Skip to main content





PRIVACY POLICY


WELCOME TO OUR WEBSITE. BELOW YOU WILL FIND OUR PRIVACY POLICY (06.12.2022)

TABLE OF CONTENTS
 

1            Name and contact details of the data controller. 

2            Contact details of the data protection officer. 

3            Data processed for hosting the website. 

4            Cookies. 

5            Use of Google Analytics. 

6            Local hosting of Google Maps. 

7            Data Processing within the context of registration. 

8            Use of the contact form. 

9            Data protection information for applicants pursuant to the GDPR. 

10          Processing your data within the context of business communication and for processing business transactions 

11         Inclusion and use of various social networks. 

12         The XING career network.

13         Your rights. 

14         Right to appeal to a supervisory authority. 

 

PRIVACY NOTICE
 

1. Name and contact details of the data controller

KME Germany GmbH
Klosterstraße 29, 49074 Osnabruck, Germany
Phone: +49 541 3210
Email: info-germany@kme.com

 

2. Contact details of the data protection officer

Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection:

Email: KME-Germany-Datenschutz@kme.com

 

3. Data processed for hosting the website

3.1 Description and purpose of the data processing

When you visit our website, information is collected automatically that your browser transfers to our server for functional reasons.  This information (server log files) includes, for instance, the type of web browser you use, the operating system you use, the date and time of your visit, your access status, your use of website functions, the domain name of your ISP, your IP address and similar. Temporary storage of the data is required for hosting the website.  Continued storage in log files takes place to ensure the functionality and security of the website, and in particular to prevent and detect attacks on our website or attempts at fraud.  These purposes also include our legitimate interest in processing personal data in accordance with Art.  6 (1) (f) GDPR.

We only store other personal data if you provide it to us, e.g. within the course of registration or through our contact form, and even in these cases only to the extent that we are permitted to do so based on consent you have given us or in accordance with the prevailing legal regulations.

3.2 Data recipients for the purpose of operating and hosting our website

We also use qualified service providers to operate, optimise and secure our website.  Within the scope of data processing pursuant to  Art.  28 GDPR, we transfer your data to service providers who support us in the operation of our website and the associated processes.  These include, for instance, hosting service providers, web designers, IT service providers and consent management platforms.

3.3 Other third-party services and plug-ins

Our website may also incorporate other third-party services (e.g. plug-ins).  These may include, for instance, display, tracking, re-marketing and web analytics technologies.  If you select a third-party service, we transfer data to that service provider to the extent required.  You can find out in our Consent-Banner in the information on the individual third-party services, which data is transferred to the third-party service in individual cases and what it is used for.  If we use third-party services on our website (e.g. Google Analytics, Google Maps, etc.), we embed them as follows:

When you visit our website, third-party services are disabled by default, i.e. no data is transferred to the third-party services. If you want to select one of the services through our Consent Banner, click on the third-party service you want to select or enable it there to establish a direct connection to the server for the respective network.

If you enable a third-party service, the network transfers the content released directly to your browser, which embeds it into our website. In this situation, data transfers that the respective third-party service initiates and controls may also take place.  The third-party service remains enabled until you deactivate it (e.g. through the Consent Banner) or delete your cookies.

3.4 Data transfer to recipients outside the European Economic Area

We make a point of processing your data within the EU/EEA.  However, we may also use third-party services that process data outside of the EU/EEA. In such cases, we ensure that the recipient establishes an appropriate level of data protection comparable to the standards within the EU before your personal data is transferred.  This can be achieved, for example, through standard EU contracts, or binding corporate rules, or special agreements to which the company can submit under their regulations.

We would nevertheless like to point out that a level of data protection comparable to that in the EU cannot be guaranteed in countries outside the EU/EEA.  For example, US companies are obliged to surrender personal data to security agencies without you as the data subject being able to take legal action against this. It cannot be ruled out therefore that US agencies (e.g. secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.

You can see in which countries the respective third-party services process data through our Consent Banner .

3.5 Legal Basis

3.5.1 Operating and hosting our website

The legal basis for the data processing required in connection with the operation of our website is formed by our predominantly legitimate interest pursuant to Art.  6 (1) (1) (f) GDPR.

3.5.2 Use of other third-party services and social plug-ins

The transfer of data to recipients at third-party services takes place based on your consent pursuant to  Art. 6 (1) (1) (a) GDPR.  The transfer of data to an insecure third country also takes place based on your consent pursuant to  Art.  49 (1) (1) (a) GDPR.

