Privacy Policy
General information on data processing
In this Privacy Policy, we inform you about which personal data we process during your visit to our website and what rights you have. For the terminology used, we refer to the definitions stipulated in Art. 4 of the General Data Protection Regulation (GDPR).
Personal data means any information relating to an identified or identifiable natural person. Examples of this include your name, your address and communication data and your e-mail address.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject means any identifiable natural person whose personal data are processed by the person responsible for the processing (controller).
Controller or “person responsible for the processing” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
User comprises all categories of data processing of data subjects. These include our business partners and other visitors to our website.
1. Name and address of the controller
Stabilus GmbH
Wallersheimer Weg 100
DE – 56070 Koblenz
Tel: +49 (0)261 – 8900-0
E-Mail: info@stabilus.com
2. Data protection officer
Stabilus GmbH has appointed a data protection officer. You can reach this person at the e-mail address datenschutz@stabilus.com or via our postal address by adding “Data Protection Officer”.
3. Duration of storage
Unless a specific storage period has been specified in this Privacy Policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally admissible reasons for storing your personal data (e.g., statutory retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons cease to apply.
4. General notes on the legal basis for data processing on this website
Insofar as you have consented to the data processing, we process your personal data on the basis of Art. 6 (1)(a) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 (1)(a) GDPR. Insofar as you have consented to the storage of cookies or access to information in your terminal device (e.g., device fingerprinting), these data are additionally processed on the basis of Section 25 (1) German Telecommunications-Telemedia Data Protection Act (TDDDG). This consent can be withdrawn at any time. If your data are required for the performance of a contract or in order to take steps prior to entering into a contract, we process your data on the basis of Art. 6 (1)(b) GDPR. Furthermore, insofar as this is necessary for the fulfillment of a legal obligation, we process your data on the basis of Art. 6 (1)(c) GDPR. Data processing may further take place on the basis of our legitimate interest pursuant to Art. 6 (1)(f) GDPR. In the following paragraphs of this Privacy Policy, we will inform you about the relevant legal basis governing each individual case.
5. Note on the transfer of data to the USA and other third countries
Among others, we use tools from companies located in the USA or other third countries that are not secure in terms of data protection laws. When these tools are enabled, your personal data may be transferred to these third countries and processed there. We must point out that the level of data protection comparable to that afforded in the EU cannot be guaranteed in these countries. For example, U.S. companies are required to personal data to disclose to the security authorities without you, as the data subject, being able to undertake legal action against this. It can therefore not be ruled out that your data located on U.S. servers for monitoring purposes will be processed, analyzed and permanently stored by U.S. agencies (e.g., intelligence services). We cannot influence these processing activities. Many data processing operations are not possible without your explicit consent. It is possible at any time to revoke consent you may have already granted. The lawfulness of the data processing conducted until its withdrawal remains unaffected by the revocation.
6. Our website hosting
We host our website at Interactive Network GmbH, Neue Mainzer Str. 75, 60311 Frankfurt am Main, Germany. The use of the service provider takes place on the basis of Art. 6 (1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. We have entered into a contract for order processing with Interactive Network GmbH. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
7. Processing of personal data
7.1. Visiting our website
7.1.1. Scope of data processing
For technical reasons, your browser will transfer certain types of data to our web server when you visit our website. This involves the following data (called server log files):
-
IP address
-
Date and time of query
-
Time zone difference to Greenwich Mean Time (GMT)
-
Contents of the request (concrete page)
-
Operating system and its access status / HTTP status code
-
Data volume transmitted
-
Website from which the request is being made (referrer URL)
-
Browser, language and version of the browser software
These data are not stored together with other personal data of the users.
7.1.2. Purpose of data processing
The temporary storage of the user’s IP address by our web server is technically necessary in order to be able to access the website. For this purpose, it is mandatory that your IP address remain stored for the duration of the session.
The aforementioned data are stored in log files in order to ensure the functionality of our website. These data help us optimize our website and safeguard the security of our information technology systems (e.g., for attack detection). No analysis of the data for marketing purposes takes place in this context.
7.1.3. Legal basis for processing
Art. 6(1)(f) GDPR shall form the legal basis for the temporary storage of these data and log files. Our legitimate interest consists of the technically faultless presentation and optimization of our website – the server log files must be collected for this purpose.
