Privacy Policy

Data protection information of ZAHORANSKY AG

Thank you for visiting our website and for your interest in our company and our products. We want you to feel secure when you visit our website. Protecting your privacy when processing personal data is important to us. Below you will find out how we guarantee this protection and which data is collected for which purposes.

1. 1. Name and address of the person responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) is the:

ZAHORANSKY AG
Anton-Zahoransky-Strasse 1
79674 Todtnau-Geschwend
Germany

Phone: (+49) 7671 997 0
Fax: (+49) 7671 997 299
E-mail: info@zahoransky.com

1. 2. Name and address of the data protection officer

The data protection officer of the controller is:

Jason Komninos
BEITEN BURKHARDT Services GmbH
Ganghoferstrasse 33
80339 Munich
E-Mail: datenschutz@zahoransky.com

1. 3. General information on the collection, disclosure and storage period of personal data
   1. 3.1. We process your personal data in compliance with the provisions of the GDPR, the German Federal Data Protection Act (BDSG) and all other relevant laws.
   2. 3.2. The primary purpose of data processing is to establish and fulfill a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. The primary legal basis for this is Art. 6 para. 1 lit. b) GDPR. In addition, your separate consent pursuant to Art. 6 para. 1 lit. a), 7 GDPR may be used as a data protection law permission regulation. We also process your data in order to be able to fulfill our legal obligations, in particular in the area of commercial and tax law. This is done on the basis of Art. 6 para. 1 lit. c) GDPR. If necessary, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR in order to protect our legitimate interests or those of third parties.
   3. 3.3. Your personal data will only be passed on to third parties without your express consent - unless otherwise stated elsewhere in this privacy policy - if this is necessary for the provision of our services. These are in particular technical service providers that we need to provide the website or its functionalities and have commissioned accordingly. The service providers process this data exclusively on our behalf in accordance with our instructions and we have concluded corresponding contracts with these service providers for order processing in accordance with Art. 28 GDPR. Of course, before passing on your personal data, we ensure that the service providers have taken the necessary technical and organizational measures to ensure an appropriate level of protection. The scope of the data transfer is limited to the minimum necessary in each case.
   4. 3.4. As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for our legitimate interests (legal basis is Art. 6 para. 1 lit. b) or lit. f) in each case in conjunction with Art. 44 ff. GDPR), in individual cases also on the basis of your consent (legal basis is Art. 6 para. 1 lit. a) in conjunction with Art. 44 ff. GDPR). We will inform you about the respective details of the transfer at the relevant points below.
   5. 3.5. We delete your personal data as soon as it is no longer required for the purposes for which it was collected. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).
2. 4. Processing of personal data when visiting our website
   1. 4.1. If you only use the website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to display our website to you and to ensure stability and security. The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. This data includes the IP address of the requesting device, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface as well as the language and version of the browser software.
   2. 4.2. The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your browser. For this purpose, your IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing. The data is not analyzed for marketing purposes in this context.
   3. 4.3. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Log files are deleted within 14 days after accessing the website .
3. 5. Use of cookies
   1. 5.1. Cookies are used on our website. These are small text files that are stored on your end device when you visit our website, provided that the browser settings on your end device allow this. Information is stored in the cookie that results in each case in connection with the specific end device used. We distinguish between cookies that are absolutely necessary for the technical functions of the online offer and cookies that are used for statistical evaluation to improve the functionality of our website and its adaptation to user behavior.
   2. 5.2. Technically necessary cookies
   3. By technically necessary cookies, we mean cookies without which the technical provision of the online offer cannot be guaranteed. These are used, for example, to control the connection during an online session (so-called session cookies). These cookies are deleted as soon as the browser session is ended. The data processing carried out on the basis of technically necessary cookies is necessary for the purposes mentioned to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR. The legal basis for the use of technically necessary cookies or similar technologies on your end device is Section 25 (2) No. 2 TDDDG.
   4. 5.3. Functional cookies
   5. We only set various cookies with your consent, which you can select via the cookie consent tool ("cookie banner") on your first visit to our website. The functions are only activated with your consent and are used in particular to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you during a visit or to integrate videos on our website. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. The legal basis for the use of functional cookies or similar technologies on your end device is your consent in accordance with Section 25 (1) TDDDG. You can revoke your consent at any time via the cookie banner without affecting the permissibility of data processing until revocation.
   6. 5.4. If you do not want cookies to be stored on your end device or if you always want a message to appear before a new cookie is created, you can configure your browser accordingly. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
   7. 5.5. Our website uses a cookie banner to obtain your consent to the storage of cookies in your browser and to document this in accordance with data protection regulations. The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter referred to as "Cookiebot"). When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are stored. The storage period of the cookie can be found in the cookie banner. The data collected will be stored for the lifetime of the cookie until you ask us to delete it or delete the cookie yourself. Mandatory statutory retention periods remain unaffected. We have concluded an order processing contract with Cookiebot so that any personal data collected via our website is processed exclusively on our behalf and in accordance with our instructions. The cookie banner on our website is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR; the legal basis for setting the cookie is Section 25 para. 2 no. 2 TDDDG.
   8. 5.6. You can call up the cookie banner again at any time and change your consent by clicking on the icon displayed at the bottom of every page of this website to reopen the cookie banner.

