Privacy policy

As of January 2022

This is an automatically generated translation. The German version is legally valid.

As the controller, we hereby comply with our duty to provide information and inform you about the nature, scope, purposes and other details regarding the processing of personal data. First of all, we provide general information on this, insofar as it relates to all processing or represents overriding regulations for this. This is followed by information on individual processing operations.

This data protection notice may be adapted on an ad hoc basis or on the basis of regular review. We therefore recommend that you read the information on this page regularly, but we will point out any significant changes.

A  General

1. Scope

This privacy policy applies to this website and our other websites that refer to this privacy policy, including third-party websites. In addition, this data protection notice also applies to the further processing described here in the context of our activities. We refer to this data protection notice to simplify access and to comply with the transparency requirement.

For offers of other providers, which are referred to e.g. via links, their conditions and data protection information apply.

2. Reference to explanations

Under the item 'General Explanations' we have compiled information in order to avoid overloading the content with additional information and having to repeat it as far as possible.

In particular, we would like to refer to the explanations on the data categories, which should enable a better understanding of the descriptions on the processing operations.

3. Controlling body

CoBenefit UGAuf
den Häfen 12-1528203
Bremen, Germany

Partners: Florian Bonert, Dennis K. Njuguna, Leon P. Trippel

Contact email: privacy@cobenefit.co

4. Recipients and disclosure of data

a) Passing on data

In carrying out our activities, the transfer or disclosure may be necessary in the context of a processing of personal data, in particular if one of the following reasons based on the indicated legal basis applies:

Categories of recipients in the context of our activities and operations may include in particular:

In addition, we point out in the individual processing operations if further recipients come into consideration.

b) Processing by service providers/vendors

In order to carry out our activities, we also use service providers bound by instructions as processors within the scope of the processing of personal data, who are also considered recipients of the data within the meaning of data protection. A contract for commissioned processing ensures in particular that the processing is carried out on the basis of our instructions, that sufficient guarantees exist for compliance with suitable technical and organisational measures and that the rights of the data subject are guaranteed.

In general, we use service providers for the following processing purposes:

In addition, we point out in the individual processing operations when processors are used.

5. General criteria for determining the storage period (deletion periods)

We store personal data as long as it is necessary for the purposes of the corresponding processing (Art. 5 para. 1 lit. c DSGVO), legal retention periods exist (Art. 6 para. 1 lit. c DSGVO) or we have a legitimate interest in the storage (Art. 6 para. 1 lit. f DSGVO) or a corresponding consent from the data subject exists (Art. 6 para. 1 lit. a DSGVO).

We store data in accordance with the following rules for the duration specified in each case and delete or destroy it after the specified storage period has expired:

The beginning of a time limit is usually the end of the calendar year or the month in which the last event for the respective processing took place (e.g. enquiry, order, delivery, legal transaction, end of a contract through performance, expiry or termination, invoicing, receipt of payment).

After the storage period has expired, it is reviewed whether further storage is necessary. If circumstances arise during storage (e.g. conclusion of a contract, negotiations about claims, legal disputes, etc.) that make a longer storage period necessary, these periods are extended accordingly.

Special features regarding the storage period of certain processing operations are indicated at the appropriate place. If no information is provided for the corresponding processing, the storage period is based on the above criteria.

6. Use of automated decisions in individual cases or profiling

As a rule, no decision vis-à-vis persons based exclusively on automated processing or profiling within the meaning of Article 22 of the GDPR takes place. If such procedures are used in individual processing operations, we will point this out and provide meaningful information about the logic involved and the scope and intended effects.

B  Rights of data subjects, revocation and objection

1. General rights of the data subjects

If a person is affected by the processing of personal data by us (e.g. as a user of our online services, customer, contact person, employee or applicant, etc.), he or she has various rights vis-à-vis us:

It may also make use of the right of appeal to a supervisory authority under data protection law in accordance with Art. 77 DSGVO.

We would like to point out that the claims are subject to the legal requirements and may also be restricted under certain circumstances (e.g. § 34 BDSG).

In order to exclude abuse, we must be certain of the identity of the persons concerned, depending on the form (e-mail / in writing), content and scope when exercising rights. Please note that we therefore require and, if necessary, request corresponding identification and verification documents.

To exercise your rights, please use the contact information above.

