Privacy Policy
With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The data protection declaration applies to all processing of personal data carried out by us, both in the context of [the provision of our services and in particular on our websites and within external online presences, such as our social media profiles (hereinafter collectively referred to as “online offer”).
1 Responsibility
Autobahn Security PTE. LTD.
160 Robinson Road #14-04
Email: marketing@stg.autobahn-security.com
2 Definition
This privacy policy is based on the terminology of the GDPR. For your convenience, we would like to explain some important terms in this context in more detail:
-
- Personal Data: Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
-
- Data subject: The data subject is any identified or identifiable natural person whose personal data are processed by the controller.
-
- Processing: Processing means any operation or set of operations which is performed on personal data or not sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
- Recipient: A recipient is a natural or legal person, public authority, agency or another body to
to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- Recipient: A recipient is a natural or legal person, public authority, agency or another body to
-
- Third Party: a third party is a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority to oft he controller or processor, are authorised to process personal data;
3 Data for the provision of the website and the creation of the log files
3.1 Scope of processing
To provide our website, we use storage space, computing capacity and software that we rent from a corresponding server provider (web host). These services also include the sending, receiving and storing of e-mails. In addition, when you visit our website, we automatically process data that your browser transmits to our server. This general data and information are stored in the server’s log files (in so-called “server log files”). The following data can be collected:
-
- IP address
-
- Date and time of the request
-
- Time zone difference from Greenwich Mean Time (GMT)
-
- Content of the request (concrete page)
-
- Access status/HTTP status code
-
- Data volume transferred in each case
-
- Website from which the request comes
Browser
- Website from which the request comes
-
- Operating system and its interface
-
- Language and version of the browser software
3.2 Purpose of processing
When using this data and information, we do not draw any conclusions about your person. The purposes pursued by us include in particular:
-
- Provision of our website
-
- Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems
-
- Content Delivery Network (CDN)
-
- Provision of contractual services
-
- Customer service
-
- Provision of e-mail communication
-
- Ensuring a smooth connection of the website,
-
- Investigation of acts of abuse or fraud,
-
- Problem analyses in the network, as well as
-
- Evaluation of system security and stability.
3.3 Legal basis
The legal basis for data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. We have an overriding legitimate interest in providing a website and being able to offer our services in a technically flawless manner.
3.4 Storage duration
The log files are stored for security reasons (e.g. for the clarification of abuse or fraud) for the duration of a maximum of 7 days and are deleted afterwards. Data whose further retention is required for evidentiary purposes will be retained pending final clarification of the matter.
3.5 Recipients of personal data
For the provision of our online offer, we use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Hubspot Inc, 25 First Street, Cambridge 02141, USA (webhost). The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
4 Use of cookies
4.1 General information
We use cookies and similar technologies (hereinafter “cookies”) on our website. These are files that your browser automatically creates and that are stored on your IT system when you visit our site. In the cookie, information is stored that arises in each case in connection with the specific end device used.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
When you visit our website or a sub-website for the first time and it contains cookies, you will be shown a cookie banner. There you will be informed about the individual cookies that we use. For each individual cookie, you can obtain information about the processing company, the purpose of the data processing and the storage period. In addition, you can allow us to use non-necessary cookies and reverse this decision there on again. If you have closed the cookie banner, you can open it again by clicking on the cookie icon at the bottom left.
In legal terms, a distinction must be made between necessary and technically non-necessary cookies.
4.2 Necessary cookies
We use necessary cookies. These are cookies that are technically necessary to provide all functions of our website. The legal basis for the data processing is according to Art. 6 (1) lit. f GDPR. We have an overriding legitimate interest in being able to offer our service in a technically flawless manner. The legal basis for the use of cookies vis-à-vis our contractual partners who make use of services contractually owed by us via our website is Art. 6 (1) lit. b GDPR, the provision of our contractual services.
4.3 Non-necessary cookies
We also use cookies that are non-necessary (e.g. performance, marketing and unclassified cookies). These are cookies that are technically non-necessary. We use them to understand your behaviour on our website and to improve our offer. The legal basis for the data processing is your consent according to Art. 6 (1) lit. a GDPR. The cookies are only set after you have given your consent via our cookie banner.