7.1.4. Duration of storage
The aforementioned are deleted as soon as they are no longer required to achieve the intended purpose of their collection. Whenever the data are collected for the provision of the website, this is the case when the respective session has ended. We store the data stored in these log files for up to 12 months. Storage beyond this is possible if required due to a legitimate interest (e.g., to investigate attacks, misuse or fraudulent acts). Data that is required to be stored for evidential purposes shall be excluded from deletion until final clarification of the respective incident.
7.1.5. Appeal and disposal option
The collection of data for the provision of the website and its storage in log files is absolutely necessary for technical reasons in order for us to operate our website. Consequently, you have no appeal option.
7.2. Contact form
7.2.1. Scope of data processing
Our website provides a form under the menu item “Contact” for you to submit inquiries. Under the menu item “Stabilus Suppliers”, a separate form is available for suppliers to submit short applications.
When you use the forms to send us inquiries, we collect data on your company, name, function, address, communication details (including your e-mail address) as well as information on your matter of concern. Mandatory fields are marked accordingly. Registered partners and suppliers can log in via their username and password. These are assigned to the data we store.
We use the other data processed during the sending process (e.g., IP address, date, time) to prevent misuse of the form and ensure the security of our information technology systems.
7.2.2. Purpose of data processing
If you send us inquiries via our contact form, we process your personal data to answer your inquiry and handle your matter of concern. We store your data in the event that follow-up questions arise.
7.2.3. Legal basis for data processing
Insofar as your request is related to the performance of a contract or is necessary in order to take steps prior to entering into a contract (e.g., offer), the processing takes place on the basis of Art. 6 (1)(b) GDPR. In all other cases, the processing takes place on the basis of our legitimate interest in effective handling of the inquiries directed to us (Art. 6 (1)(f) GDPR).
7.2.4. Recipients of data processing
When you contact us, your personal data will be processed by our internal centers responsible for your matter of concern. In this connection, no data shall be disseminated to third parties. The data will be used exclusively for processing the conversation and for handling your matter of concern.
7.2.5. Duration of storage
The data transmitted to us are deleted as soon as they are no longer required to achieve the intended purpose of their collection. This is the case when the respective conversation with the user has ended and the circumstances show that the matter in question has been resolved conclusively. If the inquiry is submitted in the context of a contractual relationship or for steps prior to entering into a contract, we store the collected data in accordance with the statutory retention periods for a period of ten years.
7.2.6. Appeal and disposal option; right to withdraw
You have the option to withdraw your consent to the processing of your personal data at any time. In such a case, the conversation cannot be continued. Please direct your revocation to info@stabilus.com. All personal data stored in the course of establishing the contact shall be deleted in such a case, insofar as no statutory record retention periods apply.
Although there is no statutory or contractual obligation for you to provide your data, it would not be possible to process your request without provision of this information.
7.3. Inquiries by e-mail or phone
7.3.1. Scope of data processing
If you contact us via the e-mail addresses provided or by phone, we process the data transmitted with your matter of concern. This involves the name details, phone number, e-mail address and the message text.
7.3.2. Purpose of data processing
If you contact us by e-mail or phone, we process your personal data to answer your inquiry and handle your matter of concern. We store your data in the event that follow-up questions arise.
7.3.3. Legal basis for data processing
Insofar as your matter of concern is related to the performance of a contract or is necessary in order to take steps prior to entering into a contract (e.g., offer), the processing takes place on the basis of Art. 6 (1)(b) GDPR. In all other cases, the processing takes place on the basis of our legitimate interest in effective handling of the inquiries directed to us (Art. 6 (1)(f) GDPR).
7.3.4. Recipients of data processing
When you contact us, your personal data will be processed by our internal centers responsible for your matter of concern. In this connection, no data shall be disseminated to third parties. The data will be used exclusively for processing the conversation and for handling your matter of concern.
7.3.5. Duration of storage
The data transmitted to us are deleted as soon as they are no longer required to achieve the intended purpose of their collection. This is the case when the respective conversation with the user has ended and the circumstances show that the matter in question has been resolved conclusively. If the inquiry is submitted in the context of a contractual relationship or for steps prior to entering into a contract, we store the collected data in accordance with the statutory retention periods for up to a period of ten years.
7.3.6. Appeal and disposal option; right to withdraw
You have the option to withdraw your consent to the processing of your personal data at any time. In such a case, the conversation cannot be continued. Please direct your revocation to info@stabilus.com. All personal data stored in the course of establishing the contact shall be deleted in such a case, insofar as no statutory record retention periods apply.
