General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data means any data with which you can be identified personally.

Collection of data on this website

Who is responsible for the collection of data on this website?

The data processing on this website is performed by the operator of the website. You can find their contact details under “Information on the data controller” in this privacy policy.

How do we collect your data?

On the one hand, your data will be collected when you communicate it to us. This may be data that you enter in a contact form.

Other data will be collected automatically and after your consent by our IT systems when you visit our website. This mostly consists of technical data (e.g., web browser, operating system or time of accessing a page). This data are collected automatically as soon as you enter the website.

For what purposes do we use your data?

Some of the data are collected to ensure that the website runs smoothly. Other data can be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right to obtain information about the source, recipient and purpose of your personal data stored by us at any time free of charge. You also have the right to request the rectification, blocking or erasure of this data. If you have provided us with your consent to the data processing, you may withdraw this consent at any time for the future. Under certain circumstances, you also have the right to request the restriction of processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time if you have further questions on the subject of data protection.

Analytics tools and third-party tools

When you visit this website, your surfing behaviour may be analysed statistically. This mostly takes place with the use of analytics programs.

Further details on these analytics programs are available in the following privacy policy.

External hosting

This website is hosted externally. The personal data collected on this website are saved on the servers of the hosting provider(s). This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website visits and other data generated by a website.

The external hosting has the purpose of fulfilling the contract with our potential and existing customers (point (b) of Art. 6(1) GDPR) and in the interests of a secure, fast and efficient provision of our online offer by a professional provider (point (f) of Art. 6(1) GDPR). If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

Our hosting provider(s) will only process your data to the extent that this is necessary to fulfil its service obligations and to follow our instructions with regards to this data.

We use the following hosting provider(s):

LIERMANN . Medien
Ellerholzdamm 11
20457 Hamburg

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Data protection

The operators of these web pages take the protection of your personal data very seriously. We will keep your personal data confidential and handle it in accordance with statutory provisions on data protection as well as this privacy policy.

When you use this website, various forms of personal data are collected. Personal data means any data by which you can be identified personally. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this takes place.

Please note that the transfer of data over the internet (e.g., when communicating by email) may be subject to security vulnerabilities. The complete protection of the data against access by third parties is not possible.

Information on the data controller

The data controller responsible for the data processing on this website is:

Doppstadt Beteiligungs GmbH
Steinbrink 4
42555 Velbert, Germany

Telephone +49 (0) 2052 889-0
Email: info[at]doppstadt.de

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and the like).

Duration of storage

Unless a more specific storage period has been specified in this privacy policy, your personal data will be retained by us until the purpose for the data processing no longer applies. If you assert a legitimate request for erasure or withdraw your consent to the data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the erasure will take place after these reasons no longer apply.

General information on the legal basis for the data processing on this website

If you have given your consent to the data processing, we will process your personal data on the basis of point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR insofar as special categories of data are processed according to Art. 9(1) GDPR. In the event of your express consent to the transfer of personal data to third countries, the data processing also takes place on the basis of point (a) of Art. 49(1) GDPR. If you have given your consent to the storage of cookies or the access to information in your end device (e.g. via device fingerprinting), the data processing also takes place on the basis of Section 25(1) TTDSG. You may withdraw your consent at any time. If your data are required for the fulfilment of a contract or for the completion of pre-contractual measures, we will process your data on the basis of point (b) of Art. 6(1) GDPR. We will also process your data on the basis of point (c) of Art. 6(1) GDPR if your data are required in order to fulfil a legal obligation. The data processing can also take place on the basis of our legitimate interest according to point (f) of Art. 6(1) GDPR. Information on the respective legal bases in each individual case is provided in the following paragraphs of this privacy policy.

Data protection officer

We have appointed a data protection officer.

Doppstadt Beteiligungs GmbH
Stephan Viehoff
Steinbrink 4
42555 Velbert, Germany

Telephone +49 (0) 2052 889-0
Email: datenschutz[at]doppstadt.de

Note on the transfer of data to third countries which are not secure according to data protection law and on the transfer of data to US companies that are not certified according to the DPF.

