Data Privacy Statement

Privacy policy


We are pleased about your interest in our company and our products or services and would like you to feel secure when visiting our Internet pages, also with regard to the protection of your personal data. We want you to know when we store which data and how we use it. We are subject to the provisions of the European General Data Protection Regulation (DSGVO) and the supplementary regulations of the German Federal Data Protection Act (BDSG). To ensure that the regulations on data protection are observed both by us and by service providers commissioned by us, we have taken appropriate technical and organizational measures.

This data protection information applies to our online offers. This includes our websites, their functions and content as well as external online presences, such as our presences in social media. This general data protection information also serves to inform you about further processing of your personal data and our fulfillment of the information obligations towards you.

The terms used in this privacy notice, such as data controller or personal data, are used in accordance with the definitions of the GDPR. For reasons of readability and thus also in the sense of a comprehensible provision of information, the naming of individual articles, paragraphs or the like is generally omitted.

Person responsible

The responsible person in the sense of the DSGVO and other national data protection laws of the member states, as well as other data protection regulations, is the

AHP Merkle GmbH
Nägelseestr. 39
79288 Gottenheim
Germany
Phone: +49 7665 4208-0
Fax: +49 7665 4208-88
E-Mail: mailbox@ahp.de
Website: www.ahp.de

 

Data protection officer

The data controller has appointed a data protection officer. His contact details are

Bechtle GmbH
IT System House Freiburg
Leinenweberstrasse 1
DE-79108 Freiburg im Breisgau, Germany
www.bechtle.com

You can contact our data protection officer directly at any time with questions about data protection or to enforce your rights listed below.

 

General information on data processing

Legal basis for the processing of personal data

Within the framework of data protection law, the processing of personal data is generally not permitted unless there is a legally permissible reason for permission. We are obliged to inform you about the legal basis of data processing. If we obtain your consent for processing operations of personal data, this serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which you are a party, the performance of the contract serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as processing of personal data is necessary for compliance with a legal obligation to which we are subject, this serves as the legal basis. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, this serves as the legal basis. If the processing is necessary to protect a legitimate interest of our company or a third party and these interests, your fundamental rights and freedoms do not override, this serves as the legal basis for the processing.

 

Hosting

Hetzner 

We host our website with Hetzner. The provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). 

For details, please refer to Hetzner's privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz

The use of Hetzner is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in ensuring that our website is presented as reliably as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time. 

Order processing 

We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO. 

Data transfer to third countries

The GDPR ensures a uniformly high level of data protection within the European Union (EU) and the European Economic Area (EEA). When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed.  If we have your data processed in a third country - i.e. outside the EU/EEA - this is always done in accordance with the legal requirements. In addition to your express consent or contractually or legally required transfer, we only have your data processed in third countries with a recognized level of data protection, through a contractual obligation by so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations.

Existence of automated decision making

We do not use automated decision-making.

 

Recipients of the data / categories of recipients

Within our company, we ensure that only those persons receive your data who need them to fulfill contractual and legal obligations.

In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers as part of a so-called order processing, this is done within the framework of the requirements of the DSGVO. Our order processors are carefully selected, bound by our instructions and are checked at regular intervals. We only commission processors who provide sufficient guarantees that appropriate technical and organizational measures are taken in such a way that the processing is carried out in accordance with the requirements of the DSGVO and BDSG and ensures the protection of your rights.

 

Disclosure of personal data to third parties

In principle, we do not pass on any personal data to third parties without your express consent. If, in the course of processing, we nevertheless disclose your data to third parties, transmit it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal grounds. 

For example, we transmit data to payment service providers or suppliers if this is necessary for the performance of the contract. If we are required to do so by law or by court order, we must transfer your data to the respective authorities entitled to receive such information.

Use of our online offer

In principle, you can use our online offer without disclosing your identity. In this section, we explain when and in what context we process data when you use our online offers, which offers from service providers we have implemented, how they work and what happens to your data.

 

Children

Our offer is basically aimed at adults. Persons under 16 years of age may not transmit any personal data to us without the consent of their parents or legal guardians.

 

Transport encryption

In order to protect your transmitted data in the best possible way, we use a so-called transport encryption. To ensure the security of your data during the transmission process, we use a state-of-the-art SSL/TLS encryption process.

 

Data collection when visiting our websites

If you use our websites for information purposes only, i.e. you do not register for an offer, conclude a contract with us or otherwise disclose information to us, we only collect the personal data that your browser transmits to our servers. 