2. Revocation of consents

If processing takes place on the legal basis of consent, this can be revoked.

3. Right of objection

A right of objection can be considered for certain processing operations.

C  Provision of online offers and other media services

In the following, we explain the processing within the framework of the online offers and media services provided and offered by us.

1. Provision of online services and web hosting, log files

Our online offers serve the purpose of general communication, the offering and presentation of information about us as well as the provision of benefits and services within the scope of our contract fulfilment or pre-contractual measures. For the provision, the users' web calls are processed and the corresponding content data is provided and transmitted.

The resulting connection data is stored in a log file. The storage is pseudonymised by replacing the identifiable data (in particular the IP address).
anonymised by removing the identifiable data (in particular the IP address).
The connection data is stored to ensure the information security and functionality of the website. An evaluation may also be carried out for these purposes.
The regular deletion of the log data takes place after 6 months of their collection at the latest.

In order to provide certain options for using the website, it is technically necessary to save a cookie (see below) in the browser to assign the user to a specific session. This includes, in particular, functions such as a login, user settings, shopping cart and selection options as well as forms, but also security functions to exclude spamming and misuse, etc.

There is no possibility to object to the processing, as the collection and storage of the data is absolutely necessary for the provision. A deletion in the log file is disproportionately costly due to a hardly possible allocation and the data consistency of a log file.

The provision of the data takes place within the framework of the use of the offers. Use is not possible without the provision.

The legal basis for data processing in the context of provision is our legitimate interest resulting from the purpose (Art. 6 para. 1 lit. f DSGVO). Insofar as online offers are necessary for the fulfilment of a contract with the user or pre-contractual measures at the user's request, the legal basis in this respect is also Art. 6 para. 1 lit. b DSGVO. If and insofar as we obtain consent for processing in the context of provision, this is the legal basis (Art. 6 para. 1 lit. a DSGVO).

2. Links to offers from other providers

We also use links to offers from other providers on our online offers in order to optimise functionality and increase user-friendliness. The respective provider or operator is controlling these linked offers. We have no influence on the processing. In this respect, we refer to the data protection notices of the providers of these offers in order to get an appropriate picture of the processing.

It is possible that these providers collect data about users, use cookies and also embed additional tracking services from other providers. In addition, it is possible that data can be linked to a user account that users have with the provider and are logged in there. Users who have concerns about this should refrain from using the links.

3. Security and analysis

a) Spam and abuse prevention (Friendly Capture)

To protect our online offers from spam and abuse, we use the 'Friendly Capture' tool. This privacy-friendly tool processes the data of the user's browser request and uses an algorithm to determine whether it is a request from a regular user or an abusive, mostly automated request. The data processed in this process is anonymised so that it is not possible to draw conclusions about specific users with the data. The use of some offers is not possible without the use of this service.

The data is stored anonymously.

The legal basis is our legitimate interest, which results from the purpose of the processing (Art. 6 para. 1 lit. f DSGVO).

b) Error, security and usage analysis (Matomo)

We use an analysis tool (Matomo) to evaluate and analyse the use of our online services as well as for error and security analysis. In this process, content accessed, elements used and the connection data transmitted in the course of page views are stored and evaluated in order to draw conclusions about user behaviour, optimise content and analyse errors. The data is not processed to clearly identify persons. In particular, no cookies are set and the IP address is mathematically rendered unrecognisable (masking) before storage, which means that identification of the user is no longer possible (anonymised).

It is not possible to use our online services without providing the data.

The storage period of the data is 6 months.

The legal basis is our legitimate interest resulting from the stated purpose (Art. 6 para. 1 lit. f DSGVO).

4. Contact form, enquiry form

If you contact us using a contact form provided, we store and process the contact data provided and the content data transmitted in connection with this in order to be able to answer the enquiry.

We carry out the processing in the context of pre-contractual measures if it is a corresponding enquiry (legal basis Art. 6 para. 1 lit. b DSGVO). Furthermore, we have a legitimate interest in answering enquiries to or about us and our services and to process data accordingly for this purpose (legal basis Art. 6 para. 1 lit. f DSGVO).

