Valid from January 15, 2026
We are delighted that you are interested in our company. Data protection is of a particularly high priority for the management ofNesto Software GmbH, Karlsruhe (hereinafter referred to as “Nesto”). This privacy policy only applies to your use of our website and fan pages. In principle, it is possible to use our Internet pages without providing any personal data. However, if a data subject wishes to make use of special services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we obtain general consent from the person concerned.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to us. By means of this privacy policy, we would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled by means of this privacy policy.
As the controller, Nesto, Karlsruhe has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.
This privacy policy is based on the terms used in the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain terminology in advance.
We use the following terms in this Privacy Policy, including:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). Identifiable is a natural person who, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features, expressing the physical, physiological, genetic, psychological, economic, cultural or social identity This natural Are a person who can be identified.
b) person concerned
Data subject is any identified or identifiable natural person whose person-related data is processed by the person responsible for processing.
c) workmanship
Processing is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data such as collection, collection, organization, ordering, storage, adjustment or modification, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
e) Responsible person or person responsible for processing
The person responsible or responsible for processing is the natural or legal person, authority, institution or other body which, alone or together with others, decides on the purposes and means of processing personal data. If the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for under Union law or the law of the Member States.
f) Contract processor
Processor is a natural or legal person, authority, agency or other body that processes personal data on behalf of the person responsible.
g) transceivers
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, public authorities that may receive personal data as part of a specific investigation mandate under Union or Member State law are not considered recipients.
h) Third party
A third party is a natural or legal person, authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorized to process the personal data.
i) Consent
Consent is any expression of will given voluntarily by the data subject in an informed and unequivocal manner in the form of a statement or other unequivocal affirmative act by which the data subject indicates that he or she agrees to the processing of the personal data relating to him.
The responsible person within the meaning of Article 4 Section 7 of the GDPR is:
Nesto Softeware GmbH
Tullastr.58
76131Karlsruhe
Phone: +49 (0) 721 909909-97
email: info@nesto-software.de
Site: www.nesto-software.de
Inquiries and requests for information, amendment, blocking or deletion can be sent by post to this address or to the e-mail address provided.
The data protection officer of the person responsible for processing is:
Günter Hilgers
EcoVisio GmbH
Rheinwerkallee 3
53227 Bonn
email: datenschutz@nesto-software.de
Any person concerned can contact our data protection officer directly at any time if they have any questions or suggestions regarding data protection.
The competent supervisory authority for the person responsible for processing is:
Name: State Commissioner for Data Protection and
Freedom of Information Baden-Württemberg
Street address: Lautenschlagerstraße 20
Location: 70173 Stuttgart
Telephone: +49 (0) 711/615541-0
Fax: +49 (0) 711/615541-15
email: poststelle@lfdi.bwl.de
This website is hosted by an external service provider (host). With the service,
398 11thStreet
2ndFloor
SanFrancisco, CA 94103, United States
(hereinafter referred to as “Webflow”)
Commission.Personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.
The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of the secure, fast and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. fGDPR).
If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1TDDDG.
Our host will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.
Conclusion of a contract for order processing
In order to ensure data protection-compliant processing, we have concluded a data processing contract in accordance with Art. 28 GDPR with the service provider. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://webflow.com/legal/eu-privacy-policy.
Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA is also certified under the EU-U.S. Data Privacy Framework Program. The EU-U.S. DataPrivacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
By using our websites, you are asked to consent to the use of cookies, insofar as they are not required for the proper operation of the website. The decision as to whether you consent to the use of cookies that require consent is made by imConsent-Manager on our website.
You also have the option of setting your browser so that cookies are displayed before they are saved, only certain cookies are accepted or rejected, or cookies are generally rejected. We would like to point out that changes in the browser always only affect the respective browser. If you use different browsers or change your device, the settings must be changed again. In addition, you can delete cookies from your storage medium at any time. For information on cookie settings, changing them and deleting cookies, please refer to the help function of your web browser.
