'Personal data' means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
'processing' means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
'controller' means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
'recipient' means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients; the processing of such data by the aforementioned authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing;
1. person responsible for data processing
VON HELDEN UND GESTALTEN GmbH - Agency for strong ideas
Phone: +49 (0)711.38 96 76 50
2. CONTACT DATA OF THE COMPANY DATA PROTECTION OFFICER
Telephone: 0711 / 4605025-40
Fax: 0711 / 4605025-49
3. Legal Bases
We process personal data on the basis of at least one of the following legal bases:
- Consent of the data subject in the processing of personal data concerning him or her for one or more specific purposes (Art. 6 para. 1 p. 1 lit. a DS-GVO);
- Fulfillment of a contract with the data subject or to carry out pre-contractual measures at the data subject's request (Art. 6 para. 1 p. 1 lit. b DS-GVO);
- Fulfillment of a legal obligation to which we are subject (Art. 6 para. 1 p. 1 lit. c DS-GVO);
- Protecting vital interests of the data subject or another natural person (Art. 6 para. 1 p. 1 lit. d DS-GVO);
- Protecting our legitimate interests or those of a third party (Art. 6 para. 1 p. 1 lit. f DS-GVO).
4. Disclosure of data to recipients
We disclose personal data to recipients (processors or other third parties) only to the extent necessary and only under one of the following conditions:
- The data subject has consented to the disclosure;
- The disclosure serves to fulfill contractual obligations or pre-contractual measures at the instigation of the data subject;
- We are legally obliged to disclose the data;
- The disclosure is made on the basis of legitimate interests of us or a third party.
5. Third Countries
The transfer of personal data to a country or international organization outside the European Union (EU) or the European Economic Area (EEA) takes place subject to legal or contractual permissions only in accordance with the conditions set out in Art. 44 et seq. DS-GVO. This means that an adequacy decision by the EU Commission pursuant to Art. 45 DS-GVO exists for the country in question, appropriate data protection safeguards exist pursuant to Art. 46 DS-GVO or binding internal data protection regulations exist pursuant to Art. 47 DS-GVO. In individual cases, data transfer may be permitted on the basis of an exception in Art. 49 DS-GVO.
We may have integrated external services on our website whose providers are located in the USA. When these services are active, personal information is collected in connection with the provision of the respective service and may be transferred to servers in the USA and stored there. The European Court of Justice considers the USA to be a country with an insufficient level of data protection. When data is transferred to the USA, there is a fundamental risk that this data will be accessed by US authorities and used for control and monitoring purposes, without this being communicated and without there being any possibility of legal redress.
6. Data Subject Rights
As a data subject, you have the following rights:
- Pursuant to Art. 15 DS-GVO, you can request information about your personal data processed by us; furthermore, you can request information regarding the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the origin of your data if it has not been collected from you, the existence of automated decision-making including profiling and, if applicable. meaningful information about its details such as logic, scope and effects, the existence of a right to rectification or erasure of the data concerning you, the right to restrict processing or to object to such processing, the existence of a right to lodge a complaint with the supervisory authority; finally, you have a right to be informed whether personal data have been transferred to a third country or to an international organization and - if this is the case - about the appropriate safeguards in connection with the transfer;
- Pursuant to Art. 16 DS-GVO, you may request the immediate correction of inaccurate or the completion of your personal data stored by us;
- Pursuant to Art. 17 DS-GVO, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- Pursuant to Art. 18 DS-GVO, you may request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, you need the data no longer required by us for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DS-GVO, but it has not yet been determined whether our legitimate grounds for data processing override your interest;
- Pursuant to Art. 20 DS-GVO, you may request the transfer of your personal data that you have provided to us in a structured, common and machine-readable format or the transfer to another controller;
- Pursuant to Art. 21 DS-GVO, you may object to the processing of your personal data if there are grounds for doing so that arise from your particular situation or if the objection is directed against direct advertising and the legal basis for the processing of the personal data is legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DS-GVO;
- Pursuant to Art. 7 (3) DS-GVO, you may revoke your consent, once given, at any time vis-à-vis us. This has the consequence that we may no longer continue the data processing based on this consent for the future;
- Pursuant to Art. 77 DS-GVO, you may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. A list with contact details of the data protection officers in the federal states can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.
If you would like to assert the above data subject rights, you can contact us or our data protection officer at the above contact details at any time in this regard.
