Privacy Policy | UNMATCHED Catering

1. An overview of data collection

General information

The following information will provide you with an easy-to-navigate overview of what will happen with your personal data when you visit our website. The term "personal data" comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Declaration on Data Protection, which we have included beneath this copy.

Data recording on our website

Who is the responsible party for the recording of data on this website (i.e., the "controller")?

The data on this website is processed by the operator of the website, whose contact information is available under the section "Information about the responsible party (controller)" in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyze your user patterns. In case contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders, or other order inquiries.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data is rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data-protection-related issues.

Analysis tools and tools provided by third parties

There is a possibility that your browsing patterns will be statistically analyzed when you visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs, please consult our Declaration on Data Protection below.

2. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Declaration on Data Protection.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Declaration on Data Protection explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose, the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (controller)

The party responsible for processing data on this website is:

Franziska Brösicke UNMATCHED Catering Industriestraße 29 41564 Kaarst Germany

Phone: 01522 3610069 Email: info@unmatchedcatering.com

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, email addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, if special categories of data are processed according to Art. 9(1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or the access to information on your end device (e.g., via device fingerprinting), the data processing is additionally based on § 25(1) TDDDG. Consent can be revoked at any time. If your data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data if required to fulfill a legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest according to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following sections of this privacy policy.

Information on data transfer to non-secure third countries as well as transfer to US companies that are not DPF-certified

Among other things, we use tools from companies based in non-secure third countries (from a data protection perspective) as well as US tools whose providers are not certified under the EU–US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to and processed in these countries. We point out that no data protection level comparable to that of the EU can be guaranteed in non-secure third countries.

We point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. A data transfer to the USA is therefore permissible if the recipient is certified under the "EU–US Data Privacy Framework" (DPF) or has suitable additional safeguards. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of personal data

In the course of our business activities, we cooperate with various external bodies. In some cases, this also requires the transfer of personal data to these external parties. We only pass on personal data to external parties if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest in the transfer pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the data transfer. When using processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Revocation of your consent to the processing of data

A broad range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA IS PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DECLARATION ON DATA PROTECTION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION-WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA THAT OUTWEIGH YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING, OR DEFENSE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work, or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or a third party in a commonly used, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

Information about, rectification, and eradication of data

Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
If we do not need your personal data any longer and you need it to exercise, defend, or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data — with the exception of its archiving — may be processed only subject to your consent or to claim, exercise, or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from "http://" to "https://" and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

3. Hosting

Hosting our website with Vercel

Our website is hosted on servers operated by Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, USA (hereinafter "Vercel"). The technical hosting is operated by our web design agency, Bender Digital GmbH, under our maintenance agreement; Bender Digital GmbH uses Vercel for this purpose.

When you access our website, Vercel processes technical data (e.g., IP address, date and time of the request, content accessed, browser information) that is necessary for the operation and delivery of the website.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the reliable and performant delivery of our website).

Vercel is certified under the EU–US Data Privacy Framework (DPF). Data transfer to the USA is additionally based on the Standard Contractual Clauses of the EU Commission.

For more details, please refer to Vercel's privacy policy: https://vercel.com/legal/privacy-policy.

united-domains AG (Domain Hosting)

We use the services of united-domains AG for our domain. The provider is united-domains AG, Gautinger Straße 10, 82319 Starnberg, Germany (hereinafter "united-domains").

The purpose of processing is the provision and management of our domain. During DNS resolution, united-domains processes technical data (e.g., IP address, time of the request) that is necessary for domain operation and routing.

For more details, please refer to the privacy policy of united-domains: https://www.united-domains.de/datenschutz/.

The use of united-domains is based on Art. 6(1)(f) GDPR. We have a legitimate interest in reliable domain management.

Data processing

We have concluded a data processing agreement (DPA) with united-domains. This is a contract mandated by data protection laws that guarantees that united-domains processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

4. Recording of data on this website

Cookies

Our website uses what the industry refers to as "cookies." Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user patterns or to display promotional messages.

Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function), or for the optimization of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of this website has a legitimate interest in the storage of necessary cookies to ensure the technically error-free and optimized provision of the operator's services. If your consent to the storage of cookies and similar recognition technologies has been requested, processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25(1) TDDDG); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the deletion function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

If additional cookies and services are used on this website, you will find the relevant information in this Privacy Policy.

CookieScript (Consent Management)

We use the consent management tool CookieScript to manage cookie consents from our website visitors. The provider is Objectis Ltd., which operates CookieScript at CookieScript.com.

The purpose of processing is the management of your cookie consents (granting, managing, and documenting consent) as well as the fulfillment of legal obligations regarding obtaining and documenting consent.