The most common types of cookies are explained below to help you understand:
While you are active on a website, a session cookie is temporarily stored in your computer's memory, in which a session ID is stored, for example, to prevent you from having to log in again every time you change pages. Session cookies are deleted when you log out or lose their validity as soon as your session has expired automatically.
A persistent or log cookie stores a file on your computer for the period specified in the expiration date. These cookies allow websites to remember your information and settings the next time you visit. This results in faster and more convenient access, as you do not have to change your language settings again for our portal, for example. When the expiration date elapses, the cookie is automatically deleted when you visit the website that generated it.
Third-party cookies come from providers other than the website operator. For example, they can be used to collect information for advertising, custom content, and web statistics.
Flash cookies are stored on your computer as data elements of websites when they are operated with Adobe Flash. Flash cookies don't have a time limit.
6.5.1 Description and purpose of data processing
A cookie consent tool (hereinafter: Usercentrics) is implemented on the website so that you can control the use of cookies. Usercentrics is operated by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, and shows you a list of cookies divided by functional groups, explaining the purpose of the cookie function groups and the individual cookies, as well as their storage period.
The Usercentrics ConsentManagement platform collects log file and consent data using JavaScript. This JavaScript makes it possible to inform the user of their consent to certain tags on our website and to obtain, manage and document them.
In doing so, we process the following data:
· Consent data or consent data (anonymized logbook data (Consent ID, Processor ID, Controller ID), ConsentStatus, Timestamp)
· Device data or data from the devices used (including abbreviated IP addresses (IP v4, IP v6), device information, timestamp)
· User data or user data (including email, ID, browser information, SettingIDs, changelog)
The ConsentID (contains the above data), the consent status including time stamp are stored in the local memory of your browser and simultaneously on the cloud servers used. Further processing only takes place if you make a request for information or withdraw your consent. In this case, the person responsible is provided with the relevant information in a compact data format in an easy-to-read text form for the purpose of data exchange.
No user information is stored for the statistics on the use of consent given or not given. Only the frequency and locations of clicks are saved.
Saving a cookie is technically necessary to use Usercentrics.
6.5.2 Legal basis for processing
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.
6.5.3 Duration of storage, right of objection and removal
The data collected in this way is stored until you ask us to delete it, delete the cookie yourself, or the purpose for storing the data no longer applies. The associated cookie has a duration of 60 days. The revocation document of a previously given consent will be kept for a period of three years. The storage is based on our accountability obligation in accordance with Article 5 (2) GDPR. Mandatory legal storage periods remain unaffected.
6.5.4 Order processing
We have concluded an order processing contract with Usercentrics. This is a contract required by data protection law, which ensures that UserCentrics only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Our Internet site collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites, which are accessed via the intervening system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve to avert threats in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the data subject. This information is needed much more to (1) correctly deliver the content of our website, (2) to optimize the content of our website and advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. We therefore analyse this anonymously collected data and information statistically on the one hand and also with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files is stored separately from all personal data provided by a person concerned.
We also use so-called local storage and session storage technology (also known as “local data” and “local storage” as well as “session storage”). With local storage, data is stored locally in your browser's cache, which persists even after you close the browser window or exit the program and can be read if you do not actively delete the cache. localStorage allows your preferences when using our website to be saved on your computer and used by you. The content of the Session Storage function corresponds to the described local storage, except that the corresponding data is automatically removed from your browser's cache immediately after closing the browser (“session”).
The data stored in local storage and IMsession storage cannot be accessed by third parties. They are not passed on to third parties and are also not used for advertising purposes. In particular, this technology is used to be able to present our content to you in an appealing graphical presentation (e.g. pop-up windows, etc.) and to personalize our offer and navigation on our pages for you. You can manage local storage content in the browser using the “History” or “Local Data” settings, depending on which browser you use. If you restrict the functions described accordingly, there may be functional restrictions.
