Privacy Policy

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other data protection regulations for data processing to provide the website is:

PALTRON GmbH

Am Sandtorkai 48

20457 Hamburg

Website: www.paltron.com

Mail: contact@paltron.com

We have appointed a data protection officer:

Prof. Dr. Christian Rauda

Specialist attorney for copyright and media law

Specialist attorney for information technology law

Specialist attorney for intellectual property law

GRAEF Attorneys at Law Digital PartG mbB

Jungfrauenthal 8

20149 Hamburg

Phone +49.40.80 6000 9-0

Fax +49.40.80 6000 9-10

E-mail data.security.officer@paltron.com

Website www.graef.eu

  1. General information on data processing

  1. Scope of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide our website, our content and our services.

  1. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (DSGVO) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) lit. f DSGVO serves as the legal basis for the processing.

  1. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

II. Provision of the website and creation of log files

Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected for a limited period of time:

  1. Information about the browser type and version used.
  2. The operating system of the user
  3. The user's Internet service provider
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user's system accesses our website

The data is stored in the log files of our system. This data is only required for the analysis of any malfunctions and is deleted within seven days at the latest. The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f DSGVO. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context and conclusions about your person are not drawn. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for the user to object.

III. Use of cookies

We use so-called session or flash cookies on our website and in our applications. Cookies are text files that are stored in or by the Internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified the next time the website is accessed. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected with technically necessary cookies are not used to determine the identity of the user or to create user profiles. The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) DSGVO. Due to the technical necessity, there is no revocation option.

Insofar as we use cookies that are not technically necessary, you will find the relevant information in the following information on the individual services.

VI. General contact

You can contact us via our contact form on our website, by e-mail, telephone or letter. In this case, the information you provide in your inquiry, including the contact data you provide there, will be stored by us solely for the purpose of processing the inquiry and in the event of follow-up questions. In this context, the data will not be passed on to third parties.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f DSGVO. Our interest in answering your inquiry outweighs your interest; furthermore, since you are writing to us, an answer is also in your interest and you are aware that we need to process your data to answer your inquiry.

If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) lit. b DSGVO.

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the facts concerned have been conclusively clarified.

V. Web analysis and control services

  1. Google Tag Manager

Insofar as you have declared your consent, the Google Tag Manager of Google LLC is used on this website. Our contractual partner is the European subsidiary Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

​​The Google Tag Manager is basically used to play out other tools. Instead of loading a tool directly, it is loaded by the Google Tag Manager. The Google Tag Manager uses administrator cookies and transfers cookies associated with the Tag Manager to Google. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

Due to the server connections between your internet connection and Google's servers, your IP address is also processed, as well as network data such as the following:

  • approximate location (region)
  • technical information about the browser and the end devices used (e.g. language setting, screen resolution)
  • Internet provider
  • the referrer URL (via which website/advertising medium users came to this website)

The legal basis for data processing by Google Tag Manager is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

You can revoke your consent at any time with effect for the future by calling up the settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. The data collected via the Tag Manager will otherwise be processed until you revoke your consent.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict functionality on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by not giving your consent to the cookie setting.

For more information on the terms of use of Google Tag Manager and data protection at Google, please visit https://marketingplatform.google.com/about/tag-manager/ and https://policies.google.com/?hl=de.

  1. Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. Our contractual partner is the European subsidiary Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language setting

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

Google will use this information on our behalf for the purpose of evaluating your anonymous use of the website and compiling reports on website activity (analysis using user ID is not pseudonymous). The reports provided by Google Analytics are used to analyze the performance of our website.

Recipients of the data besides us are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Insofar as data is processed outside the EU/EEA and there is no level of data protection that corresponds to the European standard, Google Ireland Limited has concluded EU standard contractual clauses with Google LLC, which is based in California, USA, in order to establish appropriate safeguards in accordance with Art. 46 of the GDPR. A copy of the contractual clauses can be found here: https://policies.google.com/privacy/frameworks?hl=de&gl=de. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU / EEA. If applicable, you are not entitled to any legal remedies against access by authorities.

The data sent by us and linked to cookies will be automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO. You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by selecting.

  1. not give your consent to the setting of the cookie or
  2. download and install the browser add-on to disable Google Analytics HERE.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

3. Microsoft Advertising Universal Event Tracking

On our website, we use the service Microsoft Advertising (formerly Bing Ads) of the provider Microsoft Corp. Our contractual partner is the European subsidiary Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland ("Microsoft"). Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us serve targeted ads through the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers, and information about device and browser settings are processed.

