I. Data protection at a glance
The following information under this section has been compiled to give you a quick and simple overview of what happens to your personal data when you access our web pages.
In this context, personal data is any data that can be used to identify you personally or that makes you identifiable, i.e. any data that identifies you or makes it possible to identify you (e.g. name, address, e-mail address, user behavior).
For detailed and more extensive information on the subject of data protection, please refer to the in-depth descriptions in the next parts of our data protection declaration on this website. Further legal definitions of the relevant terms (e.g. "processing", "controller", "consent", etc.) can be found in the data protection legal definitions of Art. 4 DSGVO.
1. who is responsible for data processing?
Data processing on this website is carried out by the website operator, i.e. us as CLIENTALYTICS Consulting UG (haftungsbeschränkt). Further details about the responsible party can also be found again in the imprint of this website at the bottom of each page.
The responsible party within the meaning of the DSGVO and other national data protection laws of the EU member states as well as other data protection regulations and your first point of contact in all matters is:
CLIENTALYTICS Consulting UG (haftungsbeschränkt).
Phone: +49 931 329 08979
2. Who is the contact person / data protection officer?
The official appointment and notification of a data protection officer is not required according to the current size and focus as well as content-related activities of CLIENTALYTICS Consulting UG (haftungsbeschränkt) pursuant to DSGVO.
As a management consultant in the industry, we feel particularly committed to data protection and the protection of your data very much, we provide you with a competent contact person.
You can reach our company data protection officer and data protection expert at any time at:
CLIENTALYTICS Consulting UG (haftungsbeschränkt)
Phone: +49 931 329 08979
3. What data is collected and how is it processed?
In principle, we only process your personal data to the extent that this is necessary to provide a functional website and our content and services. Further processing of your personal data is regularly only carried out if you have given us your consent for this or if the processing is permitted by other legal regulations.
On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form. Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view). The collection of this data takes place automatically - as far as necessary - as soon as you enter our website.
On the other hand, some of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior if we have a legitimate interest in doing so. All data beyond this, in particular the processing of your personal data for commercial and marketing purposes, will only be collected with your express consent.
4. what rights do data subjects have?
As a data subject, you have the following rights:
You have the right to information regarding the personal data concerning you that we process as a data controller (Art. 15 DSGVO).
You have the right to have the data concerning you corrected if it is stored incorrectly or incompletely (Art. 16 DSGVO).
You have the right to erasure (Art. 17 GDPR).
You have the right to request the restriction of the processing of your personal data (Art. 18 GDPR).
You have the right to data portability (Art. 20 GDPR).
You have the right to object to the processing of personal data concerning you (Art. 21 GDPR).
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
You have the right to lodge a complaint with the competent supervisory authority in the event of a suspected breach of data protection law (Art. 77 DSGVO). The competent supervisory authority is the one at your usual place of residence, workplace or at the location of the suspected violation. You will find information and contact details below.
Cookies may be stored on your device when you visit the website. Cookies are small text files that are stored by the browser you are using. Cookies cannot run programs or transmit viruses to your device. However, the entity that sets the cookie can obtain certain information about it.
5. what about analytics and tracking tools?
When visiting our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and with so-called analysis programs. The analysis of your surfing behavior is usually anonymous. The surfing behavior cannot be traced back to you.
6. Where can I get more information?
II General notes and information on data protection
1. protection of your personal data
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
As a matter of principle, we process your personal data only insofar as this is necessary to provide a functional website and our content and services.
The processing of personal data of our users is regularly carried out only with the consent of the user. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.
2. data controller and other parties involved in the data processing.
The processing of your personal data entails a special responsibility for us as the data controller carrying out the data processing process. In the systematics of the DSGVO, data processing is carried out by the so-called "data controller", Art. 24 DSGVO. The data controller is us as CLIENTALYTICS Consulting UG (haftungsbeschränkt). Please refer to the first section or the imprint for the specific data.
"Controller" within the meaning of the GDPR is any natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
If there is more than one controller, both or several together establish a "joint responsibility" according to Article 26 GDPR and are in principle both or all together responsible for the obligations arising from the Regulation. However, a division of labor may be agreed between them, whereby you as a data subject may regularly contact any of the data controllers to exercise your rights.
