1. GENERAL NOTES AND MANDATORY INFORMATION
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this is done. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.
Based on the model of Art. 4 GDPR, this data protection notice is based on the following definitions:
- "Personal data" (Art. 4 No.1 GDPR) is any information relating to an identified or identifiable natural person ("data subject"). A person can be identified if they can be identified directly or indirectly, in particular by means of an assignment to an identifier such as a name, an identification number, an online identifier, location data or using information about their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics can be identified. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or sound recordings can also contain personal data).
- "Processing" (Art. 4 No. 2 GDPR) is any process in which personal data is handled, whether with or without the help of automated (i.e. technology-based) processes. In particular, this includes collecting (i.e. acquiring), recording, organizing, arranging, storing, adapting or changing, reading out, querying, using, disclosing through transmission, distribution or other provision, comparison, the linking, the restriction, the deletion or the destruction of personal data as well as the change of an objective or purpose on which data processing was originally based.
- "Responsible" (Art. 4 No.7 GDPR) is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
- "Third party" (Art. 4 No.10 GDPR) is any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data; this also includes other corporate legal entities.
- "Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible, in particular in accordance with their instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
- "Consent" (Art. 4 No.11 GDPR) of the data subject means any voluntary, informed and unequivocal expression of will in the form of a declaration or other clear affirmative action with which the data subject indicates that you consent to the processing of your personal data.
Note on the accountable body
The accountable body within the meaning of Art. 4 Paragraph 7 DGSVO for data processing on this website is:
EOS Saunatechnik GmbH
35759 Driedorf, Germany
Phone: +49 (0)2775 82-0
The accountable body is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
Legally required data protection officer
We have appointed a data protection officer for our company.
Data protection officer at EOS Saunatechnik GmbH
35759 Driedorf, Germany
If you have any questions about data protection, you can contact our data protection officer at the above address or at the email address firstname.lastname@example.org.
Legal bases of data processing
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:
- Art. 6 Paragraph 1 S.1 ("consent"): If the data subject has voluntarily, in an informed manner and unequivocally indicated by a statement or other unequivocal affirmative action that they consent to the processing of their personal data for one or more specific purposes;
- Art. 6 Paragraph 1 S.1 lit. b GDPR: If the processing is necessary to fulfill a contract to which the data subject is a party or to carry out pre-contractual measures which are carried out at the request of the data subject;
- Art. 6 paragraph 1 sentence 1 lit. c GDPR: If the processing is necessary to fulfill a legal obligation to which the person responsible is subject (e.g. a statutory retention obligation);
- Art. 6 paragraph 1 sentence 1 letter d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
- Art. 6 paragraph 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible or
- Art. 6 paragraph 1 sentence 1 lit. f GDPR ("legitimate interests"): If the processing is necessary to safeguard the legitimate (in particular legal or economic) interests of the person responsible or a third party, provided that the conflicting interests or rights of the person concerned do not prevail (especially if the person concerned is a minor).
For the processing operations we carry out, we indicate below the applicable legal basis in each case. Processing can also be based on several legal bases.
Furthermore, the storage of information in the end device by you as the end user and access to information that is already stored in your end device takes place exclusively after you have given your consent in accordance with § 25 Para. 2 TTDSG is dispensable.
Personal data is information that can be used to find out personal or factual circumstances about you, such as your name, address, telephone number or email address.
Information that we cannot use to relate to you is generally not personal data.
Purposes of data processing
When the website is accessed, the Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited period of time. Until the automatic deletion, the following data will be saved without further input by the visitor:
- IP address of the visitor's device,
- Date and time of access by the visitor,
- Name and URL of the page called up by the visitor,
- Website from which the visitor came to this website (so-called referrer URL),
- Browser and operating system of the visitor's device as well as the name of the access provider used by the visitor.
The processing of this personal data is justified in accordance with Article 6 Paragraph 1 Clause 1 lit f) GDPR. EOS-Saunatechnik has a legitimate interest in data processing for this purpose
- To enable a user-friendly application of the website
- To recognize and guarantee the security and stability of the systems and
- To facilitate and improve the administration of the website.