Microsoft Advertising collects data via UET that allows us to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when visiting our website. Microsoft Advertising can thus recognize that our website has been visited and play an ad when Microsoft Bing or Yahoo is used at a later time. The information is also used to compile conversion statistics, i.e. to record how many users have been served ads after clicking on an ad and were redirected to one of our websites. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified.

Recipients of the data besides us are/may be:

  • Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (as processor according to Art. 28 DSGVO).
  • Microsoft Corp., One Microsoft Way, Redmond, Washington WA 98052, USA

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, Microsoft Ireland Operations Limited has concluded EU standard contractual clauses with Microsoft Corp. which has its registered office in Washington, USA, in order to establish appropriate guarantees in accordance with Art. 46 DSGVO. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE. A transfer of data to the USA and access by US authorities to the data stored by Microsoft cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO. You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

4. Hotjar Behavior Analytics

We have integrated Hotjar Behavior Analytics on our website. Hotjar Behavior Analytics is a service provided by Hotjar Ltd, Level 2, St Julians Business Centre 3 Elia Zammit Street St Julians STJ 3155 Malta ("Hotjar"). Hotjar provides analytics and optimization tools that analyze the behavior and feedback of users of our website through analytics and feedback tools. Hotjar Behavior Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on website activity and to statistically analyze visitor data. Furthermore, Hotjar Behavior Analytics records clicks, mouse movements and scroll heights in order to create so-called heat maps and session replays.

In addition to us, the recipients of the data are Hotjar Behavior Analytics, Hotjar Ltd, Level 2, St Julians Business Centre 3 Elia Zammit Street St Julians STJ 3155 Malta.

We process your data with the help of Hotjar Behavior Analytics for the purpose of optimizing our website and for marketing purposes based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO. You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

The specific storage period of the processed data cannot be influenced by us, but is determined by Hotjar Ltd. Further information can be found in the privacy policy for Hotjar Behavior Analytics: https://www.hotjar.com/privacy/.

Insofar as Hotjar processes data outside the EU/EEA and there is no level of data protection corresponding to the European standard, which has been confirmed by the EU Commission by means of an adequacy decision pursuant to Art. 45 of the GDPR, Hotjar has concluded EU standard contractual clauses with its subcontractors in order to establish appropriate guarantees within the meaning of Art. 46 of the GDPR. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE. It is noteworthy in this respect that currently the USA is also considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

5. WildJar

We use the service WildJar of WILDJAR Pty Limited, Ground Floor, Suite 2, 39 Terry Street, Rozelle, Sydney, 2039, Australia. Via the WildJar service, the telephone number of the caller is transmitted to us along with the time, date and duration of the call, as well as information about which link on which website the caller used to connect to us. The data is processed in order to process relevant caller information on an incoming telephone call for analysis purposes. Under no circumstances is the content of the call stored. The data is not passed on to third parties. The described processing of your data is based on your consent (Art. 6 para. 1 lit. a) DSGVO). You can revoke your consent at any time with effect for the future by sending an e-mail to Datenschutz@ctg-consulting.com. The rec££htfulness of the processing carried out on the basis of the consent until the revocation remains unaffected. Processing will continue until your consent is revoked or until the purpose of the data processing no longer applies.  Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with WILDJAR Pty Limited, which is based in Sydney/Australia, in order to establish appropriate guarantees within the meaning of Art. 46 DSGVO. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE."

VI. Marketing Services

  1. LinkedIn Analytics and LinkedIn Ads

We use the conversion tracking technology and the retargeting function of LinkedIn Inc. on our website. Our contractual partner is the European subsidiary LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). With the help of this technology, visitors to this website can be served personalized advertisements on LinkedIn. Furthermore, there is the possibility to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

This informs LinkedIn that you have visited our website, whereby your IP address is also collected. In addition, timestamps and events such as page views are stored. In this way, we learn about which LinkedIn ad or interaction on LinkedIn you came to our website. This allows us to better control the display of our advertising.

LinkedIn Conversion Tracking logs when you take an action on our website. Such actions include a registration, a search, a lead, a contact, a purchase transaction and a purchase completion.

Due to the marketing tools used, your browser automatically establishes a direct connection with LinkedIn's server. We have no influence on the scope and further use of the data collected by LinkedIn through the use of Insight Tag.

In addition to us, recipients of the data are LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and, if applicable, LinkedIn Corp, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810, USA.