For more information about all cookies and third-party services that we use on our website, click here: https://autobahn-security.com/privacy-policy/.
5 Cookie banner
5.1 General information
In order to present you with the information regarding cookies in the form of the “privacy settings”, we use a cookie banner on our website. With our cookie banner, we inform you about the cookies we specifically use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-necessary cookies. Processed cookies may include:
-
- Usage data (e.g. web pages visited, time of access)
-
- Meta and communication data (e.g. IP address)
5.2 Purpose of the processing
We process your personal data for the following purposes:
-
- Informing the user about the cookies we use
-
- Enabling to consent to cookies that are non-necessary
5.3 Legal basis of the processing
The legal basis for the use of the cookie banner is Art. 6 (1) lit. f GDPR. We have an overriding legitimate interest in using the cookie banner, which allows us to obtain the legally required consent for the use of cookies that are non-necessary and to comply with our duty to provide information regarding cookies.
5.4 Storage duration
The cookie banner stores the preferences until you reset or customize them.
5.5 Recipients of personal data
On our website we use the cookie banner of the provider Cookieyes. The provider is Objectis Ltd Laisves st. 60, LT-05120 Vilnius, Lithuania. Cookie Script was carefully selected by us, commissioned in writing and is bound by our instructions.
6 Contact options
6.1 General information
You have the possibility to contact us by e-mail, telephone or other communication channels.
When contacting you and responding to your inquiry, we process the following personal data, including:
-
- Name
-
- Phone number
-
- Date and time of the request
-
- Further personal data that you provide to us in the course of contacting us
6.2 Purpose of the processing
We process your data to respond to your inquiry and other matters arising from it.
6.3 Legal basis
If your request is based in connection with pre-contractual measures or with an existing contract with us, the legal basis is the performance of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR.
If your request is made independently of contractual or pre-contractual measures, the legal basis for responding to your request pursuant to Art. 6 (1) lit. f GDPR is our overriding legitimate interest in answering your request and responding to the contact initiated by you.
6.4 Storage duration
We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected unless there are statutory retention obligations to retain them. With regard to contact inquiries that have not led to a contractual relationship, this is generally the case when the circumstances indicate that the specific matter has been conclusively resolved.
6.5 Recipients of personal data
The recipient of your data in this context is Hubspot Inc, 25 First Street, Cambridge 02141, USA. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
7 Management and Organisation
7.1 General information
We use services, platforms and software from other providers (hereinafter referred to as “third-party providers). When selecting the third-party providers and their services, we observe the legal requirements.
In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents.
If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and meta data for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
7.2 Purpose of the processing
The purposes for using the Hubspot calander function is for organizing, managing, planning and providing our services.
7.3 Legal basis
If your request is based in connection with pre-contractual measures or with an existing contract with us, the legal basis is the performance of the contract and the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b GDPR.
If your request is made independently of contractual or pre-contractual measures, the legal basis for responding to your request pursuant to Art. 6 (1) lit. f GDPR is our overriding legitimate interest in answering your request and responding to the contact initiated by you.
7.4 Recipients of personal data
The recipient of your data in this context is Hubspot Inc, 25 First Street, Cambridge 02141, USA. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
8 Chat function
8.1 General information
We offer live online chats as a communication option. A chat is an online conversation conducted with a certain degree of timeliness. When you use our chat functions, we may process your personal data.
If you use our chat services within an online platform, your identification number will also be stored within the respective platform. We may also collect information about which users interact with our chat services and when. Furthermore, we store the content of your conversations via the chat services and log registration and consent processes in order to be able to prove them according to legal requirements.
We would like to point out to users that the respective platform provider can find out that and when users communicate with our chat services as well as collect technical information about the device used by the users and, depending on the settings of their device, also location information (so-called metadata) for the purpose of optimizing the respective services and for security purposes. Likewise, the metadata of communication via chat services (i.e., e.g., information about who communicated with whom) may be used by the respective platform providers for marketing purposes or to display advertisements tailored to users in accordance with their terms and conditions, to which we refer for further information.
We use the aforementioned information to operate our chat services, e.g., to personally address users, to respond to their inquiries, to deliver any requested content, and also to improve our chat services (e.g., to “teach” chatbots answers to frequently asked questions or to recognize unanswered inquiries).