3.6 Retention Period

Unless we have already informed you in detail about the retention period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legal retention obligations prevent its deletion. Our external service provider, who hosts our website, only stores your IP address and the name of your internet service provider for a period of time of no longer than six months and then deletes them  Storage beyond this time period is also possible From the outset we can only view your IP address anonymously in the log files.

With regard to third-party services, we have no influence over how long the respective service processes personal data after it has been enabled.

3.7 Mandatory or necessary provision

You are neither legally nor contractually obliged to provide your personal data. However, certain features of our website may depend on this to function correctly.  If you do not provide personal data in such cases (use of third-party services), it may result in functions not being available or only being available to a limited extent.   



4. Cookies

4.1 Scope, type and purpose of the data processing

Cookies may come into use when you visit our website. Cookies are text files that your browser creates when you view a page in order to store data about the browser during and after your page visit.  Unique character strings are regularly stored in the cookie for this purpose, which a server can then use to recognise a browser again.  Cookies can also contain personal data,

One of the reasons we use cookies is to safeguard the technical functionality of our website (functional cookies) and to embed other online services from third-party providers into our website (non-functional cookies).  Cookies can be stored by the page you visit (first-party) or by third-party online services (third-party) if you have enabled a third-party service.

We use a Consent Banner on our website so that we can use cookies and third-party services in a privacy-compliant manner and so that you can control the use of cookies yourself.  The Consent Banner is used to query the user's decision, document it and transfer it to other systems.  The Consent Banner is displayed the first time you visit our website and allows you to set your cookie preferences, i.e. declare your consent to the use of cookies in each case.

Whether and which cookies are used when you visit our website depends on the areas and functions of our websites that you use and whether you consent to the use of non-functional cookies in your browser and in our Consent Banner. More information and options are available over our Consent Banner.

4.2 Legal Basis

4.2.1 Functional Cookies

The legal basis for the use of functional cookies is formed by our predominantly legitimate interest pursuant to  Art.  6 (1) (1) (f) GDPR in conjunction with Sec. 25 (2) (2) German Teleservices Data Protection Act (TTDSG).

4.2.2 Non-functional cookies

The legal basis for the use of non-functional cookies is formed your consent pursuant to  Art.  6 (1) (1) (a) GDPR in conjunction with Sec. 25 (1) German Teleservices Data Protection Act (TTDSG).

4.3 Data Recipient

Recipients of the data may be technical service providers who act as data processors for operating and maintaining our website.  For information about other recipients, please refer to the information below about the third-party services used.

4.4 Retention Period

The retention period for the individual cookies can be found in the information in the Consent Banner.

4.5 Mandatory or necessary provision/removal option

It goes without saying that you can also visit our website without cookies needing to be used. Web browsers are frequently set to accept cookies automatically by default. In general, you can disable the use of cookies at any time in your browser settings (see Withdrawing Consent). Please note that individual functions of our website may not work if you choose to disable cookies.  You can also opt out of cookies that you do not need via our Consent Banner.


5. Use of Google Analytics

5.1 Description and purpose of the processing

We use Google Analytics, a web analytics service, on our website to analyse the flow of visitors.  We process the data provided in order to evaluate the use of our website, compile reports on activities relating to our website and, where applicable, to provide us with other services associated with the use of our website and internet use.  We rely on the data collected to drive our public relations work, so that we can continually adapt our website to the needs of our website visitors.  If you consent to us using the Google Analytics web analysis service, a connection will be established to the Google servers to load the script required for Google Analytics.  When Google Analytics is initialised, cookies are stored (see above) which allow your browser to be recognised when pages on our website are retrieved.  Each time a page is called up on our website on which Google Analytics is used, data on the page called up (including the page from which you accessed our website and the page called up, browser and system information, operating system, IP address, click path and pages visited, date and time of your visit, downloads, Flash version, location information, JavaScript support, referring URL, widget interactions) and data from cookies are processed and normally transferred to a Google server in Ireland and stored there.  Our website uses IP anonymisation (also referred to as IP masking).  If you access our website from locations within the member states of the European Union or the European Economic Area, the IP address collected for web analysis purposes is truncated.  You can find more information about the transferred data under https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview.

