. Hubspot is an integrated software solution we use to cover various aspects of our website.

HubSpot is a software company based in the United States of America with a European office in Dublin: HubSpot, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Irland, Phone +353 1 5187500.

By applying the EU's standard contractual clauses regarding data processing, HubSpot ensures that the EU's data protection requirements are met when personal data is processed and transferred by HubSpot in the USA.

We use Hubspot in so-called inbound marketing; among other things, this enables us to better coordinate and optimise our marketing strategy by means of statistical analyses and evaluation of documented user behaviour.

This includes, but is not limited to:

  • Parts of the content management (website and blog)
  • Email marketing (newsletters as well as automated mailings, e.g. for providing downloads)
  • Social media publishing & reporting
  • Reports (e.g. traffic sources, page views, etc.)
  • Contact management (e.g. user segmentation & CRM)
  • Web analyses and reports (e.g. traffic sources, page views, etc.)
  • Landing pages and contact forms
  • Managing the Partner Incentive Programme

This information is stored on the servers of our software partner Hubspot. We can use it to contact visitors to our website and to determine which of our company’s services are of interest to them. 

We also use Hubspot’s live chat service Messages (round chat icon in the bottom right corner of the screen) to improve the user experience on our website by sending and receiving messages on some sub-pages. When using this function, the following data is transmitted to Hubspot’s servers:

  • Content of all sent and received chat messages
  • Context information (e.g. webpage, on which the chat was used)
  • Optional: Email address of the user if you have provided it via the chat function
  • Optional: The Amazon ID of the partner when participating in our incentive programme.

The legal basis for the use of Hubspot’s services is our legitimate interest. Our legitimate interest in the use of this service is the optimisation of our marketing and the improvement of the quality of the service on our website. We use all collected information exclusively to optimise our marketing and sales.
 

Recipients / Categories of recipients 

Hubspot is the recipient of the collected data.

Duration of the data storage 

Cookies are used to process your data. These will be automatically deleted after 13 months at the latest.

GA4 (Google Analytics 4)

If you have given your consent, Google Analytics is used on this website. This is a web analytics service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. 

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

However, we would like to expressly point out at this point that Google generally processes data for its own purposes, in particular, also for the purpose of providing its web analysis and tracking service. Within the scope of Google Analytics, further usage data is collected that is to be assessed as personal data, such as identification features of individual users, which also allow a link to an existing Google account, for example.

During your website visit, your user behavior is recorded in the form of events. Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links 
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g., language setting, screen resolution)
  • Your internet service provider

Purpose of the processing

On our behalf, Google will use this information to evaluate your use of the website and compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns .

Demographic characteristics

We use the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to any specific person. 

Signals

We use Google Signals. This captures additional information in Google Analytics about users who have enabled personalized ads (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

User ID

We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.

Google Remarketing

Google Remarketing analyzes your user behavior on our website (e.g., clicking on certain products) in order to classify you in certain advertising target groups and subsequently play suitable advertising messages to you when you visit other online offers (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g., cell phone) can also be displayed on another of your end devices (e.g., tablet or PC).

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Recipients / categories of recipients 

Recipients of the data are/could be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
     

Duration of data storage 

You can find out how long the cookies are stored on your terminal device from our Cookie Management Tool.

The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached is automated once a month. 

Legal basis

The legal basis for the use of Google Analytics is your voluntarily given consent. 

Revocation

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.

Google Enhanced Conversion

Within the scope of Google Ads, we use the so-called enhanced conversion tracking. Enhanced conversions are a function that supplements existing conversion tags. This allows conversion data collected on the website itself to be sent to Google in encrypted form. 

Conversion is understood as the conversion of a prospect into a customer. When a conversion is executed on a website, in most cases page visitor information such as a name, email address or postal address is collected. These can be captured and hashed in the conversion tracking tags. To do this, the data is encrypted using a one-way hash algorithm SHA256. The hash values of our site visitors are then passed to Google and used to improve our conversion measurement.

If you have given your consent, our tracking tags work as usual. That is, they record the conversions and click information attributed to you. So, when you click on an ad placed by Google, a cookie is set for advanced conversion tracking. Each Google Ads customer receives a different cookie. The cookies cannot be tracked through the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted in to conversion tracking. For example, customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. 

We hereby also inform you that in the event that you have not given your consent to personally identifiable tracking, a non-personally identifiable and cookie-free analysis will take place. The following data is processed as part of this analysis:

  • Function-related information (such as headers passively added by the browser):
  • Timestamp
  • user agent
  • Referral URL
     

Aggregated/non-personal data: 

  • Indication of whether the current page or a previous page in the user's navigation history on the site contains ad click information in the URL
  • Boolean information about consent status.
  • Random number generated when the page in question is loaded

In these ways, we can track streams of visitors to our website (but not individual usage patterns). Additionally, Consent Mode can thereby contrast opt-in to opt-out rates. This information is then used to model conversions from page visitors who declined the cookie banner.
 

