Data policy & GDPR

With this privacy policy we inform you about our handling of your personal data and about your rights according to the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG). EASYPEP UG (hereinafter referred to as "we" or "us") is responsible for data processing.

Version 4.0 Status: 05/02/2021

1. General Information

1.1 Contact

If you have any questions or suggestions about this information, or if you would like to contact us about asserting your rights, please direct your inquiry to:

EASYPEP UG 

Zirkusweg 2, 20359 Hamburg, Germany

Phone: +49 (0)40 87407229

 

1.2 Legal basis

The term "personal data" under data protection law refers to all information relating to an identified or identifiable individual. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the German "Bundesdatenschutzgesetz” (BDSG). Data processing by us only takes place on the basis of legal permission. We process personal data only with your consent (Art. 6 (1) a GDPR), for the performance of a contract to which you are a party, or at your request for the performance of pre-contractual measures (Art. 6 (1) b GDPR), for the performance of a legal obligation (Art. 6(1)(c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms which require the protection of personal data override (Art. 6(1)(f) GDPR).

1.3 Duration of storage

Unless otherwise stated in the following notes, we only store data for as long as is necessary to achieve the purpose of the processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law provisions. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof, as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

1.4 Categories of recipients of the data

We use processors as part of the processing of your data. Processing operations carried out by such processors include, for example, hosting, maintenance and support of IT systems, customer and order management, accounting and billing and marketing activities. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out data processing exclusively for the data controller and are contractually obliged to ensure appropriate technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, the company's bank, tax advisors/auditors or the tax authorities. Further recipients may result from the following information.

1.5 Data transfer to third countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards pursuant to Article 46 of the GDPR are in place or if one of the conditions of Article 49 of the GDPR is met.

Unless otherwise stated below, we use the EU standard contractual clauses for the transfer of personal data to processors in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32010D0087.

Where we obtain your consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49(1)(a) of the GDPR.

1.6 Processing when exercising your rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data provided for the purpose of implementing these rights by us and to be able to provide evidence thereof. We will only process data stored for the purpose of providing information and preparing it for this purpose and for data protection control purposes and otherwise restrict processing in accordance with Art. 18 DSGVO.
These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO in conjunction with. Art. 15 to 22 DSGVO and Section 34 (2) BDSG.

1.7 Your rights

As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

  • In accordance with Art. 15 DSGVO and § 34 BDSG, you have the right to request information about whether and, if so, to what extent we are processing personal data about you or not.
  • You have the right to demand that we correct your data in accordance with Art. 16 DSGVO.
  • You have the right to demand the deletion of your personal data in accordance with Art. 17 DSGVO and § 35 BDSG.
  • You have the right to restrict the processing of your personal data in accordance with Art. 18 DSGVO.
  • You have the right, in accordance with Art. 20 DSGVO, to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
  • If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) DSGVO. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.
  • If you are of the opinion that a processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

1.8 Right to object

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.

1.9 Data Protection Officer

You can reach our data protection officer at the following contact details:

Email: datapolicy@staffomatic.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
Germany
https://www.datenschutzkanzlei.de

2. Data processing through our website

When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. In data protection law, the IP address is also generally considered to be a personal data. An IP address is assigned to every device connected to the Internet by the Internet provider so that it can send and receive data.

2.1 Processing server log files

During the purely informative use of our website, general information that your browser transmits to our server is initially stored automatically (i.e. not via registration). This includes by default: browser type/version, operating system used, page accessed, the previously visited page (referrer URL), IP address, date and time of the server request and HTTP status code. The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) f GDPR. This processing serves the technical administration and security of the website. The stored data is deleted after 14 days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject from the stored information. Articles 15 to 22 of the GDPR therefore do not apply pursuant to Article 11(2) of the GDPR unless you provide additional information enabling us to identify you in order to exercise your rights set out in these articles.

2.2 Cookies

We use cookies and similar technologies ("cookies") on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by web servers. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases. Further information on this is available to you from the Federal Office for Information Security:

https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

The use of cookies is partly technically necessary for the operation of our website and is therefore permitted without the user's consent. In addition, we may use cookies to offer special features and content, as well as for analysis and marketing purposes. These may also include cookies from third-party providers (so-called third party cookies). We only use such technically unnecessary cookies with your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO. Information about the purposes, providers, technologies used, stored data and the storage period of individual cookies can be found in the settings of our Consent Management Tool.

