Skip to main content

DATA PROTECTION

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can identify you personally. For more detailed information on data protection, please refer to our privacy policy listed below this text. The following text is an automatic translation of our German data protection information. Should the English text prove to be erroneous, incomplete or outdated, we refer to the German text on this website.

Data Collection on This Website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the section “Notice on the Responsible Body” in this privacy policy.

How do we collect your data?

Your data is collected in part when you provide it to us. This may include data, for example, that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website through our IT systems. These are mainly technical data (e.g. internet browser, operating system, or the time of the page view). The collection of this data occurs automatically as soon as you enter this website.

How do we use your data?

Some of the data is collected to ensure the website is provided without errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to request information about the origin, recipients, and purpose of your stored personal data free of charge. You also have the right to request the correction or deletion of this data. If you have given consent for data processing, you can withdraw this consent at any time for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Additionally, you have the right to file a complaint with the relevant supervisory authority.

For this and any further questions regarding data protection, you can always contact us.

Analysis Tools and Third-Party Tools

When visiting this website, your browsing behaviour may be statistically analysed. This is mainly done using so-called analysis programs.

Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

IONOS

We host our website with IONOS SE. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter referred to as IONOS). When you visit our website, IONOS collects various log files, including your IP addresses. For further details, please refer to IONOS’s privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable representation of our website. If consent was requested, the processing is carried out solely on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, as far as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law that ensures they process the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations as well as this privacy policy.

When you use this website, various personal data is collected. Personal data is information that can identify you personally. This privacy policy explains which data we collect and for what purposes we use it. It also explains how and for what purpose this happens.

We would like to point out that data transmission over the internet (e.g., when communicating by email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Secalflor Ltd
Schulstr. 4
16515 Oranienburg
Germany

Telephone: +49 (0)3301 5737347-0
Email: info@secalflor.de

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

4. Data Collection on this Website

Cookies

Our websites use so-called “cookies”. Cookies are small text files and do not cause any harm to your device. They are either temporarily stored for the duration of a session (session cookies) or permanently stored (persistent cookies) on your device. Session cookies are automatically deleted once your visit ends. Persistent cookies remain on your device until you delete them or an automatic deletion occurs through your web browser.

In some cases, cookies from third parties may also be stored on your device when you access our site (third-party cookies). These enable us or you to use certain services of the third party (e.g. cookies for payment processing services).

Cookies serve various purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or video display). Other cookies are used to analyse user behaviour or display advertisements.

Cookies required for carrying out the electronic communication process, providing certain features you desire (e.g. for the shopping cart function), or optimising the website (e.g. cookies for measuring web audience) are stored based on Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing will take place solely based on this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG); consent can be withdrawn at any time.

You can set your browser to inform you when cookies are set and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Where cookies from third parties or for analysis purposes are used, we will inform you separately in this privacy statement and may ask for consent.

Consent with Borlabs Cookie

Our website uses Borlabs Cookie consent technology to obtain your consent for storing certain cookies in your browser or using specific technologies and to document this in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the withdrawal of these consents are saved. These data will not be passed on to the provider of Borlabs Cookie.

The collected data is stored until you request us to delete it or you delete the Borlabs cookie yourself, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. You can find details about the data processing by Borlabs Cookie at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

The use of Borlabs Cookie consent technology is carried out to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data will not be combined with other data sources.

The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free display and optimisation of their website – for this purpose, server log files must be collected.

Contact Form

If you send us enquiries via the contact form, the information you provide in the enquiry form, including the contact details you provide, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

If this enquiry concerns one of our transnational subsidiaries, we will forward it to the responsible contact person. We will not pas

5. Analytics Tools and Advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It merely serves the purpose of managing and displaying the tools integrated through it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google’s parent company in the United States. The use of the Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If explicit consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics allows the website operator to analyse the behaviour of website visitors. In this process, the website operator receives various usage data, such as page views, duration of visit, operating systems used, and the user’s origin. These data are assigned to the respective user’s device. A link to a device ID is not made. Furthermore, with Google Analytics, we can track your mouse and scroll movements and clicks. Additionally, Google Analytics uses various modelling approaches to complement the collected datasets and applies machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of users for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a server in the United States and stored there.

The use of this analytics tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour to optimise both their online offerings and advertising. If explicit consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. The data transfer to the United States is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. More information about the handling of user data by Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Agreement

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

WordPress Statistics

This website uses “WordPress Statistics” to statistically evaluate visitor access. The provider is Aut O’Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland, whose parent company is based in the USA.

WordPress Statistics uses technologies that allow the recognition of users for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). WordPress Statistics collects, among other things, log files (referrer, IP address, browser, etc.), the origin of website visitors (country, city), and the actions they take on the site (e.g., clicks, views, downloads). The information thus collected about the use of this website is stored on servers in the USA. Your IP address is anonymised after processing and before storage.

