Privacy policy

The protection of personal data (hereinafter referred to as “data“) is an important concern for HMF Smart Solutions GmbH (hereinafter referred to as “HMF“, “we“, “us” or “our“). Your data is processed in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). In the following, we provide information about which of your data is used for which purposes when you visit our website and what rights you have in connection with your data.

Name and contact details of the controller and the company data protection officer

Responsible body

HMF Smart Solutions GmbH Fritz-Hahne-Straße 7
D-31848 Bad Münder

Phone: + 49 (0) 5042 998 0
E-mail: info@hmf-germany.com

Data Protection Officer

You can reach the data protection officer either at

External data protection officer
c/o TÜV SÜD Akademie GmbH Westendstrasse 160
80339 Munich
E-mail: datenschutz@hmf-germany.com

or

at the above postal address with the addition “Data Protection Officer”.

External hosting

This website is hosted by an external service provider, webgo GmbH, Heidenkampsweg 81, 20097, Hamburg (hoster). The data collected on this website is stored on the hoster’s server. This may primarily involve IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing website visitors (Art. 6 (1) (b) GDPR) and in the interest of secure, fast and efficient provision of our website by professional providers (Art. 6 (1) (f) GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. for device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our hoster will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

Collection and storage of your data

Visit the website

Each time you visit our website, your browser automatically transmits data that is stored in the server’s log files. This involves the following data (“log files data“):

• Browser type and browser version;
• Name and URL of the retrieved file;
• Date and time of the server request;
• Message about successful retrieval (HTTPS response code);
• Operating system used;
• Referer URL;
• Websites that are accessed by the user’s system via our website;
• the user’s internet service provider; and
• IP address (anonymised) and the requesting provider.

We have log file data analysed anonymously in order to continuously improve the website, to adapt the website to the interests of our users and to rectify errors more quickly. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1)
(f) GDPR.

The log file data is used in non-anonymised form exclusively to identify faults and to ensure system security, including detecting and tracking unauthorised access attempts and attempts at fraud and misuse. This data is stored for 7 days for this purpose and then deleted. Log file data whose further storage is required for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified and may be passed on to investigating authorities in individual cases.

Contact form

If you send us enquiries via the contact form, we will save your contact details to process the enquiry and in the event that follow-up questions arise. It is necessary to provide your first name and surname, telephone number and a valid e-mail address so that we know who sent the enquiry and can answer it. Further information can be provided voluntarily. If you do not wish to provide the data requested by us, we may not be able to provide the information and/or services you require or perform certain tasks for which the data is requested.

This data is processed on the basis of Art. 6 (1) (b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 letter f) GDPR or on your consent in accordance with Art. 6 para. 1 letter a) GDPR, if this has been requested. You can withdraw your consent at any time. All you need to do is send an informal email to the contact details listed under point 1. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all resulting data, will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) (b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), if this has been requested. Consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Subscription to the newsletter

If you register for our newsletter, we will send you regular information about our offers, trade fairs and projects. To register for the newsletter, the data requested in the registration process, such as surname, first name and e-mail address, are collected. Registration for the newsletter is logged. After registering, you will receive a message to the e-mail address provided asking you to confirm your registration (“double opt-in”). This is necessary so that third parties cannot register with your e-mail address.

We use the newsletter service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (hereinafter referred to as “Sendinblue“) to process the newsletter. Sendinblue is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of subscribing to the newsletter (see paragraph 1) will be stored on Sendinblue’s servers in Germany.

With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. We can also recognise whether certain previously defined actions were carried out after opening/clicking (conversion rate).

Sendinblue also allows us to subdivide (“cluster”) newsletter recipients according to various categories. Newsletter recipients can be categorised by age, gender or place of residence, for example. In this way, the newsletters can be better customised to the respective target groups.
If you do not wish to be analysed by Sendinblue, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

The data collected when registering for the newsletter will be used exclusively for the purpose of advertising by means of the newsletter. The legal basis for sending the newsletter is your consent pursuant to Art. 6 (1) (a) in conjunction with Art. 7 GDPR in conjunction with Art. 6 (1) (b) GDPR. Art. 7 GDPR in conjunction with. § Section 7 para. 2 no. 3 UWG. The legal basis for logging the registration is our legitimate interest (Art. 6 (1) (f) GDPR) in proving that the newsletter was sent with your consent.

