“Personal data” within the meaning of the EU’s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (new version) means any information relating to an identified or identifiable natural person (“data subject”), such as log data, IP addresses, name, address and date of birth, but also telephone number and e-mail address. When you use the website merely for information purposes, we only collect the personal data automatically transmitted by your browser to our server. If you wish to log into our website, we collect the following data which we require for technical purposes to display the website and ensure its security and stability. This includes:
- IP address
- date and time of the request
- time zone difference from Greenwich Mean Time (GMT)
- content of the request (specific site)
- access status/HTTP status code
- volume of data transmitted each time
- website from which the request comes
- operating system and its interface
- language and version of the browser software.
When using our online offering, further personal information may be collected and processed:
- Personal data (e.g. names, addresses).
- Content data (e.g. entries in online forms).
- Contact data (e.g. email, phone numbers).
The processing may concern the following categories of persons:
- Personnel (e.g. employees, applicants, former employees).
- Contract and cooperation partners.
- Interested parties.
- Communication partners.
- Users (e.g. website visitors, users of online services).
Legal basis for processing
- Consent (Art. 6 Section 1 p. 1 a. GDPR) – The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Performance of contract and pre-contractual requests (Art. 6 Section 1 p. 1 b. GDPR) – Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Legal obligation (Art. 6 Section 1 p. 1 c. GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 Section 1 p. 1 f. GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Transfer of personal data
During the scope of processing personal data, it is possible that we may transfer or disclose the data to other bodies, authorities, legally independent organisational units or persons. The recipients of this data could include service providers commissioned with IT tasks or providers of services and content that is integrated into a website. In such cases, we shall observe all legal specifications and, in particular, conclude with the recipients corresponding contracts or agreements that serve to protect your data.
Data processing in third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if data processing takes place during the course of utilising third-party services or transferring or disclosing data to other persons, bodies or companies, this shall take place only in compliance with legal provisions.
Conditionally upon the express consent or contractually or legally required transmission, we process data or have data processed only in third countries with a recognised level of protection, contractual obligation through standard protective clauses from the EU Commission, relevant certifications or binding internal data protection regulations.