This is a translation, the German versions are authoritative.
1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. In this context, personal data is all data with which you can be personally identified.
1.2 The person responsible for data processing on this website within the meaning of the General Data Protection Regulation (DSGVO) is SHARKPROJECT Merchandising e.V., Rebhaldenstrasse 2, 8910 Affoltern am Albis, Switzerland, Tel.: +41 44 3115941, E-mail: shop@sharkproject.org. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the controller). You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser line.
2) Data collection when visiting our website
When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you reached the page
- Browser used
- Operating system used
- IP address used (if applicable: in anonymised form)
The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
3) Hosting & Content-Delivery-Network
Hosting by Shopify
We use the shop system of the service provider Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"), for the purpose of hosting and displaying the online shop on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's aforementioned services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed by adequacy decision of the European Commission. Further information on Shopify's data protection can be found on the following website: https://www.shopify.de/legal/datenschutz.
Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below.
4) Cookies
In order to make visiting our website more attractive and to enable the use of certain functions, we use cookies, i.e. small text files that are stored on your terminal device. Some of these cookies are automatically deleted after you close your browser (so-called "session cookies"), while others remain on your end device for longer and allow you to save page settings (so-called "persistent cookies"). In the latter case, you can find the storage period in the overview of the cookie settings of your web browser.
If personal data is also processed by individual cookies used by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a DSGVO in the case of consent given or in accordance with Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.
You can set your browser in such a way that you are informed about the setting of cookies and can decide individually about their acceptance or can exclude the acceptance of cookies for certain cases or in general.
Please note that if you do not accept cookies, the functionality of our website may be limited.
5) Contacting us
When contacting us (e.g. via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and answering your request and only to the extent necessary for this purpose. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact is aimed at a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. Your data will be deleted when the circumstances indicate that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
6) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 para. 1 lit. b DSGVO, personal data will continue to be collected and processed to the extent necessary in each case if you provide it to us for the performance of a contract or when opening a customer account. Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After complete execution of the contract or deletion of your customer account, your data will be deleted, provided that there are no legal retention periods to the contrary and no legitimate interest on our part in continued storage.
7) Use of customer data for direct marketing purposes
7.1 - Newsletter dispatch via rapidmail
Our e-mail newsletters are sent via the technical service provider rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg ("rapidmail "), to whom we pass on the data you provided when registering for the newsletter. This transfer takes place in accordance with Art. 6 Para. 1 lit. f DSGVO and serves our legitimate interest in using an effective, secure and user-friendly newsletter system. The data entered by you for the purpose of receiving the newsletter (e.g. email address) is stored on the servers of rapidmail in Germany.
rapidmail uses this information to send and statistically evaluate the newsletters on our behalf. For the evaluation, the sent e-mails contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). The data is collected exclusively in pseudonymised form and is not linked to your other personal data; direct personal reference is excluded. This data is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
We have concluded an order processing agreement with rapidmail in which we oblige rapidmail to protect our customers' data and not to pass it on to third parties.
You can read more information about rapidmail's data protection in their privacy policy: https://www.rapidmail.de/datenschutz.
7.2 - Advertising by letter post
Based on our legitimate interest in personalised direct advertising, we reserve the right to store your first name and surname, your postal address and - insofar as we have received this additional information from you within the framework of the contractual relationship - your title, academic degree, year of birth and your occupational, industry or business designation in accordance with Art. 6 Para. 1 lit. f DSGVO and to use it for sending you interesting offers and information on our products by letter post.
You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.
7.3 Notification of availability of goods by e-mail
If we offer the possibility in our online shop for selected, temporarily unavailable articles to inform you by e-mail about the time of availability, you can subscribe to our e-mail notification service for the availability of goods. If you subscribe to our email availability notification service, we will send you a one-time email notification of the availability of the item you have selected. Only your e-mail address is required for sending this notification. The provision of further data is voluntary and may be used to address you personally. We use the so-called double opt-in procedure for sending this notification. This means that we will only send you a corresponding notification once you have expressly confirmed that you consent to receiving such a message. We will then send you a confirmation e-mail asking you to confirm that you wish to receive such a notification by clicking on a corresponding link.