It is to be assumed that Google will also use your data for purposes of advertising and market research and/or the needs-based design of their website.  Such an evaluation is in particular carried out (even for users who are not logged in) for providing needs-based advertising. Overall, we have no influence over whether and to what extent Google processes personal data after it has been enabled.  However, it is likely that Google will create user profiles from your data and also disclose these to third parties for the purpose of personalised advertising.

5.2 Legal basis for processing

The legal basis for the processing is formed by your consent pursuant to  Art.  6 (1) (a) GDPR.

5.3 Data Recipient

The data recipient is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, and, where applicable, its affiliated companies (e.g. Alphabet Inc., Google LLC). The release by Google Analytics may mean that your data may also be processed outside the EU or EEA. This poses the risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek redress. The transfer of data to an unsafe third country takes place based on your consent pursuant to Art.  49 (1) (a) GDPR.

5.4 Retention Period

The data we collect is deleted automatically after 14 months.  Data for which the retention period has been reached is deleted once a month automatically.
Your decision to use the service is stored in a cookie, the retention period of which you can view in our Consent Banner (see above).  

5.5 Mandatory or necessary provision

You are neither legally nor contractually obliged to provide your personal data. The provision of your data is voluntary.

5.6 Opt-out and removal option

You can view the status of Google Analytics over our Consent Banner.  If you wish to prevent the tracking of your activities on our website, please opt-out of Google Analytics or any non-functional cookies and data transfers.

You can prevent the use of cookies by making the appropriate settings in your browser.  We would like to point out that doing so may limit you ability to use of all of the features on this website in full.

You can also prevent the data generated by the cookie and relating to your use of the website (incl. your IP address) being transferred to Google and Google processing this data by downloading and installing the browser plug-in available under the following link:   Browser add-on to disable Google Analytics.


6. Local hosting of Google Maps

6.1 Description and purpose of the processing

We use Google Maps on our website to display geographical maps.  To display this content, a connection needs to be established between your personal device and the servers from Google.  We have no influence over which data is collected.  However, it is to be assumed that as a part of this Google processes your browser and system information, operating system, IP address, date and time of your visit, downloads, Flash version, location information, JavaScript support, referring URL, widget interactions and creates user profiles about you. Google also uses your data for purposes of advertising and market research and/or the needs-based design of websites on which Google services run.  Such an evaluation is in particular carried out (even for users who are not logged in) for providing needs-based advertising and to inform other users of the social network about the activities you undertake on our website.
We have no control over how Google uses the data. It also cannot be ruled out that Google Maps will try to store cookies on the end devices used in order to recognize you across websites, among other things.

You can find the Terms of Service for Google Maps under: http://www.google.com/intl/en_en/help/terms_maps.html.

Detailed information on the data protection regulations of Google, please refer to http://www.google.de/intl/en/policies/privacy/

If you do not agree to data processing by Google LLC, please refrain from using the map or disable Java Script in your browser to obtain only limited viewing access.

6.2 Legal basis for processing

We only use Google Maps if you have given us your consent to do so, Art. 6 (1) (a) GDPR.

6.3 Data Recipient

Google Maps is operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The recipient of the data is Google LLC and, if applicable, its affiliated companies (e.g. Alphabet Inc.). The release by Google Maps may mean that your data may also be processed outside the EU or EEA.  This poses the risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek redress. The transfer of data to an unsafe third country takes place based on your consent pursuant to Art.  49 (1) (a) GDPR.

6.4 Retention Period

When using Google Maps, we only store your decision for the period of your visit. Data storage by Google is governed by the provider's data protection regulations. We have no influence over this.

6.5 Mandatory or necessary provision

You are neither legally nor contractually obliged to provide your personal data. The provision of your data is voluntary.

6.6 Opt-out and removal option

You can view the status of Google Maps over our Consent Banner.  If you wish to prevent the tracking of your activities on our website, please opt-out of Google Maps or any non-functional cookies and data transfers.  In this case, however, you will no longer be able to this service on our website, or only to a limited extent.

You can prevent the use of cookies by making the appropriate settings in your browser.  We would like to point out that doing so may limit you ability to use of all of the features on this website in full.
 

7. Data processing within the context of registration

7.1 Purpose of the data collection and use

You have the option of registering on our website to gain access to exclusive content. Within the context of registration, the information you provide (e.g.  company name, last name, first name, telephone number, email address, country and password) is collected and stored in encrypted form wherever possible.  In addition, we store information about the documents or forms you have downloaded or submitted. We do not collect any further data. We use this data for the sole purpose of registration and to provide the exclusive content you have requested.

