PRONORM EINBAUKÜCHEN GMBH PRIVACY NOTICE

Pre­am­ble

With the fol­low­ing pri­va­cy pol­i­cy we would like to inform you which types of your per­son­al data (here­inafter also abbre­vi­at­ed as ” data”) we process for which pur­pos­es and in which scope. The pri­va­cy state­ment applies to all pro­cess­ing of per­son­al data car­ried out by us, both in the con­text of pro­vid­ing our ser­vices and in par­tic­u­lar on our web­sites, in mobile appli­ca­tions and with­in exter­nal online pres­ences, such as our social media pro­files (here­inafter col­lec­tive­ly referred to as “online services”).

The terms used are not gender-specific.

Last Update: 27nd April 2020

Table of contents

  • Pre­am­ble
  • Con­troller
  • Overview of pro­cess­ing operations
  • Legal Bases for the Processing
  • Secu­ri­ty Precautions
  • Trans­mis­sion and Dis­clo­sure of Per­son­al Data
  • Data Pro­cess­ing in Third Countries
  • Use of Cookies
  • Com­mer­cial Services
  • Con­tact­ing us
  • Job Appli­ca­tion Process
  • Cloud Ser­vices
  • Online­mar­ket­ing
  • Pro­files in Social Networks
  • Plu­g­ins and embed­ded func­tions and content
  • Era­sure of data
  • Changes and Updates to the Pri­va­cy Policy
  • Rights of Data Subjects
  • Ter­mi­nol­o­gy and Definitions

Con­troller

pronorm Ein­bauküchen GmbH

Höfer­feld 5–7

32602 Vlotho

Autho­rised rep­re­sen­ta­tives: rep­re­sent­ed by man­ag­ing direc­tors Thorsten Gös­ling and Roger Klinkenberg

E‑Mail address: info@pronorm.de

Tel.: +49 (0)5733 — 979–0

 

Overview of pro­cess­ing operations

The fol­low­ing table sum­maris­es the types of data processed, the pur­pos­es for which they are processed and the con­cerned data subjects.

Cat­e­gories of Processed Data

  • Inven­to­ry data (e.g. names, addresses).
  • Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).
  • Con­tent data (e.g. text input, pho­tographs, videos).
  • Con­tact data (e.g. e‑mail, tele­phone numbers).
  • Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).
  • Con­tract data (e.g. con­tract object, dura­tion, cus­tomer category).
  • Pay­ment Data (e.g. bank details, invoic­es, pay­ment history).

Cat­e­gories of Data Subjects

  • Employ­ees (e.g. Employ­ees, job applicants).
  • Job appli­cants.
  • Busi­ness and con­trac­tu­al partners.
  • Prospec­tive customers.
  • Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Cus­tomers.
  • Users (e.g. web­site vis­i­tors, users of online services).

Pur­pos­es of Processing

  • Pro­vi­sion of our online ser­vices and usability.
  • Con­ver­sion Tracking.
  • Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment relationship.).
  • Office and organ­i­sa­tion­al procedures.
  • Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. col­lect­ing feed­back via online form).
  • Inter­est-based and behav­ioral marketing.
  • con­tact requests and communication.
  • Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activities).
  • Pro­fil­ing (Cre­at­ing user profiles).
  • Remar­ket­ing.
  • Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures.
  • Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cookies).
  • Con­trac­tu­al ser­vices and support.
  • Man­ag­ing and respond­ing to inquiries.

Legal Bases for the Processing

In the fol­low­ing we inform you about the legal basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), on the basis of which we process per­son­al data. Please note that, in addi­tion to the reg­u­la­tions of the GDPR, the nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­i­dence or domicile.

  • Con­sent (Arti­cle 6 (1) (a) GDPR) – The data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic purposes.
  • Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR) – Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a contract.
  • Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR) – Pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is subject.
  • Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR) – Pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data.
  • Arti­cle 9 (1)(b) GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1)© GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.) – .

Secu­ri­ty Precautions

We take appro­pri­ate tech­ni­cal and orga­ni­za­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the state of the art, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of pro­cess­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk.

The mea­sures include, in par­tic­u­lar, safe­guard­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­a­ra­tion of the data. In addi­tion, we have estab­lished pro­ce­dures to ensure that data sub­jects’ rights are respect­ed, that data is erased, and that we are pre­pared to respond to data threats rapid­ly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as ear­ly as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice providers, in accor­dance with the prin­ci­ple of pri­va­cy by design and pri­va­cy by default.