Display

Video 360 Floodlight

Provided you have given your consent, Display & Video 360 Floodlight (hereinafter referred to as DV360 Floodlight) is used on this website. This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google).

Google stores and processes information about your user behaviour on our website, for example by recording where you move around on our site or which products you have clicked on. Google uses cookies for this purpose, amongst other reasons, to enable an analysis of your use of our website.

We use DV360 Floodlight for marketing and optimisation purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user, for example by delivering targeted advertising at a later date.

In addition, the floodlight tags we use enable us to understand whether you perform certain actions on our website after you have called up or clicked on one of our display/video ads on another platform (conversion tracking). Google uses this cookie to understand the content you have interacted with on our websites in order to serve you targeted ads later.

Recipients / Categories of recipients 

Google is the recipient of the collected data.  

Transfer to third countries 

By applying the EU's standard contractual clauses regarding data processing, Google ensures that the EU's data protection requirements are met when personal data is processed and transferred by Google in the USA.

Duration of the data storage 

You can find out how long cookies are stored on your device by using our Cookie Management Tool.

Your data subject rights

As a data subject, you have various rights, which we would like to inform you about below. Depending on the reason and type of processing of your personal data, you have the rights described in the following sections. 

Your right to information

As a data subject, you have the right to find out from us whether we process personal data about you and, if that shall be the case, which personal data we process about you. 
You also have the right to request a copy of your personal data that is the subject of the processing.

Your right to rectification

By applying the EU's standard contractual clauses regarding data processing, Google ensures that the EU's data protection requirements are met when personal data is processed and transferred by Google in the USA.

Your right to erasure

If the legal requirements are met, you can request the deletion of your personal data.
This is the case, for example, if we process your data on the basis of your consent and you revoke your consent.
However, we may not delete data, for example, if we have to store it due to legal retention periods. We also cannot comply with your deletion request if it is necessary for us to process your personal data in order to assert, exercise or defend legal claims.

Your right to restrict processing

Under certain conditions, you as a data subject have the right to request to restrict the processing of your personal data.
One of these conditions is, for instance, that you dispute the accuracy of your personal data. Or also the case in which we no longer need your personal data, but you need this data to assert, exercise or defend legal claims.

Your right to appeal

If we process your personal data on the basis of a legitimate interest, you have the right to contradict this processing if it arises due to your particular personal situation.  However, this right to object does not apply if there is a compelling public interest in the processing which outweighs your interest, if we are obliged by law to process the data or if the processing serves the purpose of asserting, exercising or defending legal claims.

If we use your personal data for direct marketing, you have the right to object the processing for the purpose of such marketing. If you object to the processing for this purpose, your personal data will no longer be processed for this reason.

If we process your data on the basis of your consent, you have the right to revoke your consent at any time. Your withdrawl does not affect the lawfulness of the processing that took place until the revocation.

Your right to data portability

By applying the EU's standard contractual clauses regarding data processing, Google ensures that the EU's data protection requirements are met when personal data is processed and transferred by Google in the USA.

Appeals to the supervisory authority

You also have the right to file a complaint with a supervisory authority if you are of the opinion that the processing of personal data concerning you violates the provisions of data protection law.

Bing Universal Event Tracking/Bing Webmaster Tools

We use Bing Universal Event Tracking (“UET”), a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).

When you access our website via ads on Microsoft Advertising, a cookie is set on your computer. Additionally, a UET tag is integrated on our website; this is a code that, together with the cookie, stores pseudonymised data about the use of the website. In combination with the cookie, the tag records pseudonymised data to track your actions on our website after you clicked on an advertisement on Microsoft Advertising. Session duration on the website, the visited areas of the website, and via which ad you arrived at our website are among the collected data.

Beyond this, Microsoft can trace your pattern of use across several of your electronic devices via so-called cross device tracking. The collected information is transferred to a Microsoft server in the USA.

By applying the EU's standard contractual clauses regarding data processing, Microsoft ensures that the EU's data protection requirements are met when personal data is processed and transferred by Microsoft in the USA.

Recipients / Categories of recipients 

Microsoft is the recipient of the collected data.  

Transfer to third countries 

By applying the EU's standard contractual clauses regarding data processing, Microsoft ensures that the EU's data protection requirements are met when personal data is processed and transferred by Microsoft in the USA.

Duration of the data storage 

Microsoft stores the data for 180 days at most. You can prevent the collection and processing of this data if you deactivate the setting of cookies. Under certain circumstances, this can result in limitations of the website’s functionality. You can deactivate cross device tracking by clicking on this link.

