Privacy Policy

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data within our online offer and its associated websites, functions and content as well as external online presences, such as .B our social media profile. With regard to the terms used, such as.B"personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Table of Content

1. Name and address of the controller

2. Contact the Data Protection Officer

3. Obligations to provide information

4. General information on data processing

5. Provision of the website and creation of log files

6. Use of cookies

7. Contact form and e-mail contact

8. Web analysis

9. Web analysis through advertising networks

10. Social Media-Onlinepresence(s)

11. Integration of third-party services/content

12. Rights of the data subject


The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the

Member States as well as other data protection regulations is:

Convidera Ltd.

Stolberger Strasse 90D

50933 Cologne

Germany

Tel.: +49(221)993 185 00

E-Mail: info@convidera.com

Website: https://www.convidera.com

2. Name and address of the Data Protection Supervisor

If you have any questions about the handling of your personal data or would like to exercise your rights to be affected, please contact our data protection officer at:

Convidera GmbH

Stolberger Strasse 90D

50933 Cologne

Germany

E-Mail: datenschutz@convidera.com

Phone: +49 (221) 993 185 00

3. Obligations to provide information

a) Types of data processed

We process the following types of data on our website:

  • Inventory data

  • Contact details

  • Content data

  • Usage data

  • Meta-/ Communication data

No special categories of data are processed (Art. 9 sec. 1 DSVGO).

b) Categories of data subjects

The following groups of people are affected by the processing

  • Customers

  • Interested parties

  • Visitors and users of the online offer

c) Purpose of processing

The processing of data takes place for the following purposes:

  • Providing the online presence, its content and functions

  • Provision of contractual services, service and customer care

  • Responding to contact requests

  • Communication with users

  • Security

  • Marketing, advertising and market research

d) Changes and updates to the Privacy Policy

We kindly ask you to inform yourself regularly about the content of our data protection declaration. We will adjust the Privacy Policy as soon as the changes to the data processing we perform make this necessary.

We will inform you as soon as the changes require an act of participation on your part (e.g. consent) or any other individual notification.

e) Security measures

In accordance with Article 32 GDPR, we shall take appropriate technical and organizational measures, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the different probability and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection complacency compromising the risk; Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, security of availability and separation. In addition, we have established procedures that ensure the exercise of data subjects' rights, the erasure of data and the response to the data being compromised. Furthermore, we take into account the protection of personal data already during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technical design and through data protection-friendly presets (Art. 25 GDPR).

Security measures include, in particular, the encrypted transmission of data between your browser and our server.

f) Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing; transmitting data to them or otherwise granting them access to the data, this is only done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as to payment service providers, in accordance with Art. 6 (1) lit.b GDPR is required for the fulfilment of the contract), you have consented to the usage of your data, because of a legal obligation or on the basis of our legitimate interests (e.g. when using appointees, web hosting, etc.).
If we entrust third parties with the processing of data on the basis of a so-called "data processing agreement (dpa)", this is done on the basis of Article 28 GDPR.

g) Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only be done in order to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual authorisations, we process or have the data processed in a third country only if the special conditions of Art. 44 et seq. GDPR are met. This means that the processing is carried out on the basis of special guarantees, such as an officially recognised determination of an EU-compliant level of data protection or compliance with officially recognised specific contractual obligations (so-called "standard contractual clauses/SCC").

4. General information on data processing

a) The extent of the processing of personal data

We process the personal data of our users in principle only to the extent that this is necessary for the provision of a functional website as well as its content and services. The processing of the personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

b) Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing transactions of personal data, Art. 6 (1) lit. a GDPR is the legal basis.

In the case of processing of personal data necessary for the fulfillment of a contract of which the data subject is a party, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for the implementation of pre-contractual measures.

Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 sec. 1 lit. d GDPR serves as a legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedom of the person concerned do not outweigh the first-mentioned interest, Article 6 (1) lit. f GDPR is the legal basis for processing.

c) Data erasure and storage time

The personal data of the data subject will be deleted or barred as soon as the purpose of storage is omitted. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data shall also be barred or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion of a transaction or a fulfilment of the contract.

5. Provision of the website and creation of log files

a) Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer in the form of a session cookie.