When you call up our websites, we collect the following data, which is technically necessary for us to be able to display our websites to you and to ensure stability and security:

IP address of the visitor

Date and time of the request

Content of the request (specific page)

access status/HTTP status code

amount of data transferred in each case

Website from which the request comes

Operating system of the visitor

Language and version of the browser software.

This data is temporarily stored in the log files of our system for a maximum of seven days. Storage beyond this period is possible, but in this case the IP addresses are shortened or alienated so that it is no longer possible to assign the calling client. In this context, the log files are not stored together with other personal data relating to you. The legal basis for these processing operations is our legitimate interest.

Since the collection of data to display the websites and the storage of the data in log files is absolutely necessary for the operation of our websites and the maintenance of IT security, you have no possibility to object in this respect. 

Requests to us

If you send us an inquiry via our website - for example, by using the contact form - your personal data will be processed in order to answer your inquiry:

Use of cookies

General information on the use of cookies

In addition to the previously mentioned data, cookies are stored on your terminal device when you use our websites. Cookies are data records that can be sent from a website to the browser, which stores them and sends them back again. Different data can be stored in cookies, which are read by the body that sets the cookie. 

Legal basis

We use cookies in accordance with the legal requirements. Therefore, we obtain prior consent from you for cookie use, except where such consent is not required by law. Consent is not required if the storage and reading of the information stored in cookies is absolutely necessary to provide the telemedia service (i.e. our online offering) that you have expressly requested. In all other cases, your consent is required. This consent can be given by you in advance, verifiably and revocably with the help of our Consent Management Tool.

Information on the legal basis under data protection law for the respective cookie use can be found either in this data protection notice or in our Cookie Management Tool.

Storage duration 

With regard to the storage period, two different types of cookies can be used:

  • Session cookies: these cookies are deleted after you leave our online offer and close your browser.
  • Persistent cookies remain stored even after you close your browser. For example, the login status or entered search terms can be stored Also, these cookies can be used for range measurement.

You can find information about the storage period of the respective cookies in our Cookie Management Tool.

 

Information about services used

Cookie Management Tool

We use a so-called cookie management tool. This allows you to manage the cookies we use as well as the consents you have given, to find out more information about data processing using cookies and to view the purpose and storage period of the cookies used.

 

Information on data processing by third parties

Google Analytics

Insofar as you have given your consent, Google Analytics is used on this website This is a web analytics service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. We have extended Google Analytics on this website with a so-called IP anonymization to ensure only a shortened collection and transmission of IP addresses. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. However, we would like to expressly point out at this point that Google generally processes data for its own purposes, in particular also for the purpose of providing its web analysis and tracking service. Within the scope of Google Analytics, further usage data is collected that is to be assessed as personal data, such as identification features of individual users, which also allow a link to an existing Google account, for example.

The following usage data is evaluated on our site by Google Analytics: 

  • Frequency of page views
  • Number of users
  • Bounce rate (page is closed again after a page view)
  • Session duration (average duration of all users)
  • Country from which the website was accessed
  • Use of website functions
  • Which page is visited how often
  • Device and device category with which the user accesses our website

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity to us.

The legal basis for the use of Google Analytics is your voluntarily given consent.

You can find more information about Google's terms of use and data protection here and here.

Recipients / categories of recipients 

The recipients / categories of recipients of the collected data can be found in our Cookie Management Tool.

Duration of data storage 

You can find out how long the cookies are stored on your terminal device from our Cookie Management Tool.

The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached is automated once a month. 

 

Google Maps 


We use Google Maps to display our location. This is a service of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Google. Only if you click on Load map, personal data of you will be transmitted to Google and stored there The processed data may include in particular your IP addresses and location data, which, however, will not be processed without your consent.  
Incidentally, by using Google Maps, you enter directly into a user relationship with Google. You can find more information on Google's terms of use and data protection here. 

Recipients/categories of recipients 

Recipients of the data are/could be 

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO) 
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA 
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA 
     

Legal basis 

The legal basis for the use of Google Maps is your voluntarily given consent. 
 

Duration of data storage 

You can find out how long the cookies are stored on your terminal device from our Cookie Management Tool. 

 

Google Ads and Conversion Tacking

If you have given your consent, Google Ads including conversion tracking will be used on this website. This is a service of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). Google Ads is a web analytics service We use conversion tracking for targeted advertising of our offer:

If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your terminal device. If you visit a specific page of our website, both we and Google can evaluate that you have clicked on an ad placed by us on Google and that you have subsequently been redirected to our website. 

