Privacy Policy

1. An overview of data protection

General information

The follo­wing infor­ma­ti­on will provi­de you with an easy to navi­ga­te over­view of what will happen with your perso­nal data when you visit this website. The term “perso­nal data” compri­ses all data that can be used to perso­nal­ly iden­ti­fy you. For detail­ed infor­ma­ti­on about the subject matter of data protec­tion, plea­se consult our Data Protec­tion Decla­ra­ti­on, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this website is proces­sed by the opera­tor of the website, whose cont­act infor­ma­ti­on is available under section “Infor­ma­ti­on about the respon­si­ble party (refer­red to as the “control­ler” in the GDPR)” in this Priva­cy Policy.

How do we record your data?

We coll­ect your data as a result of your sharing of your data with us. This may, for instance be infor­ma­ti­on you enter into our cont­act form.

Other data shall be recor­ded by our IT systems auto­ma­ti­cal­ly or after you consent to its recor­ding during your website visit. This data compri­ses prima­ri­ly tech­ni­cal infor­ma­ti­on (e.g., web brow­ser, opera­ting system, or time the site was acces­sed). This infor­ma­ti­on is recor­ded auto­ma­ti­cal­ly when you access this website.

What are the purposes we use your data for?

A porti­on of the infor­ma­ti­on is gene­ra­ted to guaran­tee the error free provi­si­on of the website. Other data may be used to analy­ze your user patterns. If contracts can be concluded or initia­ted via the website, the trans­mit­ted data will also be proces­sed for contract offers, orders or other order enquiries.

What rights do you have as far as your information is concerned?

You have the right to recei­ve infor­ma­ti­on about the source, reci­pi­ents, and purpo­ses of your archi­ved perso­nal data at any time without having to pay a fee for such disclo­sures. You also have the right to demand that your data are recti­fied or eradi­ca­ted. If you have consen­ted to data proces­sing, you have the opti­on to revo­ke this consent at any time, which shall affect all future data proces­sing. Moreo­ver, you have the right to demand that the proces­sing of your data be rest­ric­ted under certain circum­s­tances. Further­mo­re, you have the right to log a complaint with the compe­tent super­vi­sing agency.

Plea­se do not hesi­ta­te to cont­act us at any time if you have ques­ti­ons about this or any other data protec­tion rela­ted issues.

Analysis tools and tools provided by third parties

There is a possi­bi­li­ty that your brow­sing patterns will be statis­ti­cal­ly analy­zed when your visit this website. Such analy­ses are perfor­med prima­ri­ly with what we refer to as analy­sis programs.

For detail­ed infor­ma­ti­on about these analy­sis programs plea­se consult our Data Protec­tion Decla­ra­ti­on below.

2. Hosting

We are hosting the content of our website at the follo­wing provider:

Hetzner

The provi­der is the Hetz­ner Online GmbH, Indus­trie­str. 25, 91710 Gunzen­hau­sen, Germa­ny (herein­af­ter refer­red to as Hetzner).

For details, plea­se view the data priva­cy poli­cy of Hetz­ner: https://www.hetzner.com/de/legal/privacy-policy/.

We use Hetz­ner on the basis of Art. 6(1)(f) GDPR. We have a legi­ti­ma­te inte­rest in the most relia­ble depic­tion of our website possi­ble. If appro­pria­te consent has been obtai­ned, the proces­sing is carri­ed out exclu­si­ve­ly on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, inso­far the consent includes the storage of cookies or the access to infor­ma­ti­on in the user’s end device (e.g., device finger­prin­ting) within the meaning of the TDDDG. This consent can be revo­ked at any time.

Data processing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentio­ned service. This is a contract manda­ted by data priva­cy laws that guaran­tees that they process perso­nal data of our website visi­tors only based on our instruc­tions and in compli­ance with the GDPR.

3. General information and mandatory information

Data protection

The opera­tors of this website and its pages take the protec­tion of your perso­nal data very serious­ly. Hence, we hand­le your perso­nal data as confi­den­ti­al infor­ma­ti­on and in compli­ance with the statu­to­ry data protec­tion regu­la­ti­ons and this Data Protec­tion Declaration.

