FLZR Logo
FLZR Logo
FLZR Logo
FLZR Logo

Privacy policy

Privacy policy

In this privacy policy, we, FLZR GmbH, inform you about the processing of personal data when using our website: flzr.com. You can print or save this privacy policy using the functions of your browser.

Contact person

The contact person and so-called controller for the processing of your personal data when you visit this website within the meaning of the EU General Data Protection Regulation (GDPR) is

FLZR GmbH
Streustrasse 67-68
13086 Berlin
Phone: +49 (0) 30 509 307 500
Fax: +49 (0) 30 509 307 599
E-Mail: contact@flzr.com

Data Protection Officer

Niklas Hanitsch
c/o secjur GmbH
Steinhöft 9
20459 Hamburg

If you have any questions about data protection in connection with our products or the use of our website, you can also contact our data protection officer at any time. The data protection officer can be contacted at the above postal address and at the e-mail address given above (keyword: “Attn. data protection officer”). We expressly point out that when using this e-mail address, the contents are not exclusively taken note of by our data protection officer. If you wish to exchange confidential information, please contact us directly via this e-mail address first.

We have our own privacy policy for our job portal my-PRofiFLITZER.de. You can access these here.

Data processing on our website

Calling up our website / access data

Each time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data comprises the so-called HTTP header information, including the user agent, and includes in particular:

  • IP address of the requesting device;
  • Date and time of the request;
  • Address of the website accessed and path of the requested file
    if applicable, the previously accessed website/file (HTTP referrer);
  • Information about the browser and operating system used;
  • Method of the request (e.g. GET, POST), version of the HTTP protocol, HTTP status code, size of the delivered file;
  • Request information such as language, type of content, encoding of content, character sets;

Cookies stored on the end device for the domain accessed.

The data processing of this access data is necessary to enable you to visit the website, to ensure the long-term functionality and security of our systems and for the general administrative maintenance of our website. The access data is also stored in internal log files for the purposes described above, temporarily and limited in content to what is necessary, in order to find the cause and take action in the event of repeated or criminal access that jeopardizes the stability and security of our website.

The legal basis for this processing is Art. 6 para. 1 p. 1 lit. b GDPR, insofar as the page view occurs in the course of the initiation or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in enabling website access and the long-term functionality and security of our systems.

The log files are stored for 30 days and archived after subsequent anonymization. In exceptional cases, individual log files and IP addresses are stored for longer in order to prevent further attacks from this IP address in the event of cyber attacks and/or to take action against the attackers by way of criminal prosecution.

Contact us

You have the option of contacting us by e-mail or telephone. In this context, we process your data exclusively for the purpose of communicating with you.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as your data is required to answer your request or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest that you contact us and we can answer your request. We will only make promotional telephone calls if you have given your consent. If you are not an existing customer, we will only send you promotional emails on the basis of your consent. The legal basis in these cases is Art. 6 para. 1 lit. a GDPR in conjunction with. § Section 7 para. 2 No. 1 or 2 UWG.

The data collected by us when you contact us will be deleted after your request has been fully processed, unless we still need your request to fulfill contractual or legal obligations (see section “Storage period”).

Applications

You can apply for vacancies via our application portal at https://flzr.com/career/ or by e-mail to contact@flzr.com. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. We collect the following data in particular in order to receive and process your application:

  • First and last name,
  • E-mail address,
  • Application documents (e.g. certificates, CV, cover letter),
  • Date of earliest possible job entry,
  • Salary expectations.

The legal basis for the processing of your application documents is Art. 6 para. 1 p. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 SENTENCE 1 BDSG.
For our application portal, we use the service provider JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland. We have concluded an order processing contract with them. Switzerland is a country outside the European Union or the European Economic Area (third country). However, the European Commission has issued an adequacy decision for the transfer of data to Switzerland.

We store your personal data upon receipt of your application. If we accept your application and an employment relationship is established, we will store your application data for as long as it is required for the employment relationship and to the extent that statutory regulations justify an obligation to retain it.

If we reject your application, we will store your application data for a maximum of three months after rejecting your application, unless you give us your consent to store it for longer.

Use of tools on the website

This website uses various services and applications (collectively “tools”) that are offered either by us or by third parties. For the associated use of cookies and similar technologies, please refer to the information below.

