Privacy policy

[Translated with Word]

 

Thank you for your interest in our company. Data protection is a high priority for the management of Krieg & Fischer Ingenieure GmbH. In principle, it is possible to use the website of Krieg & Fischer Ingenieure GmbH without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to Krieg & Fischer Ingenieure GmbH. By means of this privacy policy, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed about the rights to which they are entitled by means of this privacy policy.

As the controller, Krieg & Fischer Ingenieure GmbH has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, each data subject is free to transmit personal data to us by alternative means, such as by telephone.

1. Definitions

The privacy policy of Krieg & Fischer Ingenieure GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms in this Privacy Policy, among others:

  • a) personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • b) Data subject

Data subject means any identified or identifiable natural person whose personal data is processed by the controller.

  • c) Processing

processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination:  restriction, deletion or destruction.

  • d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

  • e) Profiling

Profiling is any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

  • f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person become.

  • g) Controller or controller

The controller or controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or the law of the Member States.

  • h) Processors

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

  • (i) Recipients

The recipient is a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigative mandate under Union or Member State law are not considered recipients.

  • j) Third parties

A third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

  • k) Consent

Consent means any freely given, informed and unambiguous indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative action, by which the data subject indicates that he or she consents to the processing of personal data concerning him/her.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Krieg & Fischer Ingenieure GmbH

Maschmühlenweg 10

D-37073 Göttingen

 

Phone: +49 (0) 551 / 90 03 63 - 0

E-mail: contactkriegfischerde

 

 

3. Name and address of the data protection officer

The Data Protection Officer of the Controller is:

RKM Data GmbH

Stefan Burghardt

Bertha-von-Suttner-Straße 9

37085 Göttingen

 

Phone: +49 (0) 551 / 70 728 - 0

E-mail: inforkm-datade

 

Any data subject can contact our data protection officer directly at any time for any questions or suggestions regarding data protection.

4. Hosting

We host our website through the provider Strato. The responsible company is Strato AG, Pascalstraße 10, 10587 Berlin (hereinafter referred to as "Strato"). When you visit our website, Strato collects various log files, including your IP addresses.

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/ .

The use of Strato is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the most reliable and trouble-free presentation of our website. If consent has been obtained, the processing is based exclusively on Art. 6 (1) (a) GDPR. Your consent can be revoked at any time.

Order processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that ensures that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

5. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

6. Cookies

The website of Krieg & Fischer Ingenieure GmbH uses cookies. Cookies are text files that are stored on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified by the unique cookie ID.

7. Font Awesome

On our website, we have installed so-called web fonts or icons for the uniform display of fonts and icons. These are provided by the provider Fonticons Inc., Corporation Trust Center 1209 Orange St., Wilmington, New Castle, DE 19801, USA. Every time a page is accessed, your browser downloads the required web fonts or icons into your browser cache. This is done in order to display texts, fonts and icons correctly. If your browser does not support Font Awesome, a default font from your computer will be used.

For this reason, the browser you are using connects to the servers of Fonticons, Inc.  on. By establishing this connection, Fonticons, Inc. discloses data about your browser, your operating system and your IP address, among other things. Some of this is personal data.

The legal basis according to Art. 6 (1) (f) GDPR is our legitimate interest in a uniform and appealing presentation of our website.

For more information about Font Awesome, please visit https://fontawesome.com/help and Fonticons, Inc.'s Privacy Policy: https://fontawesome.com/privacy.

8. Collection of general data and information

The website of Krieg & Fischer Ingenieure GmbH collects a series of general data and information every time the website is accessed by a data subject or an automated system. This general data and information is stored in the log files of the server. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address),  (7) the Internet service provider of the accessing system and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

When using this general data and information, Krieg & Fischer Ingenieure GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by Krieg & Fischer Ingenieure GmbH on the one hand statistically and on the other hand with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

9. Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage or insofar as this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

10. Rights of the data subject

  • a) Right of access

Every person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to obtain information from the controller at any time, free of charge, about the personal data stored about him or her and a copy of this information. In addition, the European legislator has granted the data subject access to the following information:

    • the purposes of processing
    • the categories of personal data that are processed
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
    • if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria used to determine this period
    • the existence of a right to rectification or erasure of personal data concerning him/her or to restriction of processing by the controller or a right to object to such processing
    • the existence of a right to lodge a complaint with a supervisory authority
    • if the personal data is not collected from the data subject: all available information on the origin of the data
    • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject

In addition, the data subject has the right to know whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information on the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right of access, he or she may contact an employee of the controller at any time.

  • b) Right to rectification

Every person affected by the processing of personal data has the right granted by the European legislator to request the rectification without undue delay of inaccurate personal data concerning him/her. In addition, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing.

If a data subject wishes to exercise this right of rectification, he or she may contact an employee of the controller at any time.