When­ever you use this website, a varie­ty of perso­nal infor­ma­ti­on will be coll­ec­ted. Perso­nal data compri­ses data that can be used to perso­nal­ly iden­ti­fy you. This Data Protec­tion Decla­ra­ti­on explains which data we coll­ect as well as the purpo­ses we use this data for. It also explains how, and for which purpo­se the infor­ma­ti­on is collected.

We here­wi­th advi­se you that the trans­mis­si­on of data via the Inter­net (i.e., through e‑mail commu­ni­ca­ti­ons) may be prone to secu­ri­ty gaps. It is not possi­ble to comple­te­ly protect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data proces­sing control­ler on this website is:

Schätz­le Weine GmbH
Hein­rich-Kling-Str. 38
79235 Vogts­burg-Schel­in­gen

Regis­ter­ge­richt: Amts­ge­richt Frei­burg
Regis­ter­num­mer: HRB 290165

Geschäfts­füh­re­rin: Fran­zis­ka Schätzle

Phone: 07662–9461–0
E‑mail: info@weingutschaetzle.de

The control­ler is the natu­ral person or legal enti­ty that single-handedly or joint­ly with others makes decis­i­ons as to the purpo­ses of and resour­ces for the proces­sing of perso­nal data (e.g., names, e‑mail addres­ses, etc.).

Storage duration

Unless a more speci­fic storage peri­od has been speci­fied in this priva­cy poli­cy, your perso­nal data will remain with us until the purpo­se for which it was coll­ec­ted no longer appli­es. If you assert a justi­fied request for dele­ti­on or revo­ke your consent to data proces­sing, your data will be dele­ted, unless we have other legal­ly permis­si­ble reasons for storing your perso­nal data (e.g., tax or commer­cial law reten­ti­on peri­ods); in the latter case, the dele­ti­on will take place after these reasons cease to apply.

General information on the legal basis for the data processing on this website

If you have consen­ted to data proces­sing, we process your perso­nal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR, if special cate­go­ries of data are proces­sed accor­ding to Art. 9 (1) DSGVO. In the case of expli­cit consent to the trans­fer of perso­nal data to third count­ries, the data proces­sing is also based on Art. 49 (1)(a) GDPR. If you have consen­ted to the storage of cookies or to the access to infor­ma­ti­on in your end device (e.g., via device finger­prin­ting), the data proces­sing is addi­tio­nal­ly based on § 25 (1) TDDDG. The consent can be revo­ked at any time. If your data is requi­red for the fulfill­ment of a contract or for the imple­men­ta­ti­on of pre-contrac­tu­al measu­res, we process your data on the basis of Art. 6(1)(b) GDPR. Further­mo­re, if your data is requi­red for the fulfill­ment of a legal obli­ga­ti­on, we process it on the basis of Art. 6(1)© GDPR. Further­mo­re, the data proces­sing may be carri­ed out on the basis of our legi­ti­ma­te inte­rest accor­ding to Art. 6(1)(f) GDPR. Infor­ma­ti­on on the rele­vant legal basis in each indi­vi­du­al case is provi­ded in the follo­wing para­graphs of this priva­cy policy.

Information on the data transfer to third-party countries that are not secure under data protection law and the transfer to US companies that are not DPF-certified

We use, among other tech­no­lo­gies, tools from compa­nies loca­ted in third-party count­ries that are not safe under data protec­tion law, as well as US tools whose provi­ders are not certi­fied under the EU-US Data Priva­cy Frame­work (DPF). If these tools are enab­led, your perso­nal data may be trans­fer­red to and proces­sed in these count­ries. We would like you to note that no level of data protec­tion compa­ra­ble to that in the EU can be guaran­teed in third count­ries that are inse­cu­re in terms of data protec­tion law.