SSL encryp­tion (https): In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­si­ble way, we use SSL encryp­tion. You can rec­og­nize such encrypt­ed con­nec­tions by the pre­fix https:// in the address bar of your browser.

Trans­mis­sion and Dis­clo­sure of Per­son­al Data

In the con­text of our pro­cess­ing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pa­nies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for exam­ple, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice providers com­mis­sioned with IT tasks or providers of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal require­ments will be respect­ed and in par­tic­u­lar cor­re­spond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­clud­ed with the recip­i­ents of your data.

Data Pro­cess­ing in Third Countries

If we process data in a third coun­try (i.e. out­side the Euro­pean Union (EU), the Euro­pean Eco­nom­ic Area (EEA)) or the pro­cess­ing takes place in the con­text of the use of third par­ty ser­vices or dis­clo­sure or trans­fer of data to oth­er per­sons, bod­ies or com­pa­nies, this will only take place in accor­dance with the legal requirements.

Sub­ject to express con­sent or trans­fer required by con­tract or law, we process or have processed the data only in third coun­tries with a recog­nised lev­el of data pro­tec­tion, which includes US proces­sors cer­ti­fied under the “Pri­va­cy Shield” or on the basis of spe­cial guar­an­tees, such as a con­trac­tu­al oblig­a­tion through so-called stan­dard pro­tec­tion claus­es of the EU Com­mis­sion, the exis­tence of cer­ti­fi­ca­tions or bind­ing inter­nal data pro­tec­tion reg­u­la­tions (Arti­cle 44 to 49 GDPR, infor­ma­tion page of the EU Com­mis­sion: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Use of Cookies

Cook­ies are text files that con­tain data from vis­it­ed web­sites or domains and are stored by a brows­er on the user’s com­put­er. A cook­ie is pri­mar­i­ly used to store infor­ma­tion about a user dur­ing or after his vis­it with­in an online ser­vice. The infor­ma­tion stored can include, for exam­ple, the lan­guage set­tings on a web­site, the login sta­tus, a shop­ping bas­ket or the loca­tion where a video was viewed. The term “cook­ies” also includes oth­er tech­nolo­gies that ful­fil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as “user IDs”).

The fol­low­ing types and func­tions of cook­ies are distinguished:

  • Tem­po­rary cook­ies (also: ses­sion cook­ies): Tem­po­rary cook­ies are delet­ed at the lat­est after a user has left an online ser­vice and closed his browser.
  • Per­ma­nent cook­ies: Per­ma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login sta­tus can be saved or pre­ferred con­tent can be dis­played direct­ly when the user vis­its a web­site again. The inter­ests of users who are used for range mea­sure­ment or mar­ket­ing pur­pos­es can also be stored in such a cookie.
  • First-Par­ty-Cook­ies: First-Par­ty-Cook­ies are set by ourselves.
  • Third par­ty cook­ies: Third par­ty cook­ies are main­ly used by adver­tis­ers (so-called third par­ties) to process user information.
  • Nec­es­sary (also: essen­tial) cook­ies: Cook­ies can be nec­es­sary for the oper­a­tion of a web­site (e.g. to save logins or oth­er user inputs or for secu­ri­ty reasons).
  • Sta­tis­tics, mar­ket­ing and per­son­al­i­sa­tion cook­ies: Cook­ies are also gen­er­al­ly used to mea­sure a website’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing cer­tain con­tent, using func­tions, etc.) are stored on indi­vid­ual web­sites in a user pro­file. Such pro­files are used, for exam­ple, to dis­play con­tent to users that cor­re­sponds to their poten­tial inter­ests. This pro­ce­dure is also referred to as “track­ing”, i.e. track­ing the poten­tial inter­ests of users. . If we use cook­ies or “track­ing” tech­nolo­gies, we will inform you sep­a­rate­ly in our pri­va­cy pol­i­cy or in the con­text of obtain­ing consent.

