Privacy policy XU

Person in charge:

XU Group GmbH
Mehringdamm 33
10961 Berlin

Telefon: +49 (0) 30 959 999 99 0
E-Mail: hallo@xu.de

 

The company data protection officer is

Mr Christian Volkmer

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Phone: 0941-2986930

When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the pages you visit on our website as well as the date and duration of the visit. The processing of this information is absolutely necessary for the technical transmission of the websites, the convenient use of our services and the secure server operation.  Our legitimate interest arises from Art. 6 para. 1 lit. f) GDPR.

A direct conclusion about your identity is not possible based on the information and will not be drawn by us. The information is stored and automatically deleted after the aforementioned purposes have been achieved. The standard deadlines for deletion are based on the criterion of necessity.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Date and time of the request
• Name of the requested file
• Page from which the file was requested
• Access status (file transferred, file not found, etc.)
• Web browser and operating system used
• Full IP address of the requesting computer
• Amount of data transferred

This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to defend against attack attempts on our web server, this data is stored by us for a short time. We are not able to draw conclusions about individual persons based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish a reference to the individual user. In anonymized form, the data is also processed for statistical purposes; there will be no comparison with other databases or disclosure to third parties, even in excerpts.

Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to store certain cookies in your browser and to document them in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given, or the withdrawal of these consents are stored. This data will not be passed on to the provider of Borlabs Cookie.

The collected data will be stored until you ask us to delete it or delete the Borlabs cookie yourself or the purpose for which the data is stored no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found under https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

The use of the Borlabs cookie consent technology is to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

We have concluded a contract for order processing (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

If you download white papers from us, we will process your personal data for the purpose of handling and carrying out the provision of white papers. The legal basis for this is Art. 6 (1) sentence 1 b GDPR. We will provide you with more information about the whitepapers in the Terms and Conditions, which you will need to accept if you wish to download our whitepapers.

Cloudflare

We use the “Cloudflare” service. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as “Cloudflare”).

Cloudflare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via Cloudflare’s network. This enables Cloudflare to analyze the traffic between your browser and our website and serve as a filter between our servers and potentially malicious traffic from the Internet. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

https://www.cloudflare.com/privacypolicy/.

You can find more information about security and privacy at Cloudflare here: https://www.cloudflare.com/privacypolicy/.

We have concluded a contract for order processing (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

jsDelivr CDN

This website uses a so-called “Content Delivery Network” (CDN) from jsDelivr.

A CDN is a service that helps to deliver content from our online offering, especially large media files such as graphics or scripts, faster with the help of regionally distributed servers connected via the Internet. The processing of user data is carried out exclusively for the purposes mentioned above and to maintain the security and functionality of the CDN.

To do this, the browser you are using must connect to the CDN’s servers. This makes them aware that our website has been accessed via your IP address.

The use is based on our legitimate interests, namely the interest in a secure and efficient provision, analysis and optimization of our online offer in accordance with Art. 6 (1) (f) GDPR.

For more information, please see jsDelivr’s privacy policy: https://www.jsdelivr.com/privacy-policy-jsdelivr-net/

 

Unpkg

On this website, the web service Unpkg of the company Npm, Inc., 1999 Harrison Street #1150, CA 94612 Oakland, United States of America (hereinafter: Unpkg) is loaded.

Unpkg is used as a content delivery network (CDN). Content from this website, such as fonts and stylesheets, is delivered faster with the CDN over a network of regionally distributed servers. To do this, your browser must connect to the unpkg servers. In this way, unpkg learns that this website has been opened via your IP address. If the files in question have already been loaded on another CDN site, your browser will usually access the cached copy. If you have activated Java Script in your browser and have not installed a Java Script blocker, your browser can transmit data to Unpkg.

This processing is carried out on the basis of Art. 6 (1) (f) GDPR on the basis of the legitimate interest in the fast and secure provision and optimization of this website.

Further information on the handling of the transmitted data can be found in the Unpkg privacy policy under https://www.npmjs.com/policies/privacy.

 

WPML

We use WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter referred to as WPML).

WPML is a multi-language plugin for WordPress. We use WPML to display our website in different languages. When you visit our website, WPML stores a cookie on your device to remember the language setting you have selected. This allows personal data to be stored and evaluated, specifically the user’s activity (in particular which pages have been visited and which elements have been clicked on) as well as device and browser information (in particular the IP address and the operating system).

Further information on the collection and storage of data by WPML can be found here:
https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

The use of WPML serves to be able to display our website in several languages.

Legal basis for processing personal data:

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in addressing visitors to our website in their native language.

WPML stores cookies on your device. Information on the storage period of cookies can be found at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance

We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141 USA (hereinafter referred to as Hubspot CRM).

Hubspot CRM enables us, among other things, to support existing and potential customers as well as

Manage customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyze customer interactions via email, social media or phone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing measures (e.g. newsletter mailings). With Hubspot CRM, we are also able to record and analyze the user behavior of our contacts on our website.

The use of Hubspot CRM is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the most efficient customer administration and customer communication possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.