Insofar as data is processed outside the EU/EEA and there is no level of data protection that corresponds to the European standard, LinkedIn Ireland Unlimited Company has concluded EU standard contractual clauses with LinkedIn Inc. which is based in California, USA, in order to establish appropriate safeguards within the meaning of Art. 46 DSGVO. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE. A transfer of data to the USA and access by US authorities to the data stored by LinkedIn cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to legal remedies against access by authorities.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO. You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

For more information on data collection and data use, as well as the options and rights to protect your privacy, please refer to LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy.

If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: www.linkedin.com/help/linkedin/answer/1569/ihre-konto-und-datenschutzeinstellungen-verwalten-ubersicht

  1. Facebook Custom Audiences (Pixel/Cookies)

We use a so-called tracking pixel of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Meta Platforms Inc, 1601, Willow Road Menlo Park, CA 94025, USA, ("Facebook") on our website. We use Facebook Pixel to track the success of our own Facebook advertising campaigns and to optimize the playout of Facebook advertising campaigns to interested target groups.

After clicking on a Facebook ad or visiting our website, a cookie is stored on your terminal device using the pixel on our website. The cookie processes data about whether you arrived at our website via a Facebook ad and allows us to analyze the user's behavior until the purchase is completed. This allows us to track the success rate of our Facebook advertising campaigns. In addition, the pixel processes data about the fact that you have visited our website and allows us to customize the ads played on Facebook to your interests.

Via the Facebook pixel integrated on our website, a direct connection to Facebook's servers is established when you visit our website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to Facebook in the USA. 

In addition to us, the recipients of the data are:

  • Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (as processor according to Art. 28 DSGVO).
  • Meta Platforms Inc, 1601, Willow Road Menlo Park, CA 94025, USA (as sub-processor according to Art. 28 DSGVO).

Meta Platforms Ireland Ltd. has concluded EU standard contractual clauses with Meta Platforms Inc., which is based in California, USA, in order to establish appropriate safeguards within the meaning of Art. 46 DSGVO. A copy of the standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum. A transfer of data to the USA and access by US authorities to the data stored by Facebook cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

The collected data is anonymous for us and does not allow us to draw any conclusions about the user. If you are registered with Facebook, Facebook can assign the collected information to your account. Even if you do not have a Facebook account or are not logged in when you visit our website, it is possible for Facebook to process and store your IP address and other identification data. 

The legal basis for the data processing is your consent according to Art. 6 para. 1 a) DSGVO.  You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.

Furthermore, you can prevent the setting of cookies by adjusting the corresponding settings in your Facebook account at https://www.facebook.com/settings?tab=ads.

  1. Google Ads

We use Google Ads, an online advertising program of Google LLC, on our website. Our contractual partner is the European subsidiary Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Here, so-called conversion tracking is operated. If you click on an ad placed by Google, a cookie is set. This cookie loses its validity after 30 days and is not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. 

The data collected using the conversion cookie is used to generate statistics for Ads customers who have agreed to conversion tracking.  

Recipients of the data besides us are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Insofar as data is processed outside the EU/EEA and there is no level of data protection that corresponds to the European standard, Google Ireland Limited has concluded EU standard contractual clauses with Google LLC, which is based in California, USA, in order to establish suitable guarantees within the meaning of Art. 46 DSGVO. A copy of the contractual clauses can be found here: https://policies.google.com/privacy/frameworks?hl=de&gl=de. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO. You can revoke your consent at any time with effect for the future by calling up the cookie settings [Bottom left of the screen] and changing your selection there. There you will also find information about the cookies processed. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

  • not giving your consent to the setting of the cookie or
  • downloading and installing the browser add-on to disable Google Analytics HERE.

For more information on Google Ads' terms of use and Google's privacy policy, please visit https://ads.google.com/home/ and https://policies.google.com/?hl=de.

VII. Commissioned data processing in third countries

We use contract processors to provide our content and services. Some of these processors have servers in third countries for technical reasons, to which connections are established in special situations during your use. In particular, your IP address will be processed.