5. Registration for initiatives

Interested parties can register for initiatives without obligation on our website. Initiatives are projects initiated by public or private initiators that are offered and carried out by one or more providers - usually in order to enable interested parties to benefit from advantages that are otherwise not readily available (e.g. through subsidies, group discounts, etc.). In addition, supplementary services can be offered by other providers within the framework of the initiatives, e.g. for financing, renting/leasing facilities or insuring against risks.

Within the framework of the initiatives, we act as an intermediary between the providers offering the respective service contents and the respective interested parties. In doing so, we pass on the necessary data to the providers so that they can contact the interested parties in order to submit offers or carry out further necessary coordination or planning. In addition, we inform interested parties about news on the initiatives with their consent. Interested parties can unsubscribe from the initiatives at any time and thus revoke their consent for the future.

Registration takes place with a double opt-in procedure (by means of confirmation of the e-mail address) in order to prevent misuse. Subsequent access to the registration information and information on the initiatives also takes place via an opt-in procedure.

Provided the interested party consents, his/her name will also be made known to other interested parties in the context of overviews. This consent can be revoked at any time with effect for the future and also ends if the interested party unsubscribes from the initiative.

The purpose of the processing is both the implementation of the activities within the framework of the contractual agreements and the communication, documentation, administration and accounting required for this purpose.

Technically necessary cookies are set as part of the registration process (user identification).

The provision of the data is necessary for the performance of our services within the framework of the mediation. This is not possible without providing the required data.

Categories of data processed: Name, contact data, address data, data on the respective initiatives, organisational and processing data (correspondence, communication, appointments, notes, minutes, activities).

Recipients: Initiators as far as necessary for the implementation of the initiative; providers of services within the framework of the initiatives.

The legal basis is the fulfilment of the contract within the scope of our mediation activities and pre-contractual measures in the case of enquiries by the interested party, Art. 6 para. 1 lit. b DSGVO as well as our legitimate interest (efficient implementation and administration), Art. 6 para. 1 lit. f DSGVO; consent, if we obtain one for certain processing purposes, Art. 6 para. 1 lit. a DSGVO.

6. Registration/creation and use of a user account

We provide the option of registering/creating a user account for authentication on our website in order to provide protected content or downloads, in particular for our contractual and business partners as well as initiators of initiatives or their contact persons. An account is only set up on the basis of our invitation or upon request with our consent.

The following categories of data are collected in the context of setting up a user account and its use: User information, contact data, address data, password (encrypted), usage data, connection data (exclusively for security and verification purposes). Technically necessary cookies are also used as part of the processing.

Legal basis: Processing is carried out in the context of contractual measures (Art. 6 para. 1 lit. b DSGVO) or the legitimate interest resulting from the processing purposes and the interest in efficient and secure administration (Art. 6 para. 1 lit. f DSGVO).

D  Social media

We maintain online presences on the platforms of social media providers for the purpose of communicating with customers, suppliers and those interested in our company as well as for public relations, presentation and information about our services.

The interest of social media providers regularly lies in comprehensively using the users' data for the creation of user profiles and evaluations of usage behaviour. These are in turn used for market research and advertising purposes. For this purpose, cookies are regularly stored on the end devices of the users. In addition, user data can be assigned to their respective profiles if they are also members of the platform and are regularly logged in there. If users maintain a profile/account on social media, we recommend selecting the safest possible settings and using revocation options within the framework of the data protection settings available there. As far as known, we provide links to the individual providers.

We are controlling data protection jointly with the social media providers for as long as our content is used on the platforms, in particular for the collection of data. However, we do not have direct access to the providers' data. We point out that the exercise of the data subject rights (see above) is possible both towards the provider and towards us. It is much more efficient to exercise the data subject rights vis-à-vis the individual providers listed below. Further links to information from the providers can also be found with the details, in particular the data protection information on the processing of data by them.

In particular, the following categories of data are processed: Name, contact data, authentication information, content data (video, audio, text), usage data (e.g. web pages visited, interest in content, access times), technically related meta and log data (e.g. device information, IP addresses).

The legal basis for the processing is Art. 6 (1) lit. f DSGVO, whereby the interest results from the stated purposes. If and insofar as a necessary consent is obtained for processing on the platforms, the legal basis is Art. 6 para. 1 lit. a DSGVO.

The data processed by us will be deleted after criteria for the general storage period. Regarding the storage period of the data on the respective social networks, we refer to the respective data protection notices.