Google uses the information obtained in this way to provide us with statistics about visits to our website. In addition, this provides us with information about the number of users who clicked on our ad(s) and about the pages of our website that were subsequently accessed. This information is used to create conversion statistics for Ads customers who have opted in to conversion tracking. The customers, i.e. we as website operators, learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you do not receive any information with which users can be personally identified.

The legal basis for the use of Google Ads is your voluntarily given consent.

Recipients / categories of recipients

The recipients / categories of recipients of the collected data can be found in our Cookie Management Tool.

Duration of data storage

You can find out how long the cookies are stored on your end device from our Cookie Management Tool.

Google Tag Manager

Our website uses Google Tags This is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter referred to as Google). Google Tag Manager is a solution that allows us to manage website tags through one interface. Tags are small code elements on our website that are used, among other things, to measure traffic and visitor behavior.

Tag Manager tracks a set of tags and trigger rules that determine when these tags should be deployed on our site. When you visit our website, the current tag configuration is sent to your browser. It contains instructions on which tags should be triggered. The Tag Manager takes care of triggering tags, which in turn may collect data. The Tag Manager itself does not access this data, as it is operated via a cookie-less domain and does not collect any personal data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

Google itself collects information about how the service is used and which tags are implemented in which way. According to Google, this data is used to improve, maintain, protect and further develop the service.

For more information, see the Google Tag Manager Usage Policy and Google's Privacy Policy

Social media buttons

To share the content of our online offers via social networks, we offer so-called social media buttons. The use of these services requires your consent, which you can give by clicking on the respective button ("2-click solution").

The buttons offered directly by the operators of social networks impermissibly transmit personal data such as the IP address or entire cookies already when loading a website on which they are integrated, and thus pass on precise information about your surfing behavior to the social services without being asked and without your consent. To do this, you do not have to be logged in or a member of the respective network. In contrast, our 2-click solution establishes contact between the respective social network and you as a site visitor only when you actively click on the button and thereby give your consent. Through this solution, we prevent you from leaving a digital trail on every page you visit.

YouTube

We have integrated components from YouTube in various places. YouTube is an online video portal that allows videos to be posted. YouTube is the service of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). You can find more information about Google's terms of use and data protection here.

We integrate the videos stored on YouTube using a so-called two-click solution. This means that when you call up a page in which a video is embedded, the video is initially deactivated and thus not loaded. Only after we have received your consent, the corresponding video is loaded.

The integration of YouTube content takes place in the so-called extended data protection mode. YouTube provides this mode and thus ensures that initially no cookies are stored on your device. However, when you call up the relevant pages, the data mentioned above under Data collection when visiting our websites is transferred. This information cannot be assigned to you, however, unless you have logged in to YouTube or another Google site before accessing the page or are permanently logged in. We would like to point out at this point that Google processes this data worldwide and therefore a third country transfer also takes place.

The legal basis for the use of YouTube is your voluntarily given consent.

 

Online offers in social media

We offer online offers on various platforms in order to provide information there and to be able to contact you.

We have no influence on the processing of personal data by the respective platform operator. As a rule, when you visit our offers there, cookies are stored in your browser by the platform operator, in which your usage behavior or interests are stored for market research and advertising purposes. 

The usage profiles obtained in this way - usually across devices - are used by the platform operators to display personalized advertising to you. Data processing may also affect persons who are not registered as users with the respective platform. Under certain circumstances, your data may be processed outside the area of the European Union, which may make it more difficult to enforce your rights. However, when selecting such platforms, we make sure that the operators undertake to comply with EU data protection standards.

The processing of your personal data when visiting one of our offers on social media is based on our legitimate interests in a diverse external presentation of our company and the use of an effective information opportunity and communication with you. 

Detailed information on data processing in connection with the use of our offers on these platforms, objection options and the assertion of information rights can be obtained via the privacy policy of the relevant platform operator.

Facebook

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Agreement on the joint processing of personal data in accordance with DSGVO requirements.

Privacy policy of the provider

Google+/ YouTube

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy of the provider

Instagram

Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Agreement on the joint processing of personal data in accordance with DSGVO requirements.

Privacy policy of the provider

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Agreement on the joint processing of personal data in accordance with the requirements of the GDPR.

Privacy policy of the provider

 

Newsletter

We offer you the possibility to subscribe to our free e-mail newsletter. We send this newsletter only with your consent. When you subscribe to a newsletter, the data from the input mask (name and e-mail address) are transmitted to us and stored as long as the subscription to the newsletter is active.

