Karriere bei GGM Gastro

Privacy Policy

1. Data protection at a glance
General information

The following provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. Detailed information on data protection can be found in the remaining sections of this privacy policy.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the section of this privacy policy entitled ‘About the data controller’.

How do we collect your data?

Some data is collected when you provide it to us voluntarily. This includes, for example, data that you enter in a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. Such data is primarily technical in nature (e.g. information about your internet browser, operating system or the time of your page view). The collection of this data is triggered as soon as you access the website.

What do we use your data for?

Some data is collected to ensure that the website is provided correctly. Other data may be used to analyse your user behaviour. Where it is possible for contracts to be concluded or initiated via the website, transmitted data will also be processed to facilitate contract offers, orders or other order inquiries.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipients and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request restriction of the processing of your personal data under certain circumstances. Finally, you have the right to lodge a complaint with the competent supervisory authority.

For any other questions about data protection, you can contact us at any time.

Analysis tools operated by third-party providers

When you visit this website, information about your browsing behaviour may be statistically analysed. This is primarily carried out using analytics tools.

Detailed information about these analytics tools can be found in the remaining sections of this privacy policy.

2. General information and mandatory disclosures

Data protection

The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Various personal data is collected when you use this website. Personal data is any data by which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission via the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

About the data controller

The controller responsible for data processing on this website is:

GGM Gastro International GmbH
Managing Directors: Ferit Inan & Ömer Elma
Weinerpark 16
D - 48607 Ochtrup

Phone: Tel: +49 (0) 2553 - 72 20 20 - 0 | Fax: +49 (0) 2553 - 72 20 20 - 200
Email: info@ggmgastro.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Retention period

Unless a different retention period is specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for retaining it (e.g. retention periods under tax or commercial law); in the latter case, deletion will occur after these reasons no longer apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR. If you have expressly consented to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or the accessing of information on your end device (e.g. via device fingerprinting), data processing is also carried out on the basis of § 25 (1) of the Telecommunications Digital Services Data Protection Act (TDDDG). Consent can be revoked at any time. If your data is required to perform a contract or to implement pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Information on the legal basis in each case can be found in the following sections of this privacy policy.

Data Protection Officer

GGM Gastro has appointed a data protection officer.

Philipp Gumpert
https://gataca.de/

GATACA GmbH
Am Riettor 4
78048 Villingen-Schwenningen

datenschutz@ggmgastro.com

Information on the transfer of data to third countries that are not secure under data protection law and transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in third countries not deemed secure under data protection law and US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. Please note that in such third countries, it is not possible to guarantee a level of data protection comparable to that of the EU.

The USA, as a secure third country, generally offers a level of data protection comparable to that of the EU. Accordingly, data transfer to the USA is permitted under this privacy policy if the recipient is certified under the EU-US Data Privacy Framework (DPF) or has suitable additional safeguards in place. This privacy policy provides information on transfers to third countries, including data recipients.

Recipients of personal data

As part of our business activities, we work with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties when this is necessary for the performance of a contract, when we are legally obliged to do so (e.g. disclosure of data to tax authorities), when we have a legitimate interest in the transfer in accordance with Art. 6 (1) (f) GDPR, or if another legal basis permits the transfer of data. When using data processors, we only disclose our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of consent to data processing

Many types of data processing are only possible with your express consent. You may withdraw any consent you have previously given at any time. The lawfulness of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE LEGAL BASIS ON WHICH PROCESSING IS CARRIED OUT IN EACH INSTANCE CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL CEASE TO PROCESS THE AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL CEASE TO BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to receive the data that we process automatically on the basis of your consent or in the course of performing a contract, in a common, machine-readable format, either for yourself or for transfer to a third party. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Access, rectification and erasure

Within the scope of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing. You may also have a right to rectification or erasure of this data. You can contact us at any time regarding this or any other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time to request this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of the personal data stored by us, we generally need time to verify this. You have the right to request the restriction of the processing of your personal data for the duration of the verification.
If the processing of your personal data was/is carried out unlawfully, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of processing instead of erasure.
If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed either: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; and/or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, this means that the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a contract subject to payment, there is an obligation to transmit your payment details to us (e.g. your account number for direct debit), this data is required for payment processing.

Payment transactions using standard means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the browser’s address bar changes from "http://" to "https://" and by the lock symbol in your browser line.

When communication is encrypted, this mean that the payment data you transmit to us cannot be read by third parties.

Objection to promotional emails

It is hereby prohibited to use contact details published as part of our legal duty to provide company information for the sending of unsolicited advertising material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

3. Data collection on this website

Cookies

Our website uses ‘cookies’: small data packets that do no harm to your device. Cookies are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted once you leave the site. Persistent cookies remain stored on your device until you delete them manually or your browser removes them automatically.