In this context, the following personal data are processed:
-
- Inventory data (e.g. names, addresses)
-
- Contact details (e.g. e-mail, telephone numbers)
-
- Content data (e.g. entries in online forms)
-
- Usage data (e.g. web pages visited, interest in content, access times)
-
- Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
8.2 Purposes of the processing
We process your data for contact requests and for communication; administration and response to requests.
8.3 Legal bases
The legal basis for processing within the scope of the chatbot functionalities is Art. 6(1) s. 1 lit. b GDPR for the provision of the service and the processing of your request to us. For the processing of your data for analysis and improvement, your consent according to Art. 6(1) s. 1 lit. a GDPR is the legal basis.
8.4 Recipients of personal data
The recipient of your data in this context is Hubspot Inc, 25 First Street, Cambridge 02141, USA. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
In addition to Hubspot, the other recipient of your data in this context is Slack Technologies LLC; belonging to Salesforce, 415 Mission St FL 3, San Francisco, California 94105-2533. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Salesforce is certified under the EU-U.S. Data Privacy Framework.
9 Advertising communication via e-mail, mail, fax or telephone
9.1 General information
We process personal data for the purposes of advertising communication, which may take place via various channels, such as e-mail, telephone, LinkedIn as ads, in accordance with legal requirements.
Types of data processed in this context are:
-
- Inventory data (e.g. names, addresses)
-
- Contact details (e.g. email, phone numbers).
9.2 Purposes of processing
The purpose of the processing is direct marketing (e.g. by e-mail or post). It includes advertising measures with tailored content that are explicitly directed at existing customers with the aim of persuading them to take a certain action (e.g. purchase, registration, contact).
9.3 Legal bases
The legal basis for the processing is our legitimate interests according to Art. 6 (1) lit. f GDPR to carry out direct marketing activities.. In principle, we have a legitimate interest in using your data that we have collected, for example, in the course of establishing a contractual relationship or presenting our platform with you, for such marketing purposes. The processing for LinkedIn serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Art. 6 (1) lit. f GDPR.
We regularly make further contact in order to find out whether there is interest in the product or an offer. In doing so, we will only contact you if you have consented to be contacted by us. The legal basis for the processing is Art. 6 (1) lit. a GDPR your prior explicit consent.
9.4 Recipients of personal data
The recipient of your data in this context is Hubspot Inc, 25 First Street, Cambridge 02141, USA. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
10 Blog
10.1 General information
In our blog , we publish various articles on topics related to our activities. You can read the blog without having to register. You can comment publicly on the blog posts. In connection with your comment, we process your username and email address provided with the post. When you post a comment, we continue to store your IP address, which we delete after one week.
To use the comment function you have to register with your email address and your name of your choice. There is no obligation to use a clear name, a pseudonymous use is possible. We need your email address in order to contact you if a third party objects to your comment as illegal.
10.2 Purpose of processing
-
- Provision of contractual services and customer service
-
- Feedback (e.g. collecting feedback via online form)
-
- Provision of our online offer and user friendliness
-
- Contact requests and communication; managing and responding to requests.
10.3 Legal bases
Legal bases for this processing are therefore Art. 6(1) s. 1 lit. b and f GDPR. When users leave comments or other posts, we store your IP address based on our legitimate interests. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves may be prosecuted for the comment or post and therefore need to know the identity of the author. We reserve the right, based on our legitimate interests, to process users’ details for the purpose of spam detection. The comments are not checked before publication. Furthermore, we reserve the right to delete comments if they are objected to by third parties as unlawful.
10.4 Recipients of personal data
The recipient of your data in this context is WordPress, Aut O’Mattic A8C Irland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Irland. The recipient was carefully selected by us, commissioned in writing and is bound by our instructions.
11 Free Trial (Registration and Log In to Autobahn Security Platform)
11.1 General information
Visitors to the website have the opportunity to register for the customer area of Autobahn Security Platform (“Platform”) in order to test it for 14 days (“Free Trial”). The required information is to be entered independently via an input mask of the registration. As part of the registration process, users are provided with the required mandatory information and this information is processed for the purposes of providing the user account. The processed data includes in particular the login information (user name and an e-mail address).