Most social media providers or their parent companies are not based in the EU, but in a third country, usually the USA. As a precaution, we would like to point out that this may entail certain risks, especially in the enforcement of the rights of data subjects (deletion, information, correction, etc.), but also in the use of the data.

1. Facebook (https://www.facebook.com)

2. Instagram (https://www.instagram.com)

3. LinkedIn (https://www.linkedin.com)

4. Twitter (https://twitter.com)

E  Processing operations in the course of our business

In the following, we provide information on processing that we carry out in the course of our activities and to which we also refer at the appropriate point.

1. General communication, contacting, contact directory

For the purpose of general communication within the scope of our activities, we process the data required in connection with communication, e.g. when persons contact us (e.g. contact form, e-mail, telephone or also via social media), when information is provided to us at events, trade fairs or other opportunities to make contact (e.g. business card, entry in interested party file, verbal enquiry, etc.), or when we make contact for the purpose of initiating business, requesting information or for other operational reasons and also use publicly available information for this purpose.

Connection data and traffic data are stored in log files and possibly also history lists on end devices (e.g. telephones, e-mail transmission logs, etc.).

The master data required for communication is also stored in a central contact directory to ensure that it is up to date and to simplify processes, unless there are special reasons not to do so.

The provision of data is voluntary. Without provision, communication is not possible.

Data subjects: Employees; freelancers; customers, suppliers, service providers, interested parties, business partners, authorities or their contact persons; applicants.

Categories of data processed: Name, contact data, address data, content data, connection data, traffic data.

Recipients: We use processors (service providers, platform providers, service providers) as part of the processing.

The storage period of the data is determined by the general criteria (see above).
Data in the contact directory is checked regularly and on an ad hoc basis for up-to-dateness and relevance and deleted if necessary (e.g. termination of the contractual relationship, no feedback after contact requests).

Legal basis:
Contract fulfilment and pre-contractual measures in the case of enquiries by the data subject, Art. 6 para. 1 lit. b DSGVO.
Our legitimate interest (results from the purposes), Art. 6 para. 1 lit. f DSGVO.
Consent, insofar as we obtain consent for certain processing purposes, Art. 6 para. 1 lit. a DSGVO.

2. Telecommunications

For internal and external communication with participants (telephone calls, online meetings, web conferences, webinars, etc.), the necessary contact data, traffic data and content data are processed. For these purposes, we use service providers who, as telecommunication providers, are independent controlling parties within the scope of these services and are subject to telecommunications secrecy in accordance with § 3 TTDSG.

The video and audio content is regularly not stored permanently. In the case of a webinar and insofar as all participants affected by a recording expressly consent, video and audio content may be recorded in individual cases. Names of participants, materials used and text content (chats and comments) are stored and processed according to their purposes for provision (e.g. logging, documentation).

Within the scope of use, cookies may also be used which are technically necessary for the implementation of the web conference (allocation and settings of the participants).

Categories of data processed: Name, contact details, user information, content data (video, audio, text, materials used), connection data, traffic data.

Recipients are the telecommunications service providers used. In addition, content data and contact data are disclosed to other participants in the course of planning and implementation, if and to the extent that they are provided voluntarily and are obviously intended for this purpose.

The storage period of the data is determined by the general criteria (see above). Traffic data is deleted by the respective telecommunication providers after the communication has ended, unless it is required for billing purposes or the users have given their consent to storage.

Legal basis: Contract performance and pre-contractual measures in the case of enquiries by the data subject, Art. 6 para. 1 lit. b DSGVO; our legitimate interest (results from the purposes), Art. 6 para. 1 lit. f DSGVO. Consent, if we obtain one for certain processing purposes (e.g. a recording), Art. 6 para. 1 lit. a DSGVO.

3. Conclusion and execution of the contract; provision of services

Within the framework of the conclusion of contracts as well as for the provision of services and the execution of contracts, including the initiation, negotiation and execution of contracts, we process data of customers, clients, business partners and interested parties or the corresponding contact persons (data subjects). The purpose of the processing is both the provision of services within the framework of the contractual agreements and the communication, documentation, administration and invoicing required for this.

The provision of the data is necessary for the conclusion of the contract and its implementation. The provision of services is not possible without the provision of the required data.