The data transfer to the USA is based on the Data Privacy Framework (adequacy decision), which was concluded between the EU Commission and the USA. HubSpot is certified according to the Data Privacy Framework.

Details can be found here: https://legal.hubspot.com/de/dpa

We have concluded a contract for order processing (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program developed by Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). In addition, targeted advertisements (target group targeting) can be processed based on user data held by Google (e.g. location data and interests). We as website operators can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many ads led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and 25 (1) TDDDG. The consent can be revoked at any time.

For the USA, there is an adequacy decision from the European Commission, provided that companies are certified according to the Data Privacy Framework program. Google is certified accordingly and thus meets the requirements of the EU Commission.

 

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The purpose of reCAPTCHA is to verify that the data entry on this website (e.g. in a contact form) by a human or by an automated program. Hereto reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For analysis,reCAPTCHA collects various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors will not be notified

that an analysis is taking place.

The storage and analysis of the data is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its websites from abusive automated spying and spam. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links:

https://policies.google.com/privacy?hl=de und

https://policies.google.com/terms?hl=de

 

Microsoft Advertising

On our website, we use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads). Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display ads specifically via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

Microsoft Advertising uses UET to collect data that helps us track audiences through remarketing lists. For this purpose, a cookie is stored on the device used when you visit our website. Microsoft Advertising can thus recognize that our website has been visited and display an advertisement when Microsoft Bing or Yahoo is used later. The information is also used to compile conversion statistics, i.e. to record how many users have come to one of our websites after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that can be used to personally identify users.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our consent management tool. The processing will only take place with your consent in accordance with § 25 TDDDG or Art. 6 (1) (a) GDPR. You can withdraw your consent via our consent management tool.

In the case of Microsoft services, a transfer of data to Microsoft Corp. in the USA cannot be ruled out. Microsoft is certified according to the Data Privacy Framework and thus meets the requirements of the US adequacy decision by the EU Commission. For more information about privacy at Microsoft, see Microsoft’s Privacy Notice at https://privacy.microsoft.com/de-de/privacystatement. 

 

LinkedIn Insight Tag

This website uses LinkedIn’s Insight Tag. The provider of this service is LinkedIn Ireland

Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we obtain information about the visitors of our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better target our page to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be done across devices (e.g., PC-to-tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to display targeted advertising to visitors to our website outside of the website, whereby, according to LinkedIn, there is no identification of the advertising addressee.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and

browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). LinkedIn members’ direct identifiers will be deleted from LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it as part of its own advertising measures. Details can be found in LinkedIn’s privacy policy at

https://www.linkedin.com/legal/privacy-policy#choices-oblig.

LinkedIn Insight Tag is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.linkedin.com/legal/l/dpa und

https://www.linkedin.com/legal/l/eu-sccs.

For the USA, there is also an adequacy decision from the European Commission, provided that companies are certified according to the Data Privacy Framework program. LinkedIn is certified accordingly and thus meets the requirements of the EU Commission.

Object to the analysis of user behavior and targeted advertising by LinkedIn under the following link:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

In addition, LinkedIn members may restrict the use of their personal data to control advertising purposes in their account settings. In order to avoid the establishing of a link between the data collected by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

We have concluded a contract for order processing in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

 

SalesViewer-Technology®

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH, Universitätsstraße 60, 44789 Bochum.

For this purpose, a JavaScript-based code is used, which is used to collect company-related data and the corresponding use. The data collected with this technology is encrypted via a non-recalculable one-way function (so-called hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website.

The analysis of the data is carried out on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in collecting data for optimization purposes. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

The data stored within the framework of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

For business reasons and in order to be able to identify market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, enquiries, etc., whereby contractual partners, interested parties, customers, visitors and users of our online offer may fall into the group of data subjects.

The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). If available, we can consider the profiles of registered users together with their information, e.g. on services used. The analyses are for our sole purpose and will not be disclosed externally, unless they are anonymous analyses with summarized, i.e. anonymized values. Furthermore, we take into account the privacy of the users and process the data for analysis purposes as pseudonymously as possible and, if possible, anonymously (e.g. as aggregated data)

We have put in place technical and administrative safeguards to protect your personal information against loss, destruction, tampering, and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our privacy policies are constantly being revised. Please, make sure you have the latest version.

We process the data that we have received from you in the context of contract initiation or processing, on the basis of consent or in the context of your application to us or in the context of your employment with us.

 

Personal data includes the following

• Your master/contact data, for customers this includes e.g. first name and surname, address, contact details (e-mail address, telephone number, fax), bank details.
• For applicants and employees, this includes, for example, first name and surname, address, contact details (e-mail address, telephone number, fax), date of birth, data from CV and references, bank details, religious affiliation, photographs.
• For business partners, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.
• For visitors to our company, this includes name and signature.

 

In addition, we also process the following other personal data:

• Information on the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
• Advertising and sales data,
• other data that we have received from you in the course of our business relationship (e.g. in discussions with customers),
• Data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,
• the documentation of your declaration of consent for the receipt of e.g. newsletters.
• Photographs taken as part of events.