The processing is expressly not carried out for the purpose of gaining knowledge about the person visiting the website.
Data Erasure and Storage Duration
For the processing operations carried out by us or by contract processors, we state below how long the data will be stored by us and when it will be deleted or blocked. Unless an express storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies.
However, storage can take place beyond the specified time in the event of an (impending) legal dispute with you or other legal proceedings or if the storage is required by statutory provisions to which we are subject as the person responsible (e.g. Section 257 HGB, Section 147 AO). is provided. If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for this.
Cooperation with processors
As with any company, we also use external service providers to process our business transactions (e.g. for the areas of IT, logistics, telecommunications, sales and marketing). These only act according to our instructions and have been contractually obliged in accordance with Article 28 GDPR to comply with the data protection regulations, especially regulations to ensure data security by means of suitable technical and organizational measures. This applies in particular to the usage of analysis and marketing tools used on our website.
If we pass on personal data from you to our subsidiaries or from our subsidiaries to us (e.g. for commercial purposes), this is done on the basis of existing order processing relationships.
Transmission of personal data to third parties; Basis of justification
The following categories of recipients, which are usually processors, may have access to your personal data:
- Service providers for the operation of our website and the processing of the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security or tool providers). The legal basis for the transfer is alternatively to your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR, Article 6 Paragraph 1 Clause 1 Letter b or Letter f GDPR, insofar as it is not a processor;
- State bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is Article 6 Paragraph 1 Clause 1 Letter c GDPR;
- Persons employed to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, those involved in company acquisitions or the formation of joint ventures). The legal basis for the transfer is then Art. 6 Para.1 S.1 lit. b or lit. f GDPR.
In addition, we only pass on your personal data to third parties if you have given your express consent to this in accordance with Art 6. Para.1 S.1.
Requirements for the transfer of personal data to third countries
As part of our business relationships, your personal information may be shared or disclosed with third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out solely to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the respective details of the transfer below at the relevant points.
In some third countries, the European Commission certifies data protection that is comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: ec.europa.eu/info/law/law- topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). In other third countries, to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we make sure that data protection is adequately guaranteed. This can be done via binding company regulations, standard contractual clauses from the European Commission for the protection of personal data, certificates or recognized codes of conduct.
Please note that when personal data is transferred to the USA, even if this is based on standard contractual clauses, it cannot be ruled out that the US security authorities, who have extensive powers, may access your personal data at any time and without cause - or that compel disclosure of your data from the US company in question. This applies even if the servers are in Europe. There are no effective legal remedies available to you against this. A level of data protection comparable to that in Europe may also be lacking in other third countries.
Please also note that in most cases a transfer of your personal data to a third country such as the USA cannot be based on your consent in accordance with Art. 49 GDPR.
With regard to the individual services, we will inform you at the appropriate point about the legal basis (e.g. standard contractual clauses) on which the data is transferred to third countries. Please contact our data protection officer if you would like more information on this.
No automated decision making (including profiling)
We do not intend to use personal information collected from you for any automated decision-making process (including profiling).
Mandatory information according to Article 13 GDPR
In the case of the first contact, we are obliged in accordance with Art. 12, 13 GDPR to provide you with the following mandatory information under data protection law: We only process your personal data
- if there is a legitimate interest in the processing (Art. 6 Para. 1 lit.f GDPR),
- you have consented to the data processing (Art. 6 Para. 1 lit. a GDPR),
- the processing is necessary for the initiation, justification, content design or change of a legal relationship between you and us (Art. 6 Para. 1 lit. b GDPR) or
- another legal norm allows processing.
Your personal data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods under tax and commercial law - remain unaffected. You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to object, data portability and the right to lodge a complaint with the competent supervisory authority. You can also request the correction, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Details can be found in our data protection declaration www.eos-sauna.com/en/legal-information. You can contact our data protection officer at: email@example.com
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. An informal e-mail to us is sufficient. The legality of the data processing carried out before the revocation remains unaffected by the revocation.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
If the data processing takes place on the basis of Art. 6 Paragraph 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data concerned, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Paragraph 1 GDPR).