We would like to point out that the US, as a secu­re third-party coun­try, gene­ral­ly has a level of data protec­tion compa­ra­ble to that of the EU. Data trans­fer to the US is ther­e­fo­re permit­ted if the reci­pi­ent is certi­fied under the “EU-US Data Priva­cy Frame­work” (DPF) or has appro­pria­te addi­tio­nal assu­ran­ces. Infor­ma­ti­on on trans­fers to third-party count­ries, inclu­ding the data reci­pi­ents, can be found in this Priva­cy Policy.

Recipients of personal data

In the scope of our busi­ness acti­vi­ties, we coope­ra­te with various exter­nal parties. In some cases, this also requi­res the trans­fer of perso­nal data to these exter­nal parties. We only disc­lo­se perso­nal data to exter­nal parties if this is requi­red as part of the fulfill­ment of a contract, if we are legal­ly obli­ga­ted to do so (e.g., disclo­sure of data to tax autho­ri­ties), if we have a legi­ti­ma­te inte­rest in the disclo­sure pursu­ant to Art. 6 (1)(f) GDPR, or if another legal basis permits the disclo­sure of this data. When using proces­sors, we only disc­lo­se perso­nal data of our custo­mers on the basis of a valid contract on data proces­sing. In the case of joint proces­sing, a joint proces­sing agree­ment is concluded.

Revocation of your consent to the processing of data

A wide range of data proces­sing tran­sac­tions are possi­ble only subject to your express consent. You can also revo­ke at any time any consent you have alre­a­dy given us. This shall be without preju­di­ce to the lawful­ness of any data coll­ec­tion that occur­red prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of viola­ti­ons of the GDPR, data subjects are entit­led to log a complaint with a super­vi­so­ry agen­cy, in parti­cu­lar in the member state where they usual­ly main­tain their domic­i­le, place of work or at the place where the alle­ged viola­ti­on occur­red. The right to log a complaint is in effect regard­less of any other admi­nis­tra­ti­ve or court procee­dings available as legal recourses.

Right to data portability

You have the right to have data that we process auto­ma­ti­cal­ly on the basis of your consent or in fulfill­ment of a contract handed over to you or to a third party in a common, machi­ne-reada­ble format. If you should demand the direct trans­fer of the data to another control­ler, this will be done only if it is tech­ni­cal­ly feasible.

Information about, rectification and eradication of data

Within the scope of the appli­ca­ble statu­to­ry provi­si­ons, you have the right to demand infor­ma­ti­on about your archi­ved perso­nal data, their source and reci­pi­ents as well as the purpo­se of the proces­sing of your data at any time. You may also have a right to have your data recti­fied or eradi­ca­ted. If you have ques­ti­ons about this subject matter or any other ques­ti­ons about perso­nal data, plea­se do not hesi­ta­te to cont­act us at any time.

Right to demand processing restrictions

You have the right to demand the impo­si­ti­on of rest­ric­tions as far as the proces­sing of your perso­nal data is concer­ned. To do so, you may cont­act us at any time. The right to demand rest­ric­tion of proces­sing appli­es in the follo­wing cases:

  • In the event that you should dispu­te the correct­ness of your data archi­ved by us, we will usual­ly need some time to veri­fy this claim. During the time that this inves­ti­ga­ti­on is ongo­ing, you have the right to demand that we rest­rict the proces­sing of your perso­nal data.
  • If the proces­sing of your perso­nal data was/is conduc­ted in an unlawful manner, you have the opti­on to demand the rest­ric­tion of the proces­sing of your data instead of deman­ding the eradi­ca­ti­on of this data.
  • If we do not need your perso­nal data any longer and you need it to exer­cise, defend or claim legal entit­le­ments, you have the right to demand the rest­ric­tion of the proces­sing of your perso­nal data instead of its eradication.
  • If you have raised an objec­tion pursu­ant to Art. 21(1) GDPR, your rights and our rights will have to be weig­hed against each other. As long as it has not been deter­mi­ned whose inte­rests prevail, you have the right to demand a rest­ric­tion of the proces­sing of your perso­nal data.