1. 6. Use of contact forms and e-mail
   1. 6.1. We collect your personal data when you provide it to us via our contact forms or contact us by e-mail. We then record the information that comes about when you contact us. This includes, in particular, names and transmitted contact data, date and reason for contacting us. The personal data collected from you will only be used for the purpose of providing you with the requested products or services and corresponding with you. If you contact us and are interested in an offer, your personal data will be processed for the purpose of initiating a contract in accordance with Art. 6 para. 1 lit. b) GDPR. Otherwise, your request will be processed to protect our legitimate interest in the proper processing and answering of your request on the basis of Art. 6 para. 1 lit. f) GDPR. Your data will be forwarded to us by email via our provider. If it is not provided, we will unfortunately not be able to contact you and process your request.
   2. 6.2. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If the data provided is subject to retention obligations under tax and commercial law, it will be stored for the duration of the statutory retention obligations and then deleted, unless you have consented to further storage or further processing of the data is necessary for the assertion, exercise or defense of legal claims.
2. 7. Google Analytics
   1. 7.1. Our website uses Google Analytics, a web tracking service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The purpose of our use of this tool is to enable us to analyze your user interactions on websites and to use the statistics and reports obtained to improve our offering and make it more interesting for you as a user.
   2. 7.2. Google stores various cookies on your end device for analysis purposes. During your website visit, the following data is transmitted to Google: Pages viewed, your behavior on the pages (for example, length of stay, clicks, scroll depth), your approximate location (country and city), your Internet address (IP address), technical information such as browser, Internet provider, end device and screen resolution, source of origin of your visit (i.e. via which website or advertising medium you came to us) and a randomly generated user ID. No personal data such as name, address or contact details are transmitted to Google. For your protection, we use the anonymization function ("IP masking"), i.e. Google shortens the IP addresses by the last octet within the EU/EEA.
   3. 7.3. Google also processes the data collected via Google Analytics for its own purposes in accordance with its own privacy policy. The data may be stored by Google in user profiles and processed, for example, to improve products, develop new products, measure the effectiveness of certain advertising and market research and personalize content and advertisements. If you are logged in to Google, your data will be assigned directly to your user account. If you do not wish to be associated with your Google user account, you must log out before activating Google Analytics. We have no influence on the further processing of your data by Google. You can find more information on this in Google's privacy policy at https://policies.google.com/privacy.
   4. 7.4. The data collected by Google Analytics is stored for a maximum of 14 months . The storage period of the cookies used by Google can be found in the cookie banner. You can find an overview of the cookies used by Google at https://policies.google.com/technologies/cookies?hl=de.
   5. 7.5. The legal basis for the collection and further processing of the information is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. The legal basis for the use of cookies or similar technologies on your end device is Section 25 (1) TDDDG. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The easiest way to revoke your consent is via our cookie banner or by installing the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
   6. 7.6. You can find more information on the scope of services provided by Google Analytics at https://marketingplatform.google.com/about/analytics/terms/de/. Google provides information on data processing eitung when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de .
   7. 7.7. In connection with the above-mentioned functions, Google may also transfer the processed data to servers outside the EU, in particular to Google LLC in the USA, insofar as this is necessary for the provision of these services. For the USA, the EU-U.S. Data Privacy Framework is an adequacy decision of the EU Commission, which certifies that certified companies have an adequate level of data protection within the meaning of the GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework and is also entered in the list maintained by the U.S. Department of Commerce (Data Privacy Framework List). A consistently high level of data protection is therefore guaranteed when data is transferred to Google LLC servers in the USA. Insofar as data is transferred to the USA, such a third country transfer is based on Art. 45 para. 1 sentence 1 GDPR.
3. 8. Google Tag Manager
   1. 8.1. We also use Google Tag Manager on our website in connection with Google Analytics. The provider is again Google.
   2. 8.2. Google Tag Manager is a tool that we can use to integrate tracking or statistics tools (in this case Google Analytics) and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the USA (see the above information on the US transfer of Google Analytics).
   3. 8.3. If you do not activate tracking by Google Analytics (see above), you will not be recorded by the Google Tag Manager.
4. 9. Integration of YouTube videos
   1. 9.1. Content (such as videos) from the YouTube platform may also be integrated into our website. This service is operated by YouTube, a subsidiary of Google. Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, is responsible for data processing in Europe.
   2. 9.2. We use embedded YouTube videos in extended data protection mode . This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video player but does not click on the video to start playback.
   3. 9.3. The videos will only be loaded and played if you expressly consent to the use of YouTube . In this case, Google sets various cookies and may also receive your IP address together with information about the respective video and your use of the playback functions. If you are logged into your YouTube account at the same time, this information can also be assigned directly to your personal profile. You can prevent this by logging out of your YouTube account beforehand.
   4. 9.4. YouTube also statistically evaluates the views of the videos and provides us with reports on these evaluations, which, however, only contain general information on the views, such as the total number of views. In this respect, we do not receive any more detailed information about the individual users. We therefore assume that no more precise analysis of individual users can be carried out as part of YouTube's analysis of video views. YouTube also evaluates the data automatically and independently, without us being able to deactivate or influence this or gain further insight into the analyses.
   5. 9.5. The storage period of the cookies used by Google can be found in the cookie banner. You can find an overview of the cookies used by Google at https://policies.google.com/technologies/cookies?hl=de. Further information on how YouTube and Google handle user data and how this data is processed can be found in YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy.
   6. 9.6. The legal basis for the collection and further processing of the information is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. The legal basis for the use of cookies or similar technologies on your end device is Section 25 (1) TDDDG. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The easiest way to revoke your consent is via our cookie banner.
   7. 9.7. In connection with the above-mentioned functions, YouTube may also transfer the processed data to servers outside the EU, in particular to Google LLC in the USA, insofar as this is necessary for the provision of these services. For the USA, the EU-U.S. Data Privacy Framework is an adequacy decision of the EU Commission, which certifies that certified companies have an adequate level of data protection within the meaning of the GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework and is also entered in the list maintained by the U.S. Department of Commerce (Data Privacy Framework List). When data is transferred to Google LLC servers in the USA, a consistently high level of data protection is therefore guaranteed Insofar as data is transferred to the USA, such a third country transfer is based on Art. 45 para. 1 sentence 1 GDPR.
5. 10. Online meeting via TeamViewer