We sometimes use tools from companies based in third countries that are not secure according to data protection law and US tools whose providers are not certified according to the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. Please note that a level of data protection comparable to that of the EU cannot be guaranteed in third countries that are not considered secure according to data protection law.

Please note that as a secure third country, the USA generally has a level of data protection comparable to that of the EU. Accordingly, a transfer of data to the USA is permitted if the recipient is certified according to the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. Information on transfers to third countries, including the data recipients, is provided in this privacy policy.

Recipients of personal data

In the course of our business activities, we work together with various external organisations. As such, the transfer of personal data to such third parties is sometimes necessary. We only forward personal data to external bodies if it is necessary for the fulfilment of a contract, if we are legally obliged to do so (e.g. forwarding of data to tax authorities), if we have a legitimate interest in the forwarding of data according to point (f) of Art. 6(1) GDPR or if another legal basis allows for the forwarding of data. When using processors, we only forward the personal data of our customers on the basis of a valid order processing contract. In the case of joint processing, a contract will be concluded regarding the joint processing.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw any consent already given at any time. In this respect, the lawfulness of the data processing prior to the withdrawal of consent remains unaffected.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF POINT (E) OR (F) OF ART. 6(1) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS SHALL ALSO APPLY TO ANY PROFILING BASED UPON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE ARE ABLE TO DEMONSTRATE COMPELLING LEGITIMATE REASONS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO FILE AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF THIS MARKETING AT ANY TIME, INCLUDING PROFILING IN CONNECTION WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION ACCORDING TO ART. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the case of infringements of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the suspected infringement. The right to lodge a complaint is without prejudice to any other administrative or legal remedies.

Right to data portability

You have the right to be provided with the data that we process automatically on the basis of your consent or for the fulfilment of a contract in a commonly used, machine-readable format. Insofar as you request the direct transfer of the data to another controller, this will only be take place if it is technically feasible.

Access, rectification and erasure

According to the applicable statutory provisions, you have the right, at any time and free of charge, of access to your personal data stored by us and to information about its source and recipients and the purposes of the data processing and, where appropriate, a right to the rectification or erasure of such data. In this respect or if you have further questions regarding the topic of personal data, you can contact us at any time.

Right to the restriction of processing

You have the right to request the restriction of processing regarding your personal data. You can contact us for this purpose at any time. The right to the restriction of processing exists in the following cases:

• If you challenge the accuracy of your personal data stored by us, we generally need time to check this matter. For the duration of our examination, you have the right to request the restriction of processing of your personal data.
• If the processing of your personal data was/is performed unlawfully, you can request the restriction of the data processing instead of its erasure.
• If we no longer need your personal data but you need it for the establishment, exercise or defence of legal claims, you have the right to request the restriction of processing regarding your personal data instead of its erasure.
• If you have filed an objection according to Art. 21(1) GDPR, we are required to balance your interests against ours. As long as it is not yet clear whose interests prevail, you have the right to request that the restriction of processing regarding your personal data.

Where you have restricted the processing of your personal data, this personal data may, with the exception of retention, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

SSL and/or TLS encryption

For security reasons and in the interests of protecting confidential content such as any orders or enquires you may send to us as the website operator, this website uses an SSL and/or TLS encryption. You can tell an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock symbol in your browser bar.

When SSL or TLS encryption is active, the data you transfer to us cannot be read by third parties.

Objection to advertising emails

We hereby object to the use of the contact data published in the context of the obligation to provide a legal notice for the sending of unsolicited advertising and information material. The operators of this website reserve the right to take legal action in the event of the sending of unsolicited marketing information in the form of spam emails, for example.

Consent management

Our website uses the consent technology of Cookieman, a TYPO3 extension, to obtain your consent to the storage of specific cookies on your end device or to the use of specific technologies and in order to document these in compliance with the data protection regulations. The provider of this technology is d-mind GmbH, Mörikestraße 69, 70199 Stuttgart, Germany (hereinafter referred to as “Cookieman”).