If you have rest­ric­ted the proces­sing of your perso­nal data, these data – with the excep­ti­on of their archi­ving – may be proces­sed only subject to your consent or to claim, exer­cise or defend legal entit­le­ments or to protect the rights of other natu­ral persons or legal enti­ties or for important public inte­rest reasons cited by the Euro­pean Union or a member state of the EU.

SSL and/or TLS encryption

For secu­ri­ty reasons and to protect the trans­mis­si­on of confi­den­ti­al content, such as purcha­se orders or inqui­ries you submit to us as the website opera­tor, this website uses either an SSL or a TLS encryp­ti­on program. You can reco­gni­ze an encrypt­ed connec­tion by checking whether the address line of the brow­ser swit­ches from “http://” to “https://” and also by the appearance of the lock icon in the brow­ser line.

If the SSL or TLS encryp­ti­on is acti­va­ted, data you trans­mit to us cannot be read by third parties.

Rejection of unsolicited e‑mails

We here­wi­th object to the use of cont­act infor­ma­ti­on published in conjunc­tion with the manda­to­ry infor­ma­ti­on to be provi­ded in our Site Noti­ce to send us promo­tio­nal and infor­ma­ti­on mate­ri­al that we have not express­ly reques­ted. The opera­tors of this website and its pages reser­ve the express right to take legal action in the event of the unso­li­ci­ted sending of promo­tio­nal infor­ma­ti­on, for instance via SPAM messages.

4. Recording of data on this website

Cookies

Our websites and pages use what the indus­try refers to as “cookies.” Cookies are small data packa­ges that do not cause any dama­ge to your device. They are either stored tempo­r­a­ri­ly for the dura­ti­on of a sessi­on (sessi­on cookies) or they are perma­nent­ly archi­ved on your device (perma­nent cookies). Sessi­on cookies are auto­ma­ti­cal­ly dele­ted once you termi­na­te your visit. Perma­nent cookies remain archi­ved on your device until you actively dele­te them, or they are auto­ma­ti­cal­ly eradi­ca­ted by your web browser.

Cookies can be issued by us (first-party cookies) or by third-party compa­nies (so-called third-party cookies). Third-party cookies enable the inte­gra­ti­on of certain services of third-party compa­nies into websites (e.g., cookies for hand­ling payment services).

Cookies have a varie­ty of func­tions. Many cookies are tech­ni­cal­ly essen­ti­al since certain website func­tions would not work in the absence of these cookies (e.g., the shop­ping cart func­tion or the display of vide­os). Other cookies may be used to analy­ze user beha­vi­or or for promo­tio­nal purposes.

Cookies, which are requi­red for the perfor­mance of elec­tro­nic commu­ni­ca­ti­on tran­sac­tions, for the provi­si­on of certain func­tions you want to use (e.g., for the shop­ping cart func­tion) or those that are neces­sa­ry for the opti­miza­ti­on (requi­red cookies) of the website (e.g., cookies that provi­de measura­ble insights into the web audi­ence), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a diffe­rent legal basis is cited. The opera­tor of the website has a legi­ti­ma­te inte­rest in the storage of requi­red cookies to ensu­re the tech­ni­cal­ly error-free and opti­mi­zed provi­si­on of the operator’s services. If your consent to the storage of the cookies and simi­lar reco­gni­ti­on tech­no­lo­gies has been reques­ted, the proces­sing occurs exclu­si­ve­ly on the basis of the consent obtai­ned (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revo­ked at any time.

You have the opti­on to set up your brow­ser in such a manner that you will be noti­fied any time cookies are placed and to permit the accep­tance of cookies only in speci­fic cases. You may also exclude the accep­tance of cookies in certain cases or in gene­ral or acti­va­te the dele­te-func­tion for the auto­ma­tic eradi­ca­ti­on of cookies when the brow­ser closes. If cookies are deac­ti­va­ted, the func­tions of this website may be limited.

Which cookies and services are used on this website can be found in this priva­cy policy.