Although there is no statutory or contractual obligation for you to provide your data, it would not be possible to process your request without provision of this information.
7.4. Newsletter
7.4.1. Scope of data processing
Under the menu item “Investor Relations” > “IR Newsletter” you can register for our newsletter. If you would like to subscribe to this, we need an e-mail address and information from you that allows us to verify that you are the owner of the e-mail address entered and that you agree to receiving the newsletter. On a voluntary basis, you may provide us with name details, company data, address data, phone number and your relationship with Stabilus.
7.4.2. Purpose of data processing
We process your data for the purpose of newsletter distribution to keep you regularly informed by e-mail about the economic development of Stabilus.
7.4.3. Legal basis for data processing
The data entered in the newsletter registration form is exclusively processed on the basis of your consent (Art. 6 (1)(a) GDPR).
You can revoke your consent to the storage of data, e-mail address and their use for the purpose of newsletter distribution at any time, e.g., via the “Unsubscribe” link in the newsletter. The lawfulness of any previously carried out data processing operations remains unaffected by the revocation.
7.4.4. Recipients of data processing
The recipient of your data is our internal center responsible for Investor Relations.
For newsletter administration and distribution, we use a mailing application of EQS Group AG, Karlstraße 47, D-80333 Munich, Germany www.eqs.com. We have entered into an order processing contract on the use of the aforementioned service. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
7.4.5. Duration of storage
We will store the data we filed on you for the purpose of your newsletter subscription for as long as you wish to receive the newsletter. When you unsubscribe from the newsletter, we delete your data. Data stored by us for any other purpose shall remain unaffected by this.
7.4.6. Appeal and disposal option
You can unsubscribe to the newsletter at any time. An unsubscribe link is provided in each newsletter for this purpose.
7.5. Job applications
7.5.1. Scope of data processing
If you are interested in working at Stabilus, go to the menu item “Stabilus Careers” to look for jobs we are offering.
You can apply for these jobs online by entering the requested information in the dedicated query dialogues. Required information is labeled accordingly. As part of the application procedure, we process the following data categories: Personal details (form of address, title, first name, last name, presence of a severe disability or equal opportunity mandate), contact details (e-mail address, phone number), availability (term of notice), documents (resume/CV, cover letter, other attachments such as references or certificates).
You can also proactively submit a speculative application by e-mail. In this case, we process the personal data you provide us in order to process your application.
7.5.2. Purpose of data processing
We process your personal data in order to conduct the application procedure and to make a decision to justify any employment relationship, especially during the process of selecting suitable candidates as well as for the administrative conduct of the application procedures.
7.5.3. Legal basis for data processing
Art. 6 (1)(b) GDPR. in conjunction with Section 26 (1) of the German Federal Data Protection Act (BDSG). forms the legal basis for the processing of your personal data during the application procedure.
7.5.4. Recipients of data processing
Recipients of your personal data are our HR department, the department responsible for the job advertisement and the workers' council within the scope of its rights of co-determination pursuant to Section 99 (1) German Works Constitution Act (BetrVG).
For the operation, maintenance and hosting of our job applicant management system, we use the service provider Concludis GmbH, Frankfurter Straße 561, 51145 Cologne, Germany. They also have access to the data. We have entered into an order processing contract with them. This involves a contract mandated by data protection laws that guarantees that the service provider only process the personal data from the application procedure based on our instructions and in compliance with GDPR.
In general, the only persons who have access to your data are those who require them for the proper conduct of the application procedures.
We do not disclose your personal data to third parties, unless you have explicitly consented to this data disclosure or we are obliged to disclose data based on statutory provisions and/or official or court orders.
No data transfer to a third country or any international organization takes place.
7.5.5. Duration of storage
If your application does not result in employment, we shall delete your personal data, giving consideration to the period for filing an action pursuant to the German General Act on Equal Treatment (AGG) at the latest within 6 months after the end of the application procedure (e.g., after announcement of our decision to reject your application). This is done unless you have granted us consent pursuant to Art. 6 (1)(a) GDPR to store your personal data for a longer period in order for us to be able to consider you for new job offers, if appropriate. In this case, we will request separate consent from you pursuant to Art. 6 (1)(a) GDPR.