Right of appeal to the competent supervisory authority
In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation.
Der Hessische Beauftragte für Datenschutz und Informationssicherheit
The right of appeal exists without prejudice to other administrative or judicial remedies.
Right to data portability
You have the right to have your personal data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done if it is technically feasible.
Information, blocking, deletion and correction
Within the framework of the applicable statutory provisions, you have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correction, Art. 16 GDPR, blocking, Art. 18 GDPR or deletion , Art. 17 GDPR, this data. You can contact us at any time at the address or email address given above if you have any further questions on the subject of personal data.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
- If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the test, you have the right to request that the processing of your personal data be restricted.
- If the processing of your personal data happened / happens unlawfully, you can request the restriction of the data processing instead of the deletion.
- If we no longer need your personal data, but you need them to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of being deleted.
- If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, your interests and ours must be weighed up. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the European Union or a member state.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http: //” to “https: //” and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
2. DATA COLLECTION ON OUR WEBSITE
Purpose and legal basis of data processing
We process the personal data described in detail above in accordance with the provisions of the GDPR, the Telecommunications and Telemedia Data Protection Act (hereinafter: "TTDSG") and other relevant data protection regulations only to the necessary extent. Insofar as the processing of personal data is based on Article 6 Paragraph 1 Clause 1 Letter f GDPR, the stated purposes also represent our legitimate interests, subject to further interests to be specified.
The processing of the log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 Para.1 S.1 lit. f DSGVO).
The processing of contact form data takes place, if no other legal basis is given below, to process customer inquiries (legal basis is Art. 6 Para.1 S.1 lit. b or lit. f DSGVO).
Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals. However, cookies cannot directly identify a user.
- Technical cookies: These are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;
- Performance cookies: These collect information about how you use our website, which pages you visit and, for example, if you experience any errors when using the website; they do not collect any information that could identify you. All information collected is anonymous and is only used to improve our website and find out what interests our users;
- Advertising cookies, targeting cookies: These serve to offer the website user needs-based advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
- Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
A detailed list of the cookies used on this site can be found at the end of this data protection declaration.
If you use the contact form to send us an enquiry (this includes forms completed at trade fairs, for example) or to extend the warranty on EOS Superior sauna heaters, your details from the form, including the contact details you provide there, will be stored by us for the purpose of processing the warranty extension or your enquiry and in the event of any follow-up questions. We will not share this information without your consent.
The processing of your data is carried out for the execution or initiation of the contract and is based on Art. 6 par. 1 lit. b) GDPR.
The data will remain with us until you ask us to delete it or until the purpose for storing the data no longer applies (e.g. after processing your enquiry or after expiry of the warranty period). Mandatory legal provisions - in particular retention periods - remain unaffected.”
Inquiries by email, phone or fax
If you contact us by e-mail, telephone or fax, your request, including all personal data derived from it (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 Para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 Para. 1 lit.f GDPR), as we have a legitimate interest in the effective Processing the inquiries sent to us.The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
3. ANALYSIS TOOLS AND ADVERTISING
Social- and multi-media plugins
If you want to activate the plug-in in question, an information text and a button appear. By clicking the button, you then declare your consent to the loading of the respective cookies used by the social or multimedia service.
Unless otherwise stated below, the legal basis for the use of the plug-ins is Article 25 Paragraph 1 TTDSG, whereby the subsequent further processing of your data also requires consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR; i.e. H. integration only takes place when you have given your consent to the storage or reading of information on your device and also your consent to the subsequent processing of the personal data for analysis and advertising purposes (so-called "2-click solution").
You can revoke your consent at any time in the cookie settings for the future.
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are saved on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and saved there.