The following data is collected:

  • Information about the browser type and version used

  • The user's operating system

  • The user's Internet service provider

  • The user's IP address

  • Date and time of access

  • Websites from which the user's system enters our website

  • Websites accessed by the user's system via our website

In the event of a system error, the data is stored anonymously in the log files of our system. The data are used exclusively for the reproducibility of the error that occurred, a storage with personal reference does not take place.

If there is no error in the session, no data is stored.

b) Legal basis for data processing

The legal basis for the temporary storage of the data is Art. 6 (1) lit. f GDPR.

c) Purpose of processing

The temporary storage of the (session) IP address by the system is necessary to enable the delivery of the website to the user's computer. To do this, the user's IP address must be stored for the duration of the session.

The storage of log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation for marketing purposes does not take place in this context.
In these purposes lies also our legitimate interest in data processing in accordance with Art. 6 (1) lit. f GDPR.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is terminated.

e) Possibility of opposition and disposal

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

6. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or the internet browser on the user's computer system. When a user accesses a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is recalled.

We use cookies to make our website user-friendly and secure. Some elements of our website require that the calling browser can be identified even after a page change.

We also use cookies on our website which, among other things, enable an anonymised analysis of users' browsing behaviour.

The data collected in this way of the users will be anonymized/pseudonymized, as far as possible, by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.

When accessing our website, users are informed by a "Consent Manager" about the use of cookies for analysis purposes and refer to this privacy policy.

In addition, when accessing our website, the user is informed about the further use of cookies for analysis purposes and his consent is obtained for the processing of the personal data used in this context. In this context, a reference is also made to this privacy policy.

Consent Manager:

To manage and display cookies and trackers, we use the Consent Manager of ConsentManagement (Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden) https://www.consentmanager.de/

with whom we have concluded an order processing contract.

The privacy policy can be found here: https://www.consentmanager.net/privacy.php#cmpnoscreen

The following data is stored or transmitted:

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 sec. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 sec. 1 lit. a GDPR if the user has given his consent in this regard.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users.

Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

We require cookies for the following applications:

  • Authentication

  • Preventing cross-site Request Forgery attacks

  • Unique, anonymous identification for correct website delivery

The user data collected by technically necessary cookies will not be used to create user profiles.

In these purposes, our legitimate interest lies in the processing of personal data in accordance with Art. 6 sec. 1 lit. f GDPR. The use of the analysis cookies is done for the purpose of improving the quality of our website and its contents.

Through the analysis cookies, we learn how the website is used and can thus continuously optimize our offer.

For the following applications we need analysis cookies:

  • Google Analytics

  • Social Plugins

  • Facebook-Pixel

  • Linkedin-Pixels

d) Duration of storage, possibility of appeal and disposal

Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your

Internet browsers allow you to disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website,

however, all features of the website may no longer be fully utilized.

7. Contact/registration form and e-mail contact

Event registration and confirmation emails

a) Description and scope of data processing

A contact/registration form is available on our website. If a user takes advantage of this possibility, the data entered in the input mask will be transmitted to us and stored.

These data are:

  • Title

  • First name

  • Last name

  • Email address

  • Company (optional)

  • Position (optional)

At the time of sending the application, the following data will also be stored:

  • Date and time of application

By accepting the privacy policy and then clicking on the "Send button", you accept the transmission of your data to us.

Alternatively, it is possible to contact us via the e-mail addresses provided. In this case, the personal data of the user transmitted by the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 sec. 1 lit. a GDPR in the presence of the consent of the user.

Pursuant to Art. 28 sec. 3 p. 1 GDPR, we have concluded an order processing contract with the service provider as well as standard contractual clauses.

c) Purpose of data processing

The processing of personal data from the input mask is for our sole purpose to process/answer your request.

d) Duration of storage

The data will be deleted as soon as they are no longer necessary for the purpose of their collection. For the personal data from the entry form of the registration form, this is the case if your request has been clarified.

e) Possibilities of opposition and disposal

The user has the possibility to revoke his/her consent to the processing of personal data at any time.

If you wish to withdraw your consent to the processing/storage, please send an e-mail to: datenschutz@convidera.com

8. Web Analysis

Google Analytics

With your consent via the Consent Manager, we set in terms of Art. 6 (1) lit a. GDPR we use Google Analytics on our website. Google Analytics is a web analysis service of Google LLC ("Google"). Google uses cookies.
The information generated by the cookie about the use of the online offer by the user is usually transferred to a Google server in the USA and stored there. The United States is an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49 (1) lit. a GDPR. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet usage. Pseudonymous user profiles of the users can be created from the processed data.