You can revoke your consent at any time, for example via the “Unsubscribe” link in the newsletter. You are also welcome to send a message in text form to the contact details mentioned in point 1 (e.g. e-mail, fax, letter). The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or Sendinblue until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter mailing list at our own discretion within the scope of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. We store the logging of the registration and the dispatch address as long as there is an interest in proving the consent originally given.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or Sendinblue in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 letter f) GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

You can find more information about Sendinblue’s privacy policy at the following link: https://de.sendinblue.com/datenschutz-uebersicht/.

We have concluded an order processing contract with Sendinblue to ensure data protection- compliant processing.

Application procedure (recruiting)

Further information on the application process can be found in the separate privacy policy for applicants (Recruiting).

Data processing by our business partners

Further information on the data processing of business partners can be found in the separate privacy policy for business partners.

Cookies

We use so-called “cookies” on our website. Cookies are small text files and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your device when you visit our website (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the cookies concerned are stored exclusively on the basis of this consent (Art. 6 para. 1 letter a) GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately in the context of this data protection declaration and, if necessary, request your consent.

You can set your browser so that you are informed in advance about the setting of cookies and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or in general, or that cookies are completely prevented. This may limit the functionality of the website.

Please refer to the user menu of your web browser or the website of the manufacturer of your browser to find out how your browser programme can be set accordingly. The help function in the menu bar of your web browser regularly shows you how you can be informed about the setting of cookies or how you can reject new cookies and also delete cookies that have already been received.

We use Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as “Borlabs“).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to Borlabs.

The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.

Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

We will inform you in advance about the use of cookies by means of a banner.

You can adjust the cookies you have already accepted at any time under cookie settings.

Forwarding of data

In principle, we only use your data within the HMF Group.

As part of our business activities, we work together with various external partners. In some cases, this also requires the transfer of data to these external partners. We only pass on data

to third parties if this is necessary in the context of contract fulfilment (Art. 6 para. 1 lit. b) GDPR, if we are legally obliged to do so on the basis of Art. 6 para. 1 lit. c) GDPR (e.g. passing on data to tax authorities), if we have a legitimate interest in passing on data in accordance with Art. 6 para. 1 lit. f) GDPR or if another legal basis permits the passing on of this data. When using contract processors, we only pass on your data on the basis of a valid contract processing agreement. In the case of joint controllership, a joint controllership agreement is concluded.

Data transfer to third countries that are not secure under data protection law and transfer to US companies that are not certified under the EU-US Data Privacy Framework (DPF)

Among other things, we use tools from companies based in third countries (outside the European Union (EU) or the European Economic Area (EEA)) that are not secure under data protection law and tools from companies in the USA that are not certified under the DPF. If these tools are used, your data may be transferred to these countries and processed there. We would like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in third countries that are not secure under data protection law.

Please note that the USA, as a safe third country, generally has a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permitted if the recipient is certified in accordance with the DPF or has corresponding additional guarantees. Information on transfers to third countries, including data recipients, can be found in this privacy policy.

Integration of third-party services and content

Polylang PlugIn for multilingualism of the website

We use the Polylang programme from the provider WP SYNTEX, 28, rue Jean Sébastien Bach, 38090 Villefontaine, France, to make our website multilingual. Polylang generates the functional cookie pll_language. It stores a language preference for the visitor in order to support multilingual websites. The use of Polylang is in the interest of an appealing presentation of our website and is based on our legitimate interest. (Art. 6 para. 1 lit. f) GDPR).

The storage period is one year.

You can find Polylang’s privacy policy here: https://polylang.pro/privacy-policy/

Google Analytics (GA 4)

In the following, we describe the use of data through the use of services provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google“).

Our website uses Google Analytics to customise and improve the website. This analysis tool enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the data records collected and uses machine learning technologies for data analysis. Google Analytics uses so-called cookies, which are stored on your end device and enable your use of the website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the EU or EEA.

Google will use this information on our behalf to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website

The recipient of the data is Google as the processor. We have concluded an order processing contract with Google for this purpose. It cannot be ruled out that Google LLC, based in California, USA, and possibly US authorities may be able to access the data stored by Google.

This analysis tool is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 letter a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG; the consent can be revoked at any time.

The data sent by us and linked to cookies is automatically deleted after 2 months. Data whose retention period has expired is automatically deleted once a month. If you visit our website again within 2 months, the retention period is extended by a further 2 months.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Further information on the handling of user data by Google Analytics can be found in the Google Analytics Terms of Use from Google at: https://marketingplatform.google.com/about/analytics/terms/us/.

Google acts as a processor for the service. We have concluded a corresponding data processing agreement with Google. Insofar as data is processed in the USA, we would like to point out that this is done on the basis of the EU Commission’s Standard Contractual Clauses (SCC). Details can be found here: https://support.google.com/publisherpolicies/answer/10437486?hl=en, https://business.safety.google/adsprocessorterms/.

