Privacy

Privacy policy

Status 28.07.2022

With the following data protection declaration, we would like to inform you about what types of your personal data we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, especially www.brand-compass.de, as well as on external online presences, such as our social media profiles.

1. Responsible entity

Klickstar GmbH

Managing Director: Christian Zirfas

An der Röthe 10

32351 Stemwede

Tel.: 0577399769

Email: cz@klickstar.rocks

1. Processing overview

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

• Types of data processed

Inventory data (e.g. names, addresses), content data (e.g. text entries, photographs, videos), contact data (e.g. e-mail, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times), contract data (e.g. subject matter of contract, term, customer category), payment data (e.g. bank details, invoices, payment history).

• Categories of affected persons

Business and contractual partners, interested parties, communication partners, customers, users (e.g. website visitors, users of online services).

• Processing purposes

Visit action evaluation, Office and organizational procedures, Direct marketing (e.g., by e-mail or postal mail), Interest-based and behavioral marketing, Contact requests and communications, Conversion measurement (measuring the effectiveness of marketing measures), Profiling (creating user profiles), Reach measurement (e.g., access statistics, recognizing returning visitors), Security measures, Tracking (e.g., interest/behavioral profiling, use of cookies), Contractual services and service, Management and response to inquiries

1. Relevant legal bases

According to the following legal bases we process the personal data. It should be noted that, in addition to the provisions of the General Data Protection Regulation (GDPR), national data protection regulations may also apply.

• Consent (Art. 6 para. 1 p. 1 lit. a DSGVO)
• Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO)
• Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO)
• Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO)

In addition to the data protection regulations of the GDPR, the Federal Data Protection Act (BDSG) applies in Germany. In particular, the BDSG contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, the processing for other purposes and the transmission and automated decision-making in individual cases. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships as well as the consent of employees. Furthermore, state data protection laws of the individual federal states may apply.

1. Security measures

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

1. Transfer and disclosure of personal data

In the course of our processing of personal data, the data may be transferred to or disclosed to other entities, companies or persons. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

1. Data processing in third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, entities or companies, this is only done in accordance with the legal requirements.

1. Cookies use

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that arises in each case in connection with the specific end device used. This does not mean, however, that we thereby gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO required.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

The legal basis on which we process your personal data using cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g. in the business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Regardless of whether the processing is based on consent or legal permission, you have the option at any time to revoke any consent given or to object to the processing of your data by cookie technologies.

1. Commercial and business services

We process data of our customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer inquiries.

We process this data to fulfill our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. Within the framework of applicable law, we only disclose customer data to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications and transport companies as well as banks, tax and legal advisors, payment service providers or tax authorities).

We delete the data after the expiry of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account for as long as it must be kept for legal archiving reasons (e.g., for tax usually 10 years). We delete data disclosed to us by the customer as part of an order in accordance with the specifications of the order, generally after the end of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and data protection notices of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.

Within the scope of our activities, we process the data of our customers in order to enable them to select, purchase or order the selected products, goods and related services or to commission the selected services as well as their payment and delivery or execution or provision.

The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the performance of the services and billing as well as contact information in order to be able to hold any consultations.

Legal bases are: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 p. 1 lit. c. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

1. Web hosting via All-Inkl.

We use the services of ALL-INKL.COM – Neue Medien Münnich, Owner: René Münnich, Hauptstraße 68 | D-02742 Friedersdorf for web hosting for our websites and have signed a contract for order processing according to Art. 28 DSGVO with All Inkl. closed. For more information, please see All Inkl’s privacy policy. at https://all-inkl.com/datenschutzinformationen/.

The legal basis is our legitimate interest in the operation and maintenance of the operational security of these websites pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.

1. Contact form

For questions of any kind, we offer you the possibility to contact us via a form provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the request originates and so that we can answer it. Additional information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent.

1. Payment service provider

Within the scope of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer efficient and secure payment options to the data subjects and use other payment service providers in addition to banks and credit institutions for this purpose (hereinafter “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is necessary to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e., we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. In this regard, we refer to the GTC and the data protection information of the payment service providers.