  • c) Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right, granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, provided that one of the following grounds applies and insofar as the processing is not necessary:

    • The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
    • The data subject withdraws his or her consent, on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
    • The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
    • The personal data has been unlawfully processed.
    • The erasure of the personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
    • The personal data was collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to have personal data stored by Krieg & Fischer Ingenieure GmbH deleted, he or she may contact an employee of the controller at any time. The employee of Krieg & Fischer Ingenieure GmbH will arrange for the deletion request to be complied with immediately.

If the personal data has been made public by Krieg & Fischer Ingenieure GmbH and our company, as the controller, is obliged to delete the personal data in accordance with Article 17 (1) of the GDPR, Krieg & Fischer Ingenieure GmbH shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, in order to inform other data controllers,  who process the published personal data, to inform that the data subject has requested from such other data controllers the deletion of all links to such personal data or of copies or replications of such personal data, to the extent that the processing is not necessary. The employee of Krieg & Fischer Ingenieure GmbH will arrange for the necessary measures to be taken in individual cases.

  • d) Right to restriction of processing

Any person affected by the processing of personal data has the right, granted by the European legislator to obtain from the controller the restriction of processing if one of the following conditions is met:

    • The accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
    • The processing is unlawful, the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data.
    • The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims.
    • The data subject has objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored by Krieg & Fischer Ingenieure GmbH, he or she may contact an employee of the controller at any time. The employee of Krieg & Fischer Ingenieure GmbH will arrange for the processing to be restricted.

  • e) Right to data portability

Every person affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning him/her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. It also has the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and that the processing is carried out by automated means,  provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.

In order to assert the right to data portability, the data subject may contact an employee of Krieg & Fischer Ingenieure GmbH at any time.

  • f) Right to object

Every person affected by the processing of personal data has the right granted by the European legislator to object at any time, on grounds relating to his or her particular situation,  to the processing of personal data concerning him or her which is subject to the processing of personal data which is subject to the processing of personal data on the basis of Art. 6 para. 1 lit. (e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Krieg & Fischer Ingenieure GmbH will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If Krieg & Fischer Ingenieure GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Krieg & Fischer Ingenieure GmbH to the processing for direct marketing purposes, Krieg & Fischer Ingenieure GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out by Krieg & Fischer Ingenieure GmbH for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

In order to exercise the right to object, the data subject may contact any employee of Krieg & Fischer Ingenieure GmbH or another employee directly. Notwithstanding Directive 2002/58/EC, the data subject is also free to exercise his or her right to object in connection with the use of information society services by means of automated procedures using technical specifications.

  • g) Automated decision-making on a case-by-case basis, including profiling

Every person affected by the processing of personal data shall have the right, granted by the European legislator and regulation, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him/her, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject. and the controller, or (2) is permitted by Union or Member State law to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is carried out with the data subject's explicit consent.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) it is made with the express consent of the data subject, Krieg & Fischer Ingenieure GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the controller,  to express one's own point of view and to challenge the decision.

If the data subject wishes to exercise rights in relation to automated decision-making, he/she may contact an employee of the controller at any time.

  • h) Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right granted by the European legislator to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise his/her right to withdraw consent, he/she may contact an employee of the controller at any time.

11. How to contact us via the website

Due to legal regulations, the website of Krieg & Fischer Ingenieure GmbH contains information that enables quick electronic contact with our company as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data provided by the data subject will be stored automatically. Such personal data voluntarily provided by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. This personal data will not be passed on to third parties.

12. Submission of application documents

In the course of your application (paper application or by e-mail), we will collect and process various personal application data.

This includes, in particular, your

  • Contact information (name, address, phone number, and email)
  • Application documents (cover letter, curriculum vitae, certificates or other proof of education and qualifications)

After sending your application by e-mail, you will receive a confirmation of receipt of your application documents.

The collection and processing of your personal application data is exclusively for the purpose of filling positions within our company. As a matter of principle, your data will only be forwarded to the internal departments and specialist departments of our company responsible for the specific application process. Your personal application data will not be passed on to other companies without your prior, explicit consent.

Your application data will not be used or passed on to third parties beyond this.

Your personal application data will generally be deleted no later than 6 months after completion of the application process. This does not apply if legal provisions preclude deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage, e.g. for future job advertisements.

If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

13. Data protection provisions on the application and use of LinkedIn

LinkedIn is an internet-based social network that allows users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time our website is accessed, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. More information about the LinkedIn plug-ins can be found at developer.linkedin.com/plugins. As part of this technical procedure, LinkedIn receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of the respective stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated into our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn in this way, he or she can prevent the transmission by logging out of his or her LinkedIn account before accessing our website.