We use Google Analytics to display ads from Google and its partners, only to those users which have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we transmit to Google (so-called "Remarketing", or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads meet the potential interest of users and do not have a harassing effect. We only use Google Analytics with IP anonymization enabled. This means that the IP address of the users is truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user's browser will not be merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent the collection of data generated by the cookie and related to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link Google GA Optout.

For more information on Google's use of data, settings and objections, please visit Google's websites: Google Privacy ("Data Usage"

Google when you use our partners' websites or apps"),
Google Ad Policy („Datennutzung zu

Advertising Purposes") Google Ads Settings ("Manage Information That Google Uses to Show You Advertisements").

9. Web analysis through advertising networks

Google- Re/Marketing-Services

With your consent given via the Consent Manager, in terms of Art. 6 (1) lit a. GDPR, we make use of the marketing and remarketing services (in short "Google Marketing Services") of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). The United States is an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49 (1) lit. a GDPR.

Google's marketing services allow us to display ads for and on our website in a more targeted way to present users only with ads that potentially meet their interests. If a user is shown e.g. ads for products that they are interested in on other websites, this is called "remarketing". For these purposes, when google calls up our and other websites on which Google marketing services are active, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With the help of these, an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies can also be used). Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user visited, which content he is interested in and which offers he has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time as well as further information on the use of the online offer. The IP address of the users is also recorded, whereby we instruct google analytics that the IP address is truncated within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the Ip address is transmitted to a Google server in the USA and then shortened there. The IP address will not be merged with the user's data within other Google offers. The above information may also be linked by Google to such information from other sources. If the user then visits other websites, the ads tailored to him or her may be displayed according to his or her interests. The data of the users are processed pseudonymously within the framework of the Google marketing services. This means that Google does not store and process the name or e-mail address of the users for example, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google's point of view, the ads are not managed and displayed for a specific identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the United States. Among the Google marketing services we use is the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer will receive a different "conversion cookie". Cookies cannot be tracked through AdWords customers' websites. The information collected using the cookie is used to generate conversion statistics for AdWords customers who have opted in for conversion tracking. AdWords customers will learn the total number of users who clicked on their ad and have been redirected to a page with a conversion tracking tag. However, we will not receive any information that can be used to personally identify users. We can also use the Google Optimizer service. Google Optimizer allows us to understand how different changes to a website (e.g. changes in input fields, design, etc.) as part of so-called "A/B testing". For these testing purposes, cookies are stored on the users' devices. Only pseudonymous data of the users are processed. We may also use the Google Tag Manager to integrate and manage Google Analytics and Marketing Services on our website. For more information about Google's use of data for marketing purposes, see overview page and the Privacy Policy by Google.

If you wish to object to interest-related advertising through Google Marketing Services, you can use the Settings and Opt-Out Options .

10. Social Media-Online-Presences

We maintain various presences on social media services in order to be able to communicate and interact with users on these platforms as well. We would like to point out that user data can also be processed outside the European Union.

The United States is an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49(1) lit. a GDPR. The data collected by the platforms can be used for the creation of usage profiles, which in turn can be used for market research and advertising purposes. The storage of this data is usually carried out by cookies. If consent is given to the service provider, the legal basis for processing is Art. and Article 7 GDPR.

Information on stored data as well as the exercise of user rights can be obtained directly from the service provider or asserted. For a more detailed description of the data processing and possibilities of objection,

we refer to the following information of the respective providers:

Facebook

On our website, functions of the social network are facebook.com integrated. These are offered by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) or Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The plugins can contain interaction elements or content (e.B. parts buttons) and are modelled on the original logo.

Only when a user calls up a function of this online offer does his device establish a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user's device and integrated by the user into the online offer. In doing so, user profiles of the users can be used from the processed data

be created. By using the plugin, Facebook receives the information that the user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, the corresponding information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his IP address. According to Facebook, only an anonymized IP address is stored in Germany. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for the protection of privacy can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

If a user is a member of Facebook and does not want Facebook to collect data about him via this online offer and link it to his or her member data stored on Facebook, he must log out of Facebook before using the plugins and delete his cookies. Further settings and contradictions for the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads.