Legal basis for processing personal data
Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to maintain the compatibility and stability of this web application for as many users as possible, including preventing misuse and troubleshooting.
Storage period
The aforementioned technical data will be deleted as soon as they are no longer required to ensure the compatibility of this web application for all visitors. We have no influence on the storage time of data in your local storage. Manage local storage content in the browser using the “History” or “Local Data” settings, depending on which browser you use. If you restrict the described functions accordingly, there may be functional restrictions.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. An encrypted connection is recognized by Siedaran that the browser's address line changes from “http://” to “https://” and by the lock icon in your browser line.
If SSL or TLS encryption is activated, the data that you submit to us cannot be read by third parties.
Each time you request a website or a file accessible via a browser program, the following data is stored in so-called server log files, which your browser automatically transmits to us:
· the requested web page or file,
· date and time of the request,
· the amount of data transferred,
· The description of the type of web browser used and the operating system used,
· The IP address of the requesting computer.
This information is used to optimize the websites and to log possible attacks on our services via the Internet. The collection of data is based on Art. 6 para. 1 lit. f DSGO.As the operator of the website, we have a legitimate interest in the presentation and optimization of our website without technical errors.
If you send us inquiries using the contact form, we will store your details from the enquiry form, including the contact details you provide there, for the purpose of processing the enquiry and in case of follow-up questions. We will not share this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures.
The data you have entered in the contact form will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed) or you request us to delete the data in accordance with Article 17 GDPR. Mandatory legal provisions — in particular retention periods — remain unaffected.
8.3 Nesto — Request by email, telephone or fax
If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.
This data is processed on the basis of Art. 6 (1) sentence 1 lit. b GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures (e.g. questions about our products, our company or others).
The data you have provided in will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed) or you ask us to delete the data in accordance with Article 17 GDPR. Mandatory legal provisions — in particular retention periods — remain unaffected.
On the website, you will given the opportunity to subscribe to our company's newsletter. What personal data is transmitted to the person responsible for processing when ordering our newsletter is based on the input mask used for this purpose.
We inform our customers and business partners at regular intervals by means of a newsletter about the company and offers from the company. In principle, the data subject can only receive our company's newsletter if we have given our consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. As a result, the newsletter can only be received if (1) the person concerned has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation email will be sent to the e-mail address entered by an affected person for the first time for sending the newsletter. This confirmation email is used to verify whether the owner of the email address has authorized the data subject to receive the newsletter.
When subscribing to the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) of the computer system used by the person concerned at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of a data subject's email address at a later date and therefore serves to provide legal protection for the person responsible for processing (legal basis: Art. 6 para. 1 sentence 1 lit. c GDPR).
The personal data collected as part of a subscription to the newsletter is used exclusively to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or registration in this regard, as could be the case in the event of changes to the newsletter offer or if technical conditions change. There is no transfer of personal data collected as part of the newsletter service to third parties.
The subscription to our newsletter can be cancelled by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for sending the newsletter can be withdrawn at any time. For the purpose of withdrawing consent, there is a corresponding link in every newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the person responsible for processing or to inform the person responsible for processing this in another way.
Our newsletter is sent via HubSpot, a service provided by HubSpot, Inc., 25 FirstStreet, 2nd Floor, Cambridge, MA 02141, USA.
According to the information provided by the newsletter service provider, the latter uses the data pseudonymously without user assignment to complete its services. The newsletter service provider is not permitted to use the recipient data of the newsletter for its own purposes or to pass it on to third parties.
To subscribe to the newsletter, it is sufficient to enter your e-mail address. Other data, such as first and last name, company and telephone number, are optional and are only used to personally address you in the newsletter.