In addition to the data subject and the data controllers, there may be other parties involved in the data processing process.
"Third party" in the sense of the GDPR is always a natural or legal person, authority, institution or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
3. processing of personal data
When you use this website, various personal data are collected.
Personal data in this context is any information that can be used to identify you personally or that makes you identifiable, in other words, any data that makes you identified or identifiable.
An identifiable or determinable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Your personal data is processed by us.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
4. lawfulness of data processing
Any processing of personal data should be lawful and fair. There should be transparency for individuals that personal data concerning them are being collected, used, accessed or otherwise processed and the extent to which the personal data are being processed and will be processed in the future.
In particular, the specific purposes for which the personal data are processed should be unambiguous, lawful and established at the time the personal data are collected.
In order for the data processing to also be lawful, personal data must be processed with the consent of the data subject or on another permissible legal basis, which derives from the GDPR or, whenever it refers to it, from other Union law or the law of the member states of the EU.
For example, on the basis that it is necessary for compliance with the legal obligation to which the controller is subject, or for the performance of a contract to which the data subject is a party, or for the performance of pre-contractual measures taken at the request of the data subject.
5. legal basis of data processing
Data protection law provides for a fundamental prohibition with reservation of permission with regard to the processing of personal data.
This means that data processing is generally prohibited unless it is justified in individual cases by an element of permission and a legal basis.
In the following, we would like to inform you about the relevant legal bases for processing personal data:
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a.) DSGVO serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 lit. c.) DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 lit. f.) DSGVO serves as the legal basis for the processing.
When accessing our website, you will be asked to give consent to the processing of your personal data insofar as it goes beyond the processing that is justified by law.
You can therefore choose between the processing of essential or necessary data, which is then regularly covered by the legal basis of Art. 6 Para. 1 lit. f.) DSGVO, taking into account your interests and after weighing them against our interests, since we already need some data to make our websites available to you, and also need further data for our own analysis and range measurement.
This regularly serves to make our websites even more user-friendly and to optimize them for you, thus serving our legitimate interests.
If, on the other hand, you voluntarily choose to give your consent to the processing of further personal data for advertising and commercial purposes, our data processing procedure will be based on the fact of consent pursuant to Art. 6 Para. 1 lit. a.) DSGVO, whereby you can, of course, revoke this consent at any time without further consequences or disadvantages for you.
6. necessary data processing during website access (server log files)
If you only use this website to obtain information and do not provide any data, then we only process the data that is required to display the website on the Internet-capable device you are using.
In doing so, the provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
These are in particular:
date and time of the request
the amount of data transmitted in each case
the website from which the request came
Internet service provider
browser type and browser version
The legal basis for the processing of this data is legitimate interests pursuant to Art. 6 (1) lit. f) DSGVO, in order to enable the presentation of the website in principle. A storage or consolidation of these data together with other personal data or data sources from you does not take place.
7. data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose of storage ceases to apply. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws or other regulations to which we are subject as the responsible party.
Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract or you have given your express and voluntary consent to this.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to you. For this purpose, the user's IP address must remain stored for the duration of the session.
Insofar as the storage of IP addresses in log files, the storage is necessary to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes expressly does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f.) DSGVO. Since the collection of data for the provision of the website and the storage of data in log files are absolutely necessary for the operation of the website, there is no possibility of objection on your part (only) in this context.
In the case of storage of files in log files, the collected data must be deleted after seven days at the latest. Storage beyond this period is possible. In this case, however, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
8. revocation of your consent to data processing
Many data processing operations are only possible with your express consent.
You can revoke consent you have already given at any time, Art. 7 (3) DSGVO. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
9. right of appeal to the competent supervisory authority
In the event of violations of data protection law, you as the data subject have a right of appeal to the competent supervisory authority. A supervisory authority is an independent and governmental body established by a Member State pursuant to Art. 51 DSGVO.
The competent supervisory authority for data processing on our websites in matters of data protection law is the state data protection commissioner(s) of the federal state in which our company is based.