 

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 as amended:

 

For the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data will be processed for the purpose of contract fulfilment, for the contractual processing of your employment or your application to our company. The data is processed in particular when initiating business and when executing contracts with you.

 

For the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR):

The processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.

 

To safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Data processing to protect legitimate interests takes place in the following cases, for example:

• Advertising or marketing
• Measures for business management and further development of services and products;
• in the context of legal prosecution
• Sending of non-sales-promoting information and press releases.

 

Within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send you our newsletter, to publish photos, if we do not make you a job offer following an application, you may be included in our applicant pool.

 

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Subject to the legal requirements of Section 7 (3) UWG, we are authorized to use the email address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this. Of course, each e-mail always contains an unsubscribe link.

 

Who receives my data?

 If we use a service provider in the sense of order processing, we nevertheless remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfilment.

 

How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the German Commercial Code, the German Fiscal Code or the Working Hours Act); in addition, until the termination of any legal disputes in which the data is required as evidence.

We process the data that we have received from you in the context of the initiation or execution of the contract, on the basis of consents or in the context of your application to us or in the context of your employment with us.

 

Personal data includes:

• Your master/contact data, which in the case of customers includes, for example, first and last name, address, contact details (e-mail address, telephone number, fax), bank details.
• In the case of applicants and employees, this includes, for example, first and last name, address, contact details (e-mail address, telephone number, fax), date of birth, data from CV and job references, bank details, religious affiliation, photographs.
• In the case of business partners, this includes, for example, the name of their legal representatives, company, commercial register number, VAT number, company number, address, contact details (e-mail address, telephone number, fax), bank details.
• For visitors to our company, this includes name and signature.

In addition, we also process the following other personal data:

• Information on the type and content of contract data, order data, turnover and document data, customer and supplier history as well as consulting documents
• Advertising and sales data
• Other data that we have received from you in the course of our business relationship (e.g. in customer meetings)
• Data that we generate ourselves from master / contact data as well as other data, such as by means of customer needs and customer potential analyses
• The documentation of your declaration of consent for receiving e.g. newsletters
• Photography at events

 

For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 in the applicable version:

 

for the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data is processed for the purpose of contract processing, for the contract processing of your employees or for your application to our company. The data is processed in particular when initiating business and executing contracts with you.

to comply with legal obligations (Art. 6 para. 1 lit. c GDPR):

Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the Commercial Code or the Tax Code.

 

to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):

On the basis of a balancing of interests, data processing may take place beyond the actual performance of the contract to protect the legitimate interests of us or third parties. Data processing to safeguard legitimate interests is carried out, for example, in the following cases:

• Advertising or Marketing
• Measures for business management and further development of services and products;
• In the context of legal prosecution
• Sending non-promotional information and press releases

 

within the framework of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us your consent to the processing of your data, e.g. to send you our newsletter, publication of photos. If we do not make you a job offer after an application, there may be the possibility of including you in our applicant pool.

 

Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal requirements of § 7 para. 3 UWG, we are entitled to use the e-mail address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by e-mail, you may object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs under the basic rates. A notification in text form is sufficient for this purpose. Of course, every e-mail always contains an unsubscribe link.

 

Who receives my data?

If we use a service provider for the purposes of order processing, we still remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only in the context of the provision of services. The processors commissioned by us will receive your data if they need the data to perform their respective services. These are, for example, IT service providers, which we need for the operation and security of our IT system, as well as advertising and address publishers for our own advertising campaigns.

If there is a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.

In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling the contract.

 

How long will my data be stored?

We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the Commercial Code, the Tax Code, or the Working Hours Act); beyond that, until the end of any legal disputes in which the data is required as evidence.

You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

 

Right to information:

You can request information from us as to whether and to what extent we process your data.

 

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

 

Right to erasure:

You can ask us to delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.

Regardless of the exercise of your right to deletion, we will delete your data immediately and completely, provided that there is no legal or statutory obligation to retain data in this regard.

 

Right to restriction of processing:

You can ask us to restrict the processing of your data if:

• you contest the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
• the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of the use of the data.
• we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
• you have objected to the processing of the data.

 

Right to data portability:

You can request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you can transmit this data to another controller without hindrance from us, provided that:

• we process this data on the basis of a consent given by you and revocable or for the performance of a contract between us, and
• this processing is carried out by automated means.

If technically feasible, you can request that we transmit your data directly to another controller.

 

Right to object:

If we process your data on the basis of legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on those provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

 

Right of appeal:

If you believe that we are violating German or European data protection law in the processing of your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective State Office for Data Protection Supervision.

If you wish to assert any of the above-mentioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

 

Am I obliged to provide data?

The processing of your data is necessary for the conclusion or performance of your contract with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give consent to data processing with regard to data that is not relevant to the performance of the contract or is not required by law.

We reserve the right to change our privacy policies if this is necessary due to new technologies. Please make sure you have the latest version. If material changes are made to this Privacy Policy, we will post them on our website.