For the processing of this data for the purpose of sending the newsletter, your consent is obtained and reference is made to this data protection notice. For the registration process, we use the so-called "double opt-in procedure". After successful registration, you will receive an e-mail in which you must click on a link to confirm your registration. In this way, we prevent unauthorized third parties from registering using your e-mail address. 

We log the registration process in order to be able to prove the process in accordance with legal requirements. In the process, the IP address of the calling end device, date and time of registration are stored. The data you provide will be stored as long as the subscription to the newsletter is active. 

You can cancel the subscription at any time. For this purpose, there is a corresponding unsubscribe link in each newsletter. This also enables you to revoke your consent. The legal basis for the processing of your data is your voluntarily given consent to receive newsletters.

If you purchase goods or services from us and provide your e-mail address in the process, we reserve the right to use this for sending newsletters with direct advertising for our own similar goods or services. This serves to protect our legitimate interests in addressing our customers in an advertising manner, which are outweighed in the context of a balancing of interests. You can object to this use of your data at any time by sending a message to the contact options mentioned below or via the unsubscribe link in the advertising e-mail, without incurring any costs other than the transmission costs according to the basic rates. Insofar as the newsletter is sent on the basis of the sale of goods or services, we refer to the provisions of the Unfair Competition Act (UWG).

Inxmail 

This website uses Inxmail to send newsletters. The provider is Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg (hereinafter referred to as Inxmail). 

Inxmail is a service with which, among other things, the sending of newsletters can be organized and analyzed. The data entered by you for the purpose of receiving the newsletter is stored on the servers of Inxmail. 

Data analysis by Inxmail 

With the help of Inxmail, it is possible for us to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, among other things, which links were clicked on particularly often. 

In addition, we can see whether certain previously defined actions were performed after opening / clicking (conversion rate). We can thus see, for example, whether you have made a purchase after clicking on the newsletter. 

Inxmail also enables us to subdivide ("cluster") the newsletter recipients according to various categories. In doing so, newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups. If you do not want any analysis by Inxmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. 

You can find Inxmail's privacy policy at: 

www.inxmail.de/datenschutz 

You can unsubscribe from the ahp.letter (newsletter) at any time via this link: 
https://newsletter.ahp.de/abmeldung_newsletter_de_.jsp 

Anonymized tracking 

We use the anonymized tracking of Inxmail, in which a conclusion about your person is only possible if you have expressly consented to this in advance. 

Legal basis 

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time for the future. 

Storage period 

The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose has ceased to exist. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Data that has been stored by us for other purposes remains unaffected by this. 

 

Commercial and business services

We process data of our contractual and business partners, e.g. suppliers, customers and interested parties (hereinafter referred to as business partners) within the scope of contractual or comparable legal relationships as well as related measures and within the scope of communication with our business partners.

We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of related administrative tasks as well as our business organization. We disclose the data of our business partners to third parties within the framework of applicable law only to the extent that this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the data subjects (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Contractual partners will be informed about other forms of processing, e.g. for marketing purposes, as part of this data protection notice.

We inform our business partners which data is required for these purposes before or in the course of data collection or personally.

Deletion of data and storage period 

As soon as the purpose for processing ceases to apply, we delete or block your personal data. However, data may be stored beyond this period if this is required by legal regulations to which we are subject. This applies in particular to data that must be retained for legal archiving reasons (e.g. for commercial law reasons usually for 6 years or for tax law reasons usually for 10 years).

Processed data: 

Inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject of contract, term,).

Purposes of processing: 

Provision of contractual services and customer service, contact requests and communication, internal organizational procedures, administration and response to requests.

Legal bases: 

Contract performance/pre-contractual requests, Legal obligation Legitimate interests.

 

Applications

In the context of an application with us, the data you provide - such as your contact details and qualifications - will be used exclusively for the purpose of processing the application procedure.

Your data will be passed on internally to the responsible department heads. We process your personal data for the purpose of your application for an employment relationship, insofar as this is necessary for the decision on the establishment of an employment relationship with us.

Furthermore, we may process personal data about you insofar as this is necessary for the defense of asserted legal claims against us arising from the application process.

Your data will generally be deleted 6 months after completion of the application process, unless otherwise agreed with the applicant (see, among other things, inclusion in the applicant pool). If your application is followed by the conclusion of an employee contract, the data will be included in the personnel file.

How long will your data be stored?

We store your personal data for as long as is necessary to make a decision about your application. If an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defense against possible legal claims. In this case, the application documents will be deleted 6 months after notification of the rejection decision, unless longer storage is required due to legal disputes.

Inclusion in the applicant pool

If we do not currently have a suitable position to fill for your application - for example, as part of a speculative application - we will gladly include your application in an applicant pool and store it for 6 months. However, this requires your consent, which we will request from you in such a case.