The use of this analytics tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in anonymised analysis of user behaviour to optimise both their online offerings and advertising. If explicit consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The data transfer to the United States is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://automattic.com/en/privacy/

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites when the user enters specific search terms in Google (keyword targeting). Furthermore, targeted ads can be displayed based on the user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can quantitatively evaluate this data by, for example, analysing which search terms led to the display of our ads and how many ads led to corresponding clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the most effective marketing of their services and products.

The data transfer to the United States is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/

Facebook Pixel

This website uses Facebook’s conversion tracking pixel. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries. This allows the behaviour of website visitors to be tracked after they have been redirected to the website of the provider via a Facebook advertisement. This enables the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The collected data is anonymous for us as the website operator, and we cannot draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, so a link to the respective user profile is possible, and Facebook may use the data for its own advertising purposes in accordance with the Facebook Data Use Policy. This allows Facebook to display ads on Facebook’s pages as well as outside of Facebook. We, as the website operator, have no influence over this use of data.

The use of the Facebook Pixel is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media.

The data transfer to the United States is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://en-gb.facebook.com/help/566994660333381.

If personal data is collected on our website using the tools described here and passed on to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited to the collection of the data and its transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our shared obligations have been documented in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the privacy information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e.g., access requests) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
For further information on protecting your privacy, please refer to Facebook’s privacy policy: https://en-gb.facebook.com/about/privacy/.

You can also deactivate the remarketing function “Custom Audiences” in the ad settings under
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged into Facebook to do this.

If you do not have a Facebook account, you can disable Facebook’s usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/uk/preferefencemanagement/.

LinkedIn Insight Tag

This website uses the LinkedIn Insight Tag. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we obtain information about the visitors to our website. If a visitor is registered with LinkedIn, we can analyse, among other things, their professional details (e.g., career level, company size, country, location, industry, and job title) and thus better target our page to specific audiences. Furthermore, we can use LinkedIn Insight Tag to measure whether visitors to our website make a purchase or take any other action (conversion tracking). The conversion tracking can also take place across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, which allows us to show targeted ads to visitors outside of our website, with LinkedIn stating that no identification of the ad recipient takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and access time). IP addresses are shortened or (if used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is deleted within 180 days.

The data collected by LinkedIn cannot be attributed to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising purposes. You can find further details in LinkedIn’s privacy policy under
https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal Basis

The use of LinkedIn Insight is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising, including social media. If explicit consent has been requested, processing is carried out exclusively based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

The data transfer to the United States is based on the standard contractual clauses of the EU Commission. Further details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs.

Objection to the Use of LinkedIn Insight Tag

You can object to the analysis of user behaviour and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Additionally, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid linking data collected on our website by LinkedIn with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No additional data is collected, or it is only collected on a voluntary basis. For the processing of the newsletter, we use newsletter service providers, which are described below.

CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter referred to as “CleverReach”). CleverReach is a service that allows for the organisation and analysis of newsletter dispatch. The data you provide for receiving the newsletter (e.g., email address) is stored on CleverReach servers in Germany or Ireland.

Our newsletters sent via CleverReach allow us to analyse the behaviour of newsletter recipients. This includes, among other things, analysing how many recipients have opened the newsletter message and how often a particular link in the newsletter was clicked. Using the so-called conversion tracking, it can also be analysed whether a predefined action (e.g., purchasing a product on this website) has occurred after clicking the link in the newsletter. For more information on data analysis through CleverReach newsletters, please visit:
https://www.cleverreach.com/en/functions/reporting-and-tracking/.

Data processing is based on your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing already carried out remains unaffected by the withdrawal.

If you do not wish to have your data analysed by CleverReach, you must unsubscribe from the newsletter. We provide a relevant link in every newsletter message for this purpose.

The data you have provided to us for receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider, and will be deleted from the newsletter distribution list after unsubscribing. Data that has been stored with us for other purposes will remain unaffected.

After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider on a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be combined with other data. This serves both your and our interest in complying with legal requirements when sending newsletters (legitimate interest pursuant to Art. 6(1)(f) GDPR). The storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

For further details, please refer to the privacy policy of CleverReach at:
https://www.cleverreach.com/en/privacy/.

Data Processing Agreement

We have entered into a data processing agreement (DPA) with the provider mentioned above. This is a contract required by data protection law, ensuring that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about the visitors to this website before they watch the video. However, the sharing of data with YouTube partners is not necessarily excluded by the enhanced privacy mode. YouTube therefore establishes a connection to the Google DoubleClick network, regardless of whether you watch a video.