2.3 Consent management tool

The Consent Management Tool "Cookie First" of Digital Data Solutions B.V. (Netherlands/EU) enables the users of our website to give consent to certain data processing processes, to revoke consent given or to object to data processing. The Consent Management Tool also helps us to provide proof of your declarations. For this purpose, log data on your declarations are processed. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis is Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 7 para. 1 GDPR. Further information can be found in the settings of the Consent Management Tool.

2.4 Contact options, enquiries and feedback

2.4.1 Contact form

Our website contains various contact forms that you can use to get in touch with us. The forms are provided by HubSpot, a service of HubSpot Inc. (USA) or by Typeform, a service of TYPEFORM SL (Spain/EU). When you send us a contact request, we forward your data to HubSpot or Typeform, which process the data exclusively on our behalf. This may result in the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries". The transfer of your data is encrypted (recognisable by the "https" in the address line of the browser). All data fields marked as mandatory are required to process your request. Failure to provide this information will result in us not being able to process your request. The provision of further data is voluntary, this applies in particular to the submission of consent for further contact. Alternatively, you can also send us a message via the contact email address. We process your data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. If consent is given, we reserve the right to send them further information about our service and to inform them specifically about our offers. The legal basis for this is Art. 6 (1) a GDPR.

2.4.2 Chat form

On our website, we use chat forms of the service HubSpot, which is operated by HubSpot Inc. (USA). If you send us enquiries via the chat form, the information you provide in the form will be stored by HubSpot for the purpose of processing the enquiry and in the event of follow-up questions. This may result in the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries". We process your data on the basis of our legitimate interest in contacting enquirers and answering your chat enquiry. The legal basis for the data processing is Art. 6 ( 1) f GDPR.

2.5 Login

In order to use our service as a customer, registration via the website is required. You will receive the necessary login data when concluding a contract. The necessary data is processed for the purpose of providing the service. The processing is based on the legal basis of Art. 6 (1)  b GDPR. If your data is processed as a contact person of our customer in the process, this is based on our legitimate interest according to Art. 6(1)  f GDPR.

2.6 Applications

You have the option of applying via our website in the Jobs section. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you. The data is collected via a form provided to us by HubSpot, a service of HubSpot Inc. (USA). HubSpot processes the data exclusively on our behalf. This may result in the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries".

Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your online application will only be processed and noted by the relevant contact persons at our company. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you have provided for up to six months after the end of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer storage.

The legal basis for the collection of data is Section 26 (1) 1 BDSG. If we store your applicant data for longer than six months and you have expressly consented to this, we would like to point out that this consent can be freely revoked at any time in accordance with Art. 7 (3) GDPR. Such a revocation does not affect the lawfulness of the processing that was carried out on the basis of the consent until the revocation.

2.7 Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited (Ireland/EU). The Google Tag Manager is used to manage our website tags via an interface. The Google Tag Manager is a cookie-less domain that does not collect or store any personal data. The Google Tag Manager merely triggers other tags, which in turn may collect data without accessing that data themselves. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with the Google Tag Manager.

2.8 Google Marketing Services

We use the Google Analytics service of Google Ireland Limited (Ireland/EU) for the needs-based design and ongoing optimisation of our website. The service uses cookies that enable an analysis of your use of our website. This involves the processing of personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. In doing so, the processed data may be used to create user profiles, which we may link to data we have received via our contact form. We only use Google Analytics with IP anonymisation activated. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. We use the Google Universal Analytics variant. This enables us to assign interaction data from different devices and from different sessions to a unique user ID. This allows us to contextualise and analyse individual user actions.

We use the Google Optimize service on our website, which is offered by Google Ireland Limited (Ireland/EU). Google Optimize allows us to test various designs and settings of our website and, based on the results, to adapt our website to the needs and wishes of website visitors. To analyse the test results, the Google Optimize service is linked to the Google Analytics analysis service.

In addition, we use the Google Ads and Google Remarketing marketing services of Google Ireland Limited (Ireland/EU) on our website. These services enable us to display advertisements in a more targeted manner in order to present users with ads that are tailored to their interests.