The terms and conditions and the data protection notices of the respective payment service providers, which can be accessed within the respective websites or transaction applications, shall apply to the payment transactions. We also refer to this for further information and assertion of revocation, information and other data subject rights.

The following data is processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contract data (e.g. subject matter of contract, term, customer category), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

Legal bases for processing are: Contract performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

Services used and service providers:

Stripe

When purchasing digital products via our online store on our website, payment processing is carried out via an external payment provider. We do not collect and process any payment data during a purchase. The payment data is entered and processed directly by the payment provider. Technical data (including the transaction ID) is exchanged between us and the payment provider to validate the purchases. We store this data until the deletion of your user account or beyond until the data is no longer subject to tax, commercial or other legal storage obligations. We use the payment service provider Stripe, a service of Stripe Payments Europe, Ltd, c/o A&l Goodbody, Ifsc, North Wall Quay, Dublin 1, Ireland (hereinafter: “Stripe”), subject to the Stripe Terms of Use, which can be viewed at
https://stripe.com/de/legal
.

The legal basis for this processing of personal data is Art. 6 para. 1 lit. b) GDPR.

1. Promotional communication via mail, e-mail or telephone

We process personal data for the purposes of promotional communication, which may be via various channels, such as e-mail, telephone or mail. In this context, we comply with the legal requirements and obtain the necessary consents, unless the communication is permitted by law. The recipients have the right to revoke consent given at any time or to object to promotional communication at any time.

After revocation or objection, we may store the data required to prove consent for up to three years based on our legitimate interests before deleting it. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

The following data is processed for the purpose of direct marketing based on existing consent (Art. 6 para. 1 p. 1 lit. a DSGVO) or a Legitimate Interest (Art. 6 para. 1 p. 1 lit. f. DSGVO):

Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers).

1. Online marketing

We process personal data for online marketing purposes, which include, in particular, the display of promotional and other content (collectively, “Content”) based on potential user interests and measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar procedures are used, by means of which the user data relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, web pages visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data, this can also be processed.

The IP addresses of the users are also stored. However, we use IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear data of the users (such as e-mail addresses or names) are stored in the online marketing process, but pseudonyms. This means that we, as well as the providers of the online marketing methods, do not know the identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can later generally be read on other websites that use the same online marketing method and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing method provider.

Exceptionally, clear data can be assigned to profiles. This is the case if, for example, the users are members of a social network whose online marketing methods we use and the network links the users’ profiles with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent as part of the registration process.

We generally only receive access to aggregate information about the success of our advertisements. However, in the context of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to a contract being concluded with us. Conversion measurement is used solely to analyze the success of our marketing efforts.

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent (Art. 6 para. 1 p. 1 lit. a DSGVO). Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical and recipient-friendly services, Art. 6 para. 1 p. 1 lit. f. DSGVO) are processed. In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

The following user data is processed: Usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).

The purposes of the processing are tracking, remarketing, visit action evaluation, interest-based and behavioral marketing, profiling, conversion measurement, reach measurement.

We refer to the data protection notices of the respective providers and the objection options given to the providers (so-called \”opt-out\”). If no explicit opt-out option has been specified, you have the option of disabling cookies in your browser settings. However, this may restrict functions of our online offer. We therefore additionally recommend the following opt-out options, which are offered in summary form directed at respective territories: a) Europe: https://www.youronlinechoices.eu. (b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Inter-area: http://optout.aboutads.info.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The data processing is essentially carried out by Google or Facebook. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.

Services used and service providers:

Google Analytics: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opt-Out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

The controller uses the addition “_gat._anonymizeIp” for web analysis via Google Analytics. By means of this addition, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages takes place from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our websites, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the place from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of such data by Google and to prevent such processing. For this purpose, the data subject must install a browser add-on at the link
https://tools.google.com/dlpage/gaoptout
and install it. This browser add-on tells Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her control, it is possible to reinstall or reactivate the browser add-on.

Google Ads Conversation Tracking: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opt-Out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

We use Google Ads to draw attention to our attractive offers on external websites with the help of advertising media (so-called Google Adwords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. Our aim is to show you advertising that is of interest to you, to make our website more interesting for you and to achieve a fair calculation of the advertising costs incurred.

