Data protection
Privacy policy
1. Data protection at a glance
General information
The following information gives a simple overview of what happens to your personal data when you visit this website. Personal data is defined as any data that can be used to identify you personally. For more detailed information on data protection, please see our privacy policy indicated below.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the webmaster. You can find their contact details in the “Information on the controller” section of this privacy policy.
How do we record your data?
We record the data you share with us: For example, this may be data you enter on a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter the website.
What do we use your data for?
Some of the data is recorded to ensure that the website is error-free. Other data may be used to analyze your user behavior.
What rights do you have with regard to your data?
You are entitled to receive information on the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You are also entitled to request the processing of your personal data to be restricted under certain circumstances. Moreover, you have the right to lodge a complaint with the competent supervisory authority.
You can contact us at any time if you have any further questions on the subject of data protection.
Analysis tools and tools provided by third parties
When you visit this website, your browsing behavior may be statistically analyzed. This process is mainly carried out with the use of cookies and analysis programs.
Detailed information on these analysis programs can be found in the following privacy policy.
2. Hosting und Content Delivery Networks (CDN)
We host the content of our website with the following provider:
Hetzner
The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as Hetzner).
For details, please check out Hetzner’s privacy policy at: https://www.hetzner.com/de/legal/privacy-policy/.
The use of Hetzner is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the integrity of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para.1 TDDDG (Telecommunications Digital Services Data Protection Act – German cookie legislation), insofar as such consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contractual agreement prescribed by data protection law, which ensures that the personal data of our website visitors is processed solely in accordance with our instructions and in compliance with the GDPR.
Cloudflare
We use the services of Cloudflare, details: Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as Cloudflare).
Cloudflare offers a Content Delivery Network with DNS that is available worldwide. The information transfer between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyze the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious online data traffic. Cloudflare may also use cookies or other technologies to recognize Internet users, but these are used solely for the purposes indicated herein. The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details and further information on security and data protection at Cloudflare, see: https://www.cloudflare.com/privacypolicy/.
The company is certified in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards.
Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5666.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contractual agreement prescribed by data protection law to ensure that the personal data of visitors to our website is processed solely in accordance with our instructions and in compliance with the GDPR.
3. General and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and the present privacy policy.
When you visit this website, a variety of personal data may be collected. Personal data is defined as data that can be used to identify you personally. This privacy policy explains what data we record and for what we use it. It also explains how and for what purpose this is carried out.
We would point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Data processing controller
The controller responsible for data processing on this website is:
OeTTINGER Brauerei GmbH
Brauhausstraße 8
86732 Oettingen i. Bayern
Germany
Tel.: +49 (0) 9082 708-0
Email: mail@oettinger-beverages.de
The controller is the natural or legal entity who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).
Retention period
Unless otherwise specified in the present privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you lodge a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law): In the latter case, deletion shall take place when such reasons no longer apply.
General information on the legal basis for data processing on this website
If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, insofar as special categories of data are processed in accordance with Art. 9 para. 1 GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 para. 1 lit. a GDPR. If you have consented to the storage of cookies or to access the information in your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. Consent may be revoked at any time. If your data is required to fulfill the contract or to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b GDPR. Furthermore, we process your data if this is necessary to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR. Data processing may also be carried out on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Information on the relevant legal bases relating to each individual case is provided in the following paragraphs of the present privacy policy document.
Data Protection Officer
We have appointed a Data Protection Officer:
Kutzschbach Electronic GmbH & Co. KG
Markham Str. 15
86720 Nördlingen
Germany
Tel.: +49 9081 2503-450
Email: datenschutz@oettinger-getraenke.de
Recipients of personal data
As part of our business activities, we work together with various external parties. In some cases, it is also necessary to transfer personal data to these external parties. We pass on personal data to external parties solely if this is necessary in the context of fulfilling a contract, or if we are legally obliged to do so (e.g. passing on data to tax authorities), or if we have a legitimate interest in passing on data in accordance with Art. 6 para. 1 lit. f GDPR, or if another legal basis permits the passing on of data. When using external processors, we pass on our customers’ personal data solely on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement shall be concluded.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out prior to revocation shall remain unaffected by the revocation.
Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)
WHERE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION: THIS SHALL APPLY ALSO TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS CARRIED OUT IS INDICATED IN THE PRESENT PRIVACY POLICY. SHOULD YOU OBJECT, WE WILL NO LONGER PROCESS THE AFFECTED PERSONAL DATA UNLESS WE CAN PRESENT COMPELLING LEGITIMATE GROUNDS FOR PROCESSING SUCH DATA THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF SUCH PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR). WHERE YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, YOU ARE ENTITLED AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to lodge a complaint with the competent authority
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a competent authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint shall be without prejudice to other administrative or judicial remedies.