Remarketing allows us to target users who have already interacted with our website. In doing so, our ads are delivered when this target group visits a Google website or a website in the Google advertising network. For these purposes, a code is executed by Google when our website is called up and so-called (re)marketing tags are integrated into the website. With their help, an individual cookie is stored on the user's device. The cookies can be set by various domains, including google.com, doubleclick.net, googlesyndication.com or googleadservices.com. This file records which websites users have visited, what content they are interested in and which offers were used. In addition, technical information on the browser and operating system, referring websites, time of visit and other details on the use of the online offer are stored. All user data is processed only as pseudonymous data and does not contain any information with which we can personally identify users. The ads displayed are therefore not targeted to a person, but to the owner of the cookie.

Google Ads allows us to place ads relevant to users on the Google advertising network (e.g., in search results, or on other websites), improve campaign performance reporting, and avoid serving ads to a user more than once.  Each Ads client sets a different conversion cookie. These cookies cannot therefore be tracked across the websites of different Ads clients. A cookie ID is used to record which ads are played in which browser. This prevents the same campaign from being displayed more than once. In addition, Google can use cookie IDs to record so-called conversions, i.e. whether a user sees an ad and later calls up the advertiser's website and makes a purchase there. According to Google, these cookies do not contain any personal information.

Further information on this processing activity, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Google marketing services are only used with your consent in accordance with Section 15 (3) TMG or Art. 6 (1) a GDPR.

In the case of Google services, the transmission of data to Google Inc. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Users can find further information on data protection at Google in Google's privacy policy: https://www.google.com/policies/privacy.

2.9 Hubspot

To evaluate visits to our website, we use HubSpot, a service of HubSpot Inc. (USA). HubSpot uses cookies and similar technologies that enable an analysis of your use of our website. Personal data in the form of online identifiers (including cookie identifiers), IP addresses and device identifiers are processed in the process. HubSpot will use this information on our behalf to evaluate the use of our online offer by users and to compile reports for us on the activities within our website. In doing so, usage profiles of the users can be created from the processed data.

Further information on this processing activity, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool.

The setting of cookies and the further processing of personal data described here only takes place with your consent. The legal basis for data processing in connection with the HubSpot service is therefore Section 15 (3) of the German Telemedia Act (TMG) or Article 6 (1) a of the German Data Protection Act (GDPR).

This may also involve the transfer of personal data to the USA. Please note the information in the section "Data transfer to third countries". Further information on data protection at HubSpot can be found at: https://www.hubspot.de/data-privacy/gdpr/hubspot-product-playbook.

2.10 Microsoft Advertising

We use Universal Event Tracking (UET) on our website via the Microsoft Advertising (formerly Bing Ads) service of Microsoft Corporation (USA). Via UET, Microsoft stores a cookie in the user's browser to enable an analysis of the use of our online offer. The prerequisite for this is that the user has reached our website via an advertisement from Microsoft Advertising. In this way, Microsoft and we can recognise that someone has clicked on an advertisement, has been redirected to our online offer and has reached a previously determined target page (so-called conversion measurement). No IP addresses are stored for this purpose. No further personal information about the identity of the user is provided.

 

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Microsoft Advertising is only used with your consent pursuant to Section 15 (3) TMG or Article 6 (1) a GDPR.

 

In the case of Microsoft services, the transmission of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Microsoft can be found in Microsoft's data protection information: https://privacy.microsoft.com/de-de/privacystatement.

2.11 Facebook Pixel

We use the Facebook Pixel on our website, a Facebook business tool from Facebook Ireland Limited (Ireland, EU). For information on Facebook Ireland's contact details and the contact details of Facebook Ireland's data protection officer, please see Facebook Ireland's data policy at https://www.facebook.com/about/privacy.

 

The Facebook pixel is a snippet of JavaScript code that allows us to track visitors' activity on our website. This tracking is called conversion tracking. The Facebook pixel collects and processes the following information (so-called event data) for this purpose:

Information about actions and activities of visitors to our website, such as searching for and viewing a product or purchasing a product;

Specific pixel information such as the pixel ID and the Facebook cookie;

Information about buttons clicked by visitors to the website;

Information present in the HTTP header such as IP addresses, web browser information, page location and referrer;

Information about the status of disabling/restricting ad tracking.

Some of this event data is information stored in the device you are using. In addition, cookies are also used via the Facebook pixel, via which information is stored on your end device used. Such storage of information by the Facebook pixel or access to information already stored in your end device only takes place with your consent.

Tracked conversions appear in the dashboard of our Facebook Ads Manager and Facebook Analytics. We may use the tracked conversions there to measure the effectiveness of our ads, to set Custom Audiences for ad targeting, for Dynamic Ads campaigns and to analyse the effectiveness of our website's conversion funnels. The features we use via the Facebook Pixel are described in more detail below.