We may send you information electronically about similar products and services as well as news about our company in addition to the documents you have requested, but only at your request and with your express consent.

7.2 Legal Basis

Processing of the data entered in the registration form takes place on the basis of Art.  6  (1) (f) GDPR (legitimate interest).  We have a legitimate interest in identifying and getting to know you as a person interested in receiving information about our company and our offerings.

Your personal data will be processed for the purpose of providing or sending you further information about our products on the basis of your consent (Art.  6 (1) (a) GDPR).

7.3 Retention Period

We will store the data you provide for registration purposes for up to one year or until you revoke your consent, after which it will be deleted.

7.4 Data Recipient

On the basis of Art.  28 GDPR (data processing), we also use an external service provider for registration procedures and for providing exclusive content

7.5 Mandatory or necessary provision

The provision of personal data is not required by law or by contract.  If you choose not to provide the data, it will result in us not providing certain content and documents.

7.6 Option to withdraw consent

You can withdraw your consent to being solicited for advertising purposes at any time.  You can send notification of this to the following email address: info-marketing@kme.com. The legality of the data processing operations we have already performed up to the point of you withdraw your consent remains unaffected.


8. Use of the contact form

8.1 Description and purpose of the data processing

By providing our email address and a contact form, we offer you the chance to make initial contact with us.  When contact is established, the user's personal data transferred is stored.  The personal data is processed exclusively for the purpose of handling your request.  This purpose also represents our legitimate interest in processing the data pursuant to Art.  6 (1) (f) GDPR.

8.2 Legal Basis

The legal basis for processing data transferred in the course of sending an email or over the contact form is formed by Art.  6 (1) (1) (f) GDPR.  If the reason for email contact is to conclude a contract, then the additional legal basis for processing the user's data is formed by Sec. 6 (1) (1) (b) GDPR.  The same applies accordingly to postal deliveries.

8.3 Retention Period

The data is deleted as soon as it is no longer required for the purpose it was collected.  For personal data sent by email, this is the case when the respective communication with the user has come to an end.  The communication is then ended once it can be inferred from the circumstances that the matter in question has finally been clarified.  This is the case no later than one year after the last email contact.

8.4 Data Recipient

In our company, we make sure that only those persons receive your data who need it to fulfil contractual and legal obligations.  Depending on the nature of the business relationship with you, this information may be shared with partners and suppliers.  In some cases, we use other service providers to process business transactions.  These can be, for example, parcel services, banks, Internet service providers, manufacturers, IT service providers, lawyers, tax consultants, auditors or insurance companies.

8.5 Mandatory or necessary provision

The provision of personal data is not required by law or contract, but may serve to conclude a contract for the reasons stated above.  If you choose not to provide the data, it means that we will not be able to establish contact with you.

8.6 Opting Out

If you subsequently wish to object to us processing the data you transferred to us or withdraw your consent, please contact us using the contact details provided.


9. Data protection information for job applicants pursuant to the GDPR

Data protection notice within the meaning of Art. 13 GDPR concerning the processing of personal data during the application process:

As part of the application process, in particular the following personal data  relating to your person will be processed on the basis of Art. 88 GDPR, Sec. 26 German Federal Data Protection Act (BDSG):

• Second name and first name, title
• Address details
• Communication details (e.g. phone number or email address)
• Application documents essential for making the selection decision ( cover letter, curriculum vitae, references, certificates, etc.)
• If applicable, further information from the applicant, such as maiden name or marital status

The data is processed exclusively for the purpose of processing your application (application management) and checking your professional and personal suitability for the position for which you have applied and, if applicable, other vacant positions at our company.  Your data will be forwarded to the departments responsible for the specific application process within KME Germany, who will decide on the selection. Your data may also be forwarded to other companies within the KME Group on the basis of Art.  6 (1) (f), Recital 48 GDPR (legitimate interest), for example, to check your suitability for filling other vacancies at our Group companies and for the administration of application process. No automated evaluation or decision-making (including profiling) within the meaning of Art.  22 (1) GDPR takes place.