10.1. We use the TeamViewer tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: "online meetings"). TeamViewer is a tool from TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen, Germany.

10.2. If you access the provider's website, the provider is responsible for data processing. It may be necessary to access the website in order to download the software for use. Or if you do not want to or cannot use the provider app, you can also use the tool via your browser, for example. The service is then also provided via the provider's website. Details on data processing can be found in TeamViewer's privacy policy at https://www.teamviewer.com/de/datenschutzerklaerung/.

10.3. Various types of data are processed when TeamViewer is used. The scope of the data also depends on the data you provide before or during participation in an online meeting. The following personal data is processed: User details: e.g. display name, e-mail address if applicable, profile picture (optional), preferred language; meeting metadata: e.g. date, time, meeting ID, telephone numbers, location; text, audio and video data: You may have the option of using the chat function in an online meeting. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the respective applications.

10.4. We use TeamViewer to conduct online meetings. If we want to record online meetings or switch to your desktop interface, we will inform you transparently in advance and - if necessary - ask for your consent. If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

10.5. The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships. If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the effective conduct of online meetings.

10.6. Please note that - initiated by TeamViewer - cookies and similar technologies may be used through the integration and use of the TeamViewer software. The legal basis for the use of cookies or similar technologies on your end device is Section 25 (1) TDDDG. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

10.7. Personal data that is processed in connection with participation in online meetings is not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. The provider of TeamViewer necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with TeamViewer.