A list of the state data protection commissioners and their contact details can be found at the following link:
The State Commissioner for Data Protection of the State of Bavaria, which is responsible for us, can be consulted via the following link:
Website of the Federal Commissioner for Data Protection and Freedom of Information - Homepage - Bavaria,
The Bavarian State Commissioner for Data Protection
Prof. Dr. Thomas Petri
P.O. Box 22 12 19
Telephone: 089/21 26 72-0
Fax: 089/21 26 72-50
10. objection against advertising mails
We hereby object to the use of contact data published within the framework of the imprint obligation to send advertising and information material that has not been expressly requested.
We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
III. Your rights as a data subject
Data protection law and the GDPR provide you, as the party directly affected by the data processing process, with far-reaching rights and design options with regard to your personal data in order to influence the data processing process.
The principle of transparency requires that the information intended for you is precise, easily accessible and understandable, and written in clear and simple language.
Therefore, in the following we would now like to inform you comprehensively about your legal rights in the context of data processing, refer to the laws, explain them and thus make it as easy as possible for you to exercise your legal rights.
Should you wish to exercise any of your rights listed below, we will support you in this in the best possible way and comply with your request as quickly as possible.
In doing so, we do not impose any complicated requirements on the application process. You are welcome to contact us at any time under the data mentioned above as well as in the imprint and informally assert your right.
In detail, your rights are the following:
1. right to information according to Art. 15 DSGVO
As a data subject of the processing of personal data, you have a right to information pursuant to Art. 15 DSGVO against the controller of the data processing, in this case against us.
First of all, you have a general right to information regarding the question of whether the controller is processing your personal data at all or intends to do so. If this is the case, you have an extended right of access to this personal data.
In addition, you have a right of access regarding further information in connection with your personal data, such as the processing purposes, the categories of personal data and to which (foreign) third parties or categories of third parties the data have been or will be disclosed.
If your data is transferred to a third country or to an international organization, you have the right, as part of your right to information, to be informed about the appropriate safeguards (Art. 46 GDPR) and protective measures as well as applicable data protection standards of the countries to which your data may be transferred. This point is dealt with separately in another section.
Since we take data protection particularly seriously and your understanding and comprehensive information is important to us, we would like to point out in particular that we will be happy to provide you with a copy of the personal data that is the subject of processing at your request. We will also be happy to provide this to you in electronic form.
2. right of rectification according to art. 16 DSGVO
According to Art. 16 DSGVO, you have a right of rectification of all incorrect, incorrectly transmitted or incorrectly presented and only incorrectly or incompletely stored data.
If we have recorded or processed personal data from you incorrectly during data collection or if this data is incorrect, you can demand that we correct the data relating to you personally without delay. Immediate rectification here means, as a general rule and according to German case law, rectification without culpable delay.
If the purpose of the data processing, in which your data has been included incorrectly or incompletely, requires this after consideration, you as the data subject have a right to have incomplete data completed, also by means of a supplementary declaration.
3. right to deletion according to Art. 17 DSGVO
In addition to the right to information and rectification, under certain circumstances you also have a right to erasure of your personal data in our data processing processes pursuant to Art. 17 DSGVO and thus a right to stop data processing.
The right to erasure is also referred to as the "right to be forgotten".
At any time, you have the right to assert your right to erasure. Whether we have to delete your personal data without delay then depends on the further circumstances of the individual case.
We must delete your personal data without delay if your personal data is no longer necessary for the purposes for which it was collected or otherwise processed and also if the original data processing of your personal data was based on your consent and no other legal basis is available.
Furthermore, your personal data must also be deleted if it has been processed unlawfully, the deletion serves to fulfill a legal obligation to which we are subject, or you have objected.
4. right to restriction of processing according to Art. 18 DSGVO
According to Art. 18 DSGVO, you have the right to request the restriction of the processing of your personal data. You can exercise this right in a variety of ways.
For example, if you dispute the accuracy of your processed personal data. Then you can request us to stop processing for a period of time that allows us to verify the accuracy of your personal data.