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, which was confirmed by the EU Commission by means of an adequacy decision pursuant to Art. 46 of the GDPR, we have concluded EU standard contractual clauses with the companies concerned in order to establish suitable guarantees within the meaning of Art. 46 of the GDPR. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE. It is noteworthy in this respect that currently the USA is also considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

We have concluded EU standard contractual clauses with the following processors or those processors have concluded EU standard contractual clauses with their sub-processors processing in third countries:

  1. Ikaros Pty Ltd, Level 28, 161 Castlereagh St, Sydney, NSW 2000, Australia.
  2. Segment, a service of Twilio Inc, a Delaware corporation, with a place of business at 101 Spear Street, 1st Floor, San Francisco, California, 94105, USA
  3. Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA
  4. CloudFront, a service of Amazon Web Service EMEA SARL (AWS Europe), Oskar-von-Miller-Ring 20, 80333 Munich, Germany
  5. Iubenda s.r.l., Via San Raffaele, 1, 20121 Milan, Italy

 

VIII. Consent Manager

We use the "iubenda Cookie Solution of iubenda s.r.l., Via San Raffaele, 1, 20121 Milan, Italy. This allows us to collect and store your the preferences regarding the processing of personal data and, in particular, the use of cookies and other trackers through this website. In order to be able to recognize your preferences the next time you use our website, a cookie is set by iubenda: _iub_cs-* The storage period for this cookie is 1 year. The processing is based on our overriding legitimate interests in providing a user-friendly consent management system (Art. 6 para. 1 lit f) DSGVO). For more information on the processing of personal data by cookies and other trackers, as well as on the various setting options and the revocation of any consent granted, please click [here].

IX. Chat functions

Within our online offer, functions and contents of the service Tawk.to may be integrated, offered by Tawk.to Inc, 187 East Warm Springs Rd, SB298 Las Vegas, NV, 89119, USA. Here, content from chats that you have with one of our employees is processed on our behalf. This content is then sent to us via email and stored.

The legal basis for processing the data is Art. 6 (1) lit. f DSGVO. Our interest in answering your inquiry via chat outweighs your interest; furthermore, since you write to us, an answer is also in your interest and you are aware that we need to process your data to answer your inquiry.

If the chat contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 (1) lit. b DSGVO.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

To the extent that data is processed outside the EU/EEA in the process and there is no level of data protection that corresponds to the European standard, we have concluded a data protection agreement with Tawk.to Inc. A copy of the EU standard contractual clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE. A transfer of data to the USA and access by US authorities to the data stored by Tawk.to cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

X. Social media links

We maintain online presences in social networks and platforms in order to communicate with customers, prospects and users who are active in these networks and to be able to inform customers, prospects and users about our services.

Our website therefore links to the Instagram website, operated by Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, U.S.A., or, if you are an EU resident, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Unless otherwise described in this privacy notice, no data is exchanged with Instagram through our website.

Our website also links to the website of LinkedIn, operated by LinkedIn Corp, 1000 W Maude Ave, Sunnyvale, CA, 94085-2810, USA, or, if you are a resident of the EU, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Unless otherwise described in this privacy notice, no data is exchanged with LinkedIn via our website.

Our website also links to the website of Xing, operated by Xing AG, Gänsemarkt 43, 20354 Hamburg. Unless otherwise described in this privacy policy, no data is exchanged with LinkedIn via our website.

When you access the aforementioned networks or platforms, the terms and conditions and data processing policies of the companies operating these networks or platforms apply. Unless otherwise provided in our privacy policy, we process data about users when they communicate with us via social networks or platforms, for example, when they post on our Facebook pages or send us messages.

XI. Data protection information for the recruitment process

In the context of an application procedure or a contact confirmation, after receipt of your application or activation of your contact data via our candidate portal of the service provider eRecruiter, which is integrated in this website, we process the data that you have provided to us or communicated to one of our consultants m/f and that are necessary for us for the purpose of carrying out an application procedure with one of our customers or establishing contact with the aim of opening an application procedure with one of our customers.

The following categories of data are processed:

  • Master data (surname, first name, name affixes and date of birth).
  • contact data (address, e-mail, telephone number)
  • any other information provided by you independently
  • documents sent to us and their content (e.g. letter of application, curriculum vitae, certificates, proof of activities, references, residence permit, work permit).

In addition, for the purpose of contacting you or after receipt of your application for the purpose of carrying out the application process, we process such personal data that we have obtained in a permissible manner from publicly accessible sources or personal contacts (e.g., from a joint communication in a career-oriented social network such as XING or LinkedIn). This includes in particular name, Xing or LinkedIn link, current position, current employer as well as any correspondence with you conducted via those services.