The conversion tracking cookie is set when a user clicks on an ad placed by Google Ads. Cookies are small text files that are stored on your terminal device. These cookies usually lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer receives a different cookie. Cookies can therefore not be tracked through the websites of Google Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted in to conversion tracking. Clients learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking, you can block this use by deactivating the Google conversion tracking cookie via your Internet browser under the keyword “User settings”. They will then not be included in the conversion tracking statistics. We use Google Ads based on our legitimate interest in targeted advertising in accordance with. Art. 6 par. 1 lit. f DSGVO. In the context of the use of Google Ads, personal data may also be transmitted to the servers of Google LLC. come in the USA.

You can permanently object to the setting of cookies by Google Ads conversion tracking by downloading and installing the Google browser plug-in available at the following link:

https://www.google.com/settings/ads/plugin?hl=de

Please note that certain functions of this website may not be available or may be restricted if you have deactivated the use of cookies.

To the extent legally required, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO obtained. You can revoke your consent at any time with effect for the future. To exercise your revocation, deactivate this service in the “Cookie Consent Tool” provided on the Website or, alternatively, follow the option described above to make an objection.

Google AdSense: Online marketing and web analytics; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opt-Out: Opt-out plugin: http://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertisements: https://adssettings.google.com/authenticated.

This website uses Google AdSense, a web advertising service of Google LLCGoogle AdSense uses so-called “DoubleClick DART Cookies” (“Cookies”). These are text files that are stored on your computer and enable an analysis of your use of the website. In addition, Google AdSense also uses so-called “web beacons” (small invisible graphics) to collect information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and analyzed. The information generated by the cookie and/ or web beacon (including your IP address) about your use of this website is usually transferred to a Google server in the USA and stored there.

Google uses the information thus obtained to perform an evaluation of your usage behavior with regard to the AdSense ads. The IP address transmitted by your browser as part of Google AdSense is not merged with other data from Google. The information collected by Google may be transferred to third parties if this is required by law and/or if third parties process this data on behalf of Google.

The described processing of data is carried out in accordance with Art. 6 para. 1 lit. f DSGVO for the purpose of targeted advertising addressing of the user by advertising third parties, whose ads are displayed on this website based on the evaluated user behavior. At the same time, the processing serves our financial interest in exploiting the economic potential of our website by displaying personalized third-party advertising content in return for payment.

You can obtain more information about Google’s privacy policy at the following Internet address: http://www.google.de/policies/privacy/

You can permanently disable cookies for ad preferences by preventing them by setting your browser software accordingly or by downloading and installing the browser plug-in available at the following link:
http://www.google.com/settings/ads/plugin?hl=de

Instagram Ads: Online marketing and web analytics; Service provider: Facebook Inc, 1601 S. California Avenue, Palo Alto, CA 94304, USA; website:
https://business.instagram.com/advertising/
; Privacy policy:
https://www.instagram.com/about/legal/privacy/
.

1. Social media integration

On our domain there is a possibility to share entries via the social networks. After clicking on the embedded graphic, the user is redirected to the page of the respective provider, i.e. only then is user information transmitted to the respective provider. The legal basis for the data processing is then the consent of the user according to. Art. 6 par. 1 lit. a) GDPR.

If the user is logged into his user profile in the corresponding social network, an association with the visit to our website takes place even without activation of the corresponding button. If the user does not want the social networks to collect data about the website, he or she should log out of them accordingly before visiting the website. However, if the corresponding button is activated by clicking on it, cookie(s) with an identifier are still set each time the website is called up. Therefore, data may be collected via this function and a profile may be created that can be traced back to an individual person. If the user does not wish to do so, he can deactivate the corresponding link within the website by clicking on it. The user can also set his browser to generally exclude the acceptance of cookies; however, we would like to point out that in this case the functionality of our website may be limited. Information on the handling of personal data when using these websites can be found in the respective data protection provisions of the providers.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The data processing by Facebook, Instagram, LinkedIN, Google+ and Youtube is particularly affected. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.

• Facebook

The privacy policy of Facebook (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) can be found at https://de-de.facebook.com/about/privacy/.