In the context of the use of our registration functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. In principle, this data is not passed on to third parties unless it is necessary for the prosecution of our claims or there is a legal obligation to do so.
Users may be informed by e-mail about events relevant to their user account, such as technical changes.
The following data is processed during this process:
-
- Inventory data (e.g. names, addresses)
-
- Contact details (e.g. e-mail, telephone numbers)
-
- Content data (e.g. entries in online forms)
-
- Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
11.2 Purpose of processing
The registration for the 14-day test phase serves the purpose of getting to know and testing for potential customers in the context of contract initiation. The log in to the customer area serves the purpose of providing contractual services. Security measures; administration and response to inquiries; provision of our online offer and user friendliness.
11.3 Legal bases
For the fulfilment of contractual services and for pre-contractual inquiries, the legal basis is Art. 6 (1) lit. b) GDPR. The legitimate interest pursuant to Art. 6 (1) lit. f) GDPR relates to the technical administration and security of the platform.
11.4 Storage duration
We generally store the data for the duration of the Free Trial. The Free Trial account can be closed at any time. Thereafter, we reserve the right to retain the data for 12 months legitimate business purposes. After the expiration of this period, however, the account including the personal data will be irrevocably deleted.
12 Our presences in social and professional networks
We maintain publicly accessible profiles on various social networks. Your visit to these profiles initiates a variety of data processing operations. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.
When you visit our profiles, your personal data is collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please refer to the following statements.
12.1 Facebook and Instagram
When you visit our Facebook/ Instagram page, certain information about you is processed. As the operator, we can only view the information stored in your public Facebook/Instagram profile (such as your profile picture or information you share on a Facebook profile or on a public Instagram profile), and only if you have such a profile and are logged into it while visiting our Facebook/Instagram page.
Meta provides us with anonymized statistics and insights for our Facebook/Instagram page that help us gain insights about the types of actions people take on our page (page insights). These Page Insights are created based on certain information about individuals who have visited our Page. This processing of personal data is carried out by Meta and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 (1) lit. f GDPR. We cannot assign the information obtained via Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have entered into a joint controller agreement with Meta, which sets out the distribution of data protection obligations between us and Meta. For details about the processing of personal data to create page insights and the agreement entered into between us and Meta, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to this data processing, you have the option of asserting your data subject rights (see “Your rights as a data subject”) against Meta as well. Further information on this can be found in Meta’s privacy policy at https://www.facebook.com/privacy/explanation. Meta offers the possibility to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.
Please note that according to the Meta Privacy Policy, user data is also processed in the USA or other third countries. Meta transfers user data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate guarantees in accordance with Art. 46 GDPR.
12.2 LinkedIn
When you visit our LinkedIn company profile, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research as well as for purposes of advertising, customer support, analysis and security. LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn) is the sole data controller for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are described in LinkedIn’s data policy at https://www.linkedin.com/legal/privacy-policy. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
In the case of direct messages to us or comments on our LinkedIn company profile or under our posts, we receive the message, the comments and your username.
When you visit our LinkedIn company profile, follow this page or engage with the page, LinkedIn processes personal data to provide us with statistics and insights in anonymized form. This provides us with insights into the types of actions that people take on our site (page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights.
This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have reached an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
-
- LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our provided contact details about exercising your rights in connection with the processing of personal data in the context of the Page Insigts. In such a case, we will forward your request to LinkedIn.
-
- LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
The processing of your personal data in connection with the operation of our LinkedIn company profile is carried out on the basis of a balancing of interests pursuant to Art. 6 (1) lit. f GDPR in order to offer you an up-to-date and supportive information and interaction option with and about us. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Art. 6 (1) lit. f GDPR.
Please note that according to the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission pursuant to Article 45 of the GDPR or on the basis of appropriate safeguards pursuant to Article 46 of the GDPR.
12.3 X (former Twitter)
When you visit our X profile or profiles on the X platform of Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX 07 Ireland (X), personal data from your X profile is processed. If you contact us via the X profile, for example by commenting on a tweet or writing us a message via X direct messages, we will process your data (e.g., your name and the communication content) to address your request. To the extent necessary, we also process your data to assert legal claims and defend ourselves in legal disputes and to prevent and investigate criminal offences. The processing is carried out on the basis of a balancing of interests in accordance with Art. 6(1) s. 1 lit. f GDPR in order to offer you a timely and supportive information and interaction option with and about us. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6(1) s. 1 lit. b GDPR.