If you voluntarily provide us with special categories of personal data within the meaning of Art. 9 DSGVO as part of your application or contact (e.g., provide information about an existing severe disability or attach a photo to your application that shows, for example, glasses and thus a visual impairment), this is done on the basis of your consent that we may process the corresponding data after receipt of your application for the purpose of carrying out the application process. You can revoke your consent at any time without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

To enable more comprehensive job offers and consulting, you may consent to the processing of your personal data in the applicant database of the Career Team Group by CTG Consulting GmbH, alphacoders GmbH, CareerTeam GmbH, Foxio Consulting GmbH, Numeris Consulting GmbH, PALTRON GmbH and Sinceritas GmbH. We expressly point out that your consent is voluntary and has no effect on your chances in the application process. You may revoke your consent at any time vis-à-vis us or one of our group companies without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

In the event of a rejection or if you are no longer interested in a specific job offer, you can consent to your data being stored in our Career Team Group applicant database for a longer period of time in order to provide you with other job offers that may be of interest to you. You may revoke your consent at any time to us or to our group companies CTG Consulting GmbH, alphacoders GmbH, CareerTeam GmbH, Foxio Consulting GmbH, Numeris Consulting GmbH, PALTRON GmbH and Sinceritas GmbH without giving reasons. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Recipients of your personal data are only those persons who require your data for the decision on the establishment of an employment relationship as well as the subsequent implementation of the decision made or - in the case of contacting you - to inquire about your interest in career prospects and job offers with our customers. Contact is established with the greatest possible confidentiality, usually by telephone or e-mail, using the contact options you have provided.

We will only pass on your data to the customer once you have informed us in a personal conversation or telephone call of your express interest in the advertised position of the customer. You will be informed of the transfer of your data verbally or / and in most cases also in writing by e-mail. No other persons will have access to your data.

The legal basis for data processing is Art. 6 para. 1 b) DSGVO in conjunction with Art. 88 DSGVO and § 26 BDSG and, in the case of processing sensitive data pursuant to Art. 9 DSGVO and/or in the case of processing within the group of companies, your consent Art. 6 para. 1 lit a) DSGVO.

In principle, your personal data will only be processed within the EU. In the case of international customers, it may also be necessary to transfer your applicant data to customers in third countries. However, we will inform you about the potential recipient and the third country before the transfer.

No automated individual case decisions or profiling measures take place.

We will only process your personal data until the purpose of the processing no longer applies; unless this conflicts with legal obligations (e.g. obligations to provide proof and to keep records due to tax and labor protection laws and contractual obligations with our customers).

If our efforts result in you establishing an employment relationship with one of our customers, we will store your data for as long as we need it in each case for the lawful and proper establishment, implementation and termination of the employment relationship during the probationary period and for the processing of our related business activities with the respective customer. Afterwards, we delete your data, provided that there are no legal obligations to the contrary (e.g. obligations to provide proof and to retain data due to tax and labor protection laws and contractual obligations with our customers).

If, on the other hand, our efforts do not lead to the establishment of an employment relationship but to a rejection (either by you or by us or our customer), we will store your data for as long as is necessary for the defense against any claims resulting from the rejection of the application, but generally only for six months from the rejection issued.

XII. Rights

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the controller:

  1. Right of access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you may request information from the controller about the following:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data which are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) any available information on the origin of the data, if the personal data are not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 DSGVO in connection with the transfer.

  1. Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

  1. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;

(3) the controller no longer needs the personal data for the purposes of the processing, but you need it for the establishment, exercise or defense of legal claims; or

(4) if you have objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the controller's legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may - apart from being stored - only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

  1. Right to deletion

  1. Obligation to delete

You may request the controller to erase the personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay, if one of the following reasons applies:

(a) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(b) You revoke your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) DSGVO and there is no other legal basis for the processing.

(c) You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.

(d) The personal data concerning you have been processed unlawfully.

(e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(f) The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

  1. Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

  1. Exceptions

The right to erasure does not exist to the extent that the processing is necessary

(a) for the exercise of the right to freedom of expression and information;

(b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or

(e) for the assertion, exercise or defense of legal claims.

e. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the controller to be informed about these recipients.

f. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that.

(1) the processing is based on consent pursuant to Art. 6(1)(a) DSGVO or Art. 9(2)(a) DSGVO or on a contract pursuant to Art. 6(1)(b) DSGVO and

(2) the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g. Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to processing of the personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

h. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

i. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision

(1) is necessary for the conclusion or performance of a contract between you and the controller,

(2) is permitted by legal provisions of the Union or the Member States to which the controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or

(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

j. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

August 2022