LinkedIn offers, among www.linkedin.com/psettings/guest-controls, the option to unsubscribe from email messages, SMS messages, and targeted ads, as well as to manage ad preferences. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who may set cookies. Such cookies can be rejected under www.linkedin.com/legal/cookie-policy. LinkedIn's applicable privacy policy is available at www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at www.linkedin.com/legal/cookie-policy.

14. Videos

To play our video files on our website, we have integrated Windows Media Player. Windows Media Player is an integral part of Windows.

To the best of our knowledge, no personal data is collected by Microsoft during the playback of the video files and thus transferred to a third country. For more information about data processing by Microsoft, please visit: privacy.microsoft.com/de-de/privacystatement.

In addition, we have embedded a video file of the "Deutsche Welle, Anstalt des öffentlichen Rechts" on our website. Information on the data processing of "Deutsche Welle" can be found www.dw.com/de/datenschutzerklärung the following link .

15. Data protection provisions on the application and use of YouTube

The controller has integrated components from YouTube on this website. YouTube is an internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all kinds of videos, which is why complete film and TV shows, as well as music videos, trailers or videos made by users themselves, can be accessed via the Internet portal.

 

YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

 

Each time one of the individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the data subject's information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can  be found at https://www.youtube.com/yt/about/de/. As part of this technical procedure, YouTube and Google receive information about which specific sub-page of our website is visited by the data subject.

If the data subject is logged in to YouTube at the same time, YouTube recognises which specific sub-page of our website the data subject is visiting by calling up a subpage containing a YouTube video. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

 

YouTube and Google always receive information via the YouTube component that the data subject has visited our website if the data subject is logged in to YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not want this information to be transmitted to YouTube and Google in this way, he or she can prevent the transmission by logging out of his or her YouTube account before accessing our website.

The privacy policy published  by YouTube, which can be accessed under https://www.google.de/intl/de/policies/privacy/,  provides information on the collection, processing and use of personal data by YouTube and Google.

16. Privacy policy on the application and use of OpenStreetMaps

To display our location, we use geodata from the open source map service "OpenStreetMaps" (also called "OSM") of the company OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

With the display of an interactive map of "OpenStreetMaps" on our website, you will be shown how to find and reach us. In this case, corresponding map material is loaded from an external server. When the interactive map is displayed, both the websites you have visited and the IP address of your device are stored. The legal basis for the processing of your data in relation to this service is Art. 6 para. 1 sentence 1 lit. f) GDPR (legitimate interest in data processing). This is due to our need for an appealing presentation and easier to find the places indicated on our website.

More information on the handling of user data can be found in the privacy policy of "OpenStreetMaps" at: https://wiki.osmfoundation.org/wiki/Privacy_Policy.

17. Data protection provisions on the application and use of Google Analytics (with anonymization function)

On our website, we use Google Analytics (with anonymization function), a web analysis service provided by Google Inc. ("Google"). The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf. You can prevent the installation of cookies by selecting the appropriate settings in your browser software; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above.

 

For more information on data protection and data processing by Google Analytics, please visit: https://support.google.com/analytics/answer/6004245?hl=de.

 

18. Privacy policy on the application and use of Google Ads

We use Google Ads on our website. Google Ads is an online advertising program provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google. In addition, targeted advertisements can be displayed on the basis of user data available at Google (e.g. location data and interests). As a website operator, we can evaluate this data quantitatively, e.g. by analysing which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.

The use of Google Ads is based on Art. 6 (1) (f) GDPR. As the website operator, we have a legitimate interest in marketing our service products as effectively as possible.

19. Privacy policy on the application and use of Google AdSense

The controller has integrated Google AdSense on this website. Google AdSense is an online service that enables the mediation of advertising on third-party sites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party sites according to the content of the respective third-party site. Google AdSense permits interest-based targeting of Internet users, which is implemented by generating individual user profiles.

The operating company of the Google AdSense component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of the Google AdSense component is the integration of advertisements on our website. Google AdSense places a cookie on the data subject's information technology system. What cookies are has already been explained above. By setting the cookie, Alphabet Inc. is enabled to analyse the use of our website. Each time one of the individual pages of this website, which is operated by the controller and on which a Google AdSense component has been integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google AdSense component to transmit data to Alphabet Inc. for the purpose of online advertising and the settlement of commissions. As part of this technical process, Alphabet Inc. receives knowledge of personal data, such as the IP address of the data subject, which Alphabet Inc. uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Alphabet Inc. from placing a cookie on the information technology system of the data subject. In addition, a cookie that has already been set by Alphabet Inc. can be deleted at any time via the Internet browser or other software programs.

Google AdSense also uses so-called tracking pixels. A web beacon is a miniature graphic that is embedded in web pages to enable log file recording and log file analysis, which allows statistical analysis to be performed. On the basis of the embedded tracking pixel, Alphabet Inc. can identify whether and when a website has been opened by a data subject and which links have been clicked by the data subject. Web beacons are used, among other things, to evaluate the flow of visitors to a website.