Cookies may originate from us (first-party cookies) or from third-party providers (third-party cookies). Third-party cookies enable certain services offered by external providers to be integrated smoothly into websites (e.g. cookies used for processing payment services).

Cookies serve a variety of functions. Many are technically necessary, since certain website features would not function without them (e.g. the shopping basket function or video display). Other cookies may be used for analysing user behaviour or for advertising purposes.

Cookies that are required for electronic communication, for providing specific features (e.g. the shopping basket), or for optimising the website (e.g. audience measurement cookies), are stored on the basis of Article 6 (1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies to ensure the error-free and optimised delivery of its services. Where your consent has been requested for the storage of cookies or similar recognition technologies, data processing is carried out exclusively on the basis of that consent (Article 6 (1)(a) GDPR and § 25(1) TDDDG); this consent can be withdrawn at any time.

You can configure your browser to notify you when cookies are set, to allow cookies only in individual cases, to reject cookies in certain cases or across the board, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

For details about which cookies and services are used on this website, please refer to this privacy policy.

CookieFirst

Our website uses CookieFirst to obtain your consent for the storage of certain cookies on your device and for the use of specific technologies, and to document this consent in a manner compliant with data protection regulations. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter “CookieFirst”).

When you access our website, a connection is established with servers of CookieFirst to obtain your consent and process other declarations regarding cookie usage. CookieFirst then stores a cookie in your browser in order to link the consents you have given or withdrawn with your session. In the process, the anonymised IP address, the user agent of the browser and operating system, and the URL from which the consent was given are processed and stored within the CookieFirst system. Data collected in this way is retained until you request its deletion, delete the CookieFirst cookie yourself, or the purpose for storing the data no longer applies. Statutory retention obligations remain unaffected.

CookieFirst transmits personal data to third-party providers. These include a content delivery network (CDN) based in Slovenia, IP geolocation services in Romania, and hosting services provided by OVH in Germany and France. CookieFirst is headquartered in Amsterdam, Netherlands.

CookieFirst is used to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6 (1)(c) of the GDPR.

Order processing

We have entered into a data processing agreement (DPA) regarding the use of the aforementioned service. This legally mandatory agreement ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

Server log files

The provider of this website automatically collects and stores information in server log files. This information, which is automatically transmitted by your browser, includes:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6 (1)(f) of the UK GDPR. The website operator has a legitimate interest in the error-free display and optimisation of the website. This requires server log files to be recorded.

Contact form

If you send us an enquiry via the contact form, the details you provide in the form, including your contact information, will be stored by us for the purpose of processing your enquiry and in case of follow-up questions. We do not disclose this data without your consent.

If your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the processing of this data is based on Article 6 (1)(b) of the GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6 (1)(f) GDPR) or on your consent (Article 6 (1)(a) UK GDPR), where consent has been requested and given; it may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to storage, or the purpose for data retention no longer applies (e.g. once your enquiry has been fully resolved). Mandatory legal provisions — particularly statutory retention periods — remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry – including all personal data generated by the enquiry (such as your name and the content of your request) – will be stored and processed by us for the purpose of handling your enquiry. We do not share this data without your consent.

If your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the processing of this data is based on Article 6 (1)(b) of the GDPR. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries directed to us (Article 6 (1)(f) GDPR) or on your consent (Article 6 (1)(a) UK GDPR), where this has been requested; consent may be withdrawn at any time.

The data you send to us as part of an enquiry will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for data retention no longer applies (e.g. once your enquiry has been fully resolved). Mandatory legal provisions — particularly statutory retention periods — remain unaffected.

Communication via WhatsApp

We use the instant messaging service WhatsApp, among other services, to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication is secured through end-to-end encryption (peer-to-peer), which prevents WhatsApp or any other third parties from accessing the content of the messages. However, WhatsApp does receive access to metadata generated during communication (e.g. sender, recipient, and timestamp). Please also note that, according to information provided by WhatsApp itself, it shares personal data of its users with its parent company, Meta, based in the United States. Further details on data processing can be found in WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

We use WhatsApp on the basis of our legitimate interest in fast and efficient communication with customers, prospects, and other business and contractual partners (Article 6 (1)(f) GDPR). Where consent has been requested, data processing is carried out solely on the basis of that consent; consent may be withdrawn at any time with future effect.

Messages exchanged between you and us via WhatsApp will remain with us until you request their deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been resolved). Mandatory legal provisions — particularly statutory retention periods — remain unaffected.