When you enter our website, a connection is established to the servers of Cookieman in order to obtain your consent and other declarations regarding the use of cookies. Cookieman then stores a cookie in your browser in order to be able to assign any consent you have given and/or to withdraw such consent. The data collected in this way is stored until you request its erasure, your erase the Cookieman cookie yourself or the purpose for storing the data no longer applies. Other statutory retention periods remain unaffected.

Cookieman is used in order to obtain the legally required consent for the use of cookies. The legal basis for this is point (c) of Art. 6(1) GDPR.

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of the website automatically collects and stores information in server log files which are transferred to us automatically by your browser. These include:

• type and version of the browser used
• Operating system used
• Referrer URL
• Host name of the computer accessing the website
• Time of the server query
• IP address

This data will not be combined with other data sources.

The data are collected on the basis of point (f) of Art. 6(1) GDPR. The website operator has a legitimate interest in technically error-free display and optimisation of its website – for this purpose, the server log files have to be captured.

Contact form

If you send us enquiries via a contact form, your information from the enquiry form including the contact details given there will be stored by us for the purpose of dealing with your enquiry and any further questions. We will not disclose such information without your consent.

The processing of this data takes place on the basis of point (b) of Art. 6(1) GDPR, insofar as your enquiry is associated with the performance of a contract or is necessary for the completion of precontractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (point (f) of Art. 6(1) GDPR) or on your consent (point (a) of Art. 6(1) GDPR), provided that this consent has been requested; the consent can be withdrawn at any time.

The data entered into the contact form by you will remain with us until you request its erasure, you withdraw your consent to its storage, or the purpose for which the data was stored no longer applies (e.g., when your enquiry has been dealt with). Imperative statutory provisions – particularly retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purposes of processing your request. We will not disclose such information without your consent.

The processing of this data takes place on the basis of point (b) of Art. 6(1) GDPR, insofar as your enquiry is associated with the performance of a contract or is necessary for the completion of precontractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (point (f) of Art. 6(1) GDPR) or on your consent (point (a) of Art. 6(1) GDPR), provided that this consent has been requested; the consent can be withdrawn at any time.

The data that you send to us in a contact form will remain with us until you request their erasure, withdraw your consent to their storage or the purpose for which the data were stored no longer applies (e.g., when your enquiry has been dealt with). Imperative statutory provisions – particularly statutory retention periods – remain unaffected.

This privacy policy applies to the following social media sites:

• https://www.facebook.com/people/Doppstadt
• https://www.instagram.com/doppstadt_official
• https://de.linkedin.com/company/doppstadt-group
• https://www.youtube.com/user/doppstadtrecycling

Data processing by social networks

We have publicly accessible profiles in social networks. You can find details about the social networks used by us below.

Social networks such as Facebook, X, etc. can usually analyse your user behaviour comprehensively if you visit their website or a website with integrated social media contents (e.g. “Like” buttons or advertising banners). When our social media sites are visited, numerous processing operations are triggered that are relevant to data protection. In detail:

If you are logged into your social media account and you visit our social media site, the operator of the social media portal can allocate this visit to your user account. Under certain circumstances, your personal data may also be collected if you are not logged in or if you do not have an account with the respective social media portal, however. In this case, your data may be collected e.g. via cookies which are stored on your end device or by recording your IP address.

With the use of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media site. If you have an account with the respective social network, the interest-based advertising can be shown on all devices where you are signed in or have been signed in.

Please also note that we are not able to track all the processing steps on the social medial portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. In this context, further details are available in the terms of use and data protection regulations of the relevant social media portals.

Legal basis

Our social media sites are intended to guarantee as comprehensive an internet presence as possible. This constitutes a legitimate interest within the meaning of point (f) of Art. 6(1) GDPR. The analysis procedures initiated by the social networks may be based on other legal bases which the operators of the social networks are required to indicate (e.g. consent pursuant to point (a) of Art. 6(1) GDPR).

Controller and assertion of rights

If you visit any of our social media sites, we are responsible for the data processing operations triggered by this visit jointly with the operator of the social media platform. In principle, you can assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.

Please note that despite our joint responsibility with the operators of social media portals, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Duration of storage

The data directly collected by us via the social media site will be erased by our systems as soon as the purpose of its storage no longer applies, you request its erasure, you withdraw your consent to its storage or the purpose for the data retention no longer applies. Stored cookies stay on your end device until you erase them. Imperative statutory provisions – particularly retention periods – remain unaffected.