The so-called web beacon, which is included in all newsletters, is a pixel-sized file that the HubSpot server automatically retrieves when the newsletter is opened. This creates technical information, e.g. about the browser and system, about your IP address and at the time of retrieval. They serve to optimize technical services and are used with the help of technical data or target groups and your reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The ads showing whether and when the newsletters are opened and which links are clicked are also part of the statistical survey. Assignment to individual newsletter recipients is therefore possible. However, an associated observation of individual users is neither our intention nor that of the service provider. Our sole purpose is to learn more about the reading habits of our users and to coordinate our content accordingly or publish different content in line with interest.
Newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails, which are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded counting pixel, we can see whether and when an e-mail was opened by a data subject and which links in the e-mail were accessed by the data subject.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the person responsible for processing in order to optimize newsletter delivery and to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are entitled at any time to withdraw the relevant separate declaration of consent submitted via the double opt-in procedure. Following revocation, this personal data will be deleted by the person responsible for processing. We automatically interpret a cancellation from receiving the newsletter as a revocation.
We have integrated HubSpot Forms on our website. HubSpot Forms is a service provided by HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA and provides marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing, and web analytics.
HubSpot Forms is used to save data entered in forms, e.g. when contacted via a contact form. The specified data can be stored in our customer relationship management system (CRM system).
In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc., Cambridge, Massachusetts, US.
We process your data using HubSpot Forms for the purpose of processing the contact request and processing it in accordance with Art. 6 (1) lit. b. GDPR.
On this website, we use the service provided by HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin (a subsidiary of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, United States of America).
Hubspot is an integrated software solution that covers various aspects of our online marketing. These include:
This software is used in the so-called area of inbound marketing and, among other things, helps us to better coordinate and optimize our marketing strategy using statistical analyses and evaluation of logged user behavior. We also use HubSpot to build websites and as a technology to send newsletters. In doing so, we collect personal data that you provide to us voluntarily, such as contact details. We only use the data you have entered to personalize and adapt the content to the readers' interests. This information also helps us improve our offerings to give you a better customer experience. Wirohne will not share your express consent with third parties.
11.3 HubSpot Analytics
We use HubSpot Analytics from HubSpot, Inc. , Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of times our online offer has been accessed, sub-pages visited and the length of time visitors spend.
HubSpot Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.
This information is used, among other things, to compile reports on website activity.
11.4 HubSpot API
We use HubSpot API from HubSpot, Inc. , Cambridge, Massachusetts, US to access additional services and data from HubSpot, Inc. This involves a transfer of your IP address to HubSpot, Inc.
11.5 Legal basis of processing for HubSpot services
The storage of “HubSpot cookies” and the use of these tools are based on your consent as part of consent management. Processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. You can withdraw or change your consent at any time in consent management.
In addition, you can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.
For more information, please see HubSpot Inc.'s terms of use and privacy policy. Accordingly, at www.hubspot.com/terms-of-service and at www.hubspot.com/privacy-policy . If you do not want the information about your visit to be used for the purposes described, you are also welcome to let us know by e-mail or post at any time. All information we collect is subject to this Privacy Policy.
11.6 Transfer of data
Some of the information collected will also be processed outside the European Union by HubSpot Inc., based in the USA. We would like to point out that the European Court of Justice regards the USA as a country with an inadequate level of data protection according to EU standards. There is therefore a risk that your data may be processed by US authorities for control and monitoring purposes, possibly including without recourse to legal remedies. In consent management, you decide for yourself whether you want to agree to such a transfer or not. In such a case, your data will be transmitted on the basis of your consent to the use of HubSpot in accordance with Art. 6 para. 1 lit. a GDPR, as data transfer to the USA can always be ruled out with your consent to the use of HubSpot.
In addition, HubspotInc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA is certified under the EU-U.S. Data Privacy Framework Program. The EU-U.S.Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
In addition, the processing of personal data and its security are secured by the so-called standard contractual clause. These ensure that processing is subject to a level of security that corresponds to that of the GDPR.
We do not share any personal data ourselves.