In addition, X collects so-called usage data when you visit our X profile. This is, among other things, your IP address, the application used, information about your end device (including device ID and application ID), information of accessed websites, your location and your mobile provider. This data is assigned to your X profile.
X also uses certain data that they have collected from users of the X-Platform (e.g., “re-tweets”) to create aggregated usage statistics and make them available to the respective operators of the X-Profile (X-Analytics). We also receive aggregated usage statistics. The information we receive through X-Analytics does not allow any conclusions to be drawn about individual users. We ourselves do not have access to personal data that X processes for X-Analytics. X determines which data is processed for X-Analytics and how. We can neither legally nor actually influence the processing by X. X provides information on this in its privacy policy (X Privacy Policy) and on the possibility of viewing one’s own data at X (X Help Center).
This processing serves our legitimate interest to evaluate the types of actions taken on our X company profile and to improve our company profile based on these findings. The legal basis for this processing is therefore Art. 6(1) s. 1 lit. f GDPR.
Please note that under the X Privacy Policy, personal data may also be processed by X in the U.S. or other third countries.
13 Video platforms
13.1 YouTube Channel
We operate a “YouTube channel” to draw attention to our services and service offerings and to interact with our customers and visitors to the YouTube channel (users) . The operator of the video platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (YouTube). YouTube is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)).
If you contact us via our YouTube channel, e.g. by commenting on one of our videos, we process your data (e.g. your name and the communication content) in order to process your request. To the extent necessary, we process your data in addition to assert legal claims and defense in legal disputes. The legal basis for processing the data that we collect in connection with the use of our corporate presence is our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, in order to offer you an up-to-date and supportive information and interaction option with and about us, as well as to better present our services and service offerings. If the contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR.
When you visit our YouTube channel or other pages of the YouTube platform, Google collects usage data. In doing so, Google also uses certain data collected from users of the YouTube platform (e.g. which videos users watch) to create aggregated usage statistics and make them available to the respective operators of the YouTube channel (YouTube Analytics). We also receive such aggregated usage statistics. The information we receive through YouTube Analytics does not allow any conclusions to be drawn about individual users. We ourselves have no access to personal data that Google processes for YouTube Analytics. Google determines which data is processed for YouTube Analytics and how. Google provides information on this in the privacy policy at https://www.google.de/intl/de/policies/privacy.
The personal data is also transferred to the USA in the process. A adequacy decision of the Commission pursuant to Art. 45 (3) GDPR is available. To ensure an adequate level of data protection at the recipient of your personal data, we have concluded standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR with this recipient. For further information, please contact our data protection officer.
13.2 YouTube integration website
Our website uses plugins of the video platform YouTube to embed videos and play them directly on our website. The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)).
When you activate embedded videos on our website, a connection to YouTube’s servers is established and a data transmission starts. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your terminal device until you delete them. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button. For more information on the handling of user data, please refer to YouTube’s privacy policy.
The legal basis for this use is, according to Art. 6(1) s.1 lit. a GDPR, the voluntary and revocable consent given by you. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.
The integration of YouTube videos takes place in the so-called “extended data protection mode”, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes – regardless of whether you watch a video – a connection to the Google DoubleClick network.
The personal data is also transferred to the U.S. The European Commission has issued an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
14 Integration of third-party services and content
14.1 Google reCAPTCHA
We integrate the “reCAPTCHA” function to be able to recognize whether entries (e.g. in online forms) are made by humans and not by automatically acting machines (so-called “bots”).
14.2 Purpose of the processing
Processed data may include IP addresses, information about operating systems, devices or browsers used, language settings, location, mouse movements, keyboard strokes, time spent on web pages, previously visited web pages, interactions with ReCaptcha on other web pages, possibly cookies, and results of manual recognition processes (e.g. answering questions asked or selecting objects in images).
14.3 Legal basis
The legal basis for the use of Google reCAPTCHA is, according to Art. 6 (1) 1 lit. a GDPR, your voluntary and revocable consent. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.