In this processing, our cooperation with Facebook is based on a joint responsibility agreement in accordance with Art. 26 GDPR, which can be accessed here: https://www.facebook.com/legal/terms/page_controller_addendum.

Privacy Policy for Facebook

(The following privacy notices apply in the event that you visit our corporate pages on the social media platforms)

a) Description and scope of data processing

Facebook Inc. assumes primary responsibility under GDPR for the processing of data and all obligations under

GDPR with regard to the processing of personal data. Facebook is therefore taking over:

  • the primary responsibility

  • the handling of affected rights

  • the information requirements

  • the reporting requirements

  • the security of data processing

When you visit the Facebook page, you will be told, among other things, Your IP address as well as other information that is present in the form of cookies on your PC are stored. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the pages. For more information, please visit: https://www.facebook.com/business/a/page/page-insights.

b) Legal basis of processing

The legal basis for the processing of the data pseudonymously pseudonymous for us, which are processed in the course of your visit to our Facebook page, is our legitimate interest Art. 6 sec. 1 lit. f GDPR.

c) Purposes of processing

The processing of the information is intended, among other things, to enable Facebook to improve its system of advertising, which it distributes over its network. On the other hand, as the operator of the Facebook page, it should enable us to obtain statistics that Facebook creates based on the visits to our Facebook page.

Demographic and geographical evaluations are also created on the basis of the information collected and made available to us. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor.

The visitor statistics produced are transmitted to us exclusively in anonymised form. We do not have access to the underlying data.

d) Duration of storage

According to Facebook, the IP address is anonymized (for "German" IP addresses) and deleted after 90 days.

e) Possibilities of appeal

Facebook does not offer the possibility to turn off Facebook Insights either by the operator or by the user of the site. Consequently, there is no possibility of objection on the part of the user at this stage.

Twitter

Features of the Twitter service are integrated on our website. These are offered by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). By using Twitter or the "Re-Tweet" function, the website or its content you visit is linked to your Twitter account and disclosed to other users of the service. Data is also transferred to Twitter.

We would like to point out that we, as a website provider, do not receive any knowledge of the content of the transmitted data as well as their use by Twitter. For more information, please refer to Twitter's privacy policy at: https://twitter.com/privacy.

You can change your privacy settings on Twitter in the account settings under <a

href="https://twitter.com/account/settings">https://twitter.com/account/settings The Twitter opt-out can be found here: https://twitter.com/personalization.

Privacy Policy for Twitter

(The following privacy notices apply in the event that you use our company pages on social media

platforms)

a) Description and scope of data processing

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is responsible for the data processing of persons living outside the United States. Twitter Inc. assumes primary responsibility under GDPR for the processing of data and all obligations under the GDPR with respect to the

Processing of personal data. For information about what data is processed by Twitter and for what purposes, see Twitter's privacy policy: https://twitter.com/en/privacy .

When you visit the Twitter page, you will be told, among other things, Your IP address as well as other information that is present in the form of cookies on your PC are stored. This information is used to provide us, as the operator of the Twitter pages, with statistical information about the use of the sites.

b) Legal basis of processing

The legal basis for the processing of the data pseudonymously pseudonymous for us, which are processed in the course of your visit to our Facebook page, is our legitimate interest Art. 6 sec. 1 lit. f GDPR.

c) Purposes of processing

The processing of the information is intended, among other things, to enable Twitter to improve its system of advertising, which it distributes over its network. On the other hand, as the operator of the Twitter page, it is intended to enable us to obtain statistics that Twitter creates based on the visits to our Twitter page.

Demographic and geographical evaluations are also created on the basis of the information collected and made available to us. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor.

The visitor statistics produced are transmitted to us exclusively in anonymised form. We do not have access to the underlying data.

d) Duration of storage

If you send us private or direct messages, they will be deleted after 18 months, according to Twitter.

e) Possibilities of appeal

You can restrict the processing of your data in the general settings of your Twitter account as well as under the item "Privacy and Security". In addition, on mobile devices (smartphones, tablet computers) you can restrict Twitter's access to contact and calendar data, photos, location data, etc. in the settings there. However, this depends on the operating system you are using. For more information on these points, please visit the following Twitter support pages: https://support.twitter.com/articles/105576# and https://help.twitter.com/de/search?q=datenschutz

Instagram

On our site are integrated functions of the Instagram service. These are offered by Instagram Inc. (1601 Willow Road, Menlo Park, CA 94025, USA). The Instagram service is one of the so-called Facebook products and is also offered by Facebook Inc. and Facebook Ireland Limited. In this respect, the information already provided under the item "Facebook" also applies here. Instagram's privacy policy can be found here: http://instagram.com/about/legal/privacy.