Technologies used

The tools used can, for example, use the following technologies to store information in the end device or to access it:

  • Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiration date. Cookies can also be removed manually.
  • Web Storage (Local Storage / Session Storage): Information stored on the end device, consisting of a name and a value. Information in the session storage is deleted after the session, while information in the local storage has no expiration date and generally remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in the Local and Session Storage can also be removed manually.
  • JavaScript: programming codes (scripts) embedded or called up in the website that, for example, set cookies and web storage or actively collect information from the end device or about the usage behavior of visitors. JavaScript can be used for “active fingerprinting” and the creation of user profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer work.
  • Pixel (web beacon): tiny graphic automatically loaded by a service, which can make it possible to recognize visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of the call) and, for example, to determine whether an e-mail has been opened or a website visited. With the help of pixels, “passive fingerprinting” and the creation of usage profiles can be carried out. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.

With the help of these technologies and also by simply establishing a connection on a page, so-called “fingerprints” can be created, i.e. user profiles that do not require the use of cookies or web storage and can still recognize visitors. Fingerprints due to the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not work or may not work properly.

The tools we use are listed by category below. It also explains in which cases we obtain your voluntary consent to use the tools and how you can withdraw this consent.

Legal basis

We use the tools necessary for website operation on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to provide the basic functions of our website. In certain cases, these tools may also be required for the fulfillment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent in advance.

If personal data is transferred to third countries (e.g. the USA), please refer to Section 7 “Data transfer to third countries”, also with regard to any associated risks. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and to the associated transfer of your personal data to third countries, we will transfer the data processed when using the tools (also) on the basis of this consent in accordance with Art. 49 (1) GDPR. 1 lit. a GDPR to third countries.

Cookies

  • Technical or functional cookies
    Some cookies ensure that parts of our website function properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you don’t have to repeatedly enter the same information when you visit our website, or your items remain in your shopping cart until you pay, for example. We can place these cookies without your consent.
  • Analytical cookies
    We use analytical cookies to optimize the website experience for our users. These analytical cookies provide us with insights into the use of our website. We ask for your permission to set analytical cookies.
  • Advertising cookies
    We use advertising cookies on this website to gain insights into campaign results. This is done based on a profile that we create based on your behavior in https://flzr.com. These cookies link you as a website visitor to a unique ID. However, these cookies do not create a profile of your behavior and interests in order to display personalized ads.
  • Marketing / tracking cookies
    Marketing/tracking cookies are cookies or another form of local storage used to create user profiles in order to display advertising or track the user on this website or across multiple websites for similar marketing purposes.

As these cookies are marked as tracking cookies, we need your consent to place them.

Obtaining your consent

We use the Complianz tool to obtain and manage your consent. This generates a banner that informs you about the data processing on our website and gives you the opportunity to consent to all, individual or no data processing through optional tools. This banner appears the first time you visit our website and when you call up your settings again to change them or revoke your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies have been deleted or have expired.

Complianz stores the necessary information on your end device in order to document your consents and revocations.

Data processing is necessary in order to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for the use of Complianz is Art. 6 para. 1 lit. f GDPR, based on our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

Revocation

You can revoke your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. Click on the following link/button: [Link/Button]. There you can also change the selection of tools you wish to consent to the use of. Alternatively, you can assert your revocation directly with the provider for certain tools.

Necessary tools

Purposes, legal bases, processed data

We use certain tools to enable the basic functions of our website (“necessary tools”). These include, for example, tools for the preparation and display of website content, language storage, storage of content already displayed, consent management, management and integration of tools, fraud detection and prevention and ensuring the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.
The legal basis for necessary tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the terminal device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

In the event that personal data is transferred to third countries (such as the USA), we refer to Section 7 “Data transfer to third countries” in addition to the information provided below.

Google Tag Manager

Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).

The Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, such as scripts. If these are optional tools, they will only be integrated by Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and does not require the use of cookies.
The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in an uncomplicated manner.

Google collects information about which tags are integrated through our website for the purpose of ensuring stability and functionality as part of the use of Google Tag Manager. However, the Google Tag Manager does not store any personal data beyond the pure connection establishment, in particular no data about the usage behavior or the pages visited.

