PRIVACY POLICY

PREFACE

​

We, the NUVI Releaf GmbH (hereinafter "the company", "we" or "us"), take the protection of your personal data seriously and would like to inform you here about data protection in our company.

Within the scope of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") in order to ensure the protection of personal data of the data subject (we also refer to you as "customer", "you", "you" or "data subject").

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the nature, scope, purpose, duration and legal basis of the processing (cf. Articles 13 and 14 GDPR). With this statement (hereinafter: "Data Protection Information"), we inform you about the manner in which your personal data is processed by us.

Our data protection information has a modular structure. It consists of a general part for all processing of personal data and processing situations that apply to every contact with us (A. General) and specific parts whose content relates only to the processing situation specified there (B. Visiting of our websites, C. Contact via contact form, D. Newsletter registration, E. Data processing when accessing our Social Media Profiles, F. Data processing in the case of online submission of applications).
 

​

​

​

​

​

​

​
 

​
 

 

 

 

 

If you have any questions about your data or this Data Protection Information, please contact us at gdpr@nuvi.earth.

​

​

A. General

(1) DEFINITIONS

Following the model of Article 4 GDPR, these Data Protection Information are based on the following definitions:

- "Personal data" (Article 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. It does not matter how the information is generated, in what form or in what form it is presented (even photographs, video or audio recordings can contain personal data).

- "Processing" (Article 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by means of automated (i.e. technology-based) processes. This includes, in particular, the collection (i.e. acquisition), recording, organization, classification, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the modification of an objective or purpose on which data processing was originally based.

- "Controller" (Article 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

- "Third Party" (Article 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons who, under the direct responsibility of the Controller or Processor, are authorized to process the Personal Data; this also includes other group-affiliated legal entities.

- "Processor" (Article 4 No. 8 GDPR) is a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a commissioned processor is in particular not a third party.

- "Consent" (Article 4 No. 11 GDPR) of the data subject means any freely given expression of will for the specific case, in an informed manner and unambiguously in the form of a declaration or other unambiguous confirming act by which the data subject indicates that he or she agrees to the processing of personal data relating to him or her.

(2) NAME AND ADDRESS OF THE CONTROLLER

The controller of your personal data within the meaning of Article 4 No. 7 GDPR is us: NUVI Releaf GmbH, a limited liability company,  An der Kirche 22, 35463 Fernwald, Germany | Phone: +49 (0) 69 5095 5392, E-mail: hello@nuvi.earth.
Further information about our company can be found in the imprint details on our website at https://www.nuvi.earth/imprint.

​

(3) LEGAL BASIS FOR DATA PROCESSING

By law, any processing of personal data is in principle prohibited and only permitted if the data processing falls under one of the following justifications:

- Article 6 para. 1 sentence 1 lit. a GDPR ("consent"): If the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous confirming action that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
- Article 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;
- Article 6 para. 1 sentence 1 lit. c GDPR: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
- Article 6 para. 1 sentence 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
- Article 6 para. 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
- Article 6 para. 1 sentence 1 lit. f GDPR ("Legitimate Interests"): If the processing is necessary for the protection of legitimate (in particular legal or economic) interests of the controller or a third party, unless such interests are overridden by the legitimate interests or rights of the data subject (in particular if the data subject is a minor).

The storage of information in the end user's device or access to information already stored in the device is only permitted if it is covered by one of the following justifications:

- Section 25 para. 1 of the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, TTDSG): if the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
- Section 25 para. 2 no. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network or
- Section 25 para. 2 no. 2 TTDSG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.
 

(4) DATA ERASURE AND STORAGE PERIOD

For each of the processing operations carried out by us, we indicate below how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers, subject to any transfer that may take place in accordance with the regulations in A.(6) and A.(7).

However, data may be stored beyond the specified period in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by statutory provisions to which we as the responsible party are subject (e.g. Section 257 of the German Commercial Code (HGB), Section 147 of the German Tax Code (AO)). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

(5) DATA SECURITY

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact us (see contact details under A.(2)).

(6) COOPERATION WITH PROCESSORS

As with any company, we also use external domestic and foreign service providers (e.g. for IT, logistics, telecommunications, sales and marketing) to process our business transactions. These service providers are only active according to our instructions and are contractually obligated to comply with data protection regulations in accordance with Article 28 GDPR.

(7) CONDITIONS FOR THE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us (the legal basis is Article 6 para. 1 lit. b or lit. f GDPR in each case in conjunction with Article 44 et seq. GDPR). We will inform you about the respective details of the transfer below at the relevant points.

Some third countries are certified by the European Commission through so-called adequacy decisions to have a level of data protection comparable to the EEA standard (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data pursuant to Article 46 para. 1, para.  2 lit. c GDPR (the 2021 standard contractual clauses are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognized codes of conduct. Please contact us (see contact details under A.(2)) if you would like more information on this.