If you have given your consent, Google Analytics 4, a web analysis service provided by Google LLC, is used on this website. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building GordonHouse, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
Google Analytics uses cookies, which allow you to analyze how you use our websites. The information collected using cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the user ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.
We use Google signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users across devices.
Google Analytics 4 enables the anonymization of IP addresses by default. As a result of IP anonymization, your IP address is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be combined with other Google data.
During your visit to the website, your user behavior is recorded in the form of “events.” Events can be:
· Page views
· Visiting the website for the first time
· Session start
· Your “click path,” interaction with the website
· Scrolls (whenever a user scrolls to the bottom of the page (90%))
· Clicking on external links
· Internal search inquiries
· Interact with videos
· File downloads
· Seen/clicked ads
It also records:
· Your approximate location (region)
· Your IP address (in abbreviated form)
· Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
· Your Internet provider
· The referrer URL (via which website/which advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics to analyze the performance of our website and the success of our marketing campaigns.
transceivers
Recipients of the data sind/may be
· GoogleIreland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor under Article 28 GDPR)
· GoogleLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection that meets European standards, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. Google Ireland's parent company, Google LLC, is based in California, USA. It cannot therefore be ruled out that Google also processes your personal data in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. There is therefore a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse on your part. With your consent to the use of Google Analytics 4 in consent management, you also agree to such a transfer to the USA. In such a case, the transfer is based on your consent to the use of Google cookies in accordance with Art. 6 para. 1 lit. a in conjunction with Art. 49 para. 1 lit. a GDPR, as data transmission to the USA cannot always be ruled out with consent to the use of Google cookies.
GoogleLC, 160 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America is certified according to the EU-U.S. Data Privacy Framework. The EU-U.S. Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. You can find proof of certification here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Storage period
The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose storage period has been reached is automatically deleted once a month.
legal basis
The legal basis for this data processing is your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Article 49 (1) (a) GDPR. In addition, the transfer of data to the USA is based on Article 45 (3) GDPR.
revocation
You can withdraw your consent at any time with effect for the future by going to the cookie settings and changing your selection there. The lawfulness of processing carried out on the basis of consent up to the time of withdrawal remains unaffected.
You can also prevent cookies from being saved from the outset by setting your browser software accordingly. However, configuring your browser to reject all cookies may limit functionality on this and other websites. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by
a. do not give your consent to the use of cookies, or
b. download and install the browser add-on to disable Google Analytics HERE.
For more information about Google Analytics terms of use and data protection at Google, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
These cookies record the visits of these users. The cookies are used to uniquely identify a web browser on a specific device and not to identify a person.
Legal basis for processing:
The storage of “Google remarketing cookies” and the use of these tools based on your consent as part of consent management. Processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO. You can withdraw or change your consent at any time in consent management.
You can set your browser so that you are informed that cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. When cookies are deactivated, the functionality of this website may be limited.
data transfer
Google also processes your personal data in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. If so, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse on your part. By agreeing to use Google Ads Remarketing in consent management, you also consent to such transfer to the USA. In such a case, the transfer is based on your consent to the use of Google cookies in accordance with Art. 6 para. 1 lit. a in conjunction with Art. 49 para. 1lit. a GDPR, as data transmission to the USA cannot always be ruled out with consent to the use of Google cookies.
Google LLC, 160 AmphitheatreParkway, Mountain View, CA 94043-1351, USA is certified according to the EU-U.S. DataPrivacy Framework Program. The EU-U.S. Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. You can find proof of certification here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
We do not share any personal data ourselves.
Objection to data collection
You can prevent participation in this tracking process in various ways:
a) through the appropriate settings in your browser software, in particular, the suppression of third-party cookies means that you will not receive any ads from third parties;
b) by installing the plug-in provided by Google at the following link: https://www.google.com/settings/ads/plugin;
c) by deactivating interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, which setting will be deleted when you delete your cookies;
d) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin,
e) by means of appropriate cookie settings in the consent management of the website.