Online presence on social media

We have an online presence on different platforms to provide information and to be able to get in contact with you.

We have no influence over the processing of personal data by the respective operator of the platform. Generally, the operator of the platform stores cookies on your browser which document your pattern of use or your interests respectively for market research and marketing purposes when you visit our services on said platform.

By doing so, mostly across devices, platform operators gain user profiles show you personalised ads. It is possible that people are affected by this data processing who are not registered users on the respective platform, and their data is possibly processed outside of the European Union, which can complicate enforcing your rights. However, we make it a point in the selection of such platforms that the operators agree to comply with data protection standards of the EU.

The processing of your personal data when visiting one of our presences on social media is based on our legitimate interest in a multifaceted presentation of our company and the use of an effective way to inform and communicate with you.

You can find detailed information on data processing in the context of the use of our presence on these platforms, the right to object, and claiming your right of access in the data privacy statement of the respective platform operator.
 

Facebook

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
The basis for data processing is a shared data processing agreement for personal data under the requirements of the GDPR.

Data protection policy of the platform operator

YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection policy of the platform operator

Instagram

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA

Data protection policy of the platform operator

Twitter

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

Data protection policy of the platform operator

LinkedIn

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data protection policy of the platform operator

Xing

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

Data protection policy of the platform operator

Newsletter

We offer you to subscribe to our free email newsletter. We only send you newsletters if you have given consent. When signing up for a newsletter, the data from the entry form (name and email address) is transferred to us and stored as long as the subscription to the newsletter is active.

To process this data for the purpose of sending the newsletter, your consent is obtained and this data protection policy is referred to. We use a so-called “double opt-in” for the sign-up process. After signing up, you will receive an email with a link you have to click on in order to confirm you signed up. This way, we prevent unauthorised third parties from signing up by using your email address. We log the sign-up process to be able to document the process according to the legal requirements. When signing up, the IP address of the requesting device and the date and time of the sign-up are recorded. The data you entered is stored for as long as the subscription to the newsletter remains active.

You can cancel your subscription at any time, and you can find an unsubscribe link for doing so in every newsletter. This link also enables you to withdraw consent. The legal basis for the processing of your data is your voluntarily given consent to receive newsletters.

If you obtain goods or services from us and provide your email address when doing so, we reserve the right to use it for sending newsletters and direct marketing for similar goods and services of ours. This serves to protect our legitimate interests that prevail in the framework of a weighing of interests in favour of contacting our customers with promotion. You can object this use of your data at any time by sending a message to the contacts below or by using the unsubscribe link in the promotional email without any financial charges from our side. If the newsletter is sent due to the sale of goods and services, we invoke the requirements of the German Act Against Unfair competition (Gesetz gegen den unlauteren Wettbewerb, UWG).

Requests addressed to us

If you send us a request, for instance by using the contact form, your personal data is processed to respond to your contact request:

  • to process your request you conveyed in the contact form
  • to process your request for service
  • to process a possible return via mail
  • for further enquiries via phone or in writing (email)
  • to provide information on products and services

We will not use your data for an automated decision-making process or for profiling.

Job applications

The provided data in all incoming job applications, such as your contact data and qualifications, is exclusively used to conduct the application process.

Your data is forwarded internally to those in charge of the respective department. We process your personal data for your job application as far as it is necessary to determine if we will offer you a job contract.

Furthermore, we may process your personal data to the extent necessary to defend ourselves from effective legal claims against us arising from the application process.

Your data is generally erased two months after the application process has been concluded, unless otherwise agreed with the applicant (also see entry in the talent pool). If the application results in successfully concluding an employment contract, your data is adopted into the personnel file.
 

How long will your data be stored?

We store your personal data as long as necessary to make a decision on your application. If an employment contract between you and us does not materialise, we may continue to store data to the extent to which it is necessary to defend ourselves from legal claims. Application documents are erased two months after notification about the rejection of an application, unless longer storage is necessary due to litigation.

Entry into the talent pool

If we currently do not have a job opportunity that matches your application, for instance in the case of an unsolicited application, we would be happy to take your application and file it in a talent pool. For doing so, however, your consent is necessary and we will approach you with such a request.

If we do not use your application documents in the talent pool within one year, your application documents are erased automatically.

Automated decision-making

There is no automated decision-making in individual cases, meaning the decision on your application does not exclusively rely on automated processing.

Ensuring data quality

From time to time we have the validity of email addresses verified by an external service provider. 

Changes

This data protection policy does undergo changes from time to time. Such amendments occur, for instance, when there are changes due to technological progress, legal requirements, or other factors.

Last update: July 2023