(8) NO AUTOMATED DECISION MAKING (INCLUDING PROFILING)

We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

(9) NO OBLIGATION TO PROVIDE PERSONAL DATA

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.

(10) LEGAL OBLIGATION TO TRANSMIT CERTAIN DATA

We may, under certain circumstances, be subject to a special statutory or legal obligation to make the lawfully processed personal data available to third parties, in particular public bodies (Article 6 para. 1 sentence 1 lit. c GDPR).

(11) YOUR RIGHTS

You may assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A.(2). As a data subject, you have the right

- to request information about your data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or opposition, the existence of a right of complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details;
- in accordance with Article 16 GDPR, to demand the correction of inaccurate or the completion of your data stored by us without delay;
- pursuant to Article 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- in accordance with Article 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
- pursuant to Article 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");

- object to the processing in accordance with Article 21 GDPR, provided that the processing is based on Article 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing;

 

- in accordance with Article 7 par. 3 of the GDPR, to revoke your consent given once (also before the GDPR came into force, i.e. before May 25, 2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future and

- to complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Article 77 GDPR, for example to the data protection supervisory authority responsible for us.

​

(13) CHANGES TO THE DATA PROTECTION NOTICE

​

In the context of the further development of data protection law and technological or organizational changes, our Data Protection Information are regularly reviewed to determine whether they need to be adapted or supplemented. You will be informed of any changes in particular on our German website at https://www.nuvi.earth/privacy-policy. 

​

​

B. VISITING OF OUR WEBSITES

​

(1) EXPLANATION OF FUNCTION

​

You can obtain information about our company and the services we offer in particular at https://www.nuvi.earth/ together with the associated sub-pages (hereinafter collectively referred to as "websites"). When you visit our websites, personal data may be processed.

​

(2) PROCESSED PERSONAL DATA

 

During the informational use of the Websites, the following categories of personal data are collected, stored and processed by us:

​

• "log data": When you visit our websites, a so-called protocol data record (so-called server log files) is stored temporarily and anonymously on our webserver. 
   

This consists of: 

​

• the page from which the page was requested (so-called referrer URL)

• the name and URL of the requested page

• the date and time of the request

• the description of the type, language and version of the web browser used

• the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established

• the amount of data transferred

• the operating system

• the message whether the call was successful (access status/ttp status code)

• the GMT time zone difference]
   

"Contact form data": When contact forms are used, the data transmitted thereby are processed (for further details, please refer to part C. Contact via contact form).

​

(3) PURPOSE AND LEGAL BASIS OF DATA PROCESSING

​

We process the personal data described in more detail above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Article 6 para. 1 sentence 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

​

The processing of log data serves statistical purposes and to improve the quality of our website, in particular the stability and security of the connection (legal basis is Article 6 para. 1 sentence 1 lit. f GDPR).

​

Contact form data is processed for the purpose of handling customer inquiries (legal basis is Article 6 para. 1 sentence 1 lit. b or lit. f GDPR).

(4) DURATION OF DATA PROCESSING

​

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.

​

Third parties used by us will store your data on their system for as long as is necessary in connection with the provision of services for us in accordance with the respective order.

​

For more details on the storage period, please refer to A.(4)

​

(5) TRANSFER OF PERSONAL DATA TO THIRD PARTIES; BASIS FOR JUSTIFICATION

​

The following categories of recipients, which are usually order processors (see A.(6)), may receive access to your personal data:

​

• Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the disclosure is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not order processors;

• Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Article 6 para. 1 sentence 1 lit. c GDPR;

• Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR.
   

For guarantees of an adequate level of data protection in the event of data being passed on to third countries, see A.(7). 

In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

 

(6) USE OF COOKIES, PLUGINS AND OTHER SERVICES ON OUR WEBSITE

​

a) Cookies

We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using on your hard drive by means of a characteristic string of characters and stored, and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the Internet offer as a whole more user-friendly and effective, i.e. more pleasant for you.

​

Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user.

​

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

​

Essential cookies are mandatory in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited.

​

We only use cookies that are absolutely necessary for technical reasons. These are absolutely necessary in order to navigate the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited.

​

The use of the aforementioned cookies or comparable technologies is based on § 25 para. 2 TTDSG. In the case of the aforementioned essential cookies, your personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR according to our overriding legitimate interest in ensuring the optimal functionality of the website and a user-friendly and effective design of our offer. You have the right to object to this processing of your personal data at any time for reasons arising from your particular situation; to exercise this right, simply contact us using the contact details provided at the beginning or send an email to gdpr@nuvi.earth.