Via Google AdSense, personal data and information, including the IP address and necessary for the collection and billing of the displayed advertisements, are transmitted to Alphabet Inc. in the United States of America. This personal data is stored and processed in the United States of America. Alphabet Inc. may pass on this personal data collected through the technical process to third parties.

Google AdSense is https://www.google.de/intl/de/adsense/start/ explained in more detail at this link.

20. Google DoubleClick

We continue to use the online marketing tool "DoubleClick" from "Google" (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) on the website. "DoubleClick" uses cookies to serve ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. With the help of cookies (cf. "Google" records which ads are displayed in which browser and can thus prevent them from being displayed multiple times. With the help of cookies, "Google" processes the information generated by your device about the use of our website and interactions with our website, as well as the data mentioned in the section "Use of our website", in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of displaying personalized advertisements. This allows "Google" and its partner sites to serve ads based on the previous visit to websites. In addition, "DoubleClick" can use cookies to record so-called conversions that are related to ad requests. For example, if a user sees a double-click ad and later uses the same browser to access the advertiser's website and make a purchase there. Through the integration of "DoubleClick", "Google" receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a "Google" service, "Google" can assign the visit to your account. Even if you are not registered with "Google" or have not logged in, there is a possibility that the provider will find out and store your IP address. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. a) GDPR. "Google" processes the data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view the certification of "Google" at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active . The storage period at "Google" is a maximum of twenty-four months. You can find more information about data protection and the storage period at "Google" at: https://policies.google.com/privacy.

You can revoke your consent to the processing at any time by moving back the slider in the "Advanced Settings" of the consent tool. In this case, the lawfulness of the processing carried out on the basis of the consent before the revocation is not affected by the revocation.

21. Bing Ads and/or online advertising service "Microsoft Ads"

On our website, we use the marketing functions of "Bing Ads" from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, hereinafter referred to as "Microsoft"). The online advertising service "Microsoft Ads" uses technologies such as "cookies", "tracking pixel" and "device fingerprinting" to serve ads that are relevant to users and to improve reports on the effectiveness of campaigns. This also involves processing information that is stored on users' end devices. With the help of "Microsoft Ads", users can be shown interest-based advertisements in relation to search results in search engines of "Bing" and "Yahoo". The advertisements may also refer to products and services that users have already viewed on our website. For this purpose, the interaction of users on our website is analysed beforehand, e.g. which offers users are interested in, in order to be able to display targeted advertising to users on other pages even after visiting our website. When users visit our website, "Microsoft Ads" stores a "cookie" on the user's device. With the help of "cookies" and "tracking pixels", "Microsoft" processes the information generated by users' end devices about the use of our website and interactions with our website, as well as access data, in particular the IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of displaying and analysing personalised advertisements. In addition, the online advertising service "Microsoft Ads" makes it possible to measure the reach of our advertisements and to enable the attribution of the success of an advertising medium. For this purpose, "ad server cookies" are used, which can be used to measure certain parameters for measuring reach, such as the display of ads, the duration of viewing or clicks by users. "Microsoft" processes the data in the USA and has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and thus offers a guarantee to comply with European data protection law. You can view the certification of "Microsoft" at https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK . The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a) GDPR. The storage period of the processing in the context of "Bing Ads" is thirteen months. For more information about data protection at Microsoft, see: https://privacy.microsoft.com/de-de/privacystatement and https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy.

You can revoke your consent to the processing at any time by moving back the slider in the "Advanced Settings" of the consent tool. In this case, the lawfulness of the processing carried out on the basis of the consent before the revocation is not affected by the revocation.

22. Facebook Pixel Privacy Policy

We use Facebook's Facebook pixel on our website. For this purpose, we have implemented a code on our website. This Facebook pixel is a snippet of JavaScript code that loads a collection of functions. Facebook can use these to track your user actions if you have come to our website via Facebook Ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to compare your user data, such as IP address, user ID, with the data of your Facebook account. This data will then be deleted.

The data collected in this process is anonymous and cannot be viewed by us. They are only used accordingly in the context of ad placement. If you are a Facebook user and logged in, your visit to our website will automatically be assigned to your Facebook user account.

Our goal is to show our services and products only to those people who are really interested in them. Therefore, with the help of Facebook pixels, we can better tailor our advertising measures to your wishes and interests, and so Facebook users - if they have allowed personalized advertising - are offered appropriate advertising. In addition, Facebook uses the collected data for analysis purposes and its own advertisements.

If you want to know more about Facebook's data processing, you can find the privacy policy at the following link: https://www.facebook.com/policy.php.

23. Legal basis for processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured in our company and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case, the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the purposes of a legitimate interest pursued by our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

24. Legitimate interests in the processing pursued by the Controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.

25. Duration for which the personal data will be stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.

26. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences of not providing the personal data would be.

27. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

 

Last updated: February 2024