The provision of your personal data is required for establishing the employment contract. Failure to provide it may result in it not being possible to conclude the contract.
If you have provided us with particularly sensitive data within the meaning of Art.  9 GDPR (e.g. health data, data on your ethnic or racial origin or physical limitations) in connection with your application, we will only process this data if it is permitted under data protection law or if you have given your express consent to do so in accordance with Art.  6 (1) (a) GDPR.  You can withdraw your consent at any time with effect for the future.  Withdrawing your consent does not affect the lawfulness of any processing performed based on the consent you granted until revocation took place. You can notify us of this by email to: bewerbungen@kme.com.  In individual cases, processing may be carried out in accordance with Art.  6 (1) (f) DSGVO within the framework of a legitimate interest, e.g. if the personal data is required for asserting or defending legal claims. It may also be necessary to process health data for the purpose of assessing your fitness to work pursuant to Art.  9 (2) (h) GDPR in conjunction with Art. 22 (1) (b) 9 German Federal Data Protection Act (BDSG)

KME uses external service providers to support applicant management on the basis of Art. 28  GDPR (data processing).  The service providers commissioned have a duty to maintain confidentiality and are only allowed to use your personal data strictly for the purpose of fulfilling the contract concluded between them and KME.
Your application data will not be used for any other purpose or disclosed to third parties.

Unless legal provisions prevent it or you have explicitly consented to longer storage on the basis of Art.  6 (1) (a) GDPR, your personal application data will be deleted or destroyed six months after the application process has been completed.  If the application process leads to the conclusion of an employment contract, the application documents will be placed in your personnel file.
The data controller within the meaning of Art.  13 GDPR is

KME Germany GmbH
Klosterstraße 29
49074 Osnabruck
Germany
Phone: +49 541 321-0
Email: info-germany@kme.com
Commercial register: Osnabruck District Court, HRB 214664
Registered office:  Osnabruck, Germany
VAT ID number: DE284304446
Managing directors: Kakha Avaliani, Claudio Pinassi
Chairman of the supervisory board: Diva Moriani

KME Special Products & Solutions GmbH
Klosterstraße 29 49074 Osnabruck Germany
Phone: +49 541 321-0
Email: iinfo@kmespecial.com
Registered office/Registry court: Frankfurt on Main HRA 50921
VAT ID number: DE337903361
Personally liable partner: KME Special Holding GmbH Registered office/Registry court:  Frankfurt on Main : HRB 115961
Managing directors: Axel Gerle, Dr. Bernhard Hoffmann

KME Mansfeld GmbH
Lichtlöcherberg 40
06333 Hettstedt, Germany
Phone: +49 3476 89-0
Email: he-info@kme.com
Internet: www.kme.com
VAT ID number: DE811184185
Managing directors: Kakha Avaliani, Claudio Pinassi
Chairman of the supervisory board: Diva Moriani
Company headquarters: 06333 Hettstedt
Company register number: District court: 39576 Stendal
HRB: 207208

Data protection officer at KME is
FIDES IT Consultants GmbH
Birkenstraße 37
28195 Bremen
Germany
Email: kme-germany-datenschutz@kme.com.

You have the right to obtain information about how your personal data is processed, as well as the information listed in detail in Art. 15 GDPR. If the personal data concerned is inaccurate or incomplete, you can demand that it is corrected or completed (Art.  16 GDPR). If one of the reasons listed under Art.  17 GDPR applies, you have the right to demand the immediate deletion of your personal data.  Under the provisions of Art.  18 GDPR, you can demand that the processing be restricted and, pursuant to Art. 20  GDPR, that the data be transferred. Under the provisions of Art.  21 GDPR, you have the right to object to your personal data being processed. Please contact the Data Controller for this purpose (see above for the contact details for KME).  If you have granted us consent to store your data, you are entitled to withdraw the consent granted at any time with effect for the future without affecting the legality of any processing performed based on the consent granted up until to the time of withdrawal.
If you believe that processing of your personal data breaches the provisions of the GDPR, you can lodge a complaint with a supervisory authority, e.g. the State Commissioner for Data Protection in Hanover, as the supervisory authority responsible to which KME is subject. (Art.  77 GDPR).