The legal basis for processing is Art. 6(1)(c) GDPR (compliance with a legal obligation) as well as § 25(1) TDDDG.

Contact form

If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The information you enter into the contact form will remain with us until you ask us to eradicate the data, revoke your consent to its archiving, or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). Mandatory statutory provisions — in particular retention periods — remain unaffected.

Inquiries by email, phone, or fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this has been requested; consent can be revoked at any time.

The data you sent to us via contact inquiries will remain with us until you ask us to eradicate the data, revoke your consent to its archiving, or if the purpose for which the information is being archived no longer exists (e.g., after we have completed our response to your request). Mandatory statutory provisions — in particular statutory retention periods — remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

The communication is end-to-end encrypted (peer-to-peer), which prevents WhatsApp or other third parties from accessing the content of the communication. However, WhatsApp does gain access to metadata generated during the communication process (e.g., sender, recipient, and time). We also note that according to its own statement, WhatsApp shares the personal data of its users with its US-based parent company Meta. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

The use of WhatsApp is based on our legitimate interest in the fastest and most effective communication possible with customers, prospects, and other business and contractual partners (Art. 6(1)(f) GDPR). If a corresponding consent has been requested, the data processing takes place exclusively on the basis of the consent; this consent can be revoked at any time with effect for the future.

The content of communications exchanged between you and us on WhatsApp will remain with us until you ask us to delete it, revoke your consent to its storage, or until the purpose for storing the data no longer applies (e.g., after we have completed our response to your inquiry). Mandatory statutory provisions — in particular retention periods — remain unaffected.

The company is certified under the "EU–US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards when data is processed in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/7735.

We use WhatsApp in the "WhatsApp Business" variant.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have concluded a data processing agreement (DPA) with the provider mentioned above.

5. Analysis tools and advertising

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform any independent analysis. It only serves to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in quick and easy integration and administration of various tools on the website. If a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives a variety of usage data, such as page views, length of stay, operating systems used, and the user's origin. This data is combined into a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to supplement the recorded data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the "EU–US Data Privacy Framework" (DPF). Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website usage and Internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information about how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics records, among other things, your location, search history, and YouTube history as well as demographic data (visitor data). This data may be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data of Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our visitors.

Data processing

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Microsoft Clarity

This website uses Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, https://learn.microsoft.com/en-us/clarity/faq (hereinafter "Microsoft Clarity").

Microsoft Clarity is a tool for analyzing user behavior on this website. In particular, Microsoft Clarity records mouse movements and creates a graphic representation of the parts of the website to which users scroll particularly frequently (heatmaps). Microsoft Clarity can also record sessions so we can view page usage in the form of videos. We also receive information about general user behavior on our website.

Microsoft Clarity uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g., cookies or the use of device fingerprinting). Your personal data is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA.

Insofar as consent has been obtained, the use of the above-mentioned service takes place exclusively on the basis of Art. 6(1)(a) GDPR and § 25 TDDDG. Consent can be revoked at any time. Insofar as no consent has been obtained, the use of this service is based on Art. 6(1)(f) GDPR; the website operator has a legitimate interest in effective user analysis.

For further details on data protection at Microsoft Clarity, please refer to: https://docs.microsoft.com/en-us/clarity/faq.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data protection laws that guarantees that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available to Google (e.g., location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous use and surfing behavior on one device (e.g., mobile phone) can also be displayed on another of your devices (e.g., tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=en.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

For further information and the data protection regulations, please refer to Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.

Target group formation with Customer Match

For target group formation, we use, among other things, the customer match function of Google Ads Remarketing. In doing so, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the relevant customers are Google users and logged into their Google account, suitable advertising messages will be displayed to them within the Google network (e.g., on YouTube, Gmail, or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Conversion Tracking, Google and we can recognize whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our advertisements and what actions they performed. We do not receive any information that we could use to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

For more information on Google Conversion Tracking, please refer to Google's privacy policy: https://policies.google.com/privacy?hl=en.

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel from Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Meta, however, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Meta advertisement. This makes it possible to evaluate the effectiveness of Meta advertisements for statistical and market research purposes and to optimize future advertising measures.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta, so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes, in accordance with the Meta Data Usage Policy (https://www.facebook.com/about/privacy/). This enables Meta to enable the display of advertisements on Facebook or Instagram pages and other advertising channels. This use of the data cannot be influenced by us as the website operator.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

We use the function of advanced matching within the Meta Pixel.

Advanced matching enables us to transmit various types of data (e.g., place of residence, state, postal code, hashed email addresses, names, gender, date of birth, or telephone number) of our customers and prospects that we collect via our website to Meta. This enables us to tailor our advertising campaigns on Facebook and Instagram even more precisely to people who are interested in our offers. Furthermore, advanced matching improves the attribution of website conversions and expands custom audiences.