If your application documents in the applicant pool are not used by us within one year, your application documents will be automatically deleted.

No automated decision-making

There is no automated decision-making in individual cases, which means that the decision about your application is not based exclusively on automated processing.

 

Your data subject rights

As a data subject, you are entitled to various rights, which we would like to inform you about below. Depending on the reason and type of processing of your personal data, you are entitled to the rights described in the following sections. 

Your right to information

As a data subject, you have the right to find out from us whether we process personal data about you and, if so, what personal data we process about you. 

You also have the right to request from us a copy of your personal data that is the subject of processing.

Your right to rectification

You have the right to request from us without undue delay the rectification of your personal data that you consider to be inaccurate. 

You also have the right to request us to complete such personal data that you consider incomplete.

Your right to deletion

If the legal requirements are met, you may request the deletion of your personal data.

This is the case, for example, if we process your data based on your consent and you revoke this consent.

However, we may not delete data, for example, if we have to store it due to legal retention periods. We also cannot comply with your deletion request if it is necessary for us to process your personal data in order to assert, exercise or defend legal claims.

Your right to restriction of processing

Under certain conditions, you as a data subject have the right to request us to restrict the processing of your personal data.

One of these conditions is, for example, that you dispute the accuracy of your personal data. Or also the case in which we no longer need your personal data, but you need this data to assert, exercise or defend legal claims.

Your right of objection

If we process your personal data, on the basis of a legitimate interest, you have the right to object to this processing, if this arises due to your particular personal situation.  However, this right of objection does not exist insofar as there is a compelling public interest in the processing which outweighs your interest, a legal provision obliges us to process or the processing serves the assertion, exercise or defense of legal claims.

If we use your personal data for direct marketing, then you have the right to object at any time to processing for the purpose of such marketing. If you object to processing for this purpose, your personal data will no longer be processed for this purpose.

If we process your data based on your consent, then you have the right to revoke your consent at any time with effect for the future. Your revocation does not affect the lawfulness of the processing that took place until the revocation.

Your right to data portability

You only have this right with regard to personal data that you have provided to us yourself. You have the right to request that we transfer this personal data directly to another controller. 

Alternatively, you have the right to request that we provide you with your data in a machine-readable format. However, this only applies if we process your personal data on the basis of your consent or on the basis of a contract and the processing is carried out with the help of automated processes.

Complaint to the supervisory authority

You also have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data relating to you violates the provisions of data protection law.


Reporting portal for the Whistleblower Protection Act (HinSchG)

We operate a reporting portal in accordance with the Whistleblower Protection Act (HinSchG). For this purpose, we use a service provided by bbg bitbase group GmbH, Am Heilbrunnen 47, 72766 Reutlingen. We treat information in accordance with Section 8 HinSchG confidentially. The purpose of the reporting portal for the Whistleblower Protection Act (HinSchG) is to review and document reports for internal investigation and, if necessary, to pass them on to authorized bodies in order to remedy unlawful abuses at the company in accordance with Section 2 HinSchG.

Whistleblowers have the option of registering on our website to use the whistleblower portal. To register, log in and make contact, we process data that is automatically transmitted by the Internet browser and personal data that you can provide as a whistleblower: Access data, title (if provided), first name and surname (if provided), contact details (e-mail address, telephone number or postal address, if provided), personal data in the report, in particular behavioral violations with corresponding facts.

You have the option of registering anonymously. In doing so, you will receive a unique identification code that gives you access to a closed data protection room. Here you have the opportunity to submit your report. No data will be passed on to third parties outside your company without your consent, unless this is required by law or by order such as § 9 HinSchG. The data may then be passed on to investigating authorities or courts.

The legal basis for data processing under the HinSchG is the legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. a c) GDPR in conjunction with § Section 12 HinSchG. Insofar as you provide particularly sensitive data such as your health, sexuality, origin or criminal offenses, Art. 9 and 10 GDPR must also be observed.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. According to Section 11 HinSchG, this is usually the case after three years. Other storage obligations due to contractual relationships and processing to fulfill contractual or legal obligations, such as six- or ten-year retention obligations under commercial and tax law, remain unaffected.

For further information, in particular on your rights as a data subject, please refer to the general privacy policy of bbg bitbase group GmbH: https://www.bitbasegroup.com/datenschutzerklaerung.

Changes

This data protection notice will be adapted from time to time. These adjustments are made, for example, if changes occur due to technical progress, legal requirements or other influences.

Status: 13.12.2023