1. 11. Processing of personal data for job applications
   1. 11.1 We only collect your personal data as an applicant if you provide it to us voluntarily by e-mail, by post or by telephone or via our online form . This applies both to applications in response to job advertisements and to unsolicited applications. We then record the information provided in the application. This includes, in particular, name, date of birth, contact details, interests, qualification data and educational and professional background. The personal data collected from you will only be used for the purpose of carrying out the application process. The legal basis is Art. 6 para. 1 lit. b) GDPR and Art. 88 GDPR in conjunction with. § Section 26 para. 1 sentence 1 BDSG.
   2. 11.2. You are not obliged to provide the aforementioned personal data. However, the data provided is required to carry out the application process and may also be required to conclude a future contract after the application process has been completed. Without the provision of the data, it may not be possible to communicate, carry out the application process or conclude a contract.
   3. 11.3. The relevant data in each individual case is transmitted on the basis of the statutory provisions or a contractual agreement. Access to your personal data in the application process is only granted to employees of the HR department, employees of the management and the respective head of department. Your personal data will not be transferred to third parties. There is no intention to transfer your data to a recipient in a third country (not a member state of the EU/EEA) or an international organization.
   4. 11.4. The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Therefore, in the event of a rejection, we will store your data for six months after the application procedure has been completed and then delete it. If you consent to a longer storage period, we will inform you in advance of the storage period of two years. After this period, we will either delete your data or obtain your consent again.
   5. 11.5. We also offer you the option of logging in to the application form with your Xing profile to make it easier to enter the data in the application form. Xing (New Work SE Dammtorstraße 30, 20354 Hamburg, Germany) transmits certain information from your account to us, including: Profile details, surname, first name, email address, profile photo, etc. We use this information to pre-fill or update the application form. When you register or log in via Xing, your IP address and other device-related information will be forwarded to Xing. A cookie may also be installed on your computer, but deleted again when you close your browser. You can specify in your browser settings whether you want to allow cookies or not. If you do not want Xing to assign the data collected via our website directly to your profile, you must log out of Xing before visiting our website. XING provides information on data processing and corresponding contact options in its privacy policy at https://privacy.xing.com/de/datenschutzerklaerung/druckversion .
2. 12. Data security

12.1 We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

12.2. We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

1. 13. Revocation or objection to the processing of your data
   1. 13.1 If you have given your consent to the processing of your data, you can withdraw it at any time in accordance with Art. 7 (3) GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
   2. 13.2. Insofar as we base the processing of your personal data on Art. 6 para. 1 lit. e) GDPR (performance of a task carried out in the public interest) or Art. 6 para. 1 lit. f) GDPR (our legitimate interests), you can object to the processing at any time for reasons arising from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing (Art. 21 para. 1 GDPR).
   3. 13.3. Of course, you can object to the processing of your personal data for the purposes of direct advertising and related data analysis at any time. You can send your objection to our contact details above.
2. 14. Your further rights
   1. 14.1. You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR.
   2. 14.2. In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.
   3. 14.3. You have the right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
   4. 14.4. In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, or the processing is unlawful but you refuse to delete it, or we no longer need the data but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
   5. 14.5. In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.
   6. 14.6. You also have the right under Art. 77 GDPR to complain to a supervisory authority about the processing of your personal data by us if you are of the opinion that the data processing by us does not comply with the legal requirements.
3. 15. No automated decision-making (including profiling)

We do not use automated decision-making (including profiling) in accordance with Art. 22 GDPR.

16. Amendment of this data protection notice

We will revise this data protection notice in the event of changes to our website or other occasions and changes in the law that make this necessary. You will always find the current version on this website.

‍

Privacy Notice for Our Social Media Channels

We are pleased with your interest in our social media presences. We operate profiles on various social networks (hereinafter also referred to as "social media channels") to present our company and activities to you and to engage with you. In the following explanations, we provide you with information about the type of personal data we process, the extent of the processing, and the purpose for which this occurs.

This privacy notice applies exclusively to our social media channels listed below. You can find the general privacy notice for our website at the beginning of this page. Our legal notice, which also applies to our social media channels, can be found at: https://www.zahoransky.com/de/impressum.

1. Responsibility and Data Protection Officer

1.1 Responsible party according to Article 4, Paragraph 7 of the EU General Data Protection Regulation (GDPR) is:

ZAHORANSKY AG, Anton-Zahoransky-Strasse 1, 79674 Todtnau-Geschwend, Germany,
Tel.: +49-7671-997-0,
Fax: +49-7671-997-299,
E-mail: info@zahoransky.com

1.2 Our Data Protection Officer is:

Jason Komninos, BEITEN BURKHARDT Services GmbH, Ganghoferstraße 33, 80339 Munich,
E-mail: datenschutz@zahoransky.com

2. General Information

2.1 We maintain publicly accessible profiles on various social networks. Visiting these profiles initiates various data processing operations. Below, we provide you with an overview of the personal data we collect, use, and store when you visit our profiles on social networks. Personal data refers to any information that can be associated with you as a specific person (e.g., name, age, address, photos, e-mail addresses, possibly even IP addresses). Additionally, we inform you about the rights you have regarding the processing of your personal data in relation to us. You are not required to provide us with your personal data. However, this may be necessary for certain functionalities of our social media profiles. These functionalities may not be available or may be limited if you do not provide your personal data.