Categories of data processed: Name, contact data, address data, contract data, payment transaction data, organisational and processing data for the execution of the contract (correspondence, communication, appointments, notes, minutes, activities).

Recipients: We use various service providers as well as subcontractors within the scope of the provision of services, to whom the data required in each case for the performance of services is passed on or disclosed.

In addition, third parties may also be considered as recipients within the scope of the execution of the contract, which may result from the respective service content of the contract (e.g. in the case of mediation, order).

The legal basis is the performance of the contract and pre-contractual measures in the case of enquiries by the data subject, Art. 6 para. 1 lit. b DSGVO, as well as our legitimate interest (efficient performance of the contract and administration), Art. 6 para. 1 lit. f DSGVO. If we obtain consent for certain processing purposes, this is the legal basis, Art. 6 para. 1 lit. a DSGVO.

4. Procurement of goods, services and other performances

To meet operational needs, we process personal data in the context of the procurement of goods, services and other benefits, such as licences, insurance or memberships, including information procurement, communication, benchmarking and contract execution. For this purpose, we also make use of publicly available data.

Affected persons: Freelancers; suppliers, service providers, interested parties, business partners or their contact persons.

Categories of data processed: Name, contact data, address data, contract data, payment transaction data, organisational and processing data for the execution of the contract (correspondence, communication, appointments, notes, minutes, activities).

Recipients: We also use various service providers as part of the procurement process, to whom the respective required data is passed on or disclosed.

The legal basis is the fulfilment of the contract, Art. 6 para. 1 lit. b DSGVO as well as our legitimate interest (safeguarding business interests), Art. 6 para. 1 lit. f DSGVO.

5. Dialogue and direct marketing, newsletter

We carry out personalised direct marketing measures and use the personal data voluntarily provided to us for this purpose in order to provide information about news and things worth knowing from our field of activity and also about our services and products. In doing so, we also observe the special conditions under competition law.

Direct marketing measures by post in the form of information letters or brochures to potential interested parties are in our legitimate interest in advertising and marketing.

Direct marketing in electronic form (e.g. e-mail, text message, fax), such as newsletters, only takes place with express consent, which we regularly obtain with the so-called double opt-in procedure on our website or other websites.

We only carry out direct telephone marketing if we have been given appropriate consent to do so or if we can assume that consent has been given in the cases specified by law.

The procedures for consent and its revocation as well as any objections issued are logged, as are the measures carried out. The log data contains the necessary information for identification and time details of the process and is only used for verification purposes. Cookies may also be used in this context, which are necessary for the recording.

Categories of data processed: As far as necessary for the individual measures and provided voluntarily: Name, address data, contact data; usage data for logging.

Recipients are the order processors used in the context of the implementation (service providers, platform providers, service providers, newsletter dispatch).

Legal basis: Consent, Art. 6 para. 1 lit. a DSGVO and our legitimate interest (advertising and marketing), Art. 6 para. 1 lit. f DSGVO.

6. Implementation of events and trade fairs

We process personal data for the planning, organisation and implementation of events (trade fairs, company presentations to present the company, training courses, etc.). The purpose can be public relations and the acquisition of interested parties, customers, business partners and employees, but also the fulfilment of a contract, further training or other company purposes.

Recipients: We use service providers within the scope of order processing for the implementation of events. Personal data is only transferred to third parties if and insofar as they are obviously intended to do so or can generally be expected to do so and this is necessary in the context of the service provision, i.e. in particular in the context of reservations for event venues, transport companies, hotels, etc. The data is only transferred to third parties if and insofar as this is necessary in the context of the service provision.

Data subjects: Participants; business partners, customers, interested parties or their contact persons; employees

Categories of data processed: Name, contact details, address details, relevant information for the event implementation.

The legal basis is the provision of services within the framework of contractual relationships (Art. 6 para. 1 lit. b DSGVO) or within the framework of the employment relationship, § 26 BDSG; in addition, we have a legitimate interest (results from the above purposes), Art. 6 para. 1 lit. f DSGVO.
Insofar as we obtain consent for further purposes, this is the legal basis (Art. 6 para. 1 lit. a DSGVO).