WhatsApp is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/7735.

We use the “WhatsApp Business” version of the service.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

Our WhatsApp accounts are configured to prevent automatic syncing with the address books of the devices on which it is used.

We have entered into a data processing agreement (DPA) with the above-mentioned provider.

Registration on this website

You can register on this website in order to access additional features. The data you enter during registration is used solely for the purpose of providing the specific service or feature for which you have registered. All mandatory fields requested during registration must be completed in full; otherwise, we will be unable to process the registration.

We use the email address provided at the time of registration to inform you of important changes, such as updates to the range of services offered or modifications that may become technically necessary.

The processing of registration data is carried out for the purpose of fulfilling the user agreement established by registration and, where applicable, for initiating further contractual relationships (Article 6 (1)(b) UK GDPR).

The data collected during registration will be stored by us for as long as you remain registered on this website and will be deleted thereafter. Statutory retention obligations remain unaffected.

Registration via Facebook Connect

Instead of registering directly on this website, you can register using Facebook Connect. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, however, the data collected may also be transferred to the United States and other third countries.

If you choose to register via Facebook Connect and click the ‘Login with Facebook’ or ‘Connect with Facebook’ button, you will be redirected to the Facebook platform, where you can log in using your Facebook credentials. This will link your Facebook profile to our website or services. Via this connection, we gain access to the data you have stored on Facebook. This primarily includes:

Facebook name
Facebook profile and cover picture
The email address you have stored with Facebook
Facebook ID
Facebook friend lists
Facebook Likes
Birthday
Gender
Country
Language

This data is used to create, provide, and personalise your account.

Registration via Facebook Connect and any associated data processing are carried out on the basis of your consent (Article 6 (1)(a) UK GDPR). You may withdraw this consent at any time with effect for the future.

Where personal data is collected on our website using the Facebook Connect tool as described above and is subsequently transferred to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited solely to the collection of the data and its transmission to Facebook. Any processing carried out by Facebook after the data has been transferred is not part of the joint responsibility. Our respective responsibilities are defined in a joint controller agreement, the text of which can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook Connect tool and for its secure implementation on our website in accordance with data protection law. Facebook is responsible for the data security of its products. Data subject rights (e.g. access requests) regarding data processed by Facebook may be exercised directly with Facebook. If you assert your rights with us, we are obliged to refer the matter to Facebook.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. For details, please see: https://www.facebook.com/legal/EU_data_transfer_addendum; https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

Further information can be found in Facebook’s terms of service and privacy policy, available at https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

Meta is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/4452.

Registration via Google

Instead of registering directly on this website, you can register using Google. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To register with Google, you only need to enter your Google username and password. Google will identify you and confirm your identity to our website.

If you sign in with Google, we may be able to use certain information from your account to complete your profile on our site. You control which information is shared in your Google security settings, which can be accessed at https://myaccount.google.com/security and https://myaccount.google.com/permissions.

The data processing associated with registration via Google is based on our legitimate interest in offering users the simplest possible registration process (Article 6 (1)(f) UK GDPR). Since use of the registration feature is voluntary and users can determine what access is granted, there are no overriding rights or interests that would conflict with this processing.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processed in the US. Companies certified under the DPF undertake to uphold these data protection standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780

4. Social media

Instagram

This website incorporates elements from the Instagram platform. The provider of Instagram is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When one of the above-described social media elements is active, a direct connection is established between your device and the Instagram server. This allows Instagram to receive information that you have visited this website.

If you are logged into your Instagram account, clicking the Instagram button enables you to link content from this website to your Instagram profile. Instagram can then associate your visit to this website with your user account. Please note that as the website provider, we have no knowledge of the content of the data transmitted or how it is used by Instagram.

Use of this service is based on your consent pursuant to Art. 6 (1)(a) GDPR and § 25 (1) TDDDG. This consent may be revoked at any time.

Data transfers to the USA are based on the Standard Contractual Clauses of the European Commission. For details, please see: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ andhttps://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram’s privacy policy: https://privacycenter.instagram.com/policy/.

Pinterest

This website integrates elements from the social network Pinterest, which is provided by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you access a page that contains such an element, your browser establishes a direct connection to Pinterest’s servers. The social media element transmits log data to Pinterest’s server in the United States. This log data may include your IP address, the addresses of the websites you visit that also contain Pinterest features, your browser type and settings, the date and time of your request, your use of Pinterest, and cookies.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25(1) TDDDG. You may withdraw your consent at any time.

Further information on the purpose, scope, and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, can be found in Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.