We would like to point out that in this case you may not be able to make full use of all functions of this offer.
Storage period
Up to 180 days (for cookies used via this website)
This website uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google Ads, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. If the user visits specific pages on this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google Ads customer receives a different cookie. Cookies can't be tracked on Google Ads customers' websites. The information collected using the conversion cookie is used to generate conversion statistics for Google Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
Legal basis for processing personal data
The storage of “Google Tracking Cookies” and the use of this tool are based on your consent as part of consent management. Processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG.
transfer
Google also processes your personal data in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. There is therefore a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse on your part. With your consent to the use of GoogleAds and Google Conversion Tracking in consent management, you also agree to such a transfer to the USA. In such a case, the transfer is made on the basis of your consent in accordance with Art. 49 para. 1 lit. a DSGVO.
Google LLC, 160 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA is certified according to the EU-U.S. DataPrivacy Framework Program. The EU-U.S. DataPrivacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
We do not share any personal data ourselves.
Objection to data collection
You can withdraw or change your consent at any time in Consent Management.
You can set your browser so that you are informed that cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. When cookies are deactivated, the functionality of this website may be limited.
Storage period
These cookies lose their validity after 30 days and are not used to personally identify users.
Companies such as Google — like other “gatekeepers” — are required under the Digital Markets Act (DMA)) to obtain user consent to collect and process data and to prove it to the legislator. This consent is required before user data is processed for personalized advertising purposes. In this case, the consent requirement is based on Art. 5 para. 2 lit. b DMA.
Gatekeepers are companies that occupy a dominant market position with their platform service. Google has such a dominant market position in the area of online advertising.
As part of “classic” consent management, you as a user gave your consent primarily to us as a website operator. The consents relate to the use of your data and cookies. These consents are obtained via the website's consent management. Even with the new consent mode of Google Analytics, this does not change.
With the DMA, you must also give your consent to Google. Google makes this process simple and transfers responsibility for obtaining consent directly to us as the operator of the website.
With Consent Mode, Google has created an interface between our opt-in process and Google Analytics so that your consent is also valid against Google.
Google distinguishes between a simple and an extended implementation. The two variants differ in tag behavior. With simple implementation, Google tags are blocked until you have agreed to use them. With the extended implementation, Google tags are loaded before the consent request dialog appears. The tags send pings without cookies if no cookie consent has been given. In this case, Google Analytics is executed, sends reduced data, but does not set any cookies.
We have decided to simply implement it. Data is only transmitted to Google if you, as a user, have previously consented to the use of Google cookies as part of consent management. In this case, your consent also applies to the processing of user data for the purpose of personalized advertising by Google. The legal basis for data transfer is Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.
On our website, we use “LinkedIn Ads”, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (hereinafter referred to as: “LinkedIn”). LinkedIn Analytics stores and processes information about your user behavior on our website. LinkedinAnalytics uses cookies, among other things, for this purpose.
We use LinkedIn Ads for marketing and optimization purposes, in particular to analyze the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we can improve our offer and make it more interesting for you.
Legal basis of processing
The storage of “LinkedIn analytics cookies” and the use of these tools based on your consent as part of consent management. The processing is carried out exclusively on the basis of Art. 6 para. 1 lit. ADSGVO. You can withdraw or change your consent at any time in Consent Management.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for specific cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be limited.
When you visit our website, it is possible that some of the information collected may also be processed outside the European Union by LinkedIn Corporation based in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. There is therefore a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse. In the consent management of the Facebook page, you decide for yourself whether you want to agree to such a transfer or not. In such a case, your data is transmitted on the basis of your consent to the use of Google cookies in accordance with Art. 6 para. 1 lit. ain in conjunction with Art. 49 para. 1 lit. a GDPR, as data transmission to the USA cannot always be ruled out with consent to the use of Google cookies.
We do not share any personal data ourselves.