Privacy Policy for Instagram

(The following privacy notices apply in the event that you visit our corporate pages on the social media platforms)

a) Description and scope of data processing

Facebook Inc. assumes primary responsibility under THE GDPR for the processing of data and all obligations under the GDPR with regard to the processing of personal data. Facebook is therefore taking over:

  • the primary responsibility

  • the handling of affected rights

  • the information requirements

  • the reporting requirements

  • the security of data processing

When you visit the Instagram page, you will be told, among other things, Your IP address as well as other information that is present in the form of cookies on your PC are stored. This information is used to help us as the operator of the Instagram pages

statistical information on the use of the pages. For more information, please visit: https://www.facebook.com/business/a/page/page-insights.

b) Legal basis of processing

The legal basis for the processing of the data, which for us is pseudonymized, in the course of your visit to our Instagram page, is our legitimate interest Art. 6 (1) lit. f GDPR.

c) Purposes of processing

One of the aims of the processing of the information is to enable Facebook Inc. to improve its system of advertising, which it distributes over its network. On the other hand, as the operator of the Instagram page, it should allow us to obtain statistics that Facebook creates based on the visits to our Instagram page. Demographic and geographical evaluations are also created on the basis of the information collected and made available to us. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor.

The visitor statistics produced are transmitted to us exclusively in anonymised form. We do not have access to the underlying data.

d) Duration of storage

According to Facebook Inc., the IP address is anonymized (for "German" IP addresses) and deleted after 90 days.

e) Possibilities of appeal

Facebook does not offer the possibility to turn off insights either by the operator or by the user of the site.

Consequently, there is no possibility of objection on the part of the user at this stage.

LinkedIn

Functions of the LinkedIn network are integrated on our website. These are offered by LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA, 94043, USA). When actively using the plugin, a connection to LinkedIn servers is established and the provider is informed that you are using our website with

your IP address. If you are logged in to LinkedIn during this process, LinkedIn is able to assign your visit to your user account.

We would like to point out that we, as a website provider, have no knowledge of the content of the transmitted data as well as their use by LinkedIn. For more information, see LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy. The LinkedIn opt-out can be found here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Privacy Policy for LinkedIn

(The following privacy notices apply in the event that you visit our corporate pages on the social media platforms)

a) Persons in charge

As the operator of this LinkedIn page, we (IDX GmbH, Stolbergerstraße 90D, 50933 Köln ) are jointly responsible for the social network LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)

of Art. When you visit our LinkedIn page, personal data is processed by the controller.

As the controller of this site, we have entered into agreements with LinkedIn, which, among other things, govern the conditions for using the LinkedIn site. The LinkedIn Terms of Use and the other terms and conditions listed therein at the end.

b) Legal basis and legitimate interests

The processing of the personal data of the users takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

c) Purposes of processing

The processing of the information is intended, among other things, to enable LinkedIn to improve its system of advertising which it distributes over its network. On the other hand, as the operator of the LinkedIn page, it is intended to enable us to obtain statistics that LinkedIn creates based on visits to our LinkedIn page. Demographic and geographical evaluations are also created on the basis of the information collected and made available to us. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor. The visitor statistics produced are transmitted to us exclusively in an anonymised form. We do not have access to the underlying data. 

d) Disclosure to third parties

It is likely that some of the information collected will also be processed outside the European Union by LinkedIn Corporation, based in the US.

We do not share any personal data.

e) Possible objections

LinkedIn users can set the Settings for advertising preferences to what extent their user behavior is recorded when visiting our LinkedIn page

may be used. Additional measures can also be taken in the LinkedIn Account settings.

The processing of information using the cookie used by LinkedIn can be prevented by not allowing third-party cookies or linkedin cookies in your own browser settings.