Infor­ma­tion on legal basis: The legal basis on which we process your per­son­al data with the help of cook­ies depends on whether we ask you for your con­sent. If this applies and you con­sent to the use of cook­ies, the legal basis for pro­cess­ing your data is your declared con­sent. Oth­er­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g. in a busi­ness oper­a­tion of our online ser­vice and its improve­ment) or, if the use of cook­ies is nec­es­sary to ful­fill our con­trac­tu­al obligations.

Gen­er­al infor­ma­tion on With­draw­al of con­sent and objec­tion (Opt-Out): Respec­tive of whether pro­cess­ing is based on con­sent or legal per­mis­sion, you have the option at any time to object to the pro­cess­ing of your data using cook­ie tech­nolo­gies or to revoke con­sent (col­lec­tive­ly referred to as “opt-out”). You can ini­tial­ly explain your objec­tion using the set­tings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online ser­vices). An objec­tion to the use of cook­ies for online mar­ket­ing pur­pos­es can be raised for a large num­ber of ser­vices, espe­cial­ly in the case of track­ing, via the web­sites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com. In addi­tion, you can receive fur­ther infor­ma­tion on objec­tions in the con­text of the infor­ma­tion on the used ser­vice providers and cookies.

Pro­cess­ing Cook­ie Data on the Basis of Con­sent: Before we process or have processed data with­in the con­text of the usage of cook­ies, we ask the users for their con­sent, which can be revoked at any time. Before the con­sent has not been giv­en, we may use cook­ies that are nec­es­sary for the oper­a­tion of our online ser­vices. Their use is based on our inter­est and the user’s inter­est in the expect­ed func­tion­al­i­ty of our online services.

    • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
    • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
    • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Google Ana­lyt­ics: Google Ana­lyt­ics is a web ana­lyt­ics ser­vice pro­vid­ed by Google Inc., 1600 Amphithe­atre Park­way, Moun­tain View, CA 94034, USA. Joint data pro­cess­ing in accor­dance with Art. 26 GDPR applies, with data pro­cess­ing pri­mar­i­ly being per­formed by Google. The infor­ma­tion gen­er­at­ed by the cook­ies about your use of this web­site will gen­er­al­ly be trans­mit­ted to a Google serv­er in the USA and stored there. This means that both Google and gov­ern­ment bod­ies in the USA have access to your per­son­al data. Google may use the data for any pur­pose of its own, such as cre­at­ing a pro­file and link­ing it to oth­er avail­able infor­ma­tion.- How­ev­er, with­in mem­ber states of the Euro­pean Union or oth­er states par­ty to the Euro­pean Eco­nom­ic Area Agree­ment, your IP address will first be abbre­vi­at­ed. Only in excep­tion­al cas­es will the full IP address be trans­mit­ted to a Google serv­er in the USA and abbre­vi­at­ed there. Google will use the gen­er­at­ed infor­ma­tion on our behalf in order to eval­u­ate your use of the web­site, to com­pile reports on web­site traf­fic, and to pro­vide us with oth­er ser­vices relat­ing to the use of the web­site and the inter­net. You may refuse stor­age of cook­ies by select­ing the appro­pri­ate set­tings on the web­site or in your brows­er. Please note, how­ev­er, that in this case you may not be able to use the full range of func­tions on this web­site. You may also pre­vent Google from col­lect­ing and pro­cess­ing the data gen­er­at­ed by the cook­ies relat­ing to your use of the web­site (includ­ing your IP address) by click­ing on the fol­low­ing link and down­load­ing and installing the brows­er plug-in pro­vid­ed: https://tools.google.com/dlpage/gaoptout?hl=en.
For fur­ther infor­ma­tion on this mat­ter, vis­it https://tools.google.com/dlpage/gaoptout?hl=en or https://marketingplatform.google.com/intl/en_uk/about/ (gen­er­al infor­ma­tion on Google Ana­lyt­ics and data pri­va­cy). Please note that “anonymizeIp();” was added to the Google Ana­lyt­ics code on our web­site to anonymise IP address­es by delet­ing the final 8‑bit byte.

Face­book Pix­el: This web­site uses the remar­ket­ing func­tion “Cus­tom Audi­ences” pro­vid­ed by Face­book Inc. (“Face­book”). This func­tion makes it pos­si­ble to show users of our web­site inter­est-based ads (“Face­book ads”) when they vis­it the social net­work Face­book or any oth­er web­sites using this func­tion. Our inter­est in using this func­tion is to show you ads that are rel­e­vant to your inter­ests in order to make our web­site more inter­est­ing to you.