Processing of event data for advertising purposes

Event data collected through the Facebook Pixel is used for targeting our ads and improving ad delivery, personalising features and content, and improving and securing Facebook products.

To do this, event data is collected on our website using the Facebook Pixel and transmitted to Facebook Ireland. This only takes place if you have previously given your consent to this. The legal basis for the collection and transmission of personal data by us to Facebook Ireland is therefore Art. 6 (1) a GDPR.

This collection and transmission of event data is carried out by us and Facebook Ireland as joint controllers. We have entered into a joint controller agreement with Facebook Ireland which sets out the allocation of data protection obligations between us and Facebook Ireland. In this agreement, we and Facebook Ireland have agreed, among other things,

that we are responsible for providing you with all information pursuant to Art. 13, 14 GDPR about the joint processing of personal data;

that Facebook Ireland is responsible for enabling data subjects' rights under Articles 15 to 20 of the GDPR in respect of personal data held by Facebook Ireland following the joint processing.

You can access the agreement concluded between us and Facebook Ireland at https://www.facebook.com/legal/controller_addendum.

Facebook Ireland is the sole controller of the subsequent processing of the transmitted event data. For more information about how Facebook Ireland processes personal data, including the legal basis on which Facebook Ireland relies and how you can exercise your rights against Facebook Ireland, please see Facebook Ireland's Data Policy at https://www.facebook.com/about/privacy.

Processing of Event Data for Analytics Purposes

We have also engaged Facebook Ireland to report on the impact of our advertising campaigns and other online content based on the Event Data collected through the Facebook Pixel (Campaign Reports) and to provide analysis and insights about users and their use of our website, products and services (Analytics). We transfer personal data contained in the Event Data to Facebook Ireland for this purpose. The personal data submitted will be processed by Facebook Ireland as our processor to provide us with the campaign reports and analytics.

Personal data will only be processed to provide analytics and campaign reports if you have given your prior consent to do so. The legal basis for this processing of personal data is therefore Art. 6 (1) a GDPR.

A transfer of data to Facebook Inc. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries".

2.12 LinkedIn Marketing Solution

We use the services of LinkedIn Marketing Solutions of LinkedIn Ireland Unlimited Company (Ireland/EU). For this purpose, the LinkedIn Insight Tag is integrated on our website, which is triggered by LinkedIn when you call up our website and saves cookies on your device. This enables us to perform various functions, which we describe in detail below.

Function: Conversion Tracking

LinkedIn Conversion Tracking is an analysis function that is supported by the LinkedIn Insight Tag. The LinkedIn Insight tag enables the collection of data on visits to our website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamp. IP addresses are shortened or (if used to reach members across devices) hashed. LinkedIn does not provide us with any personally identifiable information, only reports (in which you are not identified) on website audience and ad performance. This allows us to track the effectiveness of LinkedIn ads for statistical and market research purposes.

Members' direct identifiers are removed by LinkedIn within seven days to pseudonymise the data. LinkedIn then deletes this remaining pseudonymised data within 180 days.

This processing is done for the purpose of obtaining information about our website audience and a report on the effectiveness of LinkedIn campaigns.

Function: Target group advertising

We also use the Matched Audiences service to target our advertising campaigns to specific audiences. Through LinkedIn Matched Audiences and related data integrations, we can target advertising to specific audiences based on data we provide to LinkedIn (e.g. company lists, hashed contact information, device identifiers or event data such as web pages visited).

This processing is done for the purpose of marketing our offers via the targeted playout of advertising.

Further information on the processing activities in connection with LinkedIn Marketing Solutions, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. LinkedIn Marketing Solutions is only used with your consent in accordance with Section 15 (3) of the German Telemedia Act (TMG) or Article 6 (1) a GDPR.

In the case of LinkedIn services, a transfer of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Details on how LinkedIn handles your data, as well as your rights and settings options for protecting your personal data, can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/cookie-policy

2.13 External media

2.13.1 YouTube

We use the YouTube service of Google Ireland Limited (Ireland/EU) on our website to integrate videos. For such an integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies. We use YouTube in "extended data protection mode" so that no cookies are set by YouTube to analyse user behaviour.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. YouTube is only used with your consent pursuant to Art. 6 (1) a GDPR.