​

b) Social Media Plugins

We do not use social media plugins on our websites. If our websites contain icons from social media providers, we only use these for passive linking to the pages of the respective providers. User information is only transferred to the respective provider after redirection. For information on the handling of your personal data when using these websites, please refer to the respective data protection policies of the providers you use.

 

​

C. CONTACT VIA CONTACT FORM

​

You can contact us on our website by means of a contact form. In doing so, we process your data as follows:

​

(1) COLLECTION AND STORAGE OF PERSONAL DATA AND THE TYPE AND PURPOSE AND USE THEREOF

​

If you contact us via the contact form, we collect the information as it is given to us by you.

​

This data is collected

​

• to be able to identify you as the inquirer;

• to process your request;

• to correspond with you
   

The data processing is carried out upon your contacting us according to Article 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.

​

(2) DURATION OF DATA STORAGE

We store and process your personal data for as long as it is necessary to fulfill the processing purposes outlined above.

​

(3) TRANSFER OF DATA TO THIRD PARTIES

Your personal data will not be transferred to third parties.

 

​

D. NEWSLETTER REGISTRATION

​

You can register for our newsletter on our website to be informed about news. In doing so, we process your data as follows:

​

(1) COLLECTION AND STORAGE OF PERSONAL DATA AS WELL AS TYPE AND PURPOSE AND THEIR USE

​

When you subscribe to our newsletter, the following "newsletter data" is collected, stored and processed by us:

​

• the page from which the page was requested (so-called referrer URL)

• the date and time of the request

• the description of the type of web browser used

• the IP address of the requesting computer, which is shortened in such a way that it is no longer possible to establish a personal reference

• the e-mail address

• the date and time of registration and confirmation, and, insofar as it is given to us by you:

• Salutation, first name, last name.
   

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The data is collected exclusively pseudonymously, i.e. the IDs are not linked with your other personal data, a direct personal reference is excluded.

​

The newsletter data is processed for the purpose of sending the newsletter. When registering for our newsletter, you consent to the processing of your personal data (legal basis is Article 6 para. 1 sentence 1 lit. a GDPR). For the registration to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter email, by email to marketing@nuvi.earth or by sending a message to the contact details provided in the imprint.

​

(2) DURATION OF DATA STORAGE

​

We store and process your personal data for as long as it is necessary to fulfill the processing purposes outlined above. Third parties engaged by us will store your data on their systems for as long as is necessary in connection with the provision of services for us in accordance with the respective order.

​

(3) TRANSFER OF PERSONAL DATA TO THIRD PARTIES; BASIS FOR JUSTIFICATION

​

The following categories of recipients, which are usually order processors (see A.(6)), may receive access to your personal data:

​

• Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the disclosure is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as they are not order processors;

• Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Article 6 para. 1 sentence 1 lit. c GDPR;

• Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR.
   

For guarantees of an adequate level of data protection in the event of data being passed on to third countries, see A.(7). 

In addition, we will only pass on your personal data to third parties if you have given your express consent to do so in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

​

​

E. DATA PROCESSING WHEN ACCESSING OUR SOCIAL MEDIA PROFILES

​

(1) GENERAL

​

We maintain publicly accessible profiles in various social networks. Your visit to these profiles initiates a variety of data processing operations. In the following, we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profiles in social networks. These functionalities will not be available to you or only to a limited extent if you do not provide us with your personal data.

​

When you visit our profiles, your personal data will be collected, used and stored not only by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile in the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details about the collection and storage of your personal data and about the type, scope and purpose of their use by the operator of the respective social network, please refer to the data protection statements of the respective operator: 

​

• The privacy policy for the social network Facebook, which is operated by Meta Plat-forms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, can be viewed at https://www.facebook.com/about/privacy/update?ref=old_policy;

• The privacy policy for the social network Instagram, operated by Meta Plat-forms Ireland Limited, can be viewed at https://help.instagram.com/155833707900388;

• The privacy policy for the social network YouTube, operated by Google Ire-land Limited, Gordon House, Barrow Street, Dublin 4, Ireland, can be viewed at https://policies.google.com/privacy?hl=de;

• The privacy policy for the social network Pinterest, operated by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland, can be found at https://policy.pinterest.com/de/privacy-policy;

• The privacy policy for the social network LinkedIn, operated by, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be found at https://www.linkedin.com/legal/privacy-policy?_l=de_DE;

​

​

(2) GENERAL INFORMATION ON THE COLLECTION OF PERSONAL DATA WHEN CONTACTING US VIA OUR PROFILES ON SOCIAL NETWORKS

​

If you use our profiles on social networks to contact us (for example, by creating your own posts, responding to one of our posts or by sending us private messages), the data you provide us with will be processed by us solely for the purpose of contacting you. 