2.2 When you visit our profiles, your personal data is not only collected, used, and stored by us but also by the operators of the respective social network. This happens even if you do not have a profile on the respective social network. We have no influence on and no detailed knowledge of how the operators process the data from your visit to our social media profiles and your interactions with our posts for their own purposes, how long this data is stored, or whether it is shared with third parties. The data processing may differ depending on whether you are registered and logged into the social network or if you visit the page as an unregistered and/or logged-out user. When accessing the fan page or a post, the IP address assigned to your device is transmitted to the operator of the respective social network. When you visit the social network, cookies and similar technologies like pixels, web beacons, and local storage may be used to collect information about your usage of the service and provide you with features. If you are currently logged into the social network, a cookie on your device can track how you move through the network. Through buttons embedded in websites, the platforms can track your visits to these websites and associate them with your profile. Based on this data, content or advertisements may be tailored to you. If you wish to avoid this, you should log out, disable the "stay logged in" function, delete the cookies on your device, and restart your browser.

2.3 For details on the collection and storage of your personal data, as well as the type, scope, and purpose of their use by the operator of the respective social network, please refer to the privacy policies of the respective operator and the following explanations.

3. Your Rights as an Affected Person

3.1 You have the right, according to Article 15 GDPR, to request information about the personal data we have stored about you, free of charge.

3.2 Additionally, if the legal requirements are met, you have the right to correction (Article 16 GDPR), deletion (Article 17 GDPR), and restriction of processing (Article 18 GDPR) of your personal data.

3.3 If the data processing is based on Article 6 Paragraph 1(e) or (f) GDPR, you have the right to object to the processing of your personal data for reasons arising from your particular situation, according to Article 21 GDPR. If you object to data processing, it will cease in the future unless we can demonstrate compelling legitimate reasons for further processing that override your interests in the objection, or the processing serves to assert, exercise, or defend legal claims. Of course, you can object to the processing of your personal data for direct marketing purposes and related data analysis at any time without providing any reasons.

3.4 If you have provided us with the processed data, you have the right to data portability according to Article 20 GDPR. However, you can usually only exercise this right with the operator of the respective social network since only they have access to your profile data.

3.5 If the data processing is based on consent according to Article 6 Paragraph 1(a) or Article 9 Paragraph 2(a) GDPR, you can revoke your consent at any time with future effect, without affecting the legality of the processing that took place up to that point.

3.6 You also have the right to lodge a complaint with a supervisory authority for data protection, according to Article 77 GDPR, if you believe that the data processing by us violates legal regulations.

3.7 If you wish to exercise your rights as a data subject regarding a specific data processing operation that we can influence, or if you have any other questions, please contact us in writing or by e-mail or our data protection officer listed in section 1.2. We will review your request (e.g., request for information or objection) ourselves or forward your request to the responsible social network operator if your request concerns data processing by the social network operator.

4. Purpose of Data Processing / Legal Basis

4.1 The purpose of data processing by us on our social media presences is to inform our customers or other interested individuals about our products, campaigns, topics, news, and to interact with visitors of our social media appearances on these topics, as well as to respond to corresponding inquiries, praise, or criticism.

4.2 The processing of your personal data when visiting our social media channels is based on our legitimate interest in effectively informing users and communicating with them, pursuant to Article 6(1)(f) GDPR. There are no overriding conflicting interests on your part if you use social networks voluntarily and with knowledge of the respective terms of use and privacy notices, especially since we strive to always provide content through alternative communication channels, such as our website. If you are logged in to the social networks yourself, the processing is also carried out in accordance with Article 6(1)(b) GDPR in compliance with the terms of use that apply between you and the social network. If cookies or similar technologies are stored on your device by the social network providers, the legal basis for technically necessary cookies or similar technologies is Section 25(2)(2) of the German Telecommunications-Telemedia Data Protection Act (TTDSG), and for other cookies, your consent according to Section 25(1) TTDSG.

4.3 We reserve the right to delete content if necessary. We may share your content on our page if it is a function of the social media platform and communicate with you via the platform.

5. Data Sharing / Transfer to Third Countries

5.1 Data transfer to third parties only occurs if you have given us your consent in accordance with Article 6(1)(a) GDPR, which you can revoke at any time with future effect. Data may be transferred to authorized government institutions and authorities only within the framework of statutory disclosure obligations or if we are required to provide such information by court order. In such a case, the disclosure of your data is necessary under Article 6(1)(c) GDPR to comply with a legal obligation to which we are subject.

5.2 External service providers that process data on our behalf are carefully selected and contractually bound to strict obligations. These service providers act under our instructions, which is ensured through strict contractual agreements, technical and organizational measures, and additional monitoring.

5.3 We point out that the processing of your personal data by the operators of social networks may take place in so-called third countries outside the EU or the European Economic Area. In such cases, the level of data protection in the third country may not have been determined by the European Commission according to Article 45 GDPR, and suitable safeguards under Article 46 GDPR may also not be in place. It is therefore possible that the level of data protection in the third country does not match that of the GDPR. For example, data may be used for commercial purposes to display specific advertisements to users. Additionally, users may face risks, such as difficulties in exercising their rights. For details, please refer to the following explanations.