On the other hand, if we no longer need your personal data for the purposes of processing, you can also exercise your right to restrict processing to the effect that the data remain available if, for example, you still need them to assert, exercise or defend legal claims.
5. right to data portability according to Art. 20 DSGVO
As a data subject of a data processing regarding your personal data, you have the right to data portability according to Art. 20 DSGVO. You can freely exercise this right at any time.
The right to data portability implies that you have a right to demand that we provide you with your personal data that you have provided to us in a structured, common and machine-readable format.
In addition, you also have the right to have this data transferred to another controller without hindrance from the controller to whom the personal data was previously provided.
If and to the extent technically feasible, when exercising your right to data portability, you also have the right to obtain that your personal data be transferred directly from one controller to the other.
What this complicated passage of the law wants to express is basically nothing else than what you are surely familiar with from telephone provider changes, namely that you sign a contract with the new provider and the latter immediately receives the authorization to terminate the old contract and to take over (port) your data.
However, you only have the aforementioned right to data portability if the original data processing was based on voluntary consent or on a contract and if the processing was carried out using automated processes.
6. right of objection according to Art. 21 DSGVO
As a data subject, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO.
If you are in a special situation for which special reasons arise, you also have the right as a data subject to object at any time to the processing of personal data concerning you.
You have the right to object insofar as the objected data processing is necessary for the performance of a task carried out in the public interest or this task is carried out in the exercise of official authority vested in the controller (Article 6(1)(e)) or is necessary for the purposes of safeguarding the legitimate interests of the controller or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms of you which require the protection of your personal data (Article 6(1)(f)).
If you have exercised your valid and effective right to object, we will no longer process your personal data. An exception may exist if compelling legitimate grounds for the processing can be demonstrated which override your rights and freedoms, or it is processing for the purpose of asserting, exercising or defending legal claims.
If the processing of your personal data is direct advertising, you have the right to object at any time, this also applies to so-called profiling.
If you object to the processing of your data for these purposes, we will no longer process your personal data for these purposes.
7. right to case-by-case decision according to Art. 22 DSGVO.
Pursuant to Art. 13 of the GDPR, in addition to the information already provided, you are entitled to additional information necessary to ensure fair and transparent processing of your personal data.
As a data subject, you have the right not to be subject to a decision based solely on automated processing - including profiling - insofar as (!) it would produce legal effects or similarly significantly affect you.
This does not apply if the decision is necessary for the conclusion of a contract between you and the controller or is permissible under Union or Member State law and such law provides for appropriate measures.
8. right of complaint Art. 77 DSGVO
In the event of a suspected breach of data protection law, you have the right to lodge a complaint with the competent supervisory authority.
Insofar as the local jurisdiction is based on the location of the suspected violation, the State Data Protection Commissioner of the State of Bavaria is responsible, whose contact details can be found in the previous sections.
9. right to revoke the declaration of consent under data protection law.
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Furthermore, neither disadvantages nor impairments arise for you as a result of the revocation.
IV. Other data collection
These cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Some elements of our website require that the calling browser can be identified even after a page change.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
However, you can also set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. However, if cookies are deactivated, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 Para. 1 lit. f.) DSGVO.
The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
2 Cookies for analysis and tracking purposes
With regard to the legal basis for this further processing of your personal data, we have opted for the most legally secure solution, which is also in line with current and prevailing case law of the European Court of Justice (ECJ). This is the so-called "opt-in solution", in which consent is obtained from you before the technically unnecessary cookies are set and retrieved.
The reference to our data protection declaration is also made there.
Therefore, when you call up our homepage, you as the user are provided with various selection options, which can be seen on a button centered on the screen. As a preselection, only the setting of necessary cookies has been made here.
If you confirm this selection in the form, we only set the essential cookies that we have explained above. In this respect, the legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f.) DSGVO.
In addition, you have the option to voluntarily consent to the further processing of your data for commercial and analytical purposes and for the evaluation of your user behavior. For this, you must make a selection to the effect that you tick the further box of cookies for marketing purposes or external media (opt-in).