The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
The personal data collected from you is transmitted to servers managed by Google, most of which are located in the USA. After the EU-US Privacy Shield has been abolished, data transmission to the USA may be based on standard contractual clauses and other guarantees issued by the EU Commission. Although the transfer of personal data takes place on the basis of standard contractual clauses, this does not prevent the US security authorities, which are equipped with extensive powers, from being able to access your personal data at any time and without cause. This applies even if the servers are in Europe. There are no effective legal remedies available to you against this.
We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout.
Deactivate data collection
Data stored by Google at user and event level that are linked to cookies, user IDs (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymized after 14 months or deleted. You can find details on this under the following link: support.google.com/analytics/answer/7667196
Embedding YouTube videos
We have integrated YouTube videos from Google LLC (Mountain View, California, USA) into our online offering, which are stored on www.YouTube.com and can be played directly from our website. By simply visiting our website - before you click on an embedded video - YouTube processes personal data by setting cookies. This way, the information is transmitted that you have accessed a corresponding sub-page of our website. In addition, log files are transmitted. The following data should be mentioned:
- Device information
- IP address
- Referrer URL
- Watched videos
This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube saves your data as usage profiles and uses them for the purposes of personalized advertising, market research and/or needs-based design of its own website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR, which you can revoke at any time in the cookie settings.
The data transmitted to Google LLC via the YouTube video is mainly stored on servers managed by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the European Economic Area (EEA). However, it cannot be ruled out that your personal data will also be stored on servers located outside the EEA in the USA. After the EU-US Privacy Shield has been abolished, data transmission to the USA may be based on standard contractual clauses and other guarantees issued by the EU Commission. Although the transfer of personal data takes place on the basis of standard contractual clauses, this does not prevent the US security authorities, which are equipped with extensive powers, from being able to access your personal data at any time and without cause. This applies even if the servers are in Europe. As a US company, Google may be required to also transmit personal data from EU citizens to the US security authorities, which are located on servers in the EU or the EEA. There are no effective legal remedies available to you against this.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in Google's data protection declaration. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.
4. Recording of data on this website
Consent with Usercentrics
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data will be transferred to Usercentrics:
- Your declaration(s) of consent or your revocation of your declaration(s) of consent
- Your IP address
- Information about your browser
- Information about your device
- The date and time you visited our website
Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.
The Usercentrics banner on this website has been configured with the assistance of eRecht24. This can be identified by the eRecht24 logo. To display the eRecht24 logo in the banner, a connection to the image server of eRecht24 will be established. In conjunction with this, the IP address is also transferred; however, is only stored in anonymized form in the server logs. The image server of eRecht24 is located in Germany with a German provider. The banner as such is provided exclusively by Usercentrics.
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
If you register for one of our newsletters, we will send a confirmation link to the email address you provided. You will only receive our newsletter after you have activated this confirmation link (double opt-in). The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter.
After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.
This website uses Newsletter2Go to send newsletters. The provider is Newsletter2Go GmbH, Nürnberger Strasse 8, 10787 Berlin, Germany.Newsletter2Go is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. The data you enter for the purpose of subscribing to the newsletter will be stored on the Newsletter2Go servers in Germany.If you do not want an analysis by Newsletter2Go, you have to unsubscribe from the newsletter. We provide a link for this in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
Data analysis by Newsletter2Go
With the help of Newsletter2Go it is possible for us to analyze our newsletter campaigns. So we can e.g. see whether a newsletter message has been opened and which links have been clicked. In this way we can determine, among other things, which links have been clicked particularly often.We can also see whether certain previously defined actions were carried out after opening / clicking (conversion rate). We can e.g. recognize whether you have made a purchase after clicking on the newsletter.Newsletter2Go also enables us to subdivide the newsletter recipients into different categories (“cluster”). The newsletter recipients can be e.g. subdivide according to age, gender or place of residence. In this way, the newsletters can be better adapted to the respective target groups.You can find detailed information on the functions of Newsletter2Go at the following link: www.newsletter2go.de/features/newsletter-software/.