Consent with Usercentrics

This website uses the consent tech­no­lo­gy of User­cen­trics to obtain your consent to the storage of certain cookies on your device or for the use of speci­fic tech­no­lo­gies, and to docu­ment the former in a data protec­tion compli­ant manner. The party offe­ring this tech­no­lo­gy is User­cen­trics GmbH, Send­lin­ger Stra­ße 7, 80331 München, Germa­ny, website: https://usercentrics.com/ (herein­af­ter refer­red to as “User­cen­trics”).

When­ever you visit our website, the follo­wing perso­nal data will be trans­fer­red to Usercentrics:

  • Your declaration(s) of consent or your revo­ca­ti­on of your declaration(s) of consent
  • Your IP address
  • Infor­ma­ti­on about your browser
  • Infor­ma­ti­on about your device
  • The date and time you visi­ted our website
  • Geolo­ca­ti­on

Moreo­ver, User­cen­trics shall store a cookie in your brow­ser to be able to allo­ca­te your declaration(s) of consent or any revo­ca­ti­ons of the former. The data that are recor­ded in this manner shall be stored until you ask us to eradi­ca­te them, dele­te the User­cen­trics cookie or until the purpo­se for archi­ving the data no longer exists. This shall be without preju­di­ce to any manda­to­ry legal reten­ti­on periods.

The User­cen­trics banner on this website has been confi­gu­red with the assis­tance of eRecht24. This can be iden­ti­fied by the eRecht24 logo. To display the eRecht24 logo in the banner, a connec­tion to the image server of eRecht24 will be estab­lished. In conjunc­tion with this, the IP address is also trans­fer­red; howe­ver, is only stored in anony­mi­zed form in the server logs. The image server of eRecht24 is loca­ted in Germa­ny with a German provi­der. The banner as such is provi­ded exclu­si­ve­ly by Usercentrics.

User­cen­trics uses cookies to obtain the decla­ra­ti­ons of consent manda­ted by law. The legal basis for the use of speci­fic tech­no­lo­gies is Art. 6(1)© GDPR.

Data processing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentio­ned service. This is a contract manda­ted by data priva­cy laws that guaran­tees that they process perso­nal data of our website visi­tors only based on our instruc­tions and in compli­ance with the GDPR.

Request by e‑mail, telephone, or fax

If you cont­act us by e‑mail, tele­pho­ne or fax, your request, inclu­ding all resul­ting perso­nal data (name, request) will be stored and proces­sed by us for the purpo­se of proces­sing your request. We do not pass these data on without your consent.

These data are proces­sed on the basis of Art. 6(1)(b) GDPR if your inquiry is rela­ted to the fulfill­ment of a contract or is requi­red for the perfor­mance of pre-contrac­tu­al measu­res. In all other cases, the data are proces­sed on the basis of our legi­ti­ma­te inte­rest in the effec­ti­ve hand­ling of inqui­ries submit­ted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtai­ned; the consent can be revo­ked at any time.

The data sent by you to us via cont­act requests remain with us until you request us to dele­te, revo­ke your consent to the storage or the purpo­se for the data storage lapses (e.g. after comple­ti­on of your request). Manda­to­ry statu­to­ry provi­si­ons — in parti­cu­lar statu­to­ry reten­ti­on peri­ods — remain unaffected.

5. Newsletter and postal advertising

Newsletter data

If you would like to recei­ve the news­let­ter offe­red on the website, we requi­re an e‑mail address from you as well as infor­ma­ti­on that allows us to veri­fy that you are the owner of the e‑mail address provi­ded and that you agree to recei­ve the news­let­ter. Further data is not coll­ec­ted or only on a volun­t­a­ry basis. For the hand­ling of the news­let­ter, we use news­let­ter service provi­ders, which are descri­bed below.

Brevo

This website uses Brevo for the sending of news­let­ters. The provi­der is the Sendin­blue GmbH, Köpe­ni­cker Stra­ße 126, 10179 Berlin, Germany.