7. Deletion and Restriction of Personal Data
Unless otherwise regulated in this data protection declaration for the individual case, personal data will be deleted if this data is no longer necessary for the purposes for which it was collected or otherwise processed and the deletion does not conflict with any statutory retention obligations. We also delete the personal data processed by us in accordance with Art. 17 DS-GVO upon request if the conditions provided for therein are met. If personal data is required for other and legally permissible purposes, it will not be deleted, but its processing will be restricted in accordance with Art. 18 DS-GVO. In the case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for reasons of commercial or tax law. Thus, documents according to § 257 para. 1 nos. 2 and 3 HGB as well as § 147 para. 1 nos. 2, 3, 5 AO are kept for 6 years, documents according to § 257 para. 1 nos. 1 and 4 HGB as well as § 147 para. 1 nos. 1, 4, 4a AO for 10 years.
Cookies are used within the scope of our Internet offer. Cookies are small text files that your browser automatically creates and stores on your end device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.
Most browsers accept cookies automatically. However, if you do not wish this, you can configure your browser so that no cookies are stored on your end device or a message always appears before a new cookie is created. Information on removing cookies in Internet Explorer / Edge can be found at: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies. Information on how to remove cookies in Firefox can be found at: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectlocale=en-US&redirectslug=delete-cookies-remove-info-websites-stored. Learn how to remove cookies in Safari here: https://support.apple.com/en-gb/guide/safari/sfri11471/mac.
An overview of the cookies used on our website and the option to set your cookie preferences can be found here:
Individual Processing Operations
In order to provide our Internet offer, we use services of hosting companies, such as provision of web servers, storage space, database services, security services and maintenance services. In this context, we, or our hosting provider, process personal data of users of our Internet offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 sentence 1 lit. f DS-GVO.
2. Access Data and Log Files
When you access our website or the individual pages, information is automatically sent to the server of our website by the browser on your end device. This information is stored in so-called log files by us or our hosting provider and deleted after 7 days at the latest.
The following information is stored:
- IP address of the requesting computer in anonymized form,
- Date and time of access,
- Name and URL of the file accessed,
- Website from which the access was made (referrer URL),
- Browser used and, if applicable, the operating system of your computer
- Status codes and amount of data transferred
- Name of your access provider.
This data is processed for the following purposes:
- Provision of the Internet offer including all functions and contents.
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Ensuring system security and stability
- Anonymized statistical evaluation of accesses
- Optimization of the website
- Disclosure to law enforcement authorities if an illegal intervention/attack on our systems has occurred
other administrative purposes.
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interest follows from the purposes for data collection outlined above. In no case do we use the collected data for the purpose of drawing conclusions about a person.
3. General Contact
If you contact us using the contact data published on our website (e.g. by e-mail) and provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1) sentence 1 lit. b DS-GVO, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent pursuant to Art. 6 (1) p. 1 lit. a DS-GVO and/or in our legitimate interest in effectively processing the requests addressed to us pursuant to Art. 6 (1) p. 1 lit. f DS-GVO. The data remains with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
4. Contact Form
If you use the contact form, we need your e-mail address, name and, if necessary, other contact information so that we can get in personal contact with you. Further information can be provided voluntarily. Data processing for the purpose of contacting us and responding to your request is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO on the basis of your voluntarily given consent. All personal data collected in connection with the contact form will be deleted after your request has been dealt with, unless storage is required for the documentation of other processes (e.g. subsequent conclusion of a contract).
5. E-mail Direct Advertising to Customers
If you are a customer of ours and we have received your e-mail address in connection with the sale of a good or service, we may use your e-mail address for direct marketing of our own similar goods or services. This only applies if you have not objected and we clearly inform you of the possibility of objection when collecting the e-mail address and each time it is used. The legal basis for the processing is our legitimate interest in direct marketing according to Art. 6 (1) lit. f DS-GVO. We store the personal data until you object to the data processing.
6. Application Form
If you would like to apply to us, we ask you to provide your name, contact details and send us application documents so that we can review your application and contact you personally. Data processing for the purpose of processing your application is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DS-GVO on the basis of the consent you have given voluntarily. All personal data collected in connection with the application form will be stored for a period of 6 months after completion of the application process, taking into account the objection periods of the General Equal Treatment Act (AGG), and then deleted, unless storage is required for the documentation of other processes (e.g. subsequent hiring).
Statistics and Analysis
This website uses the open-source web analysis service Matomo.
Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.
Analysis without cookies
We have configured Matomo in such a way that Matomo will not store cookies in your browser.
We host Matomo exclusively on our own servers so that all analysis data remains with us and is not passed on.
2. Meta Pixel
We use the so-called 'Meta Pixel' within the scope of our internet offer. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for processing personal data of individuals in the EU. The use of this technology enables Facebook to assign visitors to our website to certain groups (e.g. visitors to our website or according to the areas of interest communicated by us to Facebook, so-called `Custom Audiences`) for the display of specific advertisements and thus to recognize them. This ensures that these users are only shown ads that are appropriate to their interests, thus avoiding harassment by inappropriate advertising. By using the Facebook pixel, we can also track the effectiveness of our Facebook ads for statistical purposes and track whether and how a user has used our offer after clicking on the ad.