Objection options
LinkedIn users can go to Advertising preferences settings influence the extent to which your user behavior may be recorded when you visit our LinkedIn page. LinkedIn offers further options in the settings in the LinkedIn account and via the consent management of the fan page.
The processing of information using the cookie used by OnlinkedIn can also be prevented by not allowing cookies from third-party providers or those from OnlinkedIn in your own browser settings.
We would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent LinkedIn from collecting the above information by setting an opt-out cookie on one of the websites linked below:
· https://www.linkedin.com/psettings/guest-controls
· http://optout.aboutads.info/?c=2 #! /
· http://www.youronlinechoices.com/de/praferenzmanagement/
Within our online offering, the so-called “meta-pixel” of Meta PlatformSireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, Ireland is used by a company of Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025, USA.
With the help of the meta pixel, Meta (Facebook, Instagram) is on the one hand able to identify you as a visitor to our online offer as a target group for displaying ads (so-called “meta ads”). Accordingly, we use the meta pixel to display the meta ads placed by us only to those Facebook and Instagram users who have also shown an interest in our online offering or who have specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the websites visited) that we at Meta transmit (so-called “CustomAudiences”). With the help of the meta pixel, we also want to ensure that our meta ads meet the potential interest of users and are not annoying.
With the help of the meta pixel, we can further understand the effectiveness of the meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called “conversion”). We only receive statistical data from Meta without reference to a specific person. This allows us to record the effectiveness of meta ads for statistical and market research purposes. In particular, if you are logged in to Facebook or Instagram, we refer you to their data protection information https://www.facebook.com/about/privacy/.
The processing of data by Meta is carried out as part of the data usage guideline. Accordingly, you will find general information on the presentation of meta ads in the data usage policy by Meta. For specific information and details about the Facebook pixel and how it works, please visit the Facebook help section.
Legal basis for processing personal data
The storage of “meta-pixel cookies” and the use of this tool are based on your consent as part of consent management. Processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG. You can withdraw or change your consent at any time in Consent Management.
Transfer of data
In addition, Meta Platforms Inc., 1 Meta Way, Melo Park, California94025-1453 is certified under the EU-U.S. Data Privacy Framework Program. The EU-U.S. Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
We do not share any personal data ourselves.
Objection options
Meta users can influence the extent to which their user behavior may be recorded under the advertising preferences settings in Facebook or Instagram. Other options include the Facebook settings, the consent management on our homepage or the right of objection form. Processing of information using the Meta cookies can be prevented by not allowing third-party cookies or Facebook or Instagram cookies in your own browser settings.
Order processing contract
For the processing of data, for which Facebook acts as a processor, we have concluded an order processing agreement with Meta Platforms, in which we oblige Meta Platforms to protect our customers' data and not to pass it on to third parties.
In order to display our content correctly and graphically appealing across browsers, we use “Google Fonts” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) to display fonts.
We have integrated this script library locally on our web server, so that when you visit our website, no connection to Google is established and no “Google cookie” is set.
Legal basis of processing
The legal basis for the integration of Google Fonts is our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO in a correct and graphically appealing presentation of the website. Since we have integrated the script library locally on our own web server, there is no data transfer to Google. There is therefore no need for your express consent to the use of Google Fonts.
Sharing data
By integrating the script library locally on our web server, no data is passed on to third parties.
Storage period
By integrating the script library locally on our server, no personal data is collected.
As operators of this Instagram page, we (Nesto Software GmbH. Tullastr.58, 76131 Karlsruhe, Germany) together with the operator of the social network Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland a company of Meta Platforms Inc., 1 Meta Way, Menlo Park, California 94025-1453, USA) responsible within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When you visit our Instagram page, personal data is processed by those responsible. In the following, we will inform you which data is involved, how it is processed and what rights you have in this regard.
As the person responsible for this site, we have reached agreements with Meta, which, among other things, regulate the conditions for using the Instagram page. Instagram's terms of use and the additional guidelines and conditions listed there are decisive.