Brevo services can, among other things, be used to orga­ni­ze and analy­ze the sending of news­let­ters. The data you enter for the purpo­se of subscrib­ing to the news­let­ter are archi­ved on servers of Sendin­blue GmbH in Germany.

Data analysis by Brevo

Brevo enables us to analy­ze our news­let­ter campaigns. For instance, it allows us to see whether a news­let­ter messa­ge has been opened and, if so, which links may have been clicked. This enables us to deter­mi­ne, which links drew an extra­or­di­na­ry number of clicks.

Moreo­ver, we are also able to see whether once the e‑mail was opened or a link was clicked, any previous­ly defi­ned actions were taken (conver­si­on rate). This allows us to deter­mi­ne whether you have made a purcha­se after clicking on the newsletter.

Brevo also enables us to divi­de the subscri­bers to our news­let­ter into various cate­go­ries (i.e., to “clus­ter” reci­pi­ents). For instance, news­let­ter reci­pi­ents can be cate­go­ri­zed based on age, gender, or place of resi­dence. This enables us to tail­or our news­let­ter more effec­tively to the needs of the respec­ti­ve target groups.

If you do not want to permit an analy­sis by Brevo, you must unsub­scri­be from the news­let­ter. We provi­de a link for you to do this in every news­let­ter messa­ge. Moreo­ver, you can also unsub­scri­be from the news­let­ter right on the website.

For detail­ed infor­ma­ti­on on the func­tions of Brevo plea­se follow this link: https://www.brevo.com/de/newsletter-software/.

Legal basis

The data is proces­sed based on your consent (Art. 6(1)(a) GDPR). You may revo­ke any consent you have given at any time by unsub­scrib­ing from the news­let­ter. This shall be without preju­di­ce to the lawful­ness of any data proces­sing tran­sac­tions that have taken place prior to your revocation.

Storage period

The data depo­si­ted with us for the purpo­se of subscrib­ing to the news­let­ter will be stored by us until you unsub­scri­be from the news­let­ter or the news­let­ter service provi­der and dele­ted from the news­let­ter distri­bu­ti­on list after you unsub­scri­be from the news­let­ter. Data stored for other purpo­ses with us remain unaffected.

After you unsub­scri­be from the news­let­ter distri­bu­ti­on list, your e‑mail address may be stored by us or the news­let­ter service provi­der in a black­list, if such action is neces­sa­ry to prevent future mailings. The data from the black­list is used only for this purpo­se and not merged with other data. This serves both your inte­rest and our inte­rest in comply­ing with the legal requi­re­ments when sending news­let­ters (legi­ti­ma­te inte­rest within the meaning of Art. 6(1)(f) GDPR). The storage in the black­list is inde­fi­ni­te. You may object to the storage if your inte­rests outweigh our legi­ti­ma­te interest.

For more details, plea­se consult the Data Protec­tion Regu­la­ti­ons of Brevo at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentio­ned service. This is a contract manda­ted by data priva­cy laws that guaran­tees that they process perso­nal data of our website visi­tors only based on our instruc­tions and in compli­ance with the GDPR.

Postal advertising

We use your address in compli­ance with all legal regu­la­ti­ons for the dispatch of postal adver­ti­sing (postal advertising).

The legal basis for this is our legi­ti­ma­te inte­rest in direct adver­ti­sing accor­ding to Art. 6(1)(f) in conjunc­tion with Reci­tal 47 GDPR. If a corre­spon­ding consent has been reques­ted, the proces­sing is carri­ed out exclu­si­ve­ly on the basis of Art. 6(1)(a) GDPR; the consent can be revo­ked at any time. More speci­fic regu­la­ti­ons may be commu­ni­ca­ted to you, if neces­sa­ry in the context of data coll­ec­tion and take prece­dence over the present regulation.

Your address will remain with us until the purpo­se of the data proces­sing ceases to apply. If you assert a justi­fied request for dele­ti­on or revo­ke your consent to postal adver­ti­sing, your data will be dele­ted unless we have other legal­ly permis­si­ble reasons for storing your perso­nal data (e.g. tax or commer­cial law reten­ti­on peri­ods); in the latter case, the dele­ti­on will take place after these reasons no longer apply.