We have no influence on the storage duration of your data that are stored by the operators of the social networks for their own purposes. For further details, please refer directly to the operators of the social networks (e.g. in their privacy policy, see above).

Management and analysis

We use the services of Sendible for the purpose of managing, analysing and optimising our social media marketing and facilitating communication via social networks. The provider is Sendible Limited, 3rd Floor, 311 Ballards Lane, London, N12 8LY, United Kingdom.

Sendible uses an interface to collect comments and private messages sent by users via our accounts on the social networks Facebook, Instagram, LinkedIn and YouTube in a central inbox. The data are collated and analysed primarily in order to improve and prioritise our responses to comments and personal messages.

The data exchange with the United Kingdom on the basis of an EU adequacy decision; further information about this is available at ec.europa.eu/commission/presscorner/detail/en/ip_21_3183.

Further information on Sendible and their data processing is available at www.sendible.com/privacy.

Your rights

You have the right to obtain information about the source, recipient and purpose of your personal data stored by us at any time free of charge. You also have the right to object, to data portability, and right to lodge a complaint with the competent supervisory authority. You also have the right to request the rectification, blocking, erasure and, under certain circumstances, the restriction of processing regarding your personal data.

Social networks in detail

Facebook

We have a Facebook profile. The provider of this service is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (referred to in the following as Meta). According to Meta, the data collected are also transferred to the USA and other third countries.

We have concluded an agreement on joint processing with Meta (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement via the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can personally change your advertising settings in your user account. To do so, click on the following link and log in:  https://www.facebook.com/settings?tab=ads.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details are available in the privacy policy of Facebook: https://www.facebook.com/about/privacy/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

We have an Instagram profile. The provider of his service is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ und https://de-de.facebook.com/help/566994660333381.

Details regarding their use of your personal data are available in the privacy policy of Instagram: https://privacycenter.instagram.com/policy/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

LinkedIn

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn uses cookies.

If you would like to deactivate the advertising cookies of LinkedIn, please use the following link:https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details regarding their use of your personal data are available in the privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a YouTube profile. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details regarding their use of your personal data are available in the privacy policy of YouTube: https://policies.google.com/privacy?hl=de.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool which allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager does not itself create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used in order to manage and run the tools that are integrated through its use. However, Google Tag Manager collects your IP address, which may also be transmitted to the parent company of Google in the United States.

The use of Google Tag Manager takes place on the basis of point (f) of Article 6(1) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the operator of the website to analyse the behaviour of the website visitors. The operator of the website receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data will be summarised in a user ID and assigned to the respective end device of the visitor to the website.

We can also use Google Analytics in order to record your mouse and scroll movements and clicks, among others. Google Analytics also uses various modelling approaches to supplement the data records collected, and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google concerning the use of this website is usually transmitted to a Google server in the US and is stored there.

The use of this service takes place on the basis of your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) TTDSG. You may withdraw your consent at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Browser plug-in

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Please refer to the privacy policy of Google for further information about the handling of user data at Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have entered into a contract for order processing with Google, and in using Google Analytics we fully implement the strict guidelines of the German data protection authorities.

Matomo

This website uses the Open Source web analysis service Matomo.

With the use of Matomo, we are able to collect and analyse data about the use of our website by visitors to our website. On this basis, we are able to find out when and which pages were accessed and the region from which the visitors originate. We also collect various log files (e.g. IP address, referrer, browsers used and operating systems), and can determine whether visitors to our website carry out specific actions (e.g. clicks, purchases, etc.).

The basis for the use of this analytics tool is point (f) of Art. 6(1) GDPR. The owner of the website has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

IP anonymisation

During the analysis with Matomo, we use IP anonymisation. During this process, your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.

Analysis without cookies

We have configured Matomo so that Matomo does not store any cookies in your browser.

Hosting

We only host Matomo on our own servers, which means that all the analysis data stays with us and will not be forwarded to anyone else.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). Furthermore, targeted advertisements can also be displayed on the basis of the user data available in Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively, by analysing which search terms led to our advertisements being displayed and how many advertisements led to corresponding clicks, for example.