If your job application was successful and you enter into an employment contract with us, we file your application documents in our personnel management system and in your personnel file for onboarding the employment relationship as far as necessary on the basis of Art. 6 (1)(b) GDPR and Section 26 (1) BDSG. In this case, your application documents will not be deleted until your employment relationship has terminated and another three years have elapsed since the end of that year.
7.5.6. Automated decision-making
We do not use automated decision-making.
7.5.7. Obligation to provide data
Personal data must be provided so that we can decide whether to establish an employment relationship. If you do not provide us with this data, we cannot conduct the application procedure.
7.5.8. Appeal and disposal option
Upon request, you can have us renew or delete the personal data you have provided to us at any time. For this purpose, please send an e-mail to info@stabilus.com. This is not relevant if you have applied to us for a specific position within an ongoing application procedure. In this case, we store the information you provided to us for this position until the statutory period for filing an action has expired (specifically Section 15 AGG).
8. Cookies
8.1. Scope of data processing
Our website uses “cookies”. Cookies are small text files stored in the cache of your Internet browser when you visit the website. They do not cause any damage to your computer and do not contain any malware, such as viruses or Trojans.
Cookies may come from us (first-party cookies) or originate from third-party companies (third-party cookies). Third-party cookies enable us to integrate certain services of third-party companies within websites (e.g., to display videos).
Whether and which cookies we use when you visit our website depends on which areas and functions of our online content you use and whether you have consented to the use of cookies that are technically not required. In the privacy settings, you will find more information and decision options, which are indicated by the corresponding icon on the left side of the screen.
In our Cookie Policy, we have listed the cookies we use by name, provider, purpose and expiration date.
8.2. Purpose of data processing
Cookies have various functions. Numerous cookies are technically necessary since certain website functions would not work without them (e.g., displaying videos or inserting the cookie banner). Other cookies are used to analyze user behavior or for advertising purposes.
8.3. Legal basis for data processing
We store cookies that are necessary to perform the electronic communications process in order to provide the cookie banner or to optimize the website (e.g., cookies for providing a DNS connection), i.e., necessary cookies, on the basis of Art. 6 (1)(f) GDPR. As the website operator, we have a legitimate interest in storing necessary cookies for the technically faultless and optimized provision of our services.
Insofar as we request consent to the storage of cookies and comparable recognition technologies, the processing occurs exclusively based on this consent (Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG); this consent can be revoked at any time.
8.4. Duration of storage
Cookies are stored on your terminal equipment either temporarily for the length of a session (session cookies) or permanently (permanent cookies). Session cookies are deleted automatically after your visit is over. Permanent cookies remain stored on your terminal device until you delete them yourself or your web browser automatically deleted them.
8.5. Appeal and disposal option
You can configure your browser to inform you about the setting of cookies and to accept cookies only in individual cases or to exclude the acceptance of cookies for certain cases or in general. You can also enable the automatic deletion of cookies when you close the browser. By disabling cookies, the functionality of this website may be limited.
In our cookie banner, you can change your consent at any time. To do so, please access our Cookie Policy.
8.6. Consent to Cookiebot
Our website uses Cookiebot consent technology to obtain your consent to store certain cookies on your terminal device or to use certain technologies and to document this in compliance with data protection. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).
When you go on our website, a connection is established to the Cookiebot servers in order to obtain consents and other declarations from you regarding the use of cookies. Afterward, Cookiebot saves a cookie in your browser in order to be able to assign the consents granted or their revocation to you. The data collected in this way will be stored until you ask us to delete them, until you delete the Cookiebot cookie itself or until the purpose for data storage no longer exists. Mandatory statutory retention obligations remain unaffected.
The use of Cookiebot takes place in order to obtain the legally prescribed consent to the use of cookies. The legal basis for this is Art. 6 (1)(c) GDPR.
Order processing
We have entered into an order processing contract on the use of the aforementioned service. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
9. Analysis tools and advertising
9.1. Google Tag Manager
9.1.1. Scope of data processing
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager itself does not create any user profiles, store any cookies or perform any independent analyses. It is only used for the management and deployment of the tools integrated by it. Google Tag Manager records your IP address.
9.1.2. Purpose of data processing
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website.
9.1.3. Legal basis for data processing
The processing takes place on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of TDDDG. This consent can be withdrawn at any time.
9.1.4. Recipients of data processing
The Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
9.1.5. Appeal and disposal option
You can revoke your consent to the use of Google Tag Manager at any time.