7. Payment and monetary transactions, accounting, controlling

In order to fulfil our legal and contractual obligations within the scope of accounting duties, controlling requirements and payment transactions, we process the data required for this purpose. This includes, in particular, the preparation and recording of all relevant accounting transactions, control and verification of payment transactions, preparation of evaluations and preparation of financial statements, payment of liabilities; management and control of accounts, credit cards and payment service providers.

Data subjects: Employees; freelancers; customers, suppliers, service providers, interested parties, business partners or their contact persons; applicants (if reimbursements).

The categories of data processed are contact data, payment transaction data, accounting data, travel expenses, contract data, time recording data, etc.

Recipients: We also use service providers as order processors for the processing of accounting tasks. In addition, a transfer or disclosure to third parties may take place if it is necessary for the implementation of the processing or for corresponding control purposes to ensure proper processing (e.g. tax office, tax advisors, authorities, auditors, lawyers).

In the case of payment transactions, the data required for this specific purpose is passed on to the respective payment service provider (banks, payment service providers, etc.).

Legal basis: Legal regulations to comply with accounting and financial statement obligations, to ensure proper business operations and to ensure the continued existence of the company, Art. 6 para. 1 lit. c DSGVO.
Processing in the context of the fulfilment of contractual relationships, Art. 6 para. 1 lit. b DSGVO.
Our legitimate interest (safeguarding operational interests), Art. 6 para. 1 lit. f DSGVO.

8. Photo and video recordings at events

At events, trade fairs and other public occasions, we take film and/or photo recordings (recordings) of participating or present persons (persons concerned) for the purpose of public relations, company presentation and documentation. These recordings may be published on our homepage, social media channels, newsletters and in print media or also passed on to the press for the aforementioned purposes, provided that this can usually be expected or consent has been given. We also refer to this accordingly on invitations and at the events.

The wish of persons not to be recorded will be taken into account if they express this or clearly indicate it. To this end, the cameraman or photographer can be approached or clear signals can be given - even after any recordings have been made.

Recordings will be deleted or processed for deletion if they are obviously or presumably not desired by the persons concerned, for example unflattering pose or facial expression, situation, possible misinterpretation of the situation, risk of discrimination, privacy or intimate sphere may be affected.

The storage period depends on the purpose of the recording. This can vary, as there may be a great interest in certain recordings for archival purposes.

We may also commission service providers to make the recordings or purchase them from them.

We have a legitimate interest in processing the film and photo recordings for public relations, documentation and illustration of the activities mentioned. (Legal basis Art. 6 para. 1 lit. f DSGVO). Insofar as consent is given, the legal basis is Art. 6 para. 1 lit. a DSGVO.

If recordings allow conclusions to be drawn about special categories of personal data, the recordings are only used if the data subject has made the circumstances public himself/herself (e.g. by wearing badges, etc.), Art. 9(2)(e) DSGVO.

9. Destruction of data carriers and documents

Data carriers and documents (paper, film, electronic, magnetic, optical data carriers, etc.) with non-public content that are no longer used or required are collected, kept locked and destroyed at least according to security level 3 in accordance with the type of material as per DIN 66399. All personal data including special categories of all persons concerned are destroyed. Trustworthy and qualified service providers are used for professional destruction within the framework of order processing.

Legal basis: Fulfilment of a legal obligation, Art. 6 para. 1 lit. c) in conjunction with. Art. 17 DSGVO.

10. Assertion, exercise or defence of legal claims; debt collection

If it is necessary to assert, exercise or defend legal claims or to collect debts, we process the necessary data and information from the parties involved and the persons required in the context of the facts. In this context, personal data may also be processed for this purpose if they were originally collected for another purpose (Art. 6 (4) DSGVO).

Affected persons can be: Employees; customers, interested parties, suppliers, service providers, business partners, authorities or their contact persons/representatives/authorised representatives; witnesses and experts; other claimants or opponents.

Categories of data processed: as far as necessary, personal master data; address data, contact data; required content data, recordings, documents and information.
Special categories of personal data: if and to the extent necessary (Art. 9 para. 2 lit. f DSGVO; § 24 para. 2 BDSG).

Recipients in connection with the processing may be different authorities, courts, claimants, companies or also service providers (e.g. lawyers, appraisers, debt collection companies, etc.) depending on the nature of the facts.