10. Processing your data within the context of business communication and for processing business transactions

10.1 Description and purposes of the data processing

Within the framework of cooperation with business partners and interested parties, we process personal data for the following purposes:

  • Communicating with business partners about products, services and projects by us or our business partners, e.g. by responding to enquiries or queries;
  • Planning, implementation and administration of the (contractual) business relationship between us and the business partner, e.g. to process the order for products and services, to collect payments, and for accounting and billing purposes.
  • Contacting business partners with information and offers concerning our products and services and conducting other marketing activities, such as managing and conducting customer surveys, marketing campaigns, market analyses, sweepstakes, newsletters, contests or other promotional activities or events
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security risks, fraudulent activity or other criminal or malicious activity;
  • Complying with legal requirements (e.g. tax and commercial retention obligations), existing compliance screening obligations (to prevent white-collar crime or money laundering), and internal policies and standards; and

Resolving disputes, enforcing existing contracts and asserting, exercising and defending legal claims.

10.2 Legal Basis

Depending on the contact phase with you, the following legal bases may be relevant for processing your data:

  • To implement pre-contractual measures or fulfil a contract, this is Art.  6 (1) (b) GDPR
  • To fulfil legal obligations to which we are subject, this is Art. 6 (1) (c) GDPR
  • To protect our legitimate interests, this is Art. 6 (1) (f) GDPR
  • If you have granted us your consent to data processing, this is Art. 6 (1) (a) GDPR

10.3 Recipients or categories of recipients of personal data

In our company, we make sure that only those persons receive your data who need it to fulfil contractual and legal obligations.  Depending on the nature of the business relationship with you, this information may be shared with partners and suppliers.  In some cases, we use other service providers to process business transactions.  These can be, for example, parcel services, banks, Internet service providers, manufacturers, IT service providers, lawyers, tax consultants, auditors or insurance companies.

10.4 Data transfers to third countries

It may occur that our IT service providers process data in third countries outside the EU for which an adequacy decision by the EU Commission is lacking. To the extent necessary, we conclude standard EU Commission contractual clauses with these service providers and take additional safeguards to protect your data in order to comply with the level afforded in the European Union under ECJ decision C-311/18 (Schrems II decision).  You can obtain access to the relevant documents by contacting our data protection officer. Disclosure to third parties does not take place.

10.5 Retention Period

Your personal data will be deleted or blocked as soon as the purpose for storing it no longer exists.  The purpose results from the content of the communication and the respective business transaction.  The retention periods to be observed cannot be determined in a global sense, but have to be determined for each business transaction on a case-by-case basis.  As a rule, retention takes place to meet commercial and tax retention periods (usually six or ten years), unless a longer period of retention is required for the defence of legal claims.

10.6 Mandatory or necessary provision

An obligation to provide your personal data can sometimes result from the respective contractual relationship.  We are often unable to achieve the foregoing purposes without you providing your personal data.

10.7 Opting Out

If you wish to object to us processing your data or withdraw your consent, please contact us using the contact details provided.  


11. Inclusion and use of various social networks

11.1 General information on processing your data

KME maintains numerous company profiles on various social networks and comparable platforms. Concerned here are Instagram, Twitter, LinkedIn, XING, YouTube and Flicker. The presence on these platforms serve to promote the company and create contact routes for interested parties and customers. We regularly place links to these websites on our website.

If you use our profiles on social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), we will process the data you provide us with solely for the purpose of being able to contact you and process your request.

We would like to point out, however, that the operators of the respective social network will also collect, use and store your personal data when you visit our profiles on the networks listed above.  This happens even if you do not have a personal profile on the social network in question.  The individual data processing operations and their scope differ depending on the respective social network operator, and they are not necessarily transparent for us. It cannot be ruled out as a result that the provider of the respective platform processes your data for market research and advertising purposes and discloses it to third parties.  For example, user profiles can be created from patterns of use and the demonstrable interests of the users that result.   In turn such user profiles can be used, for instance, to place advertisements on and outside the respective platforms, which presumably correspond to the interests of the users. Furthermore, data on devices used by users, and location data and other what in known as meta data may also be stored in the user profiles. Among other things, cookies are usually stored on users' computers for these purposes, which store the behaviour and interests of the users. In addition, most platforms use what are known as tracking pixels.