By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 para. 1 lit. a DSGVO. When you register for our e-mail notification service on the availability of goods, we store your IP address entered by your Internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data we collect when you register for our goods availability e-mail notification service is used solely for the purpose of informing you about the availability of a particular item in our online shop. You can unsubscribe from the goods availability e-mail notification service at any time by sending a message to the responsible person named at the beginning. After unsubscribing, your e-mail address will be deleted immediately from our mailing list set up for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this, which is permitted by law and about which we inform you in this declaration.
8) Data processing for order processing
8.1 Insofar as necessary for the processing of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b DSGVO.
In order to process your order, we also work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transferred to these service providers in accordance with the following information.
8.2 We work with external shipping partners to fulfil our contractual obligations to our customers. We pass on your name as well as your delivery address and, if necessary for the delivery, your telephone number to a shipping partner selected by us exclusively for the purposes of the delivery of goods Art. 6 para. 1 lit. b DSGVO.
9) Web analytics services
Google Analytics 4
This website uses Google Analytics 4, a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), to analyse the use of websites.
When using Google Analytics 4, so-called "cookies" are used as standard. Cookies are text files that are stored on your terminal device and enable an analysis of your use of a website. The information collected by cookies about your use of the website (including the IP address transmitted by your terminal device, shortened by the last few digits, see below) is usually transmitted to a Google server and stored and processed there. This may also result in the transmission of information to the servers of Google LLC, a company based in the USA, where the information is further processed.
When using Google Analytics 4, the IP address transmitted by your terminal device when you use the website is always collected and processed automatically and by default only in an anonymised manner, so that the information collected cannot be directly related to a person. This automatic anonymisation is carried out by Google shortening the IP address transmitted by your terminal device within member states of the European Union (EU) or other contracting states of the Agreement on the European Economic Area (EEA) by the last digits.
Google uses this and other information on our behalf to evaluate your use of the website, to compile reports on your website activities and usage behaviour and to provide us with other services related to your website and internet usage. In this context, the IP address transmitted and shortened by your terminal device within the scope of Google Analytics 4 will not be merged with other data from Google. The data collected in the context of the use of Google Analytics 4 will be stored for 2 months and then deleted.
Google Analytics 4 also enables the creation of statistics with statements about the age, gender and interests of website users on the basis of an evaluation of interest-based advertising and with the inclusion of third-party information via a special function, the so-called "demographic characteristics". This makes it possible to determine and distinguish user groups of the website for the purpose of targeting marketing measures. However, data collected via the "demographic characteristics" cannot be assigned to a specific person and thus also not to you personally. This data collected via the "demographic characteristics" function is kept for two months and then deleted.
All processing described above, in particular the setting of Google Analytics cookies for the storage and reading of information on the end device used by you for the use of the website, only takes place if you have given us your express consent for this in accordance with Art. 6 Para. 1 lit. a DSGVO. Without your consent, Google Analytics 4 will not be used during your use of the website. You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the "Cookie Consent Tool" provided on the website.
In connection with this website, the "UserIDs" function is also used as an extension of Google Analytics 4. By assigning individual UserIDs, we can have Google generate cross-device reports (so-called "cross-device tracking"). This means that your usage behaviour can also be analysed across devices if you have given your corresponding consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a DSGVO, if you have set up a personal account by registering on this website and are logged into your personal account on different end devices with your relevant login data. The data collected in this way shows, among other things, on which end device you clicked on an ad for the first time and on which end device the relevant conversion took place.
In connection with this website, the Google Signals service is also used as an extension of Google Analytics 4. With Google Signals, we can have Google create cross-device reports (so-called "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and linked your internet-enabled end devices to your Google account, Google can analyse usage behaviour across devices and create database models based on this if you have given your consent to the use of Google Analytics 4 in accordance with Art. 6 (1) lit. a DSGVO. This takes into account the logins and device types of all website users who were logged into a Google account and performed a conversion. The data shows, among other things, on which device you clicked on an ad for the first time and on which device the relevant conversion took place. We do not receive any personal data from Google, but only statistics compiled on the basis of Google Signals. You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de
Further information on Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=de
We have concluded a so-called order processing agreement with Google for our use of Google Analytics 4, which obliges Google to protect the data of our website users and not to pass it on to third parties.
To ensure compliance with the European level of data protection, also in the event of any transfer of data from the EU or EEA to the USA and possible further processing there, Google refers to the so-called standard contractual clauses of the European Commission, which we have contractually agreed with Google.