14.4 Recipients of personal data
The recipient of your data in this context is our service provider and representative in the Union Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. The service provider was carefully selected by us, commissioned in writing and is bound by our instructions. The personal data is thereby transferred to the USA to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Guarantees have been agreed between the two companies in accordance with Art. 45 ff GDPR.
15 Application
15.1 General information
We also offer you the opportunity to apply for jobs and send us your application online or by mail.
As part of the application process, we process the following personal data:
-
- Master data (e.g. first and last name, address)
-
- Contact details (e.g. e-mail address, telephone number)
-
- Application data (e.g. cover letter, CV, certificates and other supporting documents)
15.2 Purpose of processing
The purpose of the processing is to carry out the application procedure.
15.3 Legal basis
The legal basis for the processing of personal data is the fulfilment of the contract and the implementation of pre-contractual measures according to Art. 6 (1) lit. b GDPR.
If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing pursuant to Art. 6 (1) lit. a GDPR.
15.4 Storage duration
If an employment relationship is established after completion of the application process, the personal data provided may be processed further. Otherwise, we generally retain the data for six months after the end of the application process. We then delete all personal data. Longer storage is possible if we include the personal data in our applicant pool after obtaining your consent.
15.5 Recipients of personal data
Your data will be passed on to the necessary extent to a service provider Personio within the scope of an order processing. The service provider was carefully selected by us, commissioned in writing and is bound by our instructions. The service provider is Personio SE & Co. KG Seidlstraße 3 80335 Munich. The data transmitted as part of your application will be transmitted via TLS encryption and stored in a database of Personio GmbH.
16 Auxiliary tool for organization
16.1 General information
We offer you the posibility to make an appointment via the calendar function. The following data will be processed:
-
- Inhaltsdaten (z.B. Eingaben in Onlineformularen)
-
- Nutzungsdaten (z.B. besuchte Webseiten, Interesse an Inhalten, Zugriffszeiten)
-
- Meta-, Kommunikations- und Verfahrensdaten (z. B. IP-Adressen, Zeitangaben, Identifikationsnummern, Einwilligungsstatus)
-
- Kontaktdaten (z.B. E-Mail, Telefonnummern)
16.2 Purpose of processing
We use services for the purposes of organizing, managing, planning and providing our services.
16.3 Legal basis
The legal basis is our legitimate interest according to Art. 6 (1) lit. f GDPR in the effective communication and organization of requests.
16.4 Recipients of personal data
Resipent of personal data is Hubspot Inc, 25 First Street, Cambridge 02141, USA. The personal data is thereby transferred to USA. There is an adequacy decision of the Commission pursuant to Art. 45(3) GDPR. The European Commission has adopted an adequacy decision pursuant to Art. 45(3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations located in the U.S. that are certified under the EU-U.S. Data Privacy Framework are permitted, accordingly. Hubspot is certified under the EU-U.S. Data Privacy Framework.
17 Transmission of personal data
When processing personal data, it may happen that the data is transferred to or disclosed to other bodies, companies, legally independent organizational units or persons. The recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
18 Deletion of data
The personal data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this personal data has ceased to apply or it is not necessary for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes. That is, the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.
Our data protection notices also contain further details on the retention and deletion of personal data that have priority for the respective processing operations.
19 Your rights
19.1 Right to confirmation by the data subject (Art. 15 GDPR)
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
19.2 Right of access by the data subject (Art. 15 GDPR)
You have the right to receive from us at any time free of charge information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
19.3 Right to rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
19.4 Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
19.5 Right to restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the legal requirements is met.
19.6 Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, when exercising your right to data portability pursuant to Article 20 (1) of the GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
19.7 Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of data processing in the public interest pursuant to Art. 6 (1) lit. e GDPR or on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In individual cases, we process personal data in order to conduct direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
19.8 Conditions for consent (Art. 7 (3) GDPR)
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. You can notify us of your revocation at any time via e-mail or post using our contact details above.
19.9 Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection. The supervisory authority responsible for us:
20 Actuality and changes of the privacy policy
This privacy policy is currently valid and has the following status: October/2023
If we further develop our website and our offers or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the latest version of the privacy policy at any time HERE.