The use of this service takes place on the basis of your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) TTDSG. You may withdraw your consent at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the use of Google Conversion Tracking, both Google and we can see whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased especially frequently. The information serves the generation of conversion statistics. We find out the total number of users who clicked on our ads and the actions that they took. We do not receive any information which allows us to personally identify the user. Google itself only uses identification cookies or equivalent recognition technologies.

The use of this service takes place on the basis of your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) TTDSG. You may withdraw your consent at any time.

For more information on Google Conversion Tracking, please refer to the data protection regulations of Google: https://policies.google.com/privacy?hl=de.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Meta Pixel (formerly Facebook Pixel)

This website uses visitor action pixels from Facebook/Meta in order to measure conversions. The provider of his service is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected are also transferred to the USA and other third countries, however.

This allows for the behaviour of visitors to the website to be tracked when they have been forwarded to the provider’s website by clicking on a Facebook ad. In this way, the effectiveness of Facebook ads can be analysed for statistical and market-research purposes and future marketing measures can be analysed.

The data collected are anonymous to us as the owners of this website; we cannot draw any conclusions as to the identity of the users. However, the data are stored and processed by Facebook, so that a connection to the appropriate user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the data use policy of Facebook (https://de-de.facebook.com/about/privacy/). In this way, Facebook can enable marketing advertisements to be placed on web pages both within and outside Facebook. As the operator of this website, we cannot influence such a use of data.

The use of this service takes place on the basis of your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) TTDSG. You may withdraw your consent at any time.

Insofar as personal data are collected on our website with the use of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for such data processing (Art. 26 GDPR). The joint responsibility is exclusively limited to the collection of data and its forwarding to Facebook. The processing carried out by Facebook after the forwarding does not form part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on the joint processing. The wording of this agreement is available here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website according to data protection law. Facebook is responsible for the data security of Facebook products. You can assert the rights of data subjects (e.g. requests for access) regarding the data processed by Facebook directly with Facebook. If you assert the rights of data subjects with us, we are obliged to forward them directly to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information about protecting your privacy in the data protection policy of Facebook: https://de-de.facebook.com/about/privacy/.

You can also deactivate the “Custom Audiences” remarketing function in the ad settings screen at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you need to be logged in to Facebook.

If you do not have a Facebook account, you can deactivate use-based Facebook advertising on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Facebook Conversion API

We have integrated Facebook Conversion API on this website. The provider of his service is Meta Platforms Ireland Ltd. 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected are also transferred to the USA and other third countries, however.

Facebook Conversion API enables us to record website visitors’ interactions with our website and to forward such information to Facebook in order to improve the advertising performance on Facebook.

In particular, the time of the visit, the visited web pages, your IP address and your user agent as well as any other specific data (e.g. products purchased, value of the shopping basket and currency), are recorded. A full overview of the data that may be recorded is available here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service takes place on the basis of your consent according to point (a) of Art. 6(1) GDPR and Section 25(1) TTDSG. You may withdraw your consent at any time.

Insofar as personal data are collected on our website with the use of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for such data processing (Art. 26 GDPR). The joint responsibility is exclusively limited to the collection of data and its forwarding to Facebook. The processing carried out by Facebook after the forwarding does not form part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on the joint processing. The wording of this agreement is available here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website according to data protection law. Facebook is responsible for the data security of Facebook products. You can assert the rights of data subjects (e.g. requests for access) regarding the data processed by Facebook directly with Facebook. If you assert the rights of data subjects with us, we are obliged to forward them directly to Facebook.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information about protecting your privacy in the data protection policy of Facebook: https://de-de.facebook.com/about/privacy/.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Newsletter data

If you would like to subscribe to the newsletter which is offered on the website, we require your email address and information which enables us to verify that you are the owner of the email address provided, as well as your confirmation that you agree to the receipt of the newsletter. Other data will only be collected on a voluntary basis. For the provision of the newsletter we use newsletter service providers who are described below.