Right to data portability
You shall be entitled to have data that we process automatically pursuant to your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request direct transmission of such data to another controller, this shall be carried out solely to the extent that it is technically feasible.
Information, correction and deletion
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient(s) and the purpose of the data processing and, if necessary, you shall be entitled to have such data corrected or deleted. You can contact us at any time if you have further questions on the subject of personal data.
Right to restrict processing
You have the right to request restriction of the processing of your personal data. You can contact us at any time to do this. The right to restrict processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted;
If the processing of your personal data was/is unlawful, you can request restriction of data processing instead of deletion;
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have lodged an objection pursuant to Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. You are entitled to request processing of your personal data to be restricted during the period in which it has not yet been determined whose interests shall prevail.
If you have restricted processing of your personal data, with the exception of its storage, such data may be processed solely with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal entity or for reasons of important public interest pertaining to the European Union or a member state.
SSL and/or TLS encryption
This site uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Objection to marketing emails
We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purposes of sending unsolicited marketing and information material. The operators of the present website expressly reserve the right to take legal action in the event of the unsolicited sending of marketing information, such as spam emails.
4. Data recording on the present website
Cookies
Our website uses what are referred to as cookies. These are small data packets that do not cause any damage to your end device. They are stored on your device, either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first party cookies) or from third party companies (third party cookies). Third party cookies enable the integration of certain services from third party companies or organizations within websites (e.g. cookies for payment processing services).
Cookies have a variety of functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior patterns or for marketing purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience; necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless a different legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out solely on the basis of such consent (Art. 6 para. 1 lit. a GDPR and Section 25 para.1 TDDDG): consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited. You can find details on the cookies and services used on this website in the privacy policy.
Borlabs cookie consent
Our website uses Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser, in which the consent you have given or revocation of such consent is stored. This data is not passed on to the provider of Borlabs cookies.
The data collected will be stored until you ask us to delete it or until you delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory or statutory retention periods remain unaffected. Details on data processing by Borlabs cookie can be found under: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Server log files
The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. The information comprises:
Browser type and version
Operating system
Referrer URL
Host name of the accessing computer
Time of server request
IP address
This data is not merged with other data sources. The data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files must be recorded for this purpose.
Contact form
If you send us inquiries via the contact form, the details you give on the inquiry form, including your contact details, will be stored by us for the purposes of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.
If your request relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, the data is processed pursuant to the provisions of Art. 6 para. 1 lit. b GDPR. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested: consent can be revoked at any time.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or if the purpose for its storage no longer applies (e.g. after fulfilling your request). Mandatory or statutory provisions – in particular retention periods – shall remain unaffected.
Email, telephone or fax inquiries
If you contact us by email, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purposes of processing your request. We will not pass on this data without your consent.
If your request relates to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, the data is processed pursuant to the provisions of Art. 6 para. 1 lit. b GDPR. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested: Consent can be revoked at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or if the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory and statutory provisions – in particular statutory retention periods – shall remain unaffected.
Registering on this website
You can register on this website in order to use additional functions it offers. We will only use the data you enter for the purposes of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full, failing which your registration will be rejected.
In the event of major changes, for example to the scope of the offer or in the event of technically necessary changes, we will notify you of such changes using the email address you provided when registering.
The data entered during registration is processed for the purpose of implementing the user relationship established by such registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Statutory retention periods shall remain unaffected.
5. Social media
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. A connection to LinkedIn servers is established each time you access a page that contains elements of LinkedIn on this website. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para.1 TDDDG. Consent may be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, visit: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de
More information on this can be found in the privacy policy declaration of LinkedIn under: https://www.linkedin.com/legal/privacy-policy.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.
This website uses elements of the XING network. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. A connection to XING servers is established each time one of our website pages containing XING elements is accessed. As far as we are aware, no personal data is stored in the process. In particular, no IP addresses are stored, nor are usage behavior patterns analyzed.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para.1 TDDDG. Consent may be revoked at any time.
Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.
6. Analysis tools and marketing
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, nor does it store any cookies or carry out any independent analyses. It is only used to manage and display the tools integrated via its use. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out solely according to the provisions of Art. 6 para. 1 lit. a GDPR and Section 25 para.1 TDDDG, insofar as consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.
Google Analytics
This website uses functions of the Google Analytics web analysis service. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user’s end device. It is not assigned to a user ID. We can also use Google Analytics to record, among other aspects, your mouse and scroll movements as well as your clicks. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.