We have concluded a data processing agreement with Google Ireland Limited. In the event that personal data is transferred from Google Ireland Limited to the USA or other third countries, Google Ireland Limited and Google LLC have adopted standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 para. 2 lit. c GDPR concluded.

Further information can be found in Google’s information on the Tag Manager: https://support.google.com/tagmanager/answer/6102821.

Google reCAPTCHA

Our application portal (see section 2.3) uses the Google reCAPTCHA service for job offers, which is offered for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

reCAPTCHA prevents automated software (so-called bots) from carrying out abusive activities in the job advertisements of the application portal, i.e. it checks whether the entries made actually originate from a human being. For this purpose, reCAPTCHA uses JavaScript and stores cookies and information in the local storage on your end device. In particular, the following data is processed:

  • Referrer URL (address of the page from which the visitor came);
  • IP address;
  • Cookies set by Google;
  • Snapshot of the browser window;
  • Input behavior of the user (e.g. answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);
  • Technical information: Browser type, browser plug-ins, browser size and resolution, date, language setting, display instructions (CSS) and scripts (JavaScript).

Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not want this assignment to your Google account, you must log out of Google before calling up the job advertisement on the application portal.

This data is sent to Google in encrypted form. Google’s evaluation decides in which form the captcha is displayed on the page. According to Google, your data will not be used for personalized advertising.

The legal basis in the context of job advertisements on the application portal is the need to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. Google reCAPTCHA is used to protect IT security, ensure the stability of our website and prevent misuse.

In some cases, the data may also be processed on servers in the USA.
Further information can be found here:

WordPress Statistics

Our website uses the WordPress Statistics plugin to carry out a simple reach analysis and improve our website. WordPress Statistics uses JavaScript for this. This plugin is used to analyze and visualize the use of our website in aggregated form.
In particular, the following data is processed for this purpose:

  • IP address (which is anonymized);
  • Pages viewed;
  • Previously accessed pages, search engine and search term if applicable;
  • Technical information about your browser and operating system;
    Approximate location (country, city).

The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in carrying out a simple reach analysis of our website. Access to information in the end device is absolutely necessary and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

You can find more information about WordPress Statistics at: https://wordpress.org/plugins/wp-statistics/.

Analysis tools

Purposes, legal bases, processed data

In order to improve our website, we use optional tools to recognize visitors and to statistically record and analyse user behaviour based on access data (“analysis tools”). We also use analysis services to evaluate the use of our marketing channels. The usage information collected is aggregated and enables us to track the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see the section “Withdrawal”.

In the event that personal data is transferred to third countries (such as the USA), your consent also expressly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please refer to section 7 “Data transfer to third countries” for the associated risks.
The data collected may include in particular

  • the IP address of the end device,
  • approximate location,
  • the date and time of access,
  • pages visited (URL, title, length of visit),
  • Previously visited page (referrer URL)
  • downloaded files,
  • clicked links,
  • the information of a cookie or in local or session storage,
  • the device identifier of mobile devices (e.g. device ID, advertising ID) and
  • technical information about the end device, the browser and the operating system.

We have made the following data protection settings for Google Analytics:

  • IP anonymization (shortening of the IP address before evaluation);
  • Automatic deletion of old visit logs by limiting the storage period to 2 months;
  • No resetting of the retention period for new activity;
  • Deactivation of the recording of precise location and position data;
  • Deactivation of the recording of precise device data;
  • Deactivated advertising function (including target group remarketing by GA Audience);
  • Deactivated remarketing;
  • Deactivated cross-device and cross-page tracking (Google Signals);
  • Disabled data sharing with other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

  • IP address;
  • User ID, Google ID (Google Signals) and/or device ID;
  • Referrer URL (previously visited page);
  • Pages accessed (date, time, URL, title, duration of visit);
  • Downloaded files;
  • Clicked links to other websites;
  • Achievement of specific goals (conversions);
  • Technical information: Operating system; browser type, version and language; device type, make, model and resolution;
  • Approximate location (country and, if applicable, city, based on anonymized IP address).

You can find more information about Google Analytics 4 cookies at: https://support.google.com/analytics/answer/11397207?hl=de.