For more information on the Facebook pixel and how it works, please visit https://www.facebook.com/business/help/651294705016616. The details of how Facebook processes the data obtained, as well as general information on Facebook ads, can be found in Facebook's data policy, available at URL https://www.facebook.com/about/privacy/update. You also have the option in your Facebook account under the heading 'Settings' to object to the collection of your data via the Facebook pixel and its use for the display of specific advertisements. You can find information on these settings at https://www.facebook.com/settings?tab=ads (login required).
The legal basis for the use of the Facebook Pixel is your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO. The legal basis for the transfer of personal data to the USA collected by the Facebook Pixel is also your voluntarily given consent according to Art. 49. para. 1 lit. a DS-GVO.
3. LinkedIn Insight Tag
4. Tiktok Analytics
Services of Google
The provider of the following Google services is Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter 'Google').
The information collected by Google in connection with the provision of the respective service may be transferred to Google servers in the USA and stored there. Please also refer to our information above on data transfer to third countries.
1. Google services for which your consent is required.
The legal basis for the use of the following Google services is your voluntarily given consent according to Art. 6 para. 1 p. 1 lit. a DS-GVO. The legal basis for data transfer to the USA is also your voluntarily given consent according to Art. 49. para. 1 lit. a DS-GVO.
1.1 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a user-ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
2. Other Google Services
The legal basis for the use of the following Google services are our legitimate interests according to Art. 6 para. 1 p. 1 lit. f DS-GVO. Our legitimate interests are listed below for each service individually.
2.1 Google Tag Manager
This website uses the Google Tag Manager for tag identification. We use this service in our legitimate interest in maintenance-free and efficient programming and use of HTML tags. Through this service, website tags can be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. Our legitimate interests in the use of Google Tag Manager are the efficient maintenance of our website and the central management of HTML elements.
Links to Social media profiles
1. Facebook plugins
We use functionalities of the social network Facebook on our website. Facebook allows participants of the social network to communicate and interact, to exchange opinions and experiences or to publish information. The provider of the platform is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for processing personal data of individuals in the EU.
Facebook has joined the EU/US Privacy Shield agreement, has committed to comply with European data protection standards and thus meets the EU requirements for legitimizing the transfer of personal data to the USA. Information on Facebook's voluntary commitment can be found at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Information about the collection, processing and use of personal data by Facebook can be found in the data policy available at https://www.facebook.com/about/privacy/update. There, you will also find setting options for protecting your privacy as well as methods for preventing the transfer of data to Facebook. An overview of the available Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE.
2 Xing Share Button
Our website uses the "XING Share Button". The provider is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter "Xing"). The plugin is recognizable by the XING logo or the Share button. The current data protection information on the "XING Share button" and supplementary information can be found on this website: https://www.xing.com/privacy.
Within the scope of our Internet offering, we sometimes use third-party content that is loaded directly from servers of the providers named in detail below. The purpose of integrating this content is to make our Internet offering more attractive. Our legitimate interest in the use of such third-party content also lies in the purpose of making our website more attractive. The legal basis for the use of the following social media plugins are our legitimate interests according to Art. 6 para. 1 lit. f DSGVO.
1. Spotify Plugin
Our website uses the Spotify plugin. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden (hereinafter "Spotify"). Spotify is used for the integration of audio material on this website. The plugins are recognizable by the Spotify logo. The content of the plugins is transmitted by Spotify directly to your browser, which then integrates it into the website. If you have a user account with Spotify and are logged in to Spotify at the time of accessing the website, you can play the audio material provided by clicking the Spotify Play button. When you access this website, the Spotify plugin establishes a direct connection between your browser and Spotify's servers. In this context, your IP address is recorded, which of our web pages you have visited, and possibly other data that Spotify can determine in connection with the connection. If you have a Spotify account logged in, it is also possible for Spotify to assign the website visit to your Spotify account. The collected personal data is stored on Spotify's servers. The legal basis is our legitimate interest and that of the users according to Art. 6 (1) lit. f DSGVO in providing the audio material from Spotify for a better user experience on our website.
Our website uses media content from the YouTube platform. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). The purpose is to display content from the YouTube platform as part of our Internet offering. This service collects your IP address and possibly other data required by Google for YouTube. The information generated about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Google. If you are logged into YouTube at the same time, Google can assign the visit to the page of our website directly to your user account there. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.
Google has joined the EU/US Privacy Shield agreement, has committed itself to complying with European data protection standards and thus meets the EU requirements for legitimizing the transfer of personal data to the USA. Information on Google's voluntary commitment can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
3. Adobe Typekit