Further legal information on Google Analytics 4, including a copy of the aforementioned standard contractual clauses, can be found at the following link: https://policies.google.com/privacy?hl=de&gl=de
Details of the processing triggered by Google Analytics 4 and Google's handling of data from websites can be found here: https://policies.google.com/technologies/partner-sites
10) Site functionalities
10.1 Use of Youtube videos
This website uses the Youtube embedding function to display and play videos from the provider "Youtube", which belongs to Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
The extended data protection mode is used here, which, according to the provider, only triggers the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider "Youtube" uses cookies to collect information about user behaviour. According to information from "Youtube", these are used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behaviour. If you are logged in to Google, your data will be directly assigned to your account when you click on a video. If you do not wish to have your data associated with your YouTube profile, you must log out before activating the button. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. The use of YouTube may also result in the transmission of personal data to the servers of Google LLC. in the USA.
Independently of a playback of the embedded videos, a connection to the Google network is established each time this website is called up, which may trigger further data processing operations without our influence.
All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a DSGVO. Without this consent, Youtube videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please deactivate this service in the "cookie consent tool" provided on the website via alternative options communicated to you on the website.
Further information on data protection at "Youtube" can be found in the Youtube terms of use at https://www.youtube.com/static?template=terms and in Google's data protection declaration at https://www.google.de/intl/de/policies/privacy.
10.2 Use of Vimeo videos
Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on our website. When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Vimeo servers. The content of the plugin is transmitted by Vimeo directly to your browser and integrated into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is transmitted by your browser directly to a Vimeo server in the USA and stored there.
If you are logged in to Vimeo, Vimeo can directly assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.
If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy, can be found in Vimeo's data protection information: https://vimeo.com/privacy.
The Google Analytics tracking tool from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, is automatically integrated into videos from Vimeo that are embedded on our site. This is Vimeo's own tracking, to which we have no access and which cannot be influenced by our site. Google Analytics uses so-called "cookies" for tracking, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
All processing described above, in particular the reading of information on the end device used via the tracking pixel, will only be carried out if you have given us your express consent to do so in accordance with Art. 6 Para. 1 lit. a DSGVO. Without this consent, Vimeo videos will not be used during your visit to the site.
You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "cookie consent tool" provided on the website via alternative options communicated to you on the website.
10.3 - Google Meet
We use the "Google Meet " service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google Meet") to conduct online meetings, video conferences and/or webinars.
In the case of the use of Google Meet, different data are processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. When using Google Meet, data of the communication participants will be processed and stored on Google servers. This data may include, in particular, your login data (name, email address, phone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants as well as voice inputs in chats can be processed. This may also involve transmission to the servers of Google LLC. in the USA.
When processing personal data that is required to fulfil a contract with you (this also applies to processing operations that are required to carry out pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.
Furthermore, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the effective conduct of the online meeting, webinar or videoconference. For more information on data usage by Google Meet, please see Google's privacy policy at https://www.google.de/policies/privacy/.
- GoToMeeting
On our website you can register for our webinars. The data collected for the registration for the webinar (first name and surname, email address, payment data, if applicable) are collected and stored in accordance with Art. 6 Para. 1 lit. b DSGVO exclusively for your participation and the implementation of the respective webinar. To conduct our webinars, we use the "GoToMeeting" service of LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay, Dublin 2, Ireland ("GoToMeeting"), which processes your data collected for the purpose of conducting the seminar on our behalf in order to provide the technical infrastructure and manage the participation authorisations. For this purpose, we have concluded a contract on commissioned processing with GoToMeeting, in which we oblige GoToMeeting to protect our customers' data and not to pass it on to third parties. In individual cases, personal user data may also be transferred to GoToMeeting servers in the USA. For the transfer of data from the EU to the USA, GoToMeeting refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
To confirm your registration for a webinar, you will receive an invitation link by e-mail. After clicking on the invitation link, a connection to the servers of GoToMeeting will be established. For the purpose of clearly assigning the webinar access and thus for checking and guaranteeing the individual participant admission, GoToMeeting collects information on our behalf about the websites visited as well as your IP address in accordance with Art. 6 Para. 1 lit. b DSGVO.
Your data will be processed exclusively for the purpose of conducting the booked webinar and will be deleted thereafter, unless further storage is required by individual legal retention periods. Your data will not be used in any other way or passed on to third parties.