We use the follo­wing service provi­der for sending our postal mailings:

Sendin­blue GmbH
Köpe­ni­cker Stra­ße 126
10179 Berlin

Data processing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentio­ned service. This is a contract manda­ted by data priva­cy laws that guaran­tees that they process perso­nal data of our website visi­tors only based on our instruc­tions and in compli­ance with the GDPR.

6. Plug-ins and Tools

Vimeo

This website uses plug-ins of the video portal Vimeo. The provi­der is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit one of the pages on our website into which a Vimeo video has been inte­gra­ted, a connec­tion to Vimeo’s servers will be estab­lished. As a conse­quence, the Vimeo server will recei­ve infor­ma­ti­on as to which of our pages you have visi­ted. Moreo­ver, Vimeo will recei­ve your IP address. This will also happen if you are not logged into Vimeo or do not have an account with Vimeo. The infor­ma­ti­on recor­ded by Vimeo will be trans­mit­ted to Vimeo’s server in the United States.

If you are logged into your Vimeo account, you enable Vimeo to direct­ly allo­ca­te your brow­sing patterns to your perso­nal profi­le. You can prevent this by logging out of your Vimeo account.

Vimeo uses cookies or compa­ra­ble reco­gni­ti­on tech­no­lo­gies (e.g. device finger­prin­ting) to reco­gni­ze website visitors.

The use of Vimeo is based on our inte­rest in presen­ting our online content in an appe­al­ing manner. Pursu­ant to Art. 6(1)(f) GDPR, this is a legi­ti­ma­te inte­rest. If appro­pria­te consent has been obtai­ned, the proces­sing is carri­ed out exclu­si­ve­ly on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, inso­far the consent includes the storage of cookies or the access to infor­ma­ti­on in the user’s end device (e.g., device finger­prin­ting) within the meaning of the TDDDG. This consent can be revo­ked at any time.

Data trans­mis­si­on to the US is based on the Stan­dard Contrac­tu­al Clau­ses (SCC) of the Euro­pean Commis­si­on and, accor­ding to Vimeo, on “legi­ti­ma­te busi­ness inte­rests”. Details can be found here: https://vimeo.com/privacy.

For more infor­ma­ti­on on how Vimeo hand­les user data, plea­se consult the Vimeo Data Priva­cy Poli­cy under: https://vimeo.com/privacy.

The compa­ny is certi­fied in accordance with the “EU-US Data Priva­cy Frame­work” (DPF). The DPF is an agree­ment between the Euro­pean Union and the US, which is inten­ded to ensu­re compli­ance with Euro­pean data protec­tion stan­dards for data proces­sing in the US. Every compa­ny certi­fied under the DPF is obli­ged to comply with these data protec­tion stan­dards. For more infor­ma­ti­on, plea­se cont­act the provi­der under the follo­wing link: https://www.dataprivacyframework.gov/participant/5711.

Wordfence

We have included Word­fence on this website. The provi­der is Defi­ant Inc, Defi­ant, Inc, 800 5th Ave Ste 4100, Seat­tle, WA 98104, USA (herein­af­ter “Word­fence”).

Word­fence is desi­gned to protect our website from unwan­ted access or mali­cious cyber­at­tacks. To accom­plish this, our website estab­lishes a perma­nent connec­tion with Wordfence’s servers, which check and block their data­ba­ses against access to our website.

The use of Word­fence is based on Art. 6(1)(f) GDPR. The website opera­tor has a legi­ti­ma­te inte­rest in the most effec­ti­ve protec­tion of his website against cyber­at­tacks. If appro­pria­te consent has been obtai­ned, the proces­sing is carri­ed out exclu­si­ve­ly on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, inso­far the consent includes the storage of cookies or the access to infor­ma­ti­on in the user’s end device (e.g., device finger­prin­ting) within the meaning of the TDDDG. This consent can be revo­ked at any time.