9.2. Google Analytics
9.2.1. Scope of data processing
This website uses functions of the web analysis service Google Analytics 4. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
In doing so, we receive various usage data, such as on page views, dwell time, the operating systems used and the user's origin. These data are assigned to the respective end device of the user. No assignment to a user ID takes place.
Furthermore, Google Analytics allows us to record your clicks and mouse and scroll movements, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies for the data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). With Google Analytics 4, IP address anonymization is enabled by default.
9.2.2. Purpose of data processing
Google Analytics enables us to analyze the surfing behavior of our website visitors. By analyzing the data acquired, we can compile the use of the individual components of our website. This helps us improve our website and its usability.
9.2.3. Legal basis for data processing
The use of Google Analytics takes place on the basis of your consent pursuant to Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG. This consent can be withdrawn at any time.
9.2.4. Recipients of data processing
Google processes the data on our behalf to analyze the use of the website and to compile reports about the website activities. We have entered into an order processing contract with Google. Through this contract, Google warrants that they will process the data in accordance with the General Data Protection Regulation and protect the rights of the data subject.
9.2.5. Data transfer to a third country
The information collected by Google on your use of this website generated via the cookie is generally transmitted to a server operated by Google in the USA and saved there. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details go to: https://privacy.google.com/businesses/controllerterms/mccs/.
9.2.6. Duration of storage
The data we send and link with cookies are automatically deleted after 14 months. After their retention period has expired, the data are automatically deleted once a month.
9.2.7. Appeal and disposal option
Browser plug-in: You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-n available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information about the handling of user data by Google Analytics, go to the privacy policy of Google: https://support.google.com/analytics/answer/6004245?hl=de.
9.3. etracker
9.3.1. Scope of data processing
This website uses the analysis service etracker. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.
For this purpose, etracker collects your abbreviated IP address, geospatial data (city level at the maximum), log files and other information that your browser transmits to our web server when you access the website. This allows us to measure website interactions such as dwell time, conversions (e.g., registrations), scrolling, clicks and page views by website visitors. These interactions are assigned to the website visitor for the duration of the current day so that they are recognized during repeat visits. At the end of the day, visitor recognition is no longer possible.
9.3.2. Purpose of data processing
We use etracker to be able to analyze the surfing behavior of our website visitors. This enables us to optimize our website and its usability.
9.3.3. Legal basis for data processing
No cookies are stored in your browser without your consent, nor is any information read from your terminal device’s memory. Given the appropriate consent, processing takes place on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG. This consent can be withdrawn at any time.
9.3.4. Duration of storage
The IP address is anonymized as early as possible during the analysis with etracker, and visitor recognition is possible for no longer than the duration of the current day. For the cookie storage period, please refer to our Cookie Policy.
9.3.5. Appeal and disposal option
You can disable etracker here:
For further notices on data protection at etracker, go to https://www.etracker.com/datenschutz/.
We have entered into an order processing contract on the use of the aforementioned service. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
9.4. Microsoft Clarity
9.4.1. Scope of Data Processing
This website uses Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://docs.microsoft.com/en-us/clarity (hereinafter “Clarity“). This is a tool for analyzing user behavior, specifically to record visits to this website (only with an anonymized IP address).
In doing so, Clarity records mouse movements, mouse clicks and keyboard interactions and creates a visualization of those parts of the website that user particularly scroll on (heatmaps). Clarity can also record sessions so that we can view page usage in the form of videos. Furthermore, we obtain information about general user behavior across our website.
9.4.2. Purpose of data processing
Clarity enables us to analyze the use of our website and use the acquired information to optimize and design it for optimal usability.
9.4.3. Legal basis for data processing
We use cookies in order to use Clarity. The use of the aforementioned service takes place on the basis of Art. 6 (1)(a) GDPR and Section 25 TDDDG. This consent can be withdrawn at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details go to: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
9.4.4. Data recipients
Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or use of device fingerprinting). Your personal data will be stored on Microsoft's servers (Microsoft Azure Cloud Service) in the USA.
We have entered into an order processing contract with Microsoft. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
9.4.5. Duration of storage
If you have given us your consent to Clarity, it will use persistent cookies that are automatically deleted after 365 days.