Your brows­er auto­mat­i­cal­ly estab­lish­es a direct con­nec­tion with the Face­book serv­er based on the use of this mar­ket­ing tool. We do not influ­ence the extent and fur­ther use of data col­lect­ed by Face­book through use of this tool and will there­fore pro­vide infor­ma­tion based on our own lev­el of knowl­edge: Inte­gra­tion of Face­book Cus­tom Audi­ences allows Face­book to see that you have accessed the respec­tive page on our web­site or have clicked one of our ads. If you are reg­is­tered with a Face­book ser­vice, Face­book can asso­ciate this vis­it with your account. Even if you are not reg­is­tered with Face­book or are not logged in, it is pos­si­ble for the provider to find out and save your IP address and oth­er iden­ti­fy­ing features.

Com­mer­cial Services

We process data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tomers and inter­est­ed par­ties (col­lec­tive­ly referred to as “con­trac­tu­al part­ners”) with­in the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and com­mu­ni­ca­tion with the con­trac­tu­al part­ners or pre-con­trac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to ful­fil our con­trac­tu­al oblig­a­tions, safe­guard our rights and for the pur­pos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the con­trac­tu­al part­ners with­in the scope of the applic­a­ble law to third par­ties inso­far as this is nec­es­sary for the afore­men­tioned pur­pos­es or for the ful­fil­ment of legal oblig­a­tions or with the con­sent of the con­trac­tu­al part­ners (e.g. telecom­mu­ni­ca­tions, trans­port and oth­er aux­il­iary ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice providers or tax author­i­ties). The con­trac­tu­al part­ners will be informed about fur­ther pro­cess­ing, e.g. for mar­ket­ing pur­pos­es, as part of this pri­va­cy policy.

Which data are nec­es­sary for the afore­men­tioned pur­pos­es, we inform the con­tract­ing part­ners before or in the con­text of the data col­lec­tion, e.g. in on-line forms by spe­cial mark­ing (e.g. col­ors), and/or sym­bols (e.g. aster­isks or the like), or personally.

We delete the data after expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a cus­tomer account or must be kept for legal rea­sons of archiv­ing (e.g., as a rule 10 years for tax pur­pos­es). In the case of data dis­closed to us by the con­trac­tu­al part­ner with­in the con­text of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gen­er­al after the end of the assignment.

If we use third-par­ty providers or plat­forms to pro­vide our ser­vices, the terms and con­di­tions and pri­va­cy poli­cies of the respec­tive third-par­ty providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Con­sult­ing: We process the data of our clients, clients as well as inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as “clients”) in order to pro­vide them with our con­sult­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client relationship.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the client, we dis­close or trans­fer the client’s data to third par­ties or agents, such as author­i­ties, courts, sub­con­trac­tors or in the field of IT, office or com­pa­ra­ble ser­vices, tak­ing into account the pro­fes­sion­al requirements.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer category).
  • Data sub­jects: Prospec­tive cus­tomers, Busi­ness and con­trac­tu­al partners.
  • Pur­pos­es of Pro­cess­ing: Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Man­ag­ing and respond­ing to inquiries.
  • Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Con­tact­ing us

When con­tact­ing us (e.g. by con­tact form, e‑mail, tele­phone or via social media), the data of the inquir­ing per­sons are processed inso­far as this is nec­es­sary to answer the con­tact enquiries and any request­ed activities.

The response to con­tact enquiries with­in the frame­work of con­trac­tu­al or pre-con­trac­tu­al rela­tion­ships is made in order to ful­fil our con­trac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and oth­er­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: con­tact requests and communication.
  • Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Job Appli­ca­tion Process

The appli­ca­tion process requires appli­cants to pro­vide us with the data nec­es­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion con­tained therein.

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, a con­tact option and proof of the qual­i­fi­ca­tions required for a par­tic­u­lar employ­ment. Upon request, we will be hap­py to pro­vide you with addi­tion­al information.

If pro­vid­ed, appli­cants can send us their appli­ca­tions using an online form. Appli­cants can also send us their appli­ca­tions via email. How­ev­er, please note that emails are gen­er­al­ly not sent encrypt­ed on the Inter­net. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our server.