If you have given your voluntary declaration of consent to the setting of further cookies here, the legal basis for further data processing is your consent pursuant to Art. 6 (1) lit. f.) DSGVO. You can, of course, revoke this declaration of consent at any time without any disadvantages or adverse effects for you.
The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data.
The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.
3 Google Analytics and Tracking Tools
We use "Google Analytics" on our website, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, Barrow St., Dublin 4, Ireland (hereinafter referred to as "Google").
Despite the designation used by Google as Google Analytics, we would like to point out that, according to general legal opinion and the advice of the independent data protection conference of the data protection authorities of the federal states and the federal government (DSK), Google Analytics is expressly not a pure analysis tool that serves purely to measure reach, but rather a distinct tracking tool. Here, further personal data is collected and processed for marketing purposes.
The information generated by the cookie about the use of our website is usually transferred to Google servers and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website ("IP anonymization"), your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be transmitted to a Google server outside the EU and shortened there. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage on our behalf.
Insofar as the data is transferred to the United States of America, separate data protection provisions apply here, which have been agreed between the USA and Europe as well as the USA and Switzerland and meet the known data protection requirements. This is the Privacy Shield agreement.
Purely as a precautionary measure, we would also like to point out that in exceptional cases, Google may also transfer data to servers in third countries that may not meet the data protection standards and data protection level of European data protection.
In this context, pseudonymous usage profiles can be created from the processed data. The IP address transmitted when using Google Analytics is not merged with other data from Google. A personal reference can thus be excluded.
We use Google Analytics for the purpose of analyzing the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behavior, we can improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. a) DSGVO.
The setting of the Analytics cookie can be prevented by setting the browser to reject all cookies. However, this may affect the usability of this website. The collection of data by Google can also prevent the installation of the following browser plug-in:
For more information on Google's use of data, on setting and objection options, and on data protection, please refer to the following Google web pages:
- User Terms:
- Data use by Google when you use websites:
- Data use for advertising purposes:
- Personalized advertising settings by Google:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of user and event level data associated with cookies, user identifiers (e.g. User ID) and advertising IDs (e.g. DoubleClick cookies, Android advertising ID, IDFA [Apple identifier for advertisers]) will occur no later than 14 months after collection. More details on this point can be found at the following website:
Further information on how Google Analytics handles user data can be found here:
4. google maps
We may inform you that we use on our website the offer of Google Maps, a popular and widely used map service. This allows us to show you interactive maps directly on our website and enables you to comfortably use the map function.
If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data in the form of usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of their website. Such an evaluation is carried out in particular to provide needs-based advertising and to inform other users of the social network about your activities on our website.
You have the right to object to the creation of these usage profiles. To exercise this right of objection, however, you must contact Google directly.
The map function "Google Maps" is a service of the provider Google. The responsible body of the service provider is: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is: Google LLC, 1600 Amphitheatre Parkway, Moun-tain View, CA 94043, USA.
Website of the service provider is:
Information on the Privacy Shield agreement can be found here:
The following link will direct you to the opt-out option:
In order to meet the data protection requirements, we have prepared our website in such a way that, before loading third-party services such as Google Maps, you are explicitly informed that you accept Google's data protection declaration by loading the map.
By clicking on the "Load map" button, you are giving a conscious and active declaration of consent to the transfer of your personal data to Google.
Only after you have initiated the clicking of the button, the application is started and the map opens.
5. social media
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
One of them is the application "Facebook", recognizable in the bar at the bottom of the page by the familiar Facebook logo, a small "f" in white letters and bold. On the other hand, we use "Xing", recognizable in the bar at the bottom of the page by the familiar Xing logo, represented on our page by a white, bold "X", with the left half of the logo shown abbreviated. Lastly, we also use the application "Linkedin", recognizable in the bar at the bottom of the page by the Linkedin logo, represented in white font, bold with the lowercase letters "in".
Social networks such as Facebook, Google+, Instagram, Xing, etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media sites triggers numerous processing operations relevant to data protection.
a.) Data processing through social media.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence.
Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
We would like to point out that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
Our social media presences are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f.) DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a.) DSGVO).
b.) Persons responsible for asserting your rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes.