9.4.6. Appeal and disposal option
Your consent to data collection and storage can be revoked at any time with future effect. Microsoft uses the system developed by the Digital Advertising Alliance to allow you to opt out of using Clarity. You can opt out of Clarity telemetry by selecting “Microsoft” on the following website: https://optout.aboutads.info/?c=2&lang=EN . By installing the “Protect My Choices” app on your browser, you can ensure that your opt-out preference is saved.
For further details on Clarity's data protection policy, go to:
https://docs.microsoft.com/en-us/clarity/faq.
10. Plugins and tools
10.1. Userlike
10.1.1. Scope and purpose of data processing
We use Userlike (hereinafter “Userlike”) for handling user inquiries via our support channels or live chat systems. The provider is Userlike UG (limited liability), Probsteigasse 44 – 46, 50670 Cologne, Germany. Messages that you send to us can be stored in the Userlike ticket system or answered by our staff in the live chat. When you communicate with us through Userlike, we and Userlike will store your name and e-mail address, among other things, insofar as you have provided them, along with your chat histories. These data are summarized in a profile.
10.1.2. Purpose of data processing
We process your data to handle inquiries via our support channels or live chat systems.
10.1.3. Legal basis for data processing
The use of Userlike takes place on the basis of Art. 6 (1)(f) GDPR. We have a legitimate interest in processing your inquiries as quickly, reliably and efficiently as possible. To the extent that we requested your corresponding consent, the processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG, insofar as your consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of TDDDG. This consent can be withdrawn at any time.
10.1.4. Data recipients
Your data will be processed by our internally responsible centers.
We have entered into an order processing contract with Userlike. This involves a contract mandated by data privacy laws that guarantees that the service provider process the personal data of our website visitors only based on our instructions and in compliance with GDPR.
10.1.5. Duration of storage
The messages addressed to us remain with us until you ask us to delete them or the purpose for data storage no longer exists (e.g., after the processing of your inquiry is completed). Mandatory statutory provisions – specifically statutory retention periods – remain unaffected.
10.1.6. Appeal and disposal option
Your consent to the storage of cookies can be withdrawn at any time. You can disable cookies via the cookie settings at any time.
For more information about the data privacy policy of Userlike, go to: www.userlike.com/de/data-privacy and https://www.userlike.com/de/blog/live-chat-software-datenschutz-dsgvo.
10.2. hCaptcha
10.2.1. Scope and purpose of data processing
We use hCaptcha (hereinafter “hCaptcha“) on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter “IMI”).
For this purpose, hCaptcha analyzes website visitor behavior based on various characteristics.
This analysis triggers automatically as soon as the website visitor enters a website with hCaptcha enabled. For this analysis, hCaptcha evaluates various information (e.g., IP address, duration of the website visitor's stay on the website or mouse movements made by the user).
10.2.2. Purpose of data processing
hCaptcha checks whether the data entry on this website (e.g., in a contact form) is made by a human being or by an automated program.
10.2.3. Legal basis for data processing
The storage and analysis of data take place on the basis of Art. 6 (1)(f) GDPR. We have a legitimate interest in protecting our website contents from abusive automatic spying and spam. To the extent that we requested your corresponding consent, the processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR and Section 25 (1) TDDDG, insofar as your consent includes the storage of cookies or access to information in the user’s terminal device (e.g., device fingerprinting) within the meaning of TDDDG. This consent can be withdrawn at any time.
10.2.4. Data recipients
The data collected during the analysis will be passed on to IMI. When hCaptcha is used in “invisible mode”, the analyses run completely in the background. Website visitors are not notified that an analysis is taking place.
The data processing is based on standard contractual clauses contained in the general terms and conditions of IMI and/or in the data processing contracts.
10.2.5. Appeal and disposal option
Your consent to the storage of cookies can be withdrawn at any time. You can disable cookies via the cookie settings at any time.
For more information about hCaptcha, please refer to their privacy policy and terms of use at the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.
11. Social media buttons
Our website contains buttons with hyperlinks to the social networks XING, LinkedIn, YouTube and Facebook, where we maintain publicly accessible profiles. You can tell which providers are involved by their logos. We use these presences to communicate with users and inform them about our offerings and career opportunities.
When you visit our website, initially, no personal data are transmitted to these social media platforms. Data is only transferred to them when you click on the respective button. In this case, the respective provider receives the information that you have accessed the corresponding website of our online offer (e.g., date, time, IP address, accessed website).