The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR concluded. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

Further information can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

Marketing tools

Purposes, legal bases, processed data

We also use optional tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used to create usage profiles, which in particular store your usage behavior, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analyzing and evaluating this access data, we are able to present you with personalized advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyze your usage behavior in order to recognize you on other pages and to address you in a personalized manner based on your use of our site (so-called retargeting). In addition, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads). However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about individuals.

The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To withdraw your consent, see the section “Withdrawal”.

In the event that personal data is transferred to third countries (such as the USA), your consent also expressly extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please refer to the section “Data transfer to third countries” for the associated risks.

The data collected may include in particular

  • the IP address of the end device,
  • approximate location,
  • the date and time of access,
  • pages visited (URL, title, length of visit),
  • Previously visited page (referrer URL)
  • downloaded files,
  • clicked links,
  • the information of a cookie or in local or session storage,
  • the device identifier of mobile devices (e.g. device ID, advertising ID) and
  • technical information about the end device, the browser and the operating system.

Integration of YouTube videos

We have integrated videos into our website that are stored on YouTube and can be played directly from our websites. YouTube is a multimedia service provided by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”), which is offered to persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and to all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). YouTube may store information such as local storage and session storage on your device and execute JavaScript, which accesses information on your device.

We have activated YouTube’s extended data protection mode. According to YouTube’s own documentation, this means that Google receives less usage information and does not personalize video recommendations and advertisements. Cookies are no longer stored. However, information is still stored in the local storage and session storage of your end device, in particular your device ID and other information regarding the playback of the video, which can be retrieved by Google.

The following information is stored in Local Storage:

  • “yt-remote-device-id”: Storage of the device ID;
  • “yt-player-headers-readable”: Saves the option of reading the player header information;
  • “yt.innertube::requests”: Storage of the user’s requests;
  • “yt.innertube::nextId”: Saves the ID of the next video;
  • “yt-remote-connected-devices”: Storage of the connected end devices;
  • “yt-player-bandwidth”: Saves the bandwidth of the connection;
  • “yt-player-volume”: Saves the volume of the video;
  • “yt-player-quality”: Saving the resolution/quality of the video;
  • “yt-player-performance-cap”: Storage of a possible cap on the resolution due to the bandwidth of the connection;
  • “yt-html5-player-modules::subtitlesModuleData::module-enabled”: Saves whether subtitles are enabled.

The following information is stored in the session storage:

  • “yt-remote-session-app”: Storage of the type of end device;
  • “yt-remote-cast-installed”: Saves whether YouTube streaming is installed;
  • “yt-remote-session-name”: Storage of the type of end device;
  • “yt-remote-cast-available”: Saves whether YouTube streaming is available;
  • “yt-remote-fast-check-period”: Storage of the connection bandwidth check;
  • “yt-player-volume”: Saves the volume of the video;
  • “yt-player-caption-language-preferences”: Saves the language of the subtitles.

The legal basis is your consent pursuant to Art. 6 para. 1 lit. a GDPR. The access to and storage of information in the end device is then carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

When you visit our website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether you are logged in to YouTube or Google or not. If you access YouTube on our website while you are logged into your YouTube or Google profile, YouTube and Google can also link this event to the respective profiles. If you do not wish to be associated with Google, you must log out of Google before accessing our website.

You can prevent the collection of data relating to your use of this website and the processing of this data by Google by deactivating personalized advertising in the Google settings for advertising: https://adssettings.google.com/notarget. In this case, Google will only display non-individualized advertising.

Further information can also be found in Google’s privacy policy for YouTube: https://policies.google.com/privacy.

Forwarding of data

The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

  • You have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have expressly consented to this,
  • the disclosure pursuant to Art. 6 para. 1 p. 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  • in accordance with Art. 6 para. 1 p. 1 lit. c GDPR, in particular if this is necessary due to official inquiries, court orders and legal proceedings for legal prosecution or enforcement, or
  • this is legally permissible and in accordance with Art. 6 para. 1 p. 1 lit. b GDPR is required for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Part of the data processing is carried out by KAMP Netzwerkdienste GmbH. Other parts of the data processing may be carried out by other of our service providers. In addition to the service providers mentioned in this privacy policy, this may include, in particular, data centers that store our website and databases, IT service providers that maintain our systems and consulting companies.

If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers were carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects and are regularly monitored by us.