6. General Retention Period and Deletion

6.1 We store your personal data for as long as necessary to fulfill the intended purpose or as long as legitimate reasons under Article 17(3) GDPR, such as statutory retention periods, require storage. As long as legal retention obligations, such as tax and commercial regulations, prevent the deletion of your personal data, we will restrict the processing of your data; afterwards, your data will be deleted according to legal provisions.

6.2 All public posts made by you on our social media channels will remain in the timeline indefinitely, unless we delete them due to an update of the underlying topic or a legal violation, or unless you delete the post yourself. We have no influence on the deletion of your data by the operator of the platform itself. The privacy policies of the respective operator apply in this regard.

6.3 If you contact us, the data will be deleted once it is no longer necessary to achieve the purpose for which it was collected. This is the case when the respective conversation with you has ended. A conversation is considered ended when the circumstances indicate that the matter in question has been conclusively resolved. If the communicated data is subject to tax and commercial retention obligations, it will be stored for the duration of the statutory retention periods and then deleted, unless you have consented to further storage or further processing is necessary to assert, exercise, or defend legal claims.

7. Facebook and Instagram

Our Facebook and Instagram pages are accessible via the platform operated by Meta, which in the European Union is Meta Platforms Ireland Ltd., Merrion Road Dublin 4, D04 X2K5, Ireland ("Meta").

7.1 Independent Processing of Usage Data by Facebook and Instagram

When you visit our Facebook/Instagram page, Meta collects usage data. Meta is generally solely responsible for the data processing in this context. Meta provides information about this in its privacy policy as well as its cookie policy. You can also find more specific information in the Facebook Help Center and Instagram’s privacy information.

The data collected about you in this context is processed by Meta and may be transferred to countries outside the EU. Meta describes what information it receives and how it uses it in its privacy policy. There you can also find information about how to contact Meta and configure your advertisement settings.

When accessing a Facebook/Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized. Meta also stores information about users' devices (e.g., through the “login notification” function); Meta may be able to link IP addresses to individual users.

If you are currently logged into Facebook/Instagram as a user, there is a cookie on your device containing your Facebook/Instagram ID. This allows Meta to track that you have visited this page and how you used it. This applies to all other Facebook/Instagram pages as well. Through Facebook/Instagram buttons embedded on websites, Meta can track your visits to these sites and link them to your Facebook/Instagram profile. Based on this data, content or advertising can be tailored to you.

If you want to avoid this, you should log out of Facebook/Instagram, deactivate the “stay logged in” function, delete the cookies on your device, and close and reopen your browser. This way, information that could directly identify you will be deleted. You can then use the Facebook/Instagram fan page without revealing your Facebook/Instagram ID. If you access the interactive functions of the page (like, comment, share, message, etc.), a login prompt will appear. After logging in, you will again be recognizable to Facebook/Instagram as a user.

According to its own information, Meta stores data until it is no longer needed to provide its services and Facebook/Instagram products, or until the respective user account is deleted, whichever comes first. This depends on the individual circumstances, particularly the type of data, why it was collected and processed, and any relevant legal or operational retention needs.

In connection with the above-mentioned functions, Meta may also transfer the processed data to servers outside the EU, particularly to Meta Platforms Inc. in the USA, as necessary to provide these services. The EU-U.S. Data Privacy Framework includes an adequacy decision from the European Commission, certifying that companies listed under this framework have an adequate level of data protection according to the GDPR. Meta Platforms Inc. is certified under the EU-U.S. Data Privacy Framework and listed in the U.S. Department of Commerce's Data Privacy Framework List. Therefore, a consistently high level of data protection is guaranteed when data is transferred to Meta Platforms Inc. servers in the USA. The transfer of data to the USA is based on Article 45(1)(1) GDPR.

7.2 Joint Responsibility for Usage Data Processing

When you visit our Facebook/Instagram page, Meta uses certain usage data (e.g., whether you liked or commented on specific posts) to provide us with aggregated usage statistics (so-called "Page Insights"). These statistics do not allow any conclusions to be drawn about individual users' behavior but simply give us an overview of how our Facebook/Instagram page is used (e.g., which posts were clicked on the most). We do not have access to the personal data processed to create these statistics. The actions tracked by Facebook/Instagram are determined solely by Meta and cannot be set up, modified, or otherwise influenced by us.

Facebook/Instagram automatically provides us with these usage statistics, but we do not use them. We cannot prevent Facebook/Instagram from providing this data.

As part of the processing of personal data to create these usage statistics, Meta and we are joint controllers according to Article 26 GDPR.

Facebook's information about Page Insights describes which data is processed under the joint responsibility and includes the "Page Insights Supplement," where Meta and we have contractually determined who fulfills which obligations under the GDPR.