Further information on the handling of user data can be found in the GoToMeeting privacy policy at: https://www.logmeininc.com/de/trust/privacy.
- Microsoft Teams
We use the "Microsoft Teams " service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter "Microsoft Teams") to conduct online meetings, video conferences and/or webinars.
In the case of the use of Microsoft Teams, different data are processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. In the context of using Microsoft Teams, data of the communication participants is processed and stored on Microsoft Teams servers. This data may include, in particular, your login data (name, email address, phone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants as well as voice inputs in chats may be processed.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.
Furthermore, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO in the effective conduct of the online meeting, webinar or videoconference. For more information on data usage by Microsoft Teams, please see the Microsoft Teams privacy policy at https://privacy.microsoft.com/de-de/privacystatement.
- Zoom
We use the "Zoom" service of Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (hereinafter "Zoom") to conduct online meetings, video conferences and/or webinars.
In the case of the use of Zoom, different data are processed. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. In the course of using Zoom, data of the communication participants is processed and stored on Zoom servers. This data may include, in particular, your login data (name, email address, telephone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and auditory contributions of the participants as well as voice inputs in chats may be processed.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.
Furthermore, the legal basis for data processing when conducting online meetings, videoconferences or webinars is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO in the effective conduct of the online meeting, webinar or videoconference. For more information on Zoom's use of data, please see Zoom's privacy policy at https://zoom.us/docs/de-de/privacy-and-legal.html.
10.4 Online applications via a form
On our website, we offer prospective job applicants the opportunity to apply online via a corresponding form. In order to be included in the application process, applicants must provide us with all personal data required for an informed assessment and selection via the form.
The information required includes general personal information (name, address, telephone or electronic contact details) and performance-related evidence of the qualifications required for a position. Health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the applicant's person.
In the course of sending the form, the applicant data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application.
The legal basis for this processing is generally Art. 6 para. 1 lit. b DSGVO (for processing in Germany in conjunction with § 26 para. 1 BDSG), in the sense of which the application process is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. Art. 9 para. 2 lit. b. DSGVO so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment or for the management of health or social care systems and services.
If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws his or her application prematurely, his or her data submitted on the form will be deleted at the latest after 6 months following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b DSGVO (for processing in Germany in conjunction with § 26 para. 1 BDSG) for the purposes of implementing the employment relationship.
10.5 Applications to job advertisements by e-mail
We advertise current vacancies on our website in a separate section, for which interested parties can apply by e-mail to the contact address provided.
In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection together with their application by e-mail.
The required information includes general personal information (name, address, telephone or electronic contact details) as well as performance-related evidence of the qualifications required for a position. If necessary, health-related information may also be required, which must be given special consideration under labour and social law in the interest of social protection in the person of the applicant.
The components that an application must contain in order to be considered in each individual case and the form in which these components must be sent by e-mail can be found in the respective job advertisement.
After receipt of the application sent using the specified e-mail contact address, the applicant data will be stored by us and evaluated exclusively for the purpose of processing the application. For queries arising in the course of processing, we use, at our discretion, either the e-mail address provided by the applicant with his/her application or a telephone number provided.
The legal basis for this processing, including contacting us for queries, is generally Art. 6 para. 1 lit. b DSGVO (for processing in Germany in conjunction with § 26 para. 1 BDSG), in the sense of which the application process is considered to be the initiation of an employment contract.
Insofar as special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application process, the processing is carried out in accordance with Art. 9 (2) lit. b. DSGVO. DSGVO so that we can exercise the rights arising from labour law and social security and social protection law and fulfil our obligations in this regard.
Cumulatively or alternatively, the processing of the special categories of data may also be based on Article 9(1)(h) of the GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's fitness for work, for medical diagnosis, health or social care or treatment, or for the management of health or social care systems and services.
If the applicant is not selected in the course of the evaluation described above, or if an applicant withdraws his/her application prematurely, his/her data transmitted by e-mail and all electronic correspondence, including the original application e-mail, will be deleted at the latest after 6 months following notification. This period is measured on the basis of our legitimate interest in answering any follow-up questions about the application and, if necessary, to be able to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.
In the event of a successful application, the data provided will be further processed on the basis of Art. 6 para. 1 lit. b DSGVO (for processing in Germany in conjunction with Section 26 para. 1 BDSG) for the purposes of implementing the employment relationship.