We have a profile on Facebook.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Inc. also has certification under the EU-US Privacy Shield. Since we, as the operator of the Facebook Fanpage, are located outside the USA or Canada, the controller for the processing of personal data together with us is:
Facebook Ireland Ltd
4 Grand Canal Square
Grand Canal Harbour
You can contact the responsible entity Facebook Ireland Ltd here:
You can contact the responsible data protection officer of Facebook Ireland Ltd at the following link:
An overview of Facebook plugins can be found here:
Since the operation of our Facebook pages is a joint responsibility (Art. 26 DSGVO) between Facebook and the FDP in terms of data protection law, a corresponding agreement has been concluded with Facebook Ireland Ltd, which you can view at the following link:
It should be said, however, that Facebook, according to its own statements in the agreement, undertakes to comply with the essential obligations of the DSGVO with regard to the processing of personal data:
"Facebook Ireland will ensure that it has a legal basis for processing In-sights data, which is set out in Facebook Ireland's Data Policy (see under "What is our legal basis for processing data?"). Unless otherwise stated in this Page Insights Supplement, Facebook Ireland undertakes compliance with the obligations under the GDPR for the processing of Insights Data (including, without limitation, Articles 12 and 13 of the GDPR, Articles 15 to 21 of the GDPR, Articles 33 and 34 of the GDPR). Facebook Ireland takes appropriate technical and organizational measures in accordance with Article 32 of the GDPR to ensure the security of the processing. This includes the measures set out in the Annex below (which will be updated from time to time to take into account, for example, technological developments). All Facebook Ireland employees involved in the processing of Insights Data are bound by appropriate agreements to maintain the confidentiality of Insights Data."
We have no influence on the type and scope of the data processed by XING, the way in which it is processed and used, or the transfer of this data to third parties. We also have no effective control options in this respect.
When you use or visit the XING service, data is automatically collected from you during the use or visit. This is done with the help of various tracking technologies.
On XING's servers, data from users and third parties that is primarily required for the provision and maintenance of the security of the XING service is used. On your terminal device, data is used by means of cookies, pixels and similar tracking technologies data from users and third parties to provide the services and to evaluate user behavior, to measure and optimize advertising, as well as for statistical purposes.
In addition, for example, if your e-mail program allows HTML, it is determined whether and when you have opened an e-mail. Within the scope of tracking, access data (e.g. date and time of the visit, IP address, cookie ID, location data, product and version information of the browser or app used, device identifiers or device data) as well as interaction data (e.g. pages viewed or search queries performed) are processed.
In order to be able to identify you as a user during your visit to XING, so-called session cookies are used. These session cookies are automatically deleted after the end of the respective session.
These cookies are required in order to use XING. In addition, a very rough geo-localization is carried out with regard to your person at the level of the cities you visit.
For this purpose, your shortened and anonymized IP address and, if you have consented to this in your mobile device, your geocoordinates are stored. It is not stored where exactly they are located. Specific addresses or geocoordinates are not stored.
Further information on how your data is processed by XING can be found here:
LinkedIn has committed to the principles of the EU-US Privacy Shield. More details can be found at:
We have no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect. When you visit the LinkedIn site, your IP address, among other things, is collected, as well as other information that is present in the form of cookies on your PC. This information is used to provide us, as operators of the LinkedIn pages, with statistical information about the use of the LinkedIn page.
The data collected about you in this context is processed by LinkedIn and, if necessary, transferred to countries outside the European Union. What information LinkedIn receives and how it is used is described in general terms by LinkedIn in its data usage guidelines. There you will also find information on how to contact LinkedIn and on the settings options for advertisements. The data usage guidelines are available at the following link:
LinkedIn logs your visits to and use of LinkedIn's services, including mobile apps. Data is collected through deployed cookies and similar technologies. LinkedIn receives data from your devices and networks, including location data. Furthermore, LinkedIn is informed when you communicate via their services.
Information about the cookies used by LinkedIn can be found at the following link:
It is possible for you to reject the use of these cookies by LinkedIn. The procedure for refusal can be found here:
When you access a LinkedIn page, the IP address assigned to your end device is transmitted to LinkedIn. LinkedIn collects data about the apps, browsers and devices you use when accessing LinkedIn services.