The legal basis is Art. 6 para. 1 lit. f DSGVO; § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in the assertion, exercise or defence of legal claims. With regard to any necessary processing of special categories of personal data, Art. 9 para. 2 lit. f DSGVO; § 24 para. 2 BDSG applies.

F  Applications and recruiting

1. Recruiting, applications

We process data from applicants for the purpose of carrying out the application process. The data is generally collected directly from the applicants as part of the application process through the application documents, interviews, any aptitude tests and questionnaires. However, we also use job exchanges and employment agencies.

We also use permissibly collected data made available by data subjects on publicly accessible sources for professional self-presentation and professional exchange, in particular on platforms such as XING or LinkedIn.

The data will only be used to fill the specific job or activity for which the person concerned has applied. We will only consider the application for other jobs or activities and pass on the data to other affiliated companies if we have been given the corresponding consent. If necessary, we will ask the data subjects to give their consent. This consent can be revoked at any time with effect for the future. If it is not given, this will not affect the application process in any way.

Recipients: The data is processed within the company by the offices and persons required in the application process (e.g. management, HR department, specialist department, if applicable works council, if applicable representation of severely disabled persons). In some cases, we involve service providers in the application process. If applicants' data is processed by them (e.g. personnel consultants), this takes place within the framework of commissioned processing.

Categories of data processed: Personal data, contact data, address data, application documents, information voluntarily provided by the data subject.

Obligation to provide data: The provision of data is voluntary. Failure to provide the data required to assess aptitude, ability and professional performance with regard to the vacant position may result in an application not being considered for the vacant position.

Storage period: if no employment relationship is established, application documents are deleted 6 months after completion of the application process. If a corresponding consent for a longer storage period has been granted, the deletion will take place at the latest after the expiry of this period.

If an employment relationship is established, the data is transferred to the personnel file. We provide separate information on processing within the scope of the employment relationship.

The legal basis for the required processing of applications in the context of a possible establishment of an employment relationship is Section 26 BDSG; Article 6 (1) lit. b DSGVO.
If and insofar as consent is given for disclosure or longer storage, the legal basis is Art. 6 Para. 1 lit. a DSGVO; Section 26 Para. 2 BDSG.

2. Active recruiting - identifying potential candidates

In order to draw the attention of potentially interested parties (data subjects) to our company and, if applicable, to motivate them to apply for jobs with us, we process data of individuals that they have made available on publicly accessible sources for professional self-presentation and professional exchange, in particular on platforms such as XING or LinkedIn.

If, when reviewing this data, people appear to be particularly suitable and it is apparent that the person may wish to be contacted for relevant offers, we will contact the person.

In doing so, we process the following categories of data if and insofar as they are provided by the data subject on the aforementioned platforms:

The data is only processed within the company by the departments and persons required for the processing (e.g. management, HR department, specialist department). Only if we involve third parties in the processing and data of data subjects is processed by them (e.g. personnel consultants) is this done within the framework of a contract for commissioned processing.

The data will be deleted after 6 months at the latest if there is no response from the person concerned. If an application procedure takes place, we refer to the corresponding data protection information on this processing.

The legal basis for the processing is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in the recruitment of suitable employees for the company.

G  General explanations

1. Terms

With regard to the terms used 'personal data', 'processing', 'controller', 'data subject', 'third party' and other legal definitions, we refer to the provisions of Regulation (EU) 2016/679 (DSGVO) as well as the Federal Data Protection Act (BDSG), in particular Art. 4 DSGVO.

For the term 'data subject' we also use 'data subject' or in connection with services also 'user'.

2. Transfer in third countries or to international organisations

The transfer of personal data to a third country or to international organisations is subject to special conditions. Insofar as such a transfer comes into consideration for individual processing operations, we point this out and explain the conditions under which the transfer takes place (e.g. adequacy decision, standard contractual clauses, etc.).

3. Categories of personal data (data categories)

We provide further information here for transparency and comprehensibility regarding the details of the data categories processed in the context of the processing operations. They should help to better understand and classify the data categories. However, not all data categories are necessarily processed by us.

Name
Name (first name, surname), name affixes, title, designations.

Address data
Name, postal address. In the case of contact persons in organisations (companies, authorities, etc.) also details of the organisation, area/department and activity/function.