The legal basis for the data collection is thus Art. 6 para. 1 sentence 1 lit. a) and b) DSGVO. We delete stored data as soon as their storage is no longer necessary or you request us to delete them; in the case of statutory retention obligations, we limit the processing of the stored data accordingly.

​

The following categories of recipients, which are usually order processors (see A.(7)), may receive access to your personal data:

​

• Service providers for the operation of the facilities for contacting. The legal basis for the transfer is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR, insofar as these are not order processors;

• Government agencies/authorities, insofar as this is necessary for the fulfillment of a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 sentence 1 lit. c GDPR;

• Persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the disclosure is then Article 6 para. 1 sentence 1 lit. b or lit. f GDPR.
   

For the guarantees of an adequate level of data protection in the event of a transfer of data to third countries, see A.(8). 

In addition, we will only share your personal data with third parties if you have given your express consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

​

(3) SUPPLEMENTARY INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA WHEN VISITING OUR PROFILE ON THE SOCIAL NETWORK FACEBOOK

​

As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged in to it while visiting our fan page. In addition, Meta Platforms provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that Meta Platforms collects to compile these statistics. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our Fanpage according to the target group. The legal basis for the data processing is thus Article 6 para. 1 sentence 1 lit. f) GDPR. In addition, Meta Platforms uses so-called cookies, which are stored on your end device when you visit our Fanpage, even if you do not have your own Facebook profile or are not logged into it during your visit to our Fanpage. These cookies allow Meta Platforms to create user profiles based on your preferences and interests and to show you advertising (inside and outside of Facebook) that is tailored to these preferences and interests. Cookies remain on your terminal device until you delete them. For details, please refer to Facebook's privacy policy.

​

(3) SUPPLEMENTARY INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA WHEN VISITING OUR PROFILE ON THE SOCIAL NETWORK INSTAGRAM

​

We can only see the public information of your Instagram profile. You decide which this is specifically in your Instagram settings. As an Instagram page operator, Meta Platforms provides us with anonymous usage statistics that we use to improve the user experience when visiting our Instagram page. We do not have access to the usage data that Meta Platforms collects to create these statistics. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our Instagram page in a targeted manner. The legal basis for the data processing is thus Article 6 para. 1 sentence 1 lit. f) GDPR. In addition, Meta Platforms uses so-called cookies that are stored on your terminal device when you visit our Instagram page, even if you do not have your own Instagram profile or are not logged into it during your visit to our Instagram page. These cookies allow Meta Platforms to create user profiles based on your preferences and interests and to show you advertising (inside and outside of Instagram) that is tailored to these. Cookies remain on your terminal device until you delete them. Details on this can be found in the privacy policy of Instagram.

​

(4) SUPPLEMENTARY INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA WHEN VISITING OUR PROFILE ON THE SOCIAL NETWORK LINKEDIN

​

We can only see the public information of your LinkedIn profile. You decide which this is specifically in your LinkedIn settings. As the operator of a LinkedIn page, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our LinkedIn page. We do not have access to the usage data that LinkedIn collects to create these statistics. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our LinkedIn page according to the target group. The legal basis for the data processing is therefore Article 6 para. 1 sentence 1 lit. f) GDPR. In addition, LinkedIn uses so-called cookies that are stored on your end device when you visit our LinkedIn page, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our LinkedIn page. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you advertising (within and outside of Instagram) tailored to these. Cookies remain on your terminal device until you delete them. For details, please see LinkedIn's privacy policy.

​

​

F. DATA PROCESSING IN THE CASE OF ONLINE SUBMISSION OF APPLICATIONS VIA THE WEBSITE

​

You can apply to us on our website. In doing so, we process your data as follows:

​

(1) COLLECTION AND STORAGE OF PERSONAL DATA AS WELL AS TYPE AND PURPOSE AND USE THEREOF

​

If you apply to us, we process the data you have sent us in connection with your application in order to check your suitability for a position for which you are applying or, if applicable, other open positions in our companies and to carry out the application procedure.

 

The legal basis for processing your personal data in this application process is primarily Article 6 para. 1 sentence 1 lit. f) GDPR. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

​

Should the data be required for legal prosecution after completion of the application process, data processing may be carried out on the basis of the requirements of Article 6 GDPR, in particular to safeguard legitimate interests pursuant to Article 6 para. 1 sentence 1 lit. f) GDPR. Our interest then consists in the assertion or defense of claims.

​

(2) DURATION OF DATA STORAGE

​

Data of applicants will be deleted after six months in the event of a rejection.

​

In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

​

If you are awarded a position during the application process, your data will be transferred from the applicant data system to our personnel information system. 

​

(3) TRANSFER OF DATA TO THIRD PARTIES

​

Your applicant data will be viewed by the human resources department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application process.

​

​

​

​

​