5. Analysis tools and advertising

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables website operators to analyse the behaviour of website visitors. Within the scope of this process, the website operator receives usage data such as page views, time spent on site, operating systems used, and the user’s origin. These data are compiled into a user ID and assigned to the respective device of the website visitor.

Additionally, Google Analytics can record mouse and scroll movements and clicks. Google Analytics also applies various modelling approaches to enhance the collected data and uses machine learning technologies in the data analysis process.

Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about your use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25 (1) TDDDG. You may withdraw your consent at any time.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780.

IP anonymisation

IP anonymisation is activated on this website for Google Analytics. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects information including your location, search history, YouTube history, and demographic data. These data may be used by Google Signals to deliver personalised advertising. If you have a Google account, the visitor data collected by Google Signals is linked to your Google account and used to deliver personalised ad content. The data is also used to generate anonymised statistics about user behaviour on our website.

Order processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

E-commerce measurement in Google Analytics

This website uses the e-commerce measurement feature of Google Analytics. E-commerce measurement enables website operators to analyse the purchasing behaviour of website visitors for the purpose of improving online marketing campaigns. Information such as completed orders, average order values, shipping costs, and the time from viewing a product to making a purchase is recorded. These data can be aggregated by Google under a transaction ID, which is assigned to the user or their device.

Hotjar

This website uses Hotjar, a service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse user behaviour on this website. Hotjar allows us to record, among other things, your mouse movements, scrolling behaviour and clicks. Hotjar can also detect how long your cursor remains in a particular area. These data are used to generate ‘heatmaps’, which indicate which parts of the website are viewed most frequently by users.

We can also determine how long you remain on a page, when you leave it, and the point at which you abandon entering information in in a contact form (the ‘conversion funnel’).

Furthermore, Hotjar enables the collection of direct feedback from website visitors. This feature helps the site owner to improve their web offerings.

Hotjar uses technologies that enable recognition of the user for behavioural analysis purposes (e.g. cookies or device fingerprinting).

Where consent has been obtained, the use of this service is based solely on Art. 6 (1)(a) GDPR and § 25 TDDDG. You may revoke your consent at any time. If consent has not been obtained, the use of the service is based on Art. 6 (1)(f) GDPR, which states that the website operator has a legitimate interest in analysing user behaviour in order to optimise both the website offering and its advertising.

Disabling Hotjar

If you wish to disable data collection by Hotjar, click the following link and follow the instructions provided: https://www.hotjar.com/policies/do-not-track/.

Please note that Hotjar must be disabled separately in each browser and on each device.

Further information about Hotjar and the data it collects can be found in Hotjar’s privacy policy:
https://www.hotjar.com/privacy.

Data processing agreement

We have entered into a data processing agreement (DPA) with Hotjar governing the use of the above-described service. This agreement, which is required under data protection law, ensures that Hotjar processes the personal data of website visitors solely in accordance with our instructions and in compliance with the GDPR.

Google Ads

This website uses Google Ads. Google Ads is an online advertising platform provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms on Google (keyword targeting). In addition, it enables targeted advertisements to be shown based on user data held by Google (e.g. location data and interests). This is known as audience targeting. As the website operator, we are able to evaluate this data quantitatively, for example by analysing which search terms triggered the display of our ads and how many clicks were generated as a result.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25 (1) TDDDG. Consent can be withdrawn at any time.

Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission. Details can be found at: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at https://www.dataprivacyframework.gov/participant/5780.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking allows Google and us to determine whether users have completed certain actions. For example, we can analyse which buttons on our website are clicked and how often, or which products are viewed or purchased most frequently. This information is used to generate conversion statistics. We receive information on the total number of users who clicked on our ads and what actions they performed. However, we do not receive any information that would allow us to personally identify users. Google uses cookies or similar recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Article 6 (1)(a) UK GDPR and § 25 (1) TDDDG. You may withdraw your consent at any time.

Further information about Google Conversion Tracking can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=de

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the US. Companies certified under the DPF undertake to uphold these standards. Further information is available from the provider at: https://www.dataprivacyframework.gov/participant/5780

6. Newsletters

If you provide your email address in the course of ordering goods or services, we may subsequently use this email address to send you newsletters, provided we have informed you of our intention to do so in advance. In such cases, newsletters will contain only direct advertising for similar goods or services sold by us. You can unsubscribe from newsletters at any time. Each newsletter contains an unsubscribe link. The legal basis for sending newsletters is Article 6 (1)(f) UK GDPR in conjunction with § 7 (3) of the German Act Against Unfair Competition (UWG). When we collect your email address and upon every subsequent use of it, we provide clear notification that you can object to receiving the newsletter at any time. Unsubscribing does not incur any costs beyond your standard connection or transmission rates.