###f) Nature of shared responsibility

It is essentially clear from the agreements with LinkedIn also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly from LinkedIn. Because as a provider of the social network and the possibility to integrate LinkedIn pages there, LinkedIn has

only about the direct access to the required information and may also take immediately any necessary measures and provide information. If our support is required, please feel free to contact us at any time.

Xing

On our site, functions of the Xing service are integrated. These are offered by XING SE (Dammtorstraße 30 20354 Hamburg Germany E-Mail: info@xing.com). When actively using the link, a connection to Xing servers is established and the provider is informed that

that you have visited our website with your IP address. If you are logged in to Xing during this process, Xing is able to assign your visit to your user account.

11. Integration of third-party services/content

Within our online offering, we use third-party content and/or service offerings to integrate their functions, such as the detection of so-called "bots". This is done either on the basis of our legitimate interest within the meaning of Art. 6 sec. 1 lit. f GDPR, i.e. the interest in the analysis, optimization and economic operation of our online offer or your express consent within the meaning of Art. 6 sec. 1lit. a.

The integration of these services requires that the third parties listed below are made aware of the IP address of the users, otherwise their contents cannot be delivered. We make every effort to use only such content in which the respective provider uses the IP address only for the delivery of content.

Third-party providers can use so-called "pixel tags" for statistical or marketing purposes. These "pixel tags" allow information, such as .B traffic, to be evaluated on this website. The pseudonymized information may be stored in cookies on the user's device and may include, for example, technical information about the browser and operating system used, referring websites, time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.

The following presentation provides an overview of the third-party providers used by us and their contents, as well as links to their data protection declarations, which provide further information on the processing of data and, in some part, data processing. Opt-out included:

LinkedIn Pixel:

This website uses the so-called "LinkedIn Pixel" of the social network LinkedIn Inc. (1000 W Maude Sunnyvale, CA 94085, US). The United States is an unsafe third country with regard to the processing of personal data.

With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49(1) lit. a GDPR.

With the help of the LinkedIn pixel, LinkedIn is able to identify visitors to our online offer as the target group for the display of advertisements. Accordingly, we use the LinkedIn pixel to display the LinkedIn ads we have placed only to those users who have also shown an interest in our online offer. We would also like to anonymously record the effectiveness and associated success of the reach of our ads. LinkedIn's processing of data is part of LinkedIn's privacy policy. The pixel is set only with your consent in accordance with Art. 6 sec. 1 lit. a. as well as Art. 7 GDPR and can be used by you at any time

withdrawn. We have an order processing with LinkedIn. Accordingly, general notices on the presentation of LinkedIn ads, in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy are available.

For more information about how to use and cookie policy, see: <a

href="https://www.linkedin.com/help/linkedin">https://www.linkedin.com/help/linkedin</a> und hier <a href="https://www.linkedin.com/legal/cookie-policy"> https://www.linkedin.com/legal/cookie-policy</a> 

Facebook, Custom Audiences and Facebook marketing services Pixel:

Within our online offer, the so-called "Facebook pixel" of the social network Facebook, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") is used if you have consented to the use. The legal basis is Art. 6 (1) lit. a GDPR if the user's consent was given. The United States is an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49(1) lit. a GDPR.

With the help of the Facebook pixel, Facebook is able to identify visitors to our online offer as the target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads meet the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook ads for statistical and market research purposes by seeing if users have been redirected to our website after clicking on a Facebook ad (a so-called "conversion"). The processing of the data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the presentation of Facebook ads and on the data usage policy of Facebook can be found here: <a

href="https://www.facebook.com/policy.php">Facebook Policy. For specific information and details about the Facebook pixel and how it works, see <a

href="https://www.facebook.com/business/help/651294705016616">Help section from Facebook. You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set what types of ads you see within Facebook, you can go to the page set up by Facebook and follow the usage-based advertising settings: Facebook Ad Settings. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. You can also use the use of cookies for range measurement and advertising purposes via the <a

href="http://optout.networkadvertising.org/">Deactivation page the network advertising initiative and additionally the Us website or the <a

href="http://www.youronlinechoices.com/uk/your-ad-choices/">European website object.

Google Tag Manager:

Through this service, website tags can be managed via a Google tool (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Only tags are implemented by this service. This means that no cookies are used and no personal data is collected. The Google Tag Manager can trigger other tags, which in turn may then collect personalized data. However, the Google Tag Manager does not access this personalized data. If the service is deactivated or no consent has been given at the domain level or by our Consent Manager, the tags will be deactivated or will not be triggered.