7.3 Processing of Your Data During Communication via Facebook/Instagram

When you contact us via the Facebook/Instagram page by commenting on a post or sending us a message via Facebook/Instagram Messenger, we process the related personal data (e.g., your name and the content of the communication) to address your inquiry.

8. LinkedIn

Our LinkedIn page is accessible via the LinkedIn platform, which is operated in the European Union by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

8.1 Independent Processing of Usage Data by LinkedIn

When you visit our LinkedIn page, LinkedIn collects usage data. LinkedIn is solely responsible for these data processing activities in terms of data protection. LinkedIn provides information on this in its privacy policy and cookie policy.

LinkedIn processes the data you voluntarily provided during registration, such as your name, email address, phone number, and payment and billing information if you registered for a premium service. LinkedIn also processes your contacts from your address book if you have uploaded or synchronized them. Furthermore, LinkedIn processes personal information you have made public on your profile, such as education, work experience, skills, photo, or other demographic data, as long as you provide, post, or upload this information on the platform.

Additionally, LinkedIn evaluates the content you share to determine your areas of interest, stores and processes confidential messages you send directly to other users, and can determine your location using geolocation data like GPS, wireless network information, or your IP address to deliver advertisements or other content to you.

LinkedIn also receives information when you view content, even if you haven't created an account. This "log data" may include your IP address, browser type, operating system, information about the previously visited website, the pages you viewed, your location, your mobile provider, the device you used (including device ID and application ID), the search terms you used, and cookie information.

Through embedded LinkedIn buttons or widgets on websites and the use of cookies, LinkedIn can track your visits to these websites and associate them with your LinkedIn profile. This allows LinkedIn to tailor content or advertisements to you.

In connection with the aforementioned functions, LinkedIn may also transfer the processed data to servers outside the EU, particularly to LinkedIn Corp. in the USA, if necessary to provide these services. The EU-U.S. Data Privacy Framework includes an adequacy decision by the European Commission, certifying that companies listed under this framework provide an adequate level of data protection under GDPR. LinkedIn Corp. is certified under the EU-U.S. Data Privacy Framework and is included in the U.S. Department of Commerce's Data Privacy Framework List. Therefore, a consistently high level of data protection is guaranteed when data is transferred to LinkedIn Corp. servers in the USA. The transfer of data to the USA is based on Article 45(1) GDPR.

8.2 Joint Responsibility for Usage Data Processing

When you visit, follow, or engage with our LinkedIn page, LinkedIn processes personal data to provide us with anonymized statistics and insights using analysis tools. This gives us insights into the types of actions people take on our page (so-called Page Insights). The data processed includes the information you provided during registration or your use of LinkedIn. We have no influence over LinkedIn's use of such tools and were not informed about their potential use. We only receive anonymized, non-personal information about posting activities, such as the number of company page or link clicks for a particular post. This means we cannot draw any conclusions about individual users based on the Page Insights information.

LinkedIn automatically provides us with these usage statistics, but we do not use them. We cannot prevent LinkedIn from providing this data.

For the processing of personal data to create these usage statistics, LinkedIn and we are joint controllers under Article 26 GDPR.

In the "Page Insights Joint Controller Addendum," LinkedIn and we have contractually agreed on who fulfills which obligations under GDPR. The addendum also describes which data is processed under joint responsibility.

8.3 Processing of Your Data During Communication via LinkedIn

When you contact us via LinkedIn, for example, by commenting on a post or sending a message through LinkedIn messaging, we process your data (e.g., your name and the communication content) to handle your request.

Please note that the names of registered LinkedIn users who visit our LinkedIn page are visible to us. If you do not wish to share this information, you can activate the so-called "private mode" in your LinkedIn profile settings.

9. X (formerly Twitter)

Our X profile is accessible via the X (formerly Twitter) platform, which is operated in the European Union by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter").

9.1 Independent Processing of Usage Data by Twitter

While you view our X profile or the profile of a third party on X, as well as the posts there, Twitter collects information about your interactions with the profiles and content and processes this information independently for its own purposes, in accordance with X's privacy policies.

As far as we know, Twitter analyzes this information primarily to identify topics you may be interested in and uses this data to personalize the posts and advertisements shown to you on X. For these purposes, Twitter typically places cookies on your device and uses similar technologies to recognize you. Twitter may also link this data to your X account. Twitter conducts the aforementioned processing independently and without our ability to disable or restrict it.

You can limit the processing of your data in the general settings of your X account and under the "Privacy and Security" section. Furthermore, on mobile devices (smartphones, tablets), you can restrict Twitter's access to contact and calendar data, photos, location data, etc., in the device's settings. However, this depends on the operating system being used. More information on these topics can be found on X’s support page.