For the pur­pos­es of search­ing for appli­cants, sub­mit­ting appli­ca­tions and select­ing appli­cants, we may make use of the appli­cant man­age­ment and recruit­ment soft­ware, plat­forms and ser­vices of third-par­ty providers in com­pli­ance with legal require­ments. Appli­cants are wel­come to con­tact us about how to sub­mit their appli­ca­tion or send it to us by reg­u­lar mail.

Pro­cess­ing of spe­cial cat­e­gories of data: If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can exer­cise his/her rights aris­ing from labour law and social secu­ri­ty and social pro­tec­tion law and ful­fil his/her duties in this regard, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons pur­suant to Arti­cle 9 (1)© GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

Era­sure of data: In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment rela­tion­ship. Oth­er­wise, if the appli­ca­tion for a job offer is not suc­cess­ful, the applicant’s data will be delet­ed. Appli­cants’ data will also be delet­ed if an appli­ca­tion is with­drawn, to which appli­cants are enti­tled at any time. Sub­ject to a jus­ti­fied revo­ca­tion by the appli­cant, the dele­tion will take place at the lat­est after the expiry of a peri­od of six months, so that we can answer any fol­low-up ques­tions regard­ing the appli­ca­tion and com­ply with our duty of proof under the reg­u­la­tions on equal treat­ment of appli­cants. Invoic­es for any reim­burse­ment of trav­el expens­es are archived in accor­dance with tax regulations.

  • Processed data types: Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).
  • Data sub­jects: Job applicants.
  • Pur­pos­es of Pro­cess­ing: Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment relationship.).
  • Legal Basis: Arti­cle 9 (1)(b) GDPR (job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship) (If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (1)© GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.).

Cloud Ser­vices

We use Inter­net-acces­si­ble soft­ware ser­vices (so-called “cloud ser­vices”, also referred to as “Soft­ware as a Ser­vice”) pro­vid­ed on the servers of its providers for the fol­low­ing pur­pos­es: doc­u­ment stor­age and admin­is­tra­tion, cal­en­dar man­age­ment, e‑mail deliv­ery, spread­sheets and pre­sen­ta­tions, exchange of doc­u­ments, con­tent and infor­ma­tion with spe­cif­ic recip­i­ents or pub­li­ca­tion of web­sites, forms or oth­er con­tent and infor­ma­tion, as well as chats and par­tic­i­pa­tion in audio and video conferences.

With­in this frame­work, per­son­al data may be processed and stored on the provider’s servers inso­far as this data is part of com­mu­ni­ca­tion process­es with us or is oth­er­wise processed by us in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of data sub­jects, data on process­es, con­tracts, oth­er pro­ceed­ings and their con­tents. Cloud ser­vice providers also process usage data and meta­da­ta that they use for secu­ri­ty and ser­vice opti­miza­tion purposes.

If we use cloud ser­vices to pro­vide doc­u­ments and con­tent to oth­er users or pub­licly acces­si­ble web­sites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user set­tings (e.g. in the case of media control).

Infor­ma­tion on legal basis – If we ask for per­mis­sion to use cloud ser­vices, the legal basis for pro­cess­ing data is con­sent. Fur­ther­more, their use can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of cloud ser­vices has been agreed in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and col­lab­o­ra­tion processes).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive cus­tomers, Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Office and organ­i­sa­tion­al procedures.
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Ser­vices and ser­vice providers being used:

Online­mar­ket­ing

We process per­son­al data for the pur­pos­es of online mar­ket­ing, which may include in par­tic­u­lar the mar­ket­ing of adver­tis­ing space or the dis­play of adver­tis­ing and oth­er con­tent (col­lec­tive­ly referred to as “Con­tent”) based on the poten­tial inter­ests of users and the mea­sure­ment of their effectiveness.

For these pur­pos­es, so-called user pro­files are cre­at­ed and stored in a file (so-called “cook­ie”) or sim­i­lar pro­ce­dure in which the rel­e­vant user infor­ma­tion for the dis­play of the afore­men­tioned con­tent is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web­sites vis­it­ed, online net­works used, com­mu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on usage times. If users have con­sent­ed to the col­lec­tion of their side­line data, these can also be processed.