Data trans­mis­si­on to the USA is based on the stan­dard contrac­tu­al clau­ses of the EU Commis­si­on. Details can be found here: https://www.wordfence.com/help/general-data-protection-regulation/.

Data processing

We have concluded a data proces­sing agree­ment (DPA) for the use of the above-mentio­ned service. This is a contract manda­ted by data priva­cy laws that guaran­tees that they process perso­nal data of our website visi­tors only based on our instruc­tions and in compli­ance with the GDPR.

7. Custom Services

Handling applicant data

We offer website visi­tors the oppor­tu­ni­ty to submit job appli­ca­ti­ons to us (e.g., via e‑mail, via postal services on by submit­ting the online job appli­ca­ti­on form). Below, we will brief you on the scope, purpo­se and use of the perso­nal data coll­ec­ted from you in conjunc­tion with the appli­ca­ti­on process. We assu­re you that the coll­ec­tion, proces­sing, and use of your data will occur in compli­ance with the appli­ca­ble data priva­cy rights and all other statu­to­ry provi­si­ons and that your data will always be trea­ted as strict­ly confidential.

Scope and purpose of the collection of data

If you submit a job appli­ca­ti­on to us, we will process any affi­lia­ted perso­nal data (e.g., cont­act and commu­ni­ca­ti­ons data, appli­ca­ti­on docu­ments, notes taken during job inter­views, etc.), if they are requi­red to make a decis­i­on concer­ning the estab­lish­ment or an employ­ment rela­ti­onship. The legal grounds for the afore­men­tio­ned are § 26 BDSG accor­ding to German Law (Nego­tia­ti­on of an Employ­ment Rela­ti­onship), Art. 6(1)(b) GDPR (Gene­ral Contract Nego­tia­ti­ons) and – provi­ded you have given us your consent – Art. 6(1)(a) GDPR. You may revo­ke any consent given at any time. Within our compa­ny, your perso­nal data will only be shared with indi­vi­du­als who are invol­ved in the proces­sing of your job application.

If your job appli­ca­ti­on should result in your recruit­ment, the data you have submit­ted will be archi­ved on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpo­se of imple­men­ting the employ­ment rela­ti­onship in our data proces­sing system.

Data Archiving Period

If we are unable to make you a job offer or you reject a job offer or with­draw your appli­ca­ti­on, we reser­ve the right to retain the data you have submit­ted on the basis of our legi­ti­ma­te inte­rests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the appli­ca­ti­on proce­du­re (rejec­tion or with­dra­wal of the appli­ca­ti­on). After­wards the data will be dele­ted, and the physi­cal appli­ca­ti­on docu­ments will be destroy­ed. The storage serves in parti­cu­lar as evidence in the event of a legal dispu­te. If it is evident that the data will be requi­red after the expiry of the 6‑month peri­od (e.g., due to an impen­ding or pending legal dispu­te), dele­ti­on will only take place when the purpo­se for further storage no longer applies.

Longer storage may also take place if you have given your agree­ment (Artic­le 6(1)(a) GDPR) or if statu­to­ry data reten­ti­on requi­re­ments preclude the deletion.

Admission to the applicant pool

If we do not make you a job offer, you may be able to join our appli­cant pool. In case of admis­si­on, all docu­ments and infor­ma­ti­on from the appli­ca­ti­on will be trans­fer­red to the appli­cant pool in order to cont­act you in case of suita­ble vacancies.

Admis­si­on to the appli­cant pool is based exclu­si­ve­ly on your express agree­ment (Art. 6(1)(a) GDPR). The submis­si­on agree­ment is volun­t­a­ry and has no rela­ti­on to the ongo­ing appli­ca­ti­on proce­du­re. The affec­ted person can revo­ke his agree­ment at any time. In this case, the data from the appli­cant pool will be irre­vo­ca­bly dele­ted, provi­ded there are no legal reasons for storage.

The data from the appli­cant pool will be irre­vo­ca­bly dele­ted no later than two years after consent has been granted.