CleverReach

This website uses CleverReach to send newsletters. The provider of this service is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (in the following “CleverReach”). CleverReach is a service with which the sending of newsletters can be organised and analysed. The data you provide for the purpose of receiving the newsletter (such as your email address) will be saved on the servers of CleverReach in Germany and/or Ireland.

The newsletters we send with CleverReach allow us to analyse the behaviour of the newsletter recipient. Among other things we can analyse how many recipients opened the newsletter email and how often which link in the newsletter was clicked. With the use of Conversion Tracking, it is also possible to analyse whether a pre-defined activity (i.e. the purchase of a product on our website) is carried out after the link in the newsletter has been clicked. Further information on data analysis via CleverReach newsletters is available here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The data processing takes place on the basis on your consent (Art. 6 (1) point (a) GDPR). You can withdraw this consent at any time by cancelling your subscription to the newsletter. The lawfulness of the data processing prior to the withdrawal of consent remains unaffected.

If you do not wish for analysis to be carried out by CleverReach, you must unsubscribe to the newsletter. An appropriate link is included in every newsletter email that allows you to cancel your subscription.

The data you have given us for the purpose of receiving the newsletter will be stored by us and/or the newsletter service provider until you unsubscribe from the newsletter and will be erased after you subscription to the newsletter has been removed from the newsletter mailing list. Data which is stored by us for other purposes remains unaffected by this.

After your removal from the newsletter mailing list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your interest and our interest in complying with the statutory requirements when sending newsletters (legitimate interest in terms of point (f) of Art. 6 (1) GDPR). There is no time limit to being stored in the blacklist. You can object to the storage if your interests outweigh our legitimate interest.

For further information about the data protection conditions of CleverReach, visit: https://www.cleverreach.com/de/datenschutz/.

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

YouTube

This website includes videos from the website YouTube. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

If you visit one of our websites in which YouTube has been integrated, a connection with the servers of YouTube will be established. In this way, this server receives information about which of our web pages you have visited.

YouTube can also store various cookies on your end device or use comparable technologies to recognise you (e.g. device fingerprinting). In this way, YouTube is able to obtain information about visitors to this website. Among others, this information is used in order to record video statistics, to improve the user-friendliness, and to prevent attempts at fraud.

If you are logged in to your YouTube account, you allow YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Our use of YouTube is in the interest of an appealing presentation of our online services. This constitutes a legitimate interest in terms of point (f) of Art. 6(1) GDPR. If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

For further information on the handling of user data, please refer to the privacy policy of YouTube: https://policies.google.com/privacy?hl=de.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Font Awesome (local hosting)

For the uniform representation of fonts, this website uses Font Awesome. Font Awesome is installed locally. No connection to the servers of Fonticons, Inc. is established for this purpose.

Further information on Font Awesome is available in the privacy policy of Font Awesome: https://fontawesome.com/privacy.

Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this website has no influence on this transfer of data. If Google Maps is activated, Google may use Google Fonts for the purpose of the uniform representation of fonts. When you visit Google Maps, your browser will load the web fonts required in your browser cache in order to display text and fonts correctly.

Google Maps is used in the interest of ensuring an appealing representation of our online offers and to facilitate the search for the places specified by us on the website. This constitutes a legitimate interest in terms of point (f) of Art. 6(1) GDPR. If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. Details are available here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further information regarding the handling of user data is provided in the privacy policy of Google: https://policies.google.com/privacy?hl=de.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used in order to verify whether data which is entered on this website (e.g. in a contact form) is carried out by a person or an automated program. To this end, reCAPTCHA analyses the behaviour of the website visitors using various characteristics. This analysis begins automatically, as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates a range of information (e.g. IP address, dwell time of the website visitor on the website or mouse movements made by the user). The data collected in the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.

The data is stored on the basis of point (f) of Art. 6(1) GDPR. The website provider has a legitimate interest in protecting its web content against fraudulent automated spying and SPAM. If the corresponding consent was requested, the processing takes place exclusively on the basis of point (a) of Art. 6(1) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG) insofar as the consent includes the storage of cookies or access to information saved in the end device of the user (e.g. device fingerprinting) pursuant to the TTDSG. You may withdraw your consent at any time.