The infor­ma­tion in the pro­files is usu­al­ly stored in the cook­ies or sim­i­lar mem­o­riz­ing pro­ce­dures. These cook­ies can lat­er, gen­er­al­ly also on oth­er web­sites that use the same online mar­ket­ing tech­nol­o­gy, be read and ana­lyzed for pur­pos­es of con­tent dis­play, as well as sup­ple­ment­ed with oth­er data and stored on the serv­er of the online mar­ket­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the pro­files. This is the case, for exam­ple, if the users are mem­bers of a social net­work whose online mar­ket­ing tech­nol­o­gy we use and the net­work links the pro­files of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social net­work providers or oth­er ser­vice providers, e.g. by con­sent­ing as part of a reg­is­tra­tion process.

As a mat­ter of prin­ci­ple, we only gain access to sum­marised infor­ma­tion about the per­for­mance of our adver­tise­ments. How­ev­er, with­in the frame­work of so-called con­ver­sion mea­sure­ment, we can check which of our online mar­ket­ing process­es have led to a so-called con­ver­sion, i.e. to the con­clu­sion of a con­tract with us. The con­ver­sion mea­sure­ment is used alone for the per­for­mance analy­sis of our mar­ket­ing activities.

Unless oth­er­wise stat­ed, we kind­ly ask you to con­sid­er that cook­ies used will be stored for a peri­od of two years.

Infor­ma­tion on legal basis: If we ask users for their con­sent (e.g. in the con­text of a so-called “cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing data for online mar­ket­ing pur­pos­es is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online ser­vices), Prospec­tive customers.
  • Pur­pos­es of Pro­cess­ing: Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Con­ver­sion Track­ing, Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files), Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties), Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty mea­sures: IP Mask­ing (Pseu­do­nymiza­tion of the IP address).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).
  • Opt-Out: We refer to the pri­va­cy poli­cies of the respec­tive ser­vice providers and the pos­si­bil­i­ties for objec­tion (so-called “opt-out”). If no explic­it opt-out option has been spec­i­fied, it is pos­si­ble to deac­ti­vate cook­ies in the set­tings of your brows­er. How­ev­er, this may restrict the func­tions of our online offer. We there­fore rec­om­mend the fol­low­ing addi­tion­al opt-out options, which are offered col­lec­tive­ly for each area: a) Europe: https://www.youronlinechoices.eu. b) Cana­da: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region­al: http://optout.aboutads.info.

Ser­vices and ser­vice providers being used:

Pro­files in Social Networks

We main­tain online pres­ences with­in social net­works in order to com­mu­ni­cate with the users active there or to offer infor­ma­tion about us there.

We would like to point out that user data may be processed out­side the Euro­pean Union. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights. With regard to US providers cer­ti­fied under the Pri­va­cy Shield or offer­ing com­pa­ra­ble guar­an­tees of a secure lev­el of data pro­tec­tion, we would like to point out that they there­by com­mit them­selves to com­ply with EU data pro­tec­tion standards.

In addi­tion, user data is usu­al­ly processed with­in social net­works for mar­ket research and adver­tis­ing pur­pos­es. For exam­ple, user pro­files can be cre­at­ed on the basis of user behav­ior and the asso­ci­at­ed inter­ests of users. The user pro­files can then be used, for exam­ple, to place adver­tise­ments with­in and out­side the net­works which are pre­sumed to cor­re­spond to the inter­ests of the users. For these pur­pos­es, cook­ies are usu­al­ly stored on the user’s com­put­er, in which the user’s usage behav­ior and inter­ests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are mem­bers of the respec­tive net­works or will become mem­bers lat­er on).

For a detailed descrip­tion of the respec­tive pro­cess­ing oper­a­tions and the opt-out options, please refer to the respec­tive data pro­tec­tion dec­la­ra­tions and infor­ma­tion pro­vid­ed by the providers of the respec­tive networks.

Also, in the case of requests for infor­ma­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effec­tive­ly pur­sued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate mea­sures and pro­vide infor­ma­tion. If you still need help, please do not hes­i­tate to con­tact us.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: con­tact requests and com­mu­ni­ca­tion, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

Ser­vices and ser­vice providers being used:

Plu­g­ins and embed­ded func­tions and content

With­in our online ser­vices, we inte­grate func­tion­al and con­tent ele­ments that are obtained from the servers of their respec­tive providers (here­inafter referred to as “third-par­ty providers”). These may, for exam­ple, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­inafter uni­form­ly referred to as “Con­tent”).