Social networks

Operation of company websites

We operate company pages on social networks in order to communicate with customers, interested parties and users and to provide information about our services.

User data is generally processed by the social networks concerned for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the computers of the data subjects. Based on these usage profiles, advertisements are then placed within the social networks and on third-party websites, for example.

As part of the operation of our company pages, we may have access to information such as statistics on the use of our company pages provided by the social networks. These statistics are aggregated and may include, in particular, demographic information (e.g. age, gender, region, country) and data on interaction with our company pages (e.g. likes, subscriptions, sharing, viewing images and videos) and the posts and content distributed via them. These can also provide information about the interests of users and which content and topics are particularly relevant to them. This information can also be used by us to adapt the design and our activities and content on the company pages and to optimize them for our audience. Please refer to the list below for details and links to the social network data that we can access as the operator of the company pages. The collection and use of these statistics is generally subject to joint responsibility. If this is the case, the relevant contract is listed below.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR in order to stay in contact with our customers and to inform them as well as to carry out pre-contractual measures with interested parties.

If you have an account with the social network, it is possible that we can see your publicly available information and media when we access your profile. In addition, the social network may enable us to get in touch with you. This can be done, for example, via direct messages or posted articles. The content of communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. As soon as we transfer personal data from you to our own systems or process it further, we are independently responsible for this and this is done to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. b GDPR.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below will also provide you with further information on the respective data processing and the options for objecting.

We would like to point out that the most efficient way to assert your data protection requests and rights is to contact the respective provider of the social network. They have access to the data and can implement appropriate measures directly. You can of course also contact us with your request. In this case, we will process your request and forward it to the provider of the social network. We are happy to support users in asserting their rights, insofar as this is possible for us.

Below is a list with information on the social networks on which we operate company pages:

Facebook Fanpage

Instagram fan page

LinkedIn company page

Xing company page

Links and buttons to social networks

There are buttons on our website to link to our company pages in social networks. If you click on these buttons, you will be redirected to the corresponding social network. The data protection provisions of the respective providers of the social networks apply there.

Our blog also contains buttons for sharing posts on social networks. When clicked, these buttons open a new window of the corresponding social network in which you can share our blog post.

In both cases, no data processing takes place as long as you do not press the button. These are hyperlinks that open the social networks in a new window or tab.

Storage duration

In principle, we only store personal data for as long as necessary to fulfill the purposes for which we collected the data. We will then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data for three years from the end of the year in which the business relationship with you ends. Any claims shall lapse in accordance with the statutory limitation period at the earliest at this time.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The deadlines specified there for the retention of documents are two to ten years.

Data transfer to third countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfillment of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. If your consent is obtained via the consent banner, you will also be informed of this.

Your rights

General

You have the following rights as a data subject:

  • Right to information (Art. 15 GDPR): You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing to you as part of the information request and provide you with an overview of the data stored about you.
  • Right to rectification (Art. 16 GDPR): If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected.
  • Right to erasure (Art. 17 GDPR): You can also request the erasure of your data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.
  • Right to restriction of processing (Art. 18 GDPR): You can also have the processing of your data restricted, e.g. if you believe that the data we have stored is incorrect.
  • Right to data portability (Art. 20 GDPR): You also have the right to data portability, i.e. that we will send you a digital copy of the personal data you have provided to us on request.

To exercise your rights described here, you can contact us at any time using the contact details above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the respective legal requirements are met, we will comply with your data protection request.

Your requests to assert data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defense of legal claims beyond this period. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defense against possible civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfillment of our accountability obligation pursuant to Art. 5 para. 2 GDPR.

Finally, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). You can assert this right, for example, with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged infringement. The competent supervisory authority in Berlin is Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

Right of revocation and objection

You have the right to withdraw your consent at any time (Art. 7 (3) GDPR). As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, you have the right to object to the processing of your data on grounds relating to your particular situation (Art. 21 (1) GDPR). If you object to data processing for direct marketing purposes, you have a general right to object, which we will implement without you having to give reasons (Art. 21 (2) GDPR).

If you wish to exercise your right of revocation or objection, simply send an informal message to the contact details given above.

Changes to the privacy policy

We occasionally update this privacy policy, for example when we adapt our website or when legal or regulatory requirements change.

Version: 2.0 / Status: March 2023