For a detailed description of the respective processing instanced and options available for objecting (opt-out), please refer to the information from the respective providers linked below:

11.1.1 Instagram
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy: http://instagram.com/about/legal/privacy/

11.1.2 Twitter
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
Privacy policy: https://twitter.com/en/privacy

11.1.3 LinkedIn
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy

11.1.4 XING
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy: https://privacy.xing.com/en/privacy-policy 

11.1.5 YouTube
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy: policies.google.com/privacy

11.1.6. flickr
Privacy policy: www.flickr.com/help/privacy

11.2 Legal Basis

11.2.1 Communication Details

Depending on the contact phase, the following legal bases for processing your data come into consideration for communicating with you:

To implement pre-contractual measures or fulfil a contract, this is Art.  6 (1) (b) GDPR
To fulfil legal obligations to which we are subject, this is Art. 6 (1) (c) GDPR
To protect our legitimate interests, this is Art. 6 (1) (f) GDPR

If you have granted us your consent to data processing, this is Art. 6 (1) (a) GDPR

11.2.2 Miscellaneous Processing

The additional data processing that takes place in connection with the social networks serves our and the respective provider's legitimate interest in improving the user experience when visiting our company profiles in a way that is tailored to the target group. The legal basis for this data processing is formed by Art. 6 (1) (f) GDPR. If the respective platform providers ask users to consent to the data processing described above, the legal basis for this is formed by Art. 6 (1) (a) GDPR.

11.3 Storage Duration

We delete stored data as soon as it is no longer necessary to store it or you request that we delete it. In the case of statutory retention obligations (usually six or ten years), we restrict the processing of stored data accordingly, unless longer storage is required for the defence of legal claims.

11.4 Data Recipient

We do not disclose the data we collect from you to third parties.  However, we cannot exclude and also have no influence over the extent to which the operators of the respective networks disclose your data to third parties (e.g. business partners, advertising companies, etc.).

11.5 Data transfer to recipients outside the European Economic Area

We would like to point out that visitor data on social networks may also be processed outside the area of the European Union. This can result in risks for users because, for instance, the enforcement of users rights may become more difficult.

11.6 Exercising your rights as a data subject

As a supplement to the section "Your rights as a data subject", we would like to point out that the most effective way to assert your rights, and in particular request information, is to contact the providers directly. Only the providers have access to the data from users in each case and can take appropriate measures and provide information. You are welcome to contact us, of course, if you still require any further assistance. 


12. XING career network

If you apply over the social media platform XING, available under xing.com, the following information also applies:

We have tweaked the job posting on XING to be privacy-friendly. This means that no automated pre-selection of applicants takes place, nor do we use any of the features offered, such as recruitment tests or aptitude questions.

If you click on the "Apply" button on XING to apply for our job posting, a contact form opens.

If you apply "conventionally" by email in the manner we request with a cover letter, CV and references, the same data protection information applies to your application as for the "conventional" application process.

We would also like to draw your attention to the XING privacy policy, which you can call up here

13. Your Rights

You can exercise the following rights at any time using the contact details provided for our data protection officer:

  • Information: You are entitled to request confirmation concerning whether personal data relating to you is being processed; if this is the case, you are entitled to be informed about this personal data and receive the information specified in Art. 15 GDPR.
  • Rectification: You have the right to demand the immediate correction of incorrect personal data concerning your person and the completion of any incomplete personal data, where applicable (Art. 16 GDPR).
  • Deletion: You have the right to demand the deletion of personal data concerning your person without delay, provided that one of the reasons listed in detail in Art.  17 GDPR applies, e.g. if the data is no longer required for the purposes intended and the statutory retention and archiving provisions do not preclude deletion.
  • Restriction: You have the right to request the restriction in processing if one of the conditions listed in Art.  18 GDPR applies, e.g. if you have objected to processing, for the duration of the review concerning whether the objection can be upheld.
  • Data portability:  If you have consented to data processing or have concluded a contract with us, you can receive your personal data in a structured, standard and machine-readable format or request that this data be transferred to a third party. (Art.  20 GDPR).
  • Withdrawal: If data processing takes place based on your consent, in accordance with Art.  7 (3) GDPR you are entitled to withdraw your consent to the use of your personal data at any time. Please note that this withdrawal only takes effect for the future. Processing that took place before the your decision to revoke is not affected.
  • Objection: Within the framework of the requirements of Art. 21 GDPR, you have the right to object to personal data relating to your person being processed at any time on grounds relating to your particular situation.


14. Right to appeal to a supervisory authority

Right to appeal to a supervisory authority: You can contact a supervisory authority at any time with a complaint, e.g. the competent supervisory authority in the federal state where you reside or the authority responsible for us as the competent body. A list of the supervisory authorities (for the non-public sector) with their addresses can be found under: https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.

Parts of this Privacy Policy were created with the help of the generator from activeMind AG.