For further information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Data processing

We use online conference tools, among other reasons, to communicate with our customers. The individual tools that we use in detail are listed below. If you communicate with us via video or audio conference in the internet, your personal data will be collected and processed by both us and the provider of the respective conference tool.

In this respect, the conference tools collect all the data that you provide/use when using the tools (email address and/or telephone number). The conference tools also process the duration of the conference, the start and end (time) of the participation in the conference, the number of participants and other “contextual information” relating to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data which is necessary for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, the device type, operating system type and version, the client version, camera type, microphone or speaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it will also be stored on the servers of the tool provider. Such content includes, but is not limited to, cloud records, chat/instant messages, photos and videos uploaded to voicemails, files, whiteboards and other information shared while using the service.

Please note that we do not have full influence over the data processing operations of the tools that are used. Our options depend largely on the company policy of the respective provider. Further information on the data processing by the conference tools is available in the privacy policy for the respectively-used tool, the details of which are provided underneath this text.

Purpose and legal bases

The conference tools are used in order to communicate with prospective or existing contractual partners or to offer specific services to our customers (point (b) of Art. 6(1) GDPR). The use of the tools also serves the general simplification and acceleration of the communication with use and/or our company (legitimate interest in terms of point (f) of Art. 6(1) GDPR). If consent was requested, the use of the corresponding tools takes place on the basis of this consent; the consent can be withdrawn at any time with future effect.

Duration of storage

The data directly collected by us via the video and conference tools is erased by our systems as soon as the purpose for its storage no longer applies, you request its erasure, you withdraw your consent to its storage or the purpose for the data retention no longer applies. Stored cookies stay on your end device until you erase them. Compulsory statutory retention periods remain unaffected.

We have no influence on the storage duration of your data that are stored by the operators of the conference tools for their own purposes. For further details, please refer directly to the operators of the conference tools.

Conference tools used

We use the following conference tools:

TeamViewer

We use TeamViewer. TeamViewer is provided by TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. Details on the data processing are available in the privacy policy of TeamViewer: https://www.teamviewer.com/de/datenschutzerklaerung/.

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Microsoft Teams

We use Microsoft Teams. The provider of Microsoft Teams is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on the data processing are available in the privacy policy of Microsoft Teams: https://privacy.microsoft.com/de-de/privacystatement.

The company is certified according to the “EU-US Privacy Framework” (DPF) The DPF is an agreement between the European Union and the USA which has the aim of ensuring compliance with European data protection standards during data processing operations in the USA. Every company which is certified according to the DPF undertakes to comply with these standards of data protection. Further information about this topic is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

Order processing

We have concluded an order processing agreement (OPA) on the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the data controller only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR.

Handling of applicant data

We offer you the possibility to submit an application to us (e.g. by email, in the post, or using an online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data takes place in accordance with applicable data protection law and all other statutory provisions, and that your data will be treated with the strictest of confidentiality.

Scope and purpose of the data collection

When you submit an application to us, we will process your associated personal data (e.g. contact and communication information, application documents, notes taken during job interviews etc.), provided that this is required to make a decision about initiating an employment relationship. The legal basis for this under German law is Section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), point (b) of Art. 6(1) GDPR (general contract initiation) and – if you have given your consent – point (a) of Art. 6(1) GDPR. You may withdraw your consent at any time. We will only disclose your personal data to such persons within our company that are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and point (b) of Art. 6(1) GDPR for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (point (f) of Art. 6(1) GDPR) for up to 6 months starting from the end of the application process (rejection or withdrawal of the application). The data will then be erased and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data is required after the 6-month period has ended (e.g. in the case of an impending or pending legal dispute), an erasure of the data will only take place if the purpose for its continued retention no longer applies.

A longer period of retention may also take place if you have given your consent (point (a) of Art. 6(1) GDPR), or if statutory retention obligations prevent the erasure.

We also use Stepstone for our recruitment. The provider is StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf; website: https://www.stepstone.de/; privacy policy: https://www.stepstone.de/e-recruiting/rechtliches/datenschutzerklarung/.

Last revised: 01.12.2023