• Instagram

The privacy policy of Instagram (operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) can be found athttps://www.instagram.com orhttps://help.instagram.com/155833707900388.

• Google+

The privacy policy of Google+ (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) can be found at https://www.google.com/intl/de/policies/privacy.

• XING

The privacy policy of XING (operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany) can be found at https://privacy.xing.com/de/datenschutzerklaerung.

• linkedIN

The privacy policy of linkedIN (operated by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA) can be found at https://de.linkedin.com/legal/privacy-policy#other.

• youtube

The privacy policy of youtube (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) can be found at https://www.google.com/intl/de/policies/privacy.

• TikTok

The privacy policy of TikTok (operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) can be found at. https://www.tiktok.com/legal/privacy-policy?lang=de can be found.

1. Tools

• Borlabs cookie

This website uses Borlabs Cookie of the company Borlabs, Inh.: Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (website:
https://de.borlabs.io
), which sets a technically necessary cookie(borlabs-cookie) to store your cookie consents or the revocation of these consents.

Borlabs Cookie does not process any personal data.

The collected data will be stored until you request us to delete it or until you delete the borlabs-cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
. Borlabs Cookie’s privacy policy can be found at:
https://de.borlabs.io/datenschutz/
for more information.

The use of Borlabs cookie consent technology is done in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

• Google Fonts

Our website integrates the fonts (“GoogleFonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in particular to display the fonts in the user’s browser.

The use of GoogleFonts is in the interest of efficient, economical and recipient-friendly use of fonts, their uniform presentation as well as possible licensing restrictions for the integration. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f GDPR.

For more information on the handling of user data, please see Google’s privacy policy at:
https://policies.google.com/privacy?hl=de
.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The data processing is essentially carried out by Google. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.

• Google Maps

This website uses the “Google Maps API” of the company Google Inc. for the visual display of map material. (Google). When using Google Maps, Google also collects, processes and uses data about the use of the Maps functions by visitors to the websites. The terms of use for Google Maps can be found at Terms of Use for Google Maps.

The use of Google Maps serves to display location information and therefore constitutes a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f) GDPR.

For more information about Google’s privacy policy, please visit:
https://www.google.com/intl/de/policies/privacy/
.

We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. The data processing is essentially carried out by Google. This may result in data not being processed and stored anonymously. The us authorities may also be able to access individual data.

1. Handling of applicant data

We offer you the opportunity to apply to us (e.g. by e-mail, post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data will be in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be processed on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b DSGVO for the purpose of implementing the employment relationship is stored in our data processing systems.

Data retention period

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). Subsequently, the data is deleted and the physical application documents are destroyed. The storage serves in particular evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for continued storage no longer applies.

A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations oppose the deletion.

Inclusion in the applicant pool

If we do not make you a job offer, we may be able to include you in our applicant pool. In case of acceptance, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a DSGVO). The submission of the consent is voluntary and is not related to the current application process. The data subject may revoke his/her consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

1. Data deletion

The data processed by us will be deleted in accordance with the legal requirements as soon as their consents permitted for processing are revoked or other permissions cease to apply. If the data are not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes, i.e. the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural person or legal entity. Further information on the deletion of personal data can also be found in the individual data protection notices of this data protection declaration.

1. Modification and update of the privacy policy

We ask you to regularly inform yourself about the content of our privacy policy. We will adapt the privacy policy as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

1. Rights of the data subjects

As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR:

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

Right of revocation for consents: You have the right to revoke any consent you have given at any time.

Right of access: You have the right to request confirmation as to whether data in question is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with the legal requirements.

Right to rectification: In accordance with the law, you have the right to request that data concerning you be completed or that inaccurate data concerning you be rectified.

Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data relating to you be erased immediately or, alternatively, to request restriction of the processing of the data in accordance with the law.

Right to data portability: You have the right to receive data relating to you that you have provided to us in a structured, common and machine-readable format in accordance with the legal requirements, or to request that it be transferred to another controller.

Complaint to supervisory authority: You also have the right, in accordance with the law, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.

Supervisory authority responsible for us:

The State Commissioner for Data Protection of Lower Saxony

Barbara Thiel
Prinzenstrasse 5
30159 Hanover