In addition, Google LLC is certified according to the DPF. Further information can be found under the following link: https://www.dataprivacyframework.gov/s/participant- search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

Further information on the use of data by Google, setting and objection options, can be found in Google’s privacy policy (https://policies.google.com/privacy).

WordPress Statistics PlugIn

This website uses the WordPress Statistics analysis plugin to statistically analyse visitor access. The provider is Aut O’Mattic A8C Ireland Ltd, Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland, whose parent company is based in the USA. This plugin is an analysis software that has been specially developed for websites that use the WordPress Statisctics content management system and which we have integrated locally, i.e. on our web server – not on the server of this provider.

WordPress Statisctics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour. We record log files (referrer, IP address, browser, number of visitors, duration of website visit, clicks on the website, etc.), the origin of the website visitors (country, city) and what actions they have taken on the site (e.g. clicks, views, downloads) for analysis purposes. Your IP address is anonymised after processing and before storage.

The use of this WordPress Statisctics analysis tool is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.

All data is stored locally on our server, so it is not necessary to conclude a data processing agreement. The data is stored on our server until it is no longer required for the purposes listed above.

WP Statistics

This website uses the analysis tool WP Statistics to statistically analyse visitor access. The provider is Veronalabs, Tatari 64, 10134, Tallinn, Estonia (https://veronalabs.com). We integrate the analysis tool locally, i.e. on our web server – not on the provider’s server.

With WP Statistics we can analyse the use of our website. Among other things, log files (IP address, referrer, browser used, origin of the user, search engine used) and actions taken by website visitors on the page (e.g. clicks and views) can be recorded.

We use WP Statistics with anonymised IP. Your IP address is truncated so that it can no longer be directly assigned to you.

This analysis tool is used on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and our advertising.

The data collected with WP Statistics is stored exclusively on our own server, so that it is not necessary to conclude an order processing contract. The data is stored on our server until it is no longer required for the purposes listed above.

NitroPack PlugIn

On our website we use the Content Delivery Network (“CDN”) of NitroPack LLC, Studentski Kompleks, Sofia, postcode 1756, Bulgaria (hereinafter referred to as “NitroPack“).

A content delivery network is an online service that is used to deliver large media files (such as graphics, page content or scripts) through a network of regionally distributed servers

connected via the Internet. The use of NitroPack’s content delivery network helps us to optimise the loading speed of our website by providing website optimisation services and plays the role of data processor.

The provision of website optimisation services may include the processing, modification and hosting of the publicly accessible content of our website and the storage of our end users’ data. The only data NitroPack stores is IP addresses.

The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest in the secure and efficient provision and improvement of the stability and functionality of our website.

Further information can be found in NitroPack’s privacy policy at https://nitropack.io/page/privacy

We have concluded an order processing contract with NitroPack to ensure data protection- compliant processing.

Font Awesome

This website uses Font Awesome for the standardised display of fonts and symbols. The provider is Fonticons, Inc, 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA. We integrate Font Awesome locally, i.e. on our web server – not on the server of this provider.

When you call up a page, your browser loads the required fonts into your browser cache in order to display texts, fonts and symbols correctly.

The use of Font Awesome is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website.

If your browser does not support Font Awesome, a standard font will be used by your computer.

Further information about Font Awesome can be found in Font Awesome’s privacy policy at: https://fontawesome.com/privacy.

OpenStreetMap

We use the OpenStreetMap (OSM) map service.

We integrate the map material from OpenStreetMap on the server of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (hereinafter referred to as “OSMF“). The United Kingdom is considered a safe third country under data protection law. This means that the UK has a level of data protection that corresponds to the level of data protection in the EU. When you use the OpenStreetMap maps, a connection is established to the OSMF servers. Among other things, your IP address and other information about your behaviour on this website may be forwarded to OSMF. OSMF may store cookies in your browser or use comparable recognition technologies for this purpose. Your IP address will be shortened so that it can no longer be directly assigned to you.

The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy findability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit.
a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Your data will be deleted after 180 days.

If you would like to find out more about data processing by OSMF, you can find more details in the privacy policy at this link: https://osmfoundation.org/wiki/Privacy_Policy?tid=331697794200

Wordfence PlugIn

We have integrated Wordfence on this website. The provider is Defiant Inc, Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as “Wordfence“).

Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to the Wordfence servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary. It is necessary to save your IP address for this purpose.

Wordfence is used on the basis of Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.wordfence.com/help/general-data-protection- regulation/#standard-contractual-clauses.