The inte­gra­tion always pre­sup­pos­es that the third-par­ty providers of this con­tent process the IP address of the user, since they could not send the con­tent to their brows­er with­out the IP address. The IP address is there­fore required for the pre­sen­ta­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respec­tive offer­ers use the IP address only for the dis­tri­b­u­tion of the con­tents. Third par­ties may also use so-called pix­el tags (invis­i­ble graph­ics, also known as “web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The “pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er infor­ma­tion about the use of our web­site, as well as may be linked to such infor­ma­tion from oth­er sources.

Infor­ma­tion on legal basis: If we ask users for their con­sent (e.g. in the con­text of a so-called “cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­miza­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Inven­to­ry data (e.g. names, addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online ser­vices), Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Pro­vi­sion of our online ser­vices and usabil­i­ty, Con­trac­tu­al ser­vices and sup­port, con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files), Secu­ri­ty mea­sures, Man­ag­ing and respond­ing to inquiries.
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR).

Ser­vices and ser­vice providers being used:

Era­sure of data

The data processed by us will be erased in accor­dance with the statu­to­ry pro­vi­sions as soon as their pro­cess­ing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or they are not required for the purpose).

If the data is not delet­ed because they are required for oth­er and legal­ly per­mis­si­ble pur­pos­es, their pro­cess­ing is lim­it­ed to these pur­pos­es. This means that the data will be restrict­ed and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be stored for com­mer­cial or tax rea­sons or for which stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal person.

Fur­ther infor­ma­tion on the era­sure of per­son­al data can also be found in the indi­vid­ual data pro­tec­tion notices of this pri­va­cy policy.

Changes and Updates to the Pri­va­cy Policy

We kind­ly ask you to inform your­self reg­u­lar­ly about the con­tents of our data pro­tec­tion dec­la­ra­tion. We will adjust the pri­va­cy pol­i­cy as changes in our data pro­cess­ing prac­tices make this nec­es­sary. We will inform you as soon as the changes require your coop­er­a­tion (e.g. con­sent) or oth­er indi­vid­ual notification.

If we pro­vide address­es and con­tact infor­ma­tion of com­pa­nies and orga­ni­za­tions in this pri­va­cy pol­i­cy, we ask you to note that address­es may change over time and to ver­i­fy the infor­ma­tion before con­tact­ing us.

Rights of Data Subjects

As data sub­ject, you are enti­tled to var­i­ous rights under the GDPR, which arise in par­tic­u­lar from Arti­cles 15 to 18 and 21 of the GDPR:

  • Right to Object: You have the right, on grounds aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data which is based on let­ter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing pro­fil­ing based on those provisions.

Where per­son­al data are processed for direct mar­ket­ing pur­pos­es, you have the right to object at any time to the pro­cess­ing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is relat­ed to such direct marketing.

  • Right of with­draw­al for con­sents: You have the right to revoke con­sents at any time.
  • Right of access: You have the right to request con­fir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive fur­ther infor­ma­tion and a copy of the data in accor­dance with the pro­vi­sions of the law.
  • Right to rec­ti­fi­ca­tion: You have the right, in accor­dance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fi­ca­tion of the incor­rect data con­cern­ing you.
  • Right to Era­sure and Right to Restric­tion of Pro­cess­ing: In accor­dance with the statu­to­ry pro­vi­sions, you have the right to demand that the rel­e­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the pro­cess­ing of the data be restrict­ed in accor­dance with the statu­to­ry provisions.
  • Right to data porta­bil­i­ty: You have the right to receive data con­cern­ing you which you have pro­vid­ed to us in a struc­tured, com­mon and machine-read­able for­mat in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er controller.
  • Com­plaint to the super­vi­so­ry author­i­ty: You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your habit­u­al res­i­dence, place of work or place of the alleged infringe­ment if you con­sid­er that the pro­cess­ing of per­son­al data relat­ing to you infringes the GDPR.