We use the email marketing platform SAP Emarsys, a service provided by SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf, Germany. Data processing is carried out on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. Processing is carried out exclusively on servers within the EU. Data is transferred to third countries only where appropriate safeguards exist in accordance with Articles 44 ff. GDPR.

You may object to the sending of our customer newsletter at any time with effect for the future. Simply use the unsubscribe link at the end of any newsletter or contact us using the details provided in the legal notice.

After you unsubscribe from the newsletter mailing list, your email address may be stored in a blacklist to prevent future mailings. The data in the blacklist is used solely for this purpose and will not be merged with other data. This serves both your interests and ours in complying with legal requirements for sending newsletters (legitimate interest under Article 6 (1)(f) GDPR). Storage in the blacklist is not time-limited. You may object to this storage if your interests outweigh our legitimate interest.

7. Plugins and tools

YouTube with Privacy Enhanced Mode

This website embeds videos from the YouTube platform. The operator of YouTube is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit a page on this website that includes a YouTube video, a connection is established with YouTube’s servers. As a result, the YouTube server is informed about the page(s) of this website you have visited. If you are logged into your YouTube account, you automatically give YouTube permission to link your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in Privacy Enhanced Mode. As stated by YouTube, videos played in Privacy Enhanced Mode are not used to personalise browsing for the website user on the YouTube platform. Advertisements displayed in enhanced privacy mode are also not personalised. While cookies are not set in this mode, local storage mechanisms may be placed in the user’s browser. These function similarly to cookies and may contain personal data or serve the purpose of user recognition. Details on enhanced privacy mode can be found at: https://support.google.com/youtube/answer/171780

Please note that additional forms of data processing may be triggered when you interact with a YouTube video. We have no control over these.

The use of YouTube is based on our legitimate interest in enhancing the visual presentation of our online content in accordance with Art. 6 (1)(f) GDPR. Where corresponding consent has been obtained, processing is carried out solely on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

Further information about data protection on YouTube is available in its privacy policy: https://policies.google.com/privacy?hl=de

Google is certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States intended to ensure that US-based data processing adheres to European data protection standards. Companies certified under the DPF undertake to uphold these standards. Further details are available from the provider at: https://www.dataprivacyframework.gov/participant/5780

Google Fonts (Local Hosting)

This website uses Google Fonts to ensure the uniform display of fonts. These fonts are provided by Google and hosted locally. As a result, the use of Google Fonts does not involve a connection to Google’s servers.

More information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

8. Services managed by the website operator

Handling of applicant data

Our website provides the opportunity for you to apply for a job with us (e.g. via email, post or an online application form). The following explains the scope, purpose, and use of the personal data collected during the application process. We ensure that the collection, processing and use of your data is carried out in accordance with applicable data protection laws and all other relevant legal provisions, and that your data is treated with strict confidentiality.

Scope and purpose of data collection

When you submit an application to us, we process the personal data associated with it (e.g. contact details, application documents, notes from interviews, etc.), insofar as this is necessary for making a decision regarding the establishment of an employment relationship. The legal basis for this is § 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Art. 6 (1)(b) GDPR (steps at the request of a data subject prior to entering into a contract), and – insofar your consent has been obtained – Art. 6 (1)(a) GDPR. Consent can be withdrawn at any time. Within our organisation, your personal data will only be shared with individuals involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems for the purpose of managing the employment relationship; this is based on § 26 BDSG and Art. 6 (1)(b) GDPR.

Data retention period

If we are unable to offer you a position, you reject a job offer from us, or you withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 (1)(f) GDPR) for up to six months following the conclusion of the application process (rejection or withdrawal). After this period, the data will be deleted and any physical application documents will be destroyed. Retention is primarily for evidentiary purposes in the event of a legal dispute. If it is apparent that the data will still be required after the six-month period (e.g. due to a pending or planned legal dispute), deletion will take place only once the purpose for continued retention no longer applies.

A longer retention period may also apply if you have given your express consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Addition to the candidate pool

If we are unable to make you a job offer, there may be an opportunity for you to be added to our candidate pool. In this case, all documents and details from your application will be transferred to the candidate pool in order that you can be contacted in the event of suitable future vacancies.

Addition to the candidate pool is based solely on your express consent (Art. 6 (1)(a) GDPR). The provision of consent is entirely voluntary and will not affect the outcome of any ongoing application process. You may withdraw your consent at any time. If consent is withdrawn, the data will be irreversibly deleted from the candidate pool, unless statutory retention obligations apply.

Data stored in the candidate pool will be deleted no later than two years after consent is given.