We have concluded an order processing contract with the above-mentioned provider.

Social Media

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below. The social media icons on this website are links. This means that your data on our website is not processed by the social media providers. If you click on the “plug- ins”, you will be redirected to our respective social media presence.

Social networks such as Facebook, Instagram, etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.

In detail

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your data may also be collected if you are not logged in or do not have an account with the

respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest- based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit on certain social media platforms. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods and limitation periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as “Meta“). According to Facebook, the data collected is also transferred to the USA and other third countries. We have concluded an agreement with Meta on joint processing (Controller Addendum).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission https://de-de.facebook.com/help/566994660333381. In addition, Meta is certified according to the DPF. Further information can be found under the following link https://www.dataprivacyframework.gov/s/participant-search/participant- detail?id=a2zt0000000GnywAAC&status=Active.

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider of this service is Meta (see explanations under Facebook).

Details on how they handle your data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.

Xing

We have a profile on Xing. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter referred to as “Xing“).

The way in which Xing collects and processes your data and the purposes for which this is done can be found in Xing’s privacy policy, which you can find at privacy.xing.com/en/data- privacy-statement.

When you visit the Service, cookies and similar technologies such as pixels, web beacons and local storage may be used to collect information about your use of the Service and to provide you with features.

In addition, advertisers or other partners of the provider may provide cookies or similar technologies on your device.

Information on the provider’s contact options, as well as the way in which the provider uses the data from your visit to the service for its own purposes or passes it on to third parties, can also be found in the service’s privacy policy https://privacy.xing.com/de/datenschutzerklaerung.

You also have the option of restricting the processing of your data in the privacy settings of your profile. Information on the privacy settings can be found here (with further links): https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

LinkedIn

We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”).

LinkedIn itself collects log files (URL, referrer URL, IP address, device and browser characteristics and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days (https://www.linkedin.com/help/linkedin/answer/a1445756/linkedin-marketing-solutions-und- die-datenschutz-grundverordnung-dsgvo-?lang=de).

The data collected by LinkedIn cannot be assigned to specific persons by us as the website operator. LinkedIn may store the data collected from website visitors on its servers in the USA and use it for its own purposes. For details, please refer to LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

We have concluded a joint controllership agreement. Data is transferred to the USA on the basis of the EU Commission’s standard contractual clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

The agreements with LinkedIn, including those on joint responsibility, essentially indicate that requests for information and the enforcement of other rights of the data subject should best be made directly via LinkedIn. As the provider of the social network, LinkedIn only has the direct access options and the information required to process your requests. LinkedIn can also take all necessary measures and provide information directly. Should you nevertheless require our support, you are welcome to contact us at any time.

As a LinkedIn member, you can control the use of your data for advertising purposes in your account settings. To prevent LinkedIn from linking the information collected on our site to your LinkedIn account, you must log out of your LinkedIn account before visiting our site.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

The data collected about you when you use the service is processed by Twitter and may be transferred to countries outside the EU. This includes your IP address, the application used, information about the device you are using (including device ID and application ID), information about websites accessed, your location and your mobile phone provider. This data is assigned to the data of your Twitter account or your Twitter profile.

We have no influence on the type and scope of the data processed by Twitter, the type of processing and use or the transfer of this data to third parties.

Information about which data is processed by Twitter and for what purposes can be found in Twitter’s privacy policy: https://twitter.com/privacy; and about the possibility of viewing your own data on Twitter: https://help.twitter.com/de/managing-your-account/accessing-your-twitter-data.

Storage duration

Unless specifically stated, we only store data for as long as is necessary to fulfil the purposes pursued.

In some cases, the legislator provides for the retention of data, for example in tax or commercial law. In these cases, the data will only be stored by us for these legal purposes,

but will not be processed in any other way and will be deleted after the statutory retention period has expired.

Protection of minors

Persons under the age of 18 should not transmit any data to us without the consent of their parents or legal guardians.

We do not request data from children and young people.

Rights of data subjects

You have the right:

  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of your previous consent. The only consequence of the revocation is that we may no longer continue the data processing that was based on this consent in the future;
  • to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete data stored by us;
  • in accordance with Art. 17 GDPR, to demand the erasure of your data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
  • to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence.

If your data is processed on the basis of legitimate interests in accordance with Art. 6 (1) (f) GDPR, you have the right to object to the processing of your data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

However, we would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art.

We also do not guarantee that our service will be available at certain times; disruptions, interruptions or failures cannot be ruled out.

Status: October 2023