Ter­mi­nol­o­gy and Definitions

This sec­tion pro­vides an overview of the terms used in this pri­va­cy pol­i­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal def­i­n­i­tions are bind­ing. The fol­low­ing expla­na­tions, on the oth­er hand, are intend­ed above all for the pur­pose of com­pre­hen­sion. The terms are sort­ed alphabetically.

  • Con­troller: “Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.
  • Con­ver­sion Track­ing: “Con­ver­sion Track­ing” refers to a pro­ce­dure by which the effec­tive­ness of mar­ket­ing mea­sures can be deter­mined. As a rule, a cook­ie is stored on the devices of the users with­in the web­sites on which the mar­ket­ing mea­sures are car­ried out and then called up again on the tar­get web­site (e.g. this enables us to track whether the ads we placed on oth­er web­sites were successful).
  • Con­ver­sion track­ing: Con­ver­sion track­ing is a method used to eval­u­ate the effec­tive­ness of mar­ket­ing mea­sures. For this pur­pose, a cook­ie is usu­al­ly stored on the devices of the users with­in the web­sites on which the mar­ket­ing mea­sures take place and then called up again on the tar­get web­site (e.g. we can thus trace whether the adver­tise­ments placed by us on oth­er web­sites were successful).
  • IP Mask­ing: IP mask­ing is a method by which the last octet, i.e. the last two num­bers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a per­son. IP mask­ing is there­fore a means of pseu­do­nymiz­ing pro­cess­ing meth­ods, par­tic­u­lar­ly in online marketing.
  • Inter­est-based and behav­ioral mar­ket­ing: Inter­est-relat­ed and/or behav­iour-relat­ed mar­ket­ing is the term used when poten­tial user inter­est in adver­tise­ments and oth­er con­tent is pre­dict­ed if pos­si­ble. This is done on the basis of infor­ma­tion on the pre­vi­ous behav­iour of users (e.g. vis­it­ing and stay­ing on cer­tain web­sites, pur­chas­ing behav­iour or inter­ac­tion with oth­er users), which is stored in a so-called pro­file. For these pur­pos­es cook­ies are usu­al­ly used.
  • Per­son­al Data: “per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al person.
  • Pro­cess­ing: The term “pro­cess­ing” cov­ers a wide range and prac­ti­cal­ly every han­dling of data, be it col­lec­tion, eval­u­a­tion, stor­age, trans­mis­sion or erasure.
  • Pro­fil­ing: “Pro­fil­ing” means any auto­mat­ed pro­cess­ing of per­son­al data con­sist­ing in the use of such per­son­al data to ana­lyze, eval­u­ate or pre­dict cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son (depend­ing on the type of pro­fil­ing, this includes infor­ma­tion regard­ing age, gen­der, loca­tion and move­ment data, inter­ac­tion with web­sites and their con­tents, shop­ping behav­iour, social inter­ac­tions with oth­er peo­ple) (e.g. inter­ests in cer­tain con­tents or prod­ucts, click behav­iour on a web­site or the loca­tion). Cook­ies and web bea­cons are often used for pro­fil­ing purposes.
  • Remar­ket­ing: Remar­ket­ing” or “retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing pur­pos­es which prod­ucts a user is inter­est­ed in on a web­site in order to remind the user of these prod­ucts on oth­er web­sites, e.g. in advertisements.
  • Tar­get­ing: Track­ing” is the term used when the behav­iour of users can be traced across sev­er­al web­sites. As a rule, behav­ior and inter­est infor­ma­tion with regard to the web­sites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called pro­fil­ing). This infor­ma­tion can then be used, for exam­ple, to dis­play adver­tise­ments to users pre­sum­ably cor­re­spond­ing to their interests.
  • Web Ana­lyt­ics: Web Ana­lyt­ics serves the eval­u­a­tion of vis­i­tor traf­fic of online ser­vices and can deter­mine their behav­ior or inter­ests in cer­tain infor­ma­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for exam­ple, can rec­og­nize at what time vis­i­tors vis­it their web­site and what con­tent they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the con­tent of the web­site to bet­ter meet the needs of their vis­i­tors. For pur­pos­es of web ana­lyt­ics, pseu­do­ny­mous cook­ies and web bea­cons are fre­quent­ly used in order to rec­og­nize return­ing vis­i­tors and thus obtain more pre­cise analy­ses of the use of an online service.