If you are logged in with the social media provider, the data we collect could potentially be assigned directly to your account with the provider. We recommend that you log out regularly after using a social network, but especially before activating the button since this allows you to prevent assignment to your profile with the plug-in provider.
It may be that the provider of the respective services or content processes your data for further purposes of its own. However, since we have no influence on the data collected and processed by third parties, we cannot make any binding statements with regard to the purpose and scope of their processing of your data. For further information on the purpose and scope of the collection and processing of your data, please refer to the data protection notices of the providers respectively responsible for data protection. Here you can also receive further information on the processing of data and your objection options. For a detailed presentation of the respective processing methods and the objection options (opt-outs), we refer you to the following linked information of the providers.
Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany); Data Protection Policy: https://privacy.xing.com/de/datenschutzerklaerung;
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland); Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); privacy policy: https://www.facebook.com/about/privacy;
YouTube /Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), Privacy Policy: https://policies.google.com/privacy.
12. Google Fonts (local)
This website uses web fonts provided by Google to display typefaces in a uniform manner. The Google Fonts are installed locally. No connection is made to Google servers. For more information on Google web fonts, go to https://developers.google.com/fonts/faq and on Google’s privacy policy at: https://policies.google.com/privacy?hl=de.
13. Data security and hosting
We take technical, contractual and organizational measures to ensure the data processing security in accordance with the state of the art. We thereby ensure that the provisions of the data protection laws, specifically those of the GDPR, are complied with and that the data we process are protected against destruction, loss, modification and unauthorized access. These security measures also include encrypted data transmission between your browser and our servers. Please note that Secure Socket Layer (SSL) encryption is only enabled for transmissions executed via the Internet if the key icon appears in your browser window and the address starts with https://. This SSL encryption technology protects the data transmission from illegal access by third parties. If this option is not available, you can also choose not to send certain data via the Internet.
14. Your rights
You have the following rights when we process your personal data:
Right of access (Art. 15 GDPR): You have the right to request information about the personal data processed about you. This also includes the right to obtain a copy of the referenced data.
Right to rectify (Art. 16 GDPR). You have the right to request us to rectify the personal data concerning you without delay if they should be inaccurate. Considering the purpose of processing, you have the right to completion of the personal data concerning you whenever they are incomplete.
Right to erasure (Art. 17 GDPR). You have the right to obtain erasure of the personal data concerning you without delay, insofar as one of the reasons stated therein exists.
Right to restriction of processing (Art. 18 GDPR). You have the right to request that we restrict processing of your personal data, insofar as one of the reasons stated therein exists.
Right to data portability (Art. 20 GDPR). You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, under certain circumstances, you have the right to transmit those data to another controller without hindrance.
Right to object (Art. 21 GDPR). For reasons arising from your particular situation, you have the right to file an objection at any time to the processing of your data insofar as the data processing is based on a balancing of interests pursuant to Art. 6 (1)(f) GDPR. This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR. If you exercise your right to object, we will no longer process your personal data unless there are compelling legitimate grounds for the processing that override this or the processing is necessary for the establishment, exercise or defense of legal claims.
Right to withdraw consent (Art. 7(3) GDPR). Pursuant to Art. 7 (3) GDPR, you have the fundamental right to revoke your consent to the processing of personal data at any time.
The restrictions pursuant to Sections 34 and 35 of the German Data Protection Act (BDSG) apply to your right of access and erasure.
Right to file a complaint (Art. 77 GDPR). You have the right to file a complaint with a data protection authority (Art. 77 GDPR). For an overview of the German supervisory authorities, go to https://www.datenschutzkonferenz-online.de/datenschutzaufsichtsbehoerden.html.
The supervisory authority responsible for our location is: State Commissioner for the Protection of Data and Freedom of Information, Rhineland-Palatinate, P.O.B. 30 40, 55020 Mainz, Germany, phone: +49 (0) 6131 8920-0, https://www.datenschutz.rlp.de, E-Mail poststelle@datenschutz.rlp.de.
15. Changes to the Privacy Policy
We reserve the right to change our Privacy Policy to accommodate changing legal situations or whenever there are changes to the service or the data processing. However, this only applies with regard to policies on data processing. The changes are only made with the consent of the users to the extent that consent from users is required or integral parts of this Privacy Policy contain rules governing the contractual relationship with the users.
Please keep yourself informed about the contents of this Privacy Policy on a regular basis.
Date of this Privacy Policy: June 21, 2023