The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. This does not affect data that we have saved for other purposes.After you have been removed from the newsletter distribution list, your email address may be stored in a blacklist by us or the newsletter service provider in order to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage provided that your interests outweigh our legitimate interests.For more information, see the data protection provisions of Newsletter2Go at: www.newsletter2go.de/features/datenschutz-2/.
Conclusion of an order processing contract
We have concluded a contract with Newsletter2Go in which we oblige Newsletter2Go to protect the data of our customers and not to pass them on to third parties. This contract can be viewed at the following link: https://www.newsletter2go.de/docs/datenschutz/ADV_Muster_Newsletter2Go_GmbH_latest_Form.pdf.
6. OWN SERVICES
Handling of applicant data
We offer you the opportunity to apply to us (e.g. by email, post or via the online application form). In the following, we will inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that your data will be collected, processed and used in accordance with the applicable data protection law and all other statutory provisions and that your data will be treated as strictly confidential.
Scope and purpose of the data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes from job interviews, etc.) insofar as this is necessary to make a decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Article 6 Paragraph 1 Letter b GDPR (general contract initiation) and – if you have given your consent – Article 6 Paragraph 1 Letter a GDPR. The consent can be revoked at any time. Within our company, your personal data will only be passed on to people who are involved in processing your application.
If the application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 BDSG and Article 6 Paragraph 1 lit. b GDPR for the purpose of carrying out the employment relationship.
Retention period of the data
If we cannot make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have transmitted on the basis of our legitimate interests (Art. 6 Para. 1 lit.f GDPR) for up to 6 months to be kept with us from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies.Longer storage can also take place if you have given your consent (Art. 6 Para. 1 lit. a GDPR) or if statutory storage obligations prevent deletion.
7. OUR SOCIAL MEDIA PRESENTATIONS
Data processing through social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-related processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data can also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is recorded, for example, using cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para.1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para.1 lit. a DSGVO and the storage of information on your device according to § 25 TTDSG).
Responsible and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we and the operator of the social media platform are responsible for the data processing operations triggered during this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as claim against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely based on the company policy of the respective provider.
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions - especially retention periods - remain unaffected.
Social networks in detail
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: www.facebook.com/settings.
We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on how they handle your personal data can be found in the XING data protection declaration: privacy.xing.com/de/datenschutzerklaerung.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn processes your personal data in the USA. The USA does not offer an adequate level of data protection. However, any transmission of personal data takes place in compliance with the conditions laid down in Articles 44-50 GDPR and the other provisions of the GDPR in order to ensure that the level of protection guaranteed for natural persons is maintained.
You can find more information about the standard contractual clauses at LinkedIn at
If you would like to deactivate LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Details on how they handle your personal data can be found in LinkedIn's data protection declaration:
8. Data processing in connection with the use of NFC business cards
Instead of traditional paper business cards, our employees use digital business cards, so-called NFC business cards. For this purpose, we rely on the offer of wazzl GmbH, Hammerstatt 3, 91637 Wörnitz, Germany (hereinafter: wazzl).
A digital business card is a personal website with the data of a classic business card. The contact details of our employees are always available there. If you would like to receive the contact details of our employees, the data will be passed on using NFC contact or by scanning a QR code. NFC (Near Field Communication) refers to contactless data transmission that uses radio frequency identification (RFID) technology. As soon as the connection has been established using NFC or the code has been scanned, you can view the contact details of our employees and save them on your device if necessary.
You also have the option, for example in the event of an inquiry, to leave us your contact details. If you wish, you can send us your contact details by clicking on the “Leave your contact” field on the website and filling out the form that then opens. In this case, the following data is collected:
- First and last name (mandatory)
- Email address (mandatory)
- if applicable, landline number
- if applicable, cell phone number
- if necessary position
- if applicable, company
- If necessary, a note describing your concerns
The data processing takes place for the purpose of being able to process and answer your request. It is based on Article 6 Paragraph 1 Sentence 1 Letter b) GDPR and Article 6 Paragraph 1 Clause 1 Letter f) GDPR.
The data will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Data processing by wazzl