Google Analytics uses technologies that enable user recognition for the purposes of analyzing user behavior patterns (e.g. cookies or device fingerprinting). The information collected by Google on the use of this website is generally transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent in accordance with the provisions of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details under: https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under: https://www.dataprivacyframework.gov/participant/5780.
IP anonymization
We have activated Google Analytics IP anonymization on this website. As a result, your IP address will be abbreviated by Google within member states of the European Union or in other contracting states that have ratified the Convention on the European Economic Area prior to being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website for the purposes of analyzing your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available here: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data and for Google’s privacy policy, visit: https://support.google.com/analytics/answer/6004245?hl=de.
Data processing agreement
We have concluded a data processing agreement with Google and fully implement the stringent requirements of the German data protection authorities when using Google Analytics.
Google Ads
The website operator uses Google ads. This is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display ads in the Google search engine or on third party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted ads can be displayed based on user data available at Google (e.g. location data and interests; target group targeting). As the website operator, we can evaluate this data quantitatively, for example, by analyzing which search terms led to the display of our ads and how many ads led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, visit: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under: https://www.dataprivacyframework.gov/participant/5780.
Google conversion tracking
This website uses Google conversion tracking. The provider is Google Ireland Limited (Google), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes. The use of this service is based on your consent in accordance with the provisions of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be revoked at any time.
For more information on Google conversion tracking and Google’s privacy policy, visit: https://policies.google.com/privacy?hl=de.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under: https://www.dataprivacyframework.gov/participant/5780.
7. Plugins and tools
Zendesk
We use the CRM system Zendesk to process user inquiries. The provider is Zendesk, Inc, 1019 Market Street in San Francisco, CA 94103 USA.
We use Zendesk to process your inquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can only send inquiries by entering your email address and without providing your name.
The messages sent to us will remain with us until you ask us to delete them or until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory and statutory provisions – in particular retention periods – shall remain unaffected.
Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish Data Protection Authority. These are binding corporate rules that legitimize the internal transfer of data to third countries outside the EU and the EEA. For details, visit: https://www.zendesk.de/blog/update-privacy-shield-invalidation-european-court-justice/.
If you do not agree to us processing your request via Zendesk, you have the option of communicating with us by email, telephone or fax.
For further information and Zendesk’s privacy policy, visit: https://www.zendesk.de/company/customers-partners/privacy-policy/.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under: https://www.dataprivacyframework.gov/participant/5304.
Data processing agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
8. Audio and video conferencing
Data processing
Among other tools, we use online conferencing to communicate with our customers. The individual tools we use are listed below. If you communicate with us online by video or audio conference, your personal data will be recorded and processed by us and the provider of the respective conference tool.
Conferencing tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). Conference tools also process the duration of the conference, participation start and end times, number of participants and other contextual information relating to the communication process (metadata). In addition, the provider of the tool processes all the technical data required to process the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or provided in any other way within the tool, it is also stored on the tool provider’s servers. Such content includes, specifically, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by such conference tools can be found in the privacy policies of the tools used, which we have listed below.
Purpose and legal basis
Conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Moreover, the use of these tools serves the general simplification and acceleration of communication with us and our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). If consent has been requested, the tools in question are used on the basis of this consent, which may be revoked at any time with effect for the future.
Data retention period
The data collected directly by us via video and conference tools will be deleted from our systems as soon as you ask us to delete it, or revoke your consent to storage, or when the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory or statutory retention periods shall remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.
Conference tools used
We use the following conference tools:
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Details on data processing can be found in the Microsoft Teams privacy policy under: https://privacy.microsoft.com/de-de/privacystatement.
The company is certified in accordance with the EU-US Data Privacy Framework, (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider under: https://www.dataprivacyframework.gov/participant/5780.
Data processing agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
9. Own services
Handling of applicant data
We offer you the opportunity to apply to us (e.g. by email, post or via the online application form). You will find information on the scope, purpose and use of any personal data recorded during the application process below. We assure you that your data will be recorded, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary for the decision on initiation of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. Consent may be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.
Data retention period
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to archive the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. Retention serves, in particular, as evidence in the event of a legal dispute. If it is apparent that the data will be required on expiry of a 6-month period, (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
Retention for a longer period may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the applicant pool
If we do not make you a job offer, you may have the opportunity to join our applicant pool. If you are accepted, all documents and information from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool takes place solely on the basis of your express consent (Art. 6 para. 1 lit. a GDPR). Giving consent is voluntary and is not related to the current application process. The data subject may withdraw consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.
10. Video monitoring
Further information