The United States is an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49(1) lit. a GDPR.

For the general use of the Google Tag Manager, the legal basis according to your consent is Art. 6 (1) lit. a. as well as Art. 7 GDPR and can be withdrawn by you at any time via the Consent Manager.

Google ReCaptcha:

On this page we have implemented the Google ReCaptcha function, e.g. for the detection of "bots" trying to make entries in online forms. This service is offered by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) or Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). The United States is considered an unsafe third country with regard to the processing of personal data. With your explicit consent through the Consent Manager, personal data may still be sent to the United States. The legal basis here is Article 49 (1) lit. a GDPR. For the general use of the Google ReCaptcha, the legal basis according to your consent is Art. 6 (1) lit. a. as well as Art. 7 GDPR and can be withdrawn by you at any time via the Consent Manager.

12. Rights of the data subject

a) Right of access

You may request confirmation from the controller as to whether personal data concerning you is processed by us. If such processing is available, you may request the following information from the controller:

  • the purposes for which the personal data is processed;

  • the categories of personal data processed;

  • the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;

  • the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;

  • the existence of a right to rectification or erasure of personal data concerning you, a right to restrict processing by the controller or a right to object to such processing;

  • the existence of a right of appeal to a supervisory authority;

  • all available information on the origin of the data if the personal data is not collected from the data subject;

  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in such cases, meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request that you be informed of the appropriate guarantees in accordance with Article 46 GDPR in connection with the transmission.

b) Right to correction

You have the right to rectification and/or completion to the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the correction without delay.

c) Right to restrict processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  • if you dispute the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;

  • the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or

  • if you have objected to the processing in accordance with Art. 21 sec. 1 GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may be processed, except for its storage, only with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

If the restriction of processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

d) Right to erasure

1) Obligation to delete

You may require the controller to delete the personal data concerning you without delay, and the controller is obliged to delete such data immediately, provided that one of the following reasons:

Applies:

  • The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

  • You revoke your consent, on which the processing was based in accordance with Art. 6 sec. 1 lit. a or Art. 9 sec. 2 lit. a GDPR, and there is no other legal basis for the processing.

  • You object to the processing in accordance with Art. 21 sec. 1 GDPR and there are no primary legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 sec. 2 GDPR.

  • The personal data concerning you has been processed unlawfully.

  • The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

  • The personal data concerning you has been collected in relation to information society services offered in accordance with Article 8(1) GDPR.

2) Information to third parties

If the controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 sec. 1 GDPR, he shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested from them the deletion of all links to such personal data or from copies or replications of that personal data.

3) Exceptions

The right to erasure does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;

  • to fulfil a legal obligation requiring processing under the law of the Union or the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority delegated to the controller;

  • for reasons of public interest in the field of public health in accordance with Article 9(2) lit. h and i and Article 9(3) GDPR;

  • for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the law referred to in section (a) is likely to make the achievement of the objectives of such processing impossible or seriously impairs, or

  • for the assertion, exercise or defence of legal claims.

e) Right to information

If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed, this rectification or deletion of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients in respect of the controller.

f) Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to

other controllers without hindrance by the controller to whom the personal data has been provided, provided that:

  • the processing is based on a consent pursuant to Art. 6 sec. 1 lit. a GDPR or Art. 9 sec. 2 lit. a GDPR or on a contract pursuant to Art. 6 sec. 1 lit.b GDPR and

  • processing is carried out using automated procedures.

In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible.

The freedoms and rights of other persons must not be affected by this.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

g) Right of objection

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which takes place pursuant to Article 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

to be deposited; this also applies to profiling in so far as it is related to such direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

h) Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

i) Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect against you or similarly significantly affects you. This does not apply if the decision:

  • is necessary for the conclusion or performance of a contract between you and the controller,

  • is permitted by Union or Member States legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

  • with your express consent.

However, these decisions may not be based on specific categories of personal data under Article 9(1) GDPR, unless Article 9(2) lit. a or g GDPR applies and appropriate measures have been taken to protect rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the intervention of a person on the part of the controller, to express his or her point of view and to challenge the decision.

j) Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of the persons concerned

personal data violates the GDPR.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.