Once you start a YouTube video on this website, a connection to YouTube’s servers will be established. This informs the YouTube server about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting) after starting a video. In this way, YouTube can gather information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent fraud attempts.

If necessary, additional data processing operations may be triggered after starting a YouTube video, over which we have no control.

The use of YouTube is in the interest of providing an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been obtained, processing will only occur based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be withdrawn at any time.

For more information about data protection on YouTube, please see their privacy policy at:
https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to check whether the data input on this website (e.g., in a contact form) is made by a human or by an automated programme. To do this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google.

The reCAPTCHA analysis takes place completely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data is carried out on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and spam. If consent has been obtained, processing will only occur based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be withdrawn at any time.

For more information about Google reCAPTCHA, please refer to Google’s privacy policy and terms of use at the following links:
https://policies.google.com/privacy?hl=de and
https://policies.google.com/terms?hl=de.

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence serves to protect our website from unwanted access or malicious cyberattacks. To this end, our website establishes a permanent connection to Wordfence’s servers, allowing Wordfence to compare its databases with the accesses made on our website and, if necessary, block them.

The use of Wordfence is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the effective protection of its website from cyberattacks. If consent has been obtained, processing will only occur based on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. For details, please see here:
https://www.wordfence.com/help/general-data-protection-regulation/.

Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that they process the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

8. eCommerce and Payment Service Providers

Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only to the extent that it is necessary for the establishment, substantive design, or modification of the legal relationship (inventory data). This is done based on Art. 6(1)(b) GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures. Personal data regarding the use of this website (usage data) is collected, processed, and used only to the extent necessary to enable the user to use the service or to bill for it.

The collected customer data will be deleted after the completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data Transmission upon Conclusion of Contract for Online Shops, Merchants, and Goods Shipping

When you order goods from us, we pass your personal data to the transport company responsible for delivery and the payment service provider tasked with processing the payment. Only data that the respective service provider requires to fulfil their task will be shared. The legal basis for this is Art. 6(1)(b) GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures. If you have given consent pursuant to Art. 6(1)(a) GDPR, we will provide your email address to the transport company responsible for delivery, so they can inform you via email about the shipping status of your order; you can revoke your consent at any time.

Data Transmission upon Conclusion of Contract for Services and Digital Content

We only transmit personal data to third parties if this is necessary for the fulfilment of the contract, for example, to the financial institution responsible for payment processing.

Further transmission of the data does not occur, unless you have explicitly consented to it. Your data will not be passed on to third parties without your explicit consent, e.g., for advertising purposes.

The legal basis for data processing is Art. 6(1)(b) GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.

Payment Services

We integrate payment services from third-party companies on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contract and data protection terms of the providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract fulfilment) as well as in the interest of a smooth, convenient, and secure payment process (Art. 6(1)(f) GDPR). If consent is requested for certain actions, the legal basis for data processing is Art. 6(1)(a) GDPR; consents can be revoked at any time for the future.

The following payment services/payment service providers are used in connection with this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here:
https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

For details, please refer to PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

9. Our Services

Handling of Applicant Data

We offer you the opportunity to apply with us (e.g. via email, post, or through an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection laws and all other legal requirements, and your data will be treated with the utmost confidentiality.

Scope and Purpose of Data Collection

If you submit an application, we process the associated personal data (e.g. contact and communication data, application documents, notes made during interviews, etc.), as far as necessary for making a decision regarding the establishment of an employment relationship. The legal basis for this is § 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general initiation of a contract), and – if you have given consent – Article 6(1)(a) of the GDPR. Consent can be withdrawn at any time. Your personal data will only be shared within our company with individuals involved in processing your application.

If the application is successful, the data you have submitted will be stored in our data processing systems based on § 26 BDSG and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.

Data Retention Period

If we are unable to offer you a position, you decline an offer, or you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months after the conclusion of the application process (rejection or withdrawal of the application). After this period, the data will be deleted, and physical application documents will be destroyed. The retention is mainly for proof purposes in case of a legal dispute. If it becomes apparent that the data will be needed after the 6-month period (e.g. due to a pending or ongoing legal dispute), deletion will only occur once the reason for the further retention no longer applies. A longer retention may also occur if you have given your consent (Article 6(1)(a) of the GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we are unable to offer you a position, there may be the possibility of including you in our applicant pool. In the case of inclusion, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool is based solely on your explicit consent (Article 6(1)(a) of the GDPR). Providing consent is voluntary and is not connected to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be permanently deleted from the applicant pool unless there are legal retention reasons.

The data from the applicant pool will be permanently deleted no later than two years after the consent is given.

CONNECT WITH US