10.6 - Google Forms
We use the Google Forms service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to conduct surveys or in the case of online forms. Google Forms enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address are also collected, transmitted to Google and stored on Google servers. The information you enter in the forms is stored under password protection to ensure that third party access is excluded and that only we can evaluate the information data for the purpose specified in the form.
When processing personal data that is required to fulfil a contract with you (this also applies to processing operations that are required to carry out pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.
We have concluded an order processing agreement with Google for the use of Google Forms, which obliges Google to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.
For the transfer of data from the EU to the USA, Google refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Google Forms and Google's privacy policy can be found at: https://policies.google.com/privacy?hl=de.
- Microsoft Forms
We use the Microsoft Forms service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") to conduct surveys or for online forms. Microsoft Forms enables us to design and evaluate surveys and online forms. In addition to the respective personal data that you enter into the forms, information on your operating system, browser, date and time of your visit, referrer URL and your IP address is also collected, transmitted to Microsoft and stored on Microsoft servers. The information you enter in the forms is stored under password protection to ensure that third party access is excluded and that only we can evaluate the information data for the purpose specified in the form.
When processing personal data that is necessary for the performance of a contract with you (this also applies to processing operations that are necessary for the implementation of pre-contractual measures), Art. 6 (1) lit. b DSGVO serves as the legal basis. If you have given us your consent for the processing of your data, the processing is based on Art. 6 (1) a DSGVO. Consent given can be revoked at any time with effect for the future.
We have concluded an order processing agreement with Microsoft for the use of Microsoft Forms, which obliges Microsoft to protect the data of our site visitors and not to pass it on to third parties. Processing regularly takes place within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. However, data transfers to the USA cannot be ruled out.
For the transfer of data from the EU to the USA, Microsoft refers to so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
Further information on Microsoft Forms and Microsoft's data protection provisions can be found at: https://privacy.microsoft.com/de-de/privacystatement.
10.7 - Google Web Fonts
This site uses so-called web fonts provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google") for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This may also result in the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google learns that our website was accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/.
10.8 Microsoft Power BI
For the internal visualisation of business processes and for user-defined analyses of business processes, we use the "Microsoft Power BI" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Where applicable, personal customer data may be the subject of visualisation and analysis processes and may be processed by Microsoft BI for this purpose. In this case, Microsoft processes personal data as a processor bound by instructions in accordance with Art. 28 DSGVO and has made a contractual commitment to us to protect this data in accordance with the legal requirements. For this purpose, Microsoft uses state-of-the-art encryption procedures and guarantees the exclusive use of data processing procedures in billing centres within the EU.
More information on the data protection measures for Power BI can be found at https://www.microsoft.com/de-de/trustcenter/security/powerbi-security.
11) Rights of the data subject
11.1 The applicable data protection law grants you the following data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the stated legal basis for the respective exercise prerequisites:
- Right to information pursuant to Art. 15 DSGVO;
- Right to rectification pursuant to Art. 16 DSGVO;
- Right to erasure pursuant to Art. 17 DSGVO;
- Right to restriction of processing pursuant to Art. 18 GDPR;
- Right to information pursuant to Art. 19 GDPR;
- Right to data portability pursuant to Art. 20 GDPR;
- Right to withdraw consent granted pursuant to Art. 7(3) GDPR;
- Right to lodge a complaint pursuant to Art. 77 DSGVO.
11.2 RIGHT OF OBJECTION
IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
IF WE PROCESS YOUR PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING. YOU MAY EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
12) Duration of storage of personal data
The duration of the storage of personal data is measured on the basis of the respective legal basis, the processing purpose and - if relevant - additionally on the basis of the respective statutory retention period (e.g. retention periods under commercial and tax law).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO, this data is stored until the data subject revokes his/her consent.
If there are statutory retention periods for data that is processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 Para. 1 lit. b DSGVO, this data will be routinely deleted after expiry of the retention periods, insofar as it is no longer required for the fulfilment of a contract or the initiation of a contract and/or there is no further justified interest on our part in continuing to store it.
When processing personal data on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his/her right to object pursuant to Art. 21(1) DSGVO, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
When processing personal data for the purpose of direct marketing on the basis of Art. 6(1)(f) DSGVO, such data shall be stored until the data subject exercises his or her right to object pursuant to Art. 21(2) DSGVO.
Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.