With YouTube, a transmission of data to Google Inc. and YouTube LLC in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Users can find further information on data protection at Google in Google's data protection information at https://www.google.com/policies/privacy.

2.13.2 Vimeo

On our website, we use the Vimeo service of Vimeo, Inc. (USA) to integrate videos. For such an integration, the processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Vimeo and Vimeo may set its own cookies. Further information on this processing activity and the storage period can be found in the settings of our Consent Management Tool. Vimeo is only used with your consent pursuant to Section 15 (3) TMG or Article 6 (1) a GDPR.

With Vimeo, a transfer of data to the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Users can find further information on data protection at Vimeo in the Vimeo data protection information: https://vimeo.com/privacy

3. Data processing on our social media sites

We are represented on several social media platforms with a company page. Through this, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

  • Facebook
  • Instagram
  • LinkedIn
  • Xing
  • YouTube

When you visit or interact with a profile on a social media platform, personal data about you may be processed. Information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.

3.1 Visiting a social media page

3.1.1. Facebook and Instagram page

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU - "Facebook"). Further information about the processing of personal data by Facebook can be found at https://www.facebook.com/privacy/explanation. Facebook offers the option to object to certain data processing; information and opt-out options in this regard can be found at https://www.facebook.com/settings?tab=ads.

 

Facebook provides us with anonymised statistics and insights for our Facebook and Instagram page, which help us gain knowledge about the types of actions people take on our page (so-called "page insights"). These page insights are created based on certain information about individuals who have visited our page. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Article 6(1)(f) GDPR. We cannot attribute the information obtained via page insights to individual user profiles interacting with our Facebook or Instagram page. We have entered into a joint controller agreement with Facebook which sets out the allocation of data protection obligations between us and Facebook. Details of the processing of personal data to create Page Insights and the agreement entered into between us and Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data. In relation to these data processing operations, you have the possibility to exercise your data subject rights (see "Your rights") also against Facebook. Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to the Facebook privacy policy, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate safeguards in accordance with Art. 46 GDPR.

3.1.2. LinkedIn company page

LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole controller of the processing of personal data when you visit our LinkedIn page. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members using the information in the Page Insights. This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6(1)(f) GDPR. We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:

LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn to do this online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or contact LinkedIn via the contact details in the Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You may also contact us at our contact details provided about exercising your rights in relation to the processing of personal data in the context of the Page Insights. In such a case, we will forward your request to LinkedIn.

LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.

Please note that in accordance with LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the US or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 of the GDPR or on the basis of appropriate safeguards in accordance with Article 46 of the GDPR.

3.1.3. Xing

New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when visiting our Xing profile. For further information on the processing of personal data by New Work SE, please visit https://privacy.xing.com/de/datenschutzerklaerung.

3.1.4. YouTube

Google Ireland Limited (Ireland/EU) is the sole controller for the processing of personal data when visiting our YouTube channel. Further information on the processing of personal data by YouTube and Google Ireland Limited can be found at https://policies.google.com/privacy.

3.2. Comments and direct messages

We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the username used, contact details or a message sent to us. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest to get in contact with inquiring persons. The legal basis for the data processing is Art. 6 para. 1 letter f GDPR. Further data processing may take place if you have consented (Art. 6 (1)  a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6(1) c GDPR).

4. Further data processing

4.1 Contacting us by e-mail

If you send us a message via the contact email provided, we will process the transmitted data for the purpose of responding to your enquiry. We process this data on the basis of our legitimate interest in contacting enquirers. The legal basis for the data processing is Art. 6(1) f GDPR.

4.2. Customer and interested party data

If you contact our company as a customer or interested party, we process your data to the extent necessary to establish or implement the contractual relationship. This regularly includes the processing of personal master, contract and payment data provided to us as well as contact and communication data of our contact persons at commercial customers and business partners. The legal basis for this processing is Art. 6(1) f GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6(1) f GDPR and serves our interest in further developing our offer and informing you specifically about our offers. Further data processing may take place if you have consented (Art. 6(1) a GDPR) or if this is necessary for the fulfilment of a legal obligation (Art. 6(1) c GDPR).

4.3. Use of e-mail address for marketing purposes

We may use the email address you provide when registering or ordering to inform you about our own similar products and services offered by us. The legal basis is Art. 6(1) f GDPR in conjunction with. § 7 (3) UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates. To do so, you can unsubscribe by clicking on the unsubscribe link contained in each mailing.