Insofar as personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after the transfer is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for the data protection-secure implementation of the tool on our website. Meta is responsible for the data security of the Meta products. You can exercise data subject rights (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Meta. If you exercise the data subject rights with us, we are obliged to forward these to Meta.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://www.facebook.com/help/566994660333381.

Meta's privacy policy contains further information on the protection of your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you must be logged in to Facebook.

If you do not have a Facebook or Instagram account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/uk/your-ad-choices.

Meta Conversion API

We have integrated the Meta Conversion API on this website. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Meta, however, the collected data is also transferred to the USA and other third countries.

The Meta Conversion API enables us to record the interactions of the website visitor with our website and to forward them to Meta in order to improve advertising performance on Facebook and Instagram.

For this purpose, the time of the visit, the website visited, your IP address and your user agent, as well as, if applicable, other specific data (e.g., purchased products, value of the shopping cart, and currency) are recorded. A complete overview of the data that can be recorded can be found here: https://developers.facebook.com/docs/marketing-api/conversions-api/parameters.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Meta's privacy policy contains further information on the protection of your privacy: https://www.facebook.com/about/privacy/.

Data processing

TikTok Pixel

We have integrated the TikTok Pixel on this website. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter "TikTok").

With the help of the TikTok Pixel, we can display interest-based advertising on TikTok to website visitors who have viewed our offers (TikTok Ads). At the same time, the TikTok Pixel allows us to determine how effective our advertising is on TikTok. This makes it possible to evaluate the effectiveness of TikTok advertisements for statistical and market research purposes and to optimize them for future advertising measures. Various usage data is processed, such as IP address, page views, length of stay, operating systems used, and the user's origin, information about the advertisement on which a person clicked on TikTok, or an event that was triggered (timestamp). This data is combined into a user ID and assigned to the respective end device of the website visitor.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

Data transfer to third countries is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.tiktok.com/legal/page/eea/privacy-policy/en and https://ads.tiktok.com/i18n/official/policy/controller-to-controller.

Data processing

LinkedIn Insight Tag

This website uses the Insight Tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data processing by LinkedIn Insight Tag

With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can analyze, among other things, the key professional data (e.g., career level, company size, country, location, industry, and job title) of our website visitors and thus better tailor our site to the respective target groups. Furthermore, with the help of LinkedIn Insight Tags, we can measure whether visitors to our websites make a purchase or perform some other action (conversion measurement). Conversion measurement can also be done across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting function, with the help of which we can display targeted advertising to visitors to our website outside the website, whereby according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized). The direct identifiers of the LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it for its own advertising measures. For details, please refer to LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

Legal basis

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Objection to the use of LinkedIn Insight Tag

You can object to the analysis of usage behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in the account settings. To avoid linking data collected on our website by LinkedIn with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Data processing

6. eCommerce and payment service providers

Processing of customer and contract data

We collect, process, and use personal customer and contract data to establish, structure the content of, and modify our contractual relationships. We collect, process, and use personal data concerning the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill the user. The legal basis is Art. 6(1)(b) GDPR.

The collected customer data is deleted after completion of the order or termination of the business relationship and expiration of any existing statutory retention periods. Statutory retention periods remain unaffected.

Data transfer upon contract conclusion for services and digital content

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned with the payment processing.

A further transfer of the data does not take place or only takes place if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

7. Our own services

Handling of applicant data

We offer you the opportunity to apply to us (e.g., by email, post, or via online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data takes place in accordance with applicable data protection law and all other statutory provisions and that your data is treated strictly confidentially.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes during job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract initiation), and — insofar as you have given consent — Art. 6(1)(a) GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.

If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

As part of the application process, we may also conduct internet research on you. This mainly includes Google search, LinkedIn, and Xing. The legal basis for this type of processing is our legitimate interest in obtaining an overall impression of publicly accessible information pursuant to Art. 6(1)(f) GDPR.

Retention period of the data

If we cannot make you a job offer, you reject a job offer, or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted, and the physical application documents will be destroyed. The storage serves in particular for evidence purposes in the event of a legal dispute. If it is apparent that the data will be required after the expiration of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further retention no longer applies.

Longer retention may also take place if you have given corresponding consent (Art. 6(1)(a) GDPR) or if statutory retention requirements preclude deletion.

Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6(1)(a) GDPR). The granting of consent is voluntary and has no connection with the ongoing application process. The data subject can revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are statutory retention reasons.

The data from the applicant pool will be irrevocably deleted at the latest two years after consent has been granted.