When you visit or leave LinkedIn's services (including plug-ins, cookies, or similar technologies on third-party websites), LinkedIn receives both the URL of the website you came from and the one you navigate to next. LinkedIn also receives information about your IP address, your proxy server, your operating system, your web browser and add-ons, your device identifier and features, and/or your Internet service provider or mobile carrier.
If you access LinkedIn's services using a mobile device, that device will send data about your location based on your phone settings.
For information on how to manage or delete information that exists about you, please visit the following LinkedIn page:
V. Contact form and e-mail contact
Our website contains a contact form that you can use to contact us electronically. If you use this option, the data entered in the input mask will be transmitted to us and stored.
This data is primarily the name and e-mail address you have given us. Furthermore, the subject designated by you as well as the contents of your message.
At the time of sending the message, additional data such as the IP address and the date and time of registration are also stored.
Alternatively, it is possible to contact us via the e-mail address provided by us. In this case, the personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation requested and initiated by you.
If you have given your consent, the legal basis for the processing of this data is Art. 6 para. 1 lit. a.) DSGVO. The legal basis for the processing of data that you have transmitted to us in the course of sending an e-mail is Art. 6 para. 1 lit. f.) DSGVO. If your e-mail inquiry is aimed at the conclusion of a contract, the further legal basis for the processing is Art. 6 para. 1 lit. b.) DSGVO.
In this case, the processing of your personal data from the input mask serves exclusively to process the contact you have requested and initiated. If you contact us by e-mail, the necessary legitimate interest in processing the data is also given here.
The data is then deleted when it is no longer required to achieve the purpose for which it was collected. In the case of data from the input mask of the contact form, this is the case when the respective conversation with you has ended.
If you have given your consent to the processing of your personal data in the input mask, you can revoke this consent at any time without any disadvantages for you. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, however, we will no longer be able to continue the conversation.
VI. Processing of applicant data for online applications
If this section is relevant to you, we are very pleased that you are interested in our company and look forward to receiving your application.
1. general information on the application process
You can apply for various job postings on our careers page under the Jobs section. In doing so, you provide us with your data for the respective advertised position, whereby your information will only be checked for this position.
Your application will only be considered and checked for other vacancies if you have explicitly released your profile and application for this purpose.
Alternatively, you can of course send us an unsolicited application at any time.
If the review of your application shows that your profile is suitable for a vacancy with us, we will contact you using the contact data you provided to us. We will treat your details confidentially.
If you are not yet an employee of ours and we are unable to offer you a suitable position at the time of your application, there is always the possibility that we will include you in our pool of applicants. In this case, we will invite you separately by e-mail to submit a declaration of consent. If you agree to be included in the applicant pool, you can also revoke your consent at a later date.
As a company, we are also the responsible party for your applicant data. Our contact details as the responsible party can be found under I. No. 1 of this data protection declaration and under our imprint.
Of course, as an applicant, you also have the usual data subject rights with regard to your personal applicant data that is collected and processed by us as part of the application process. Detailed information on your rights as a data subject can be found under Section III. of this data protection declaration.
2. data categories and data collection
The categories of personal data processed include master and contact data that we request via our online form or that you automatically transfer to our online form via your Xing or LinkedIn profile.
In addition, we process the data contained in the application documents that you can upload via our online application system. In the ongoing application process, we may collect and process further data.
If you have also voluntarily provided special categories of personal data (such as health data, religious affiliation, degree of disability) in the letter of application or in the course of the application process, processing will only take place if you have consented to this or if a legal permissible circumstance justifies this.
The categories of data that we process include, in particular, your:
- Master data (such as first name, last name, name affixes, date of birth, nationality and, if applicable, personnel number)
- Contact data (such as private address, mobile/telephone number, e-mail address)
- Data from the entire application process (cover letter, references, questionnaires, interviews, qualifications and previous activities)
- Application photo
- Criminal record, insofar as this is necessary due to the advertised position
- Account data in cases of travel expense reimbursement.