In connection with the functions mentioned above, Twitter may also transfer the data it processes to servers outside the EU, particularly to X Corp. in the USA, if necessary for the provision of these services. The EU-U.S. Data Privacy Framework includes an adequacy decision by the European Commission, certifying that companies listed under this framework provide an adequate level of data protection in accordance with GDPR. However, X Corp. is not yet certified under the EU-U.S. Data Privacy Framework. For EU citizens, this presents a particular risk since U.S. security authorities may access and process their data, and there are limited legal remedies available against actions by U.S. security authorities. According to Twitter, when transferring data to the USA or other third countries, the EU Commission’s standard contractual clauses are applied. This means that Twitter is committed to ensuring European data protection standards even when data is transferred to third countries such as the USA. If data is transferred to the USA or another third country, such transfers are based on Article 46(2)(c) GDPR.

9.2 Processing of Your Data by Us

As part of our use of the X platform, we receive detailed reports from Twitter on how users generally interact with our X profile and individual posts. However, these reports do not include any personal data, only general statistics and summaries such as the total number of views of our profile and individual posts. We cannot filter these reports by user or user groups, nor can we set such criteria for creating the reports. Therefore, it is not possible for us to determine whether a specific user performed a particular interaction based on the reports and data provided by Twitter. Also, we do not create profiles for individual users. We do not have access to the personal data processed by Twitter. Twitter alone decides what data is processed for statistics and summaries and how. We cannot legally or practically influence Twitter's processing.

Twitter automatically provides us with these usage statistics, but we do not use them. We cannot prevent Twitter from providing this data.

9.3 Processing of Your Data in Communication via X

Additionally, we process the data you may send us via X only to manage our X profile, particularly to respond to questions or react to your posts, comments, and messages on X.

10. YouTube

Our YouTube channel is accessible via the YouTube platform, which is operated in the European Union by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

10.1 Independent Processing of Usage Data by Google

When you visit our YouTube channel, Google collects usage data. Google is solely responsible for this data processing. Google provides information on this in its privacy policy.

We have no influence over the type and scope of data processed by Google, the way it is processed and used, or the transfer of this data to third parties. We also have no effective control over this.

When using YouTube, your personal data is collected, transmitted, stored, disclosed, and used by Google, and is transferred and stored in the USA, Ireland, or any other country where Google operates, regardless of your place of residence. Data is also transferred to Google’s affiliated companies and other companies or individuals processing this data on behalf of Google.

Google processes both the data you voluntarily provide, such as your name and username, email address, and phone number, as well as the content you create, upload, or receive from others while using the services. This includes, for example, photos and videos you store, documents and spreadsheets you create, and comments you post on YouTube videos.

Additionally, Google analyzes the content you share to determine your areas of interest, stores and processes confidential messages you send directly to other users, and can determine your location using GPS data, wireless network information, or your IP address to deliver advertisements or other content to you.

Google also receives information when you view content, even if you haven't created an account. This "log data" may include your IP address, browser type, operating system, information about the previously visited website, the pages you viewed, your location, your mobile provider, the device you used (including device ID and application ID), the search terms you used, and cookie information.

You can limit the processing of your data in the general settings of your Google/YouTube account. Additionally, Google offers specific privacy settings for YouTube, which you can find in Google’s guide to privacy in Google products.

In connection with the aforementioned functions, YouTube may also transfer the processed data to servers outside the EU, particularly to Google LLC in the USA, if necessary for the provision of these services. The EU-U.S. Data Privacy Framework includes an adequacy decision by the European Commission, certifying that companies listed under this framework provide an adequate level of data protection in accordance with GDPR. Google LLC is certified under the EU-U.S. Data Privacy Framework and is included in the U.S. Department of Commerce’s Data Privacy Framework List. Therefore, a consistently high level of data protection is ensured when data is transferred to Google LLC servers in the USA. If data is transferred to the USA, such a transfer is based on Article 45(1) GDPR.

10.2 Processing of Your Data by Us

Google uses certain data collected from users of the YouTube platform (e.g., which videos users watch) to create aggregated usage statistics and make these available to the operators of the respective YouTube channels (so-called "YouTube Insights"). We also receive such aggregated usage statistics. The information we receive through YouTube Insights does not allow us to draw any conclusions about individual users. We do not have access to personal data that Google processes for YouTube Insights. Google alone decides which data is processed and how it is processed for YouTube Insights. We have no legal or practical influence over Google's processing.

YouTube automatically provides us with these usage statistics, but we do not use them. We cannot prevent YouTube from providing this data.

10.3 Processing of Your Data in Communication via YouTube

If you contact us via our YouTube channel, for example by commenting on a video, we process your data (e.g., your name and the content of the communication) in order to handle your request.