Contact details
Name, telephone numbers, e-mail address, addresses for digital communication services (messenger, social media, etc.). In the case of contact persons in organisations (companies, authorities, etc.) also details of the organisation, area/department and activity/function.

Personal master data
Name (first name, surname), name affixes, title, designations, birth name if applicable, date and place of birth, gender.

Personal identification data
Identification no., tax no., social security no., copy of ID card.

Recordings
Pictures, photographs and video recordings.

Content data
Data that can be expected as content during the respective processing, especially those provided by data subjects. These are mostly files or data transmissions of text (e.g. chat), images, video, possibly music, but also protocols/notes of conversations.
Note: Permanent storage of recordings of conversations only takes place with the consent of the person concerned.

User information
Information on registered or known users of digital services: name, authentication or identifier, email, voluntary information (profile picture, phone, interests, preferences/settings for use, etc.).

Usage data
Data required for the use/utilisation and, if applicable, billing of services, telemedia and telecommunications services: Identification features of the user, start, end and scope of the respective use; services used

Metadata
Information on properties and on the use of other data, e.g. name of the author of documents, time of creation, modification or access/use of data, devices used, etc.

Connection data
Technical data for retrieval, connection and communication when using networks and services (intranet, internet):

Traffic data
Telecommunications service used, number/identifier of the connections involved (caller and called party), authorisation identifiers, card number if applicable, location data (for mobile phones), start and end of the respective connection (date and time), the data volumes transmitted.

Contract data
Contents of contracts and information on the performance of contracts as well as all data and information on their conclusion, performance, execution and termination.

Payment transaction data
Information on money and payment transactions such as time, amount, currency, purpose, recipient, ordering party, account information, credit card data, payment service provider.

Insurance data
Personal data, contact data, contract data, account details
Special categories: Health data

Personnel master data
Name, address data, contact data, date of birth, place of birth, gender, marital status, nationality, details of dependants / partners if applicable, tax detailsSpecial
categories: Religious affiliation

Identification and verification documents
Information on identity card, passport, residence and work permits, driver's licence/driving permit, other qualification and training certificates

Application documents
Curriculum vitae, qualifications, certificates, assessments, references, information on knowledge and skills, documentation of interview and discussion content and any aptitude tests.

4. Information on cookies, web beacons, tracking pixels, fingerprints

a) General information about cookies

Cookies are small files in which information can be stored that is saved by a website on the user's end device. This information is transferred to the website when it is requested again. Cookies are therefore very useful when it comes to the control and functions of websites, as it is possible to recognise the user session, e.g. to be able to assign login data or language settings, but also to clearly assign a shopping cart in a web shop to a user. However, depending on how they are used, cookies also enable the observation of user behaviour ('tracking'), especially if so-called third-party cookies are used, which also enable tracking across different websites.

Cookies have a defined lifetime after which they are automatically deleted (persistent cookies) or they are deleted when the browser is closed (session cookies).

The user can set the use of cookies with a corresponding configuration of the browser used so that no cookies or only certain cookies are accepted. The settings and instructions of the browser manufacturer must be followed. Cookies can also be manually deleted from the end device at any time. However, this may impair certain functionalities.

We point out when and which cookies are used for certain processing.

b) Purpose of cookies

Cookies can be assigned to the following categories in particular, depending on their purpose.

Necessary (essential) functions
These cookies are technically necessary to enable the control and essential functions of the website. The most important functions are settings made by the user, authentication (login) and the session status (session cookie), but also a shopping cart in online shops.

Statistics and analysis
These cookies enable the evaluation of the use of a website. This makes it possible to track how websites are used and where users come from (previously visited pages, length of stay, etc.). The analyses of the data provide information about user behaviour and are used to improve the content as well as to optimise advertising campaigns.

Marketing
Marketing cookies are used to measure reach and to display optimised advertising and content to users based on their behaviour and interests. Third-party cookies from partners and service providers are also used for this purpose, which make it possible to generate interest profiles based on the information stored in this cookie when another website is called up, in order to display relevant advertisements or offers based on this. The way they work is based on recognising browsers and devices individually. Conclusions about a specific person cannot be ruled out, even if the profile generation is usually pseudonymised.

c) Legal basis for the use of cookies

Essential cookies do not require explicit consent for use, provided they are technically necessary and there is a legal basis for their use.

We do not use cookies that require consent.