Your personal data is generally collected directly from you as part of the recruitment process. In addition, we may have received data from third parties (e.g. job placement agencies) to whom you have provided your data for disclosure. In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional social networks).
3. purposes of data processing and legal basis
We process your personal data in compliance with the provisions of the DSGVO of the Federal Data Protection Act (BDSG) and all other relevant laws (e.g. BetrVG, AGG, etc.).
The primary purpose of data processing is to carry out and process the application procedure and to assess the suitability for the position in question. The processing of your applicant data is necessary in order to be able to decide on the establishment of an employment relationship.
The primary legal basis for this is Art. 6 para. 1 lit. b.) DSGVO in conjunction with. § Section 26 (1) BDSG. In addition, collective agreements (group, collective and works agreements) pursuant to Art. 88 (1) DSGVO in conjunction with Section 26 (4) BDSG may be used. § Section 26 (4) BDSG or your separate consent pursuant to Section 26 (2) BDSG in conjunction with Article 4 No. 11, Article 7 DSGVO may be used as a data protection permission provision.
Where necessary, we also process your data on the basis of Art. 6 para. 1 lit. f.) DSGVO in order to protect legitimate interests of us or of third parties (e.g. authorities). Furthermore, in the context of employment promotion, data may be transferred on the basis of Art. 6 para. 1 c.) DSGVO in conjunction with. § 39 para. 3 SGB III to the Federal Employment Agency.
The processing of special categories of personal data (e.g. health data) is based on your express consent pursuant to Section 26 (2) and (3) sentence 2 BDSG in conjunction with Article 4 No. 11, Article 7 DSGVO, unless legal permissions such as Article 9 (2) lit. b.) DSGVO in conjunction with Section 26 (3) sentence 1 BDSG are relevant. If you wish to take advantage of special rights for severely disabled persons in the application process, you can state your severe disability in your letter of application.
In addition, due to the European anti-terrorism regulations 2580/2001 and 881/2002, we are obliged to check your data against the so-called "EU terror lists" to ensure that no funds or other economic resources are made available for terrorist purposes in the future.
Data processing for statistical purposes (e.g. studies on applicant behavior) is carried out exclusively for our own purposes and in no case personalized, but anonymized.
If, after completion of the application process, your data may be required for legal prosecution or to assert or defend claims, data processing may be carried out in accordance with Art. 6 para. 1 lit. f.) DSGVO or Art. 9 para. 2 lit. f.) DSGVO.
If we want to process your personal data for a purpose not mentioned above, we will inform you in advance.
4. recipients of your applicant data
As part of your application, you must provide those personal data that are required for the application process and the suitability assessment. Without this data, we will not be able to carry out the application process and make a decision on the establishment of an employment relationship.
Within our company, only those persons and departments will receive your personal data that need it for the hiring decision and to fulfill our (pre-)contractual and legal obligations.
Due to legal obligations, data may be exchanged with the Federal Employment Agency. In addition, we may transfer your personal data to other recipients outside the company, insofar as this is necessary to establish the employment relationship. Other recipients of personal data may also include commissioned data processors in accordance with Art. 28 DSGVO.
5. storage period of your applicant data
We delete your personal data six months after the conclusion of the application process if an employment relationship is not established. This does not apply if legal provisions prevent the deletion or if the further storage is necessary for purposes of evidence.
If you are reimbursed by us for travel expenses as part of the application process, we must retain these statements in accordance with the retention periods of the German Commercial Code and the German Fiscal Code.
If you are hired by us, we will transfer your application data to your personnel file and your master data to our personnel administration and accounting system.
If we are unable to offer you a vacant position, but believe on the basis of your profile that your application may be of interest for future or other vacancies, we will process your personal application data in our applicant database for twelve months or longer if necessary, provided that we have your express consent to do so and you explicitly request this.
You can, of course, revoke your declaration of consent at any time. However, we would then like to point out that we will not be able to consider your application for any further current or future vacancies.
VII. Further notes
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
The data protection measures are always subject to technical renewal. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection declaration.
Status: June 2022