The processing of the information should, among other things, enable Facebook to improve its advertising system, which it disseminates via its network. On the other hand, it should enable us, as the operator of the Instagram page, to obtain statistics that Facebook creates based on visits to our Instagram page. This is the purpose of managing the marketing of our activities. For example, this enables us to become aware of profile visitors who appreciate our Instagram page or use application pages to provide them with more relevant content and develop features that could be of greater interest to them.
In order for us to better understand how we can better achieve our goals with our Instagram page, demographic and geographical evaluations are also prepared based on the information collected and made available to us. We can use this information to place targeted interest-based advertisements without immediately knowing the identity of the visitor. If visitors use Facebook on several devices, the collection and evaluation can also be carried out across devices if they are re-registered visitors logged in to their own profile.
The visitor statistics compiled are transmitted exclusively in anonymous form to us. We have no access to the respective underlying data.
We operate this Instagram page to present ourselves to Instagram users and other interested people who visit our Instagram page and to communicate with them. Users' personal data is processed on the basis of our legitimate interests in an optimized company presentation (Art. 6 para. 1 lit. f DSGVO).
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TDDDG,insofar as consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be withdrawn at any time.
We have no influence on the collection of data by Instagram, nor on the existing data processing processes on Facebook. We are also not aware of the scope of data collection, the purposes of processing or the stored storage periods. The transfer of data to anonymized statistics cannot therefore be ruled out.
When you visit our Instagram page, it is possible that some of the information collected may also be processed outside the European Union by Facebook Inc., based in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. If so, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse on your part. In the consent management of the Instagram page, you decide for yourself whether you want to agree to such a transfer or not. In such a case, the transfer is made on the basis of your consent in accordance with Art. 49 para. 1 lit. a DSGVO.
In addition, Meta Platforms Inc., 1 Meta Way, Melo Park, California94025-1453 is certified under the EU-U.S. Data Privacy Framework Program. The EU-U.S. Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
We do not share any personal data ourselves.
Instagram users can influence the extent to which their user behavior may be recorded when visiting our Instagram page under advertising preferences settings. The Facebook and Instagram settings offer further options at:
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/, the consent management of the fan page or the right of objection form at:
https://www.facebook.com/help/contact/1994830130782319
The processing of information using the cookie used by Facebook can also be prevented by not allowing third-party cookies or Facebook cookies in your own browser settings.
The agreements with Facebook also on joint responsibility essentially mean that requests for information and the assertion of further data subject rights are usefully asserted directly with Facebook. Because as a provider of the social network and the option to integrate Facebook pages there, Facebook alone has immediate access to the required information and can also immediately take any necessary measures and provide information. Should our support be required, we can be contacted at any time.
Further information about our contact details, the rights of data subjects vis-à-vis us and how we otherwise process personal data can be found in this privacy policy.
Information on how Facebook handles personal data on Instagram can be found in their privacy policy at https://help.instagram.com/519522125107875
As the operator of this YouTube site, we are (Nesto Software GmbH.tullastr. 58, 76131 Karlsruhe, Germany) jointly with the operator of the YouTube website (YouTube LLC, 901 Cherry Ave., San Bruno, CA94066, USA a subsidiary of Google LLC, 160 Amphitheatre Parkway, MountainView, CA 94043-1351, USA) responsible within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When you visit our YouTube page, personal data is processed by those responsible. In the following, we will inform you which data is involved, how it is processed and what rights you have in this regard.
All YouTube privacy settings must be made in the Google account. As the person responsible for this site, we have concluded agreements with Google which, among other things, regulate the conditions for using Google services (here: YouTube). The terms of use of YouTube at: https://www.youtube.com/static?gl=DE&template=terms&hl=de and from Google at: https://policies.google.com/terms?hl=de are decisive
The processing of information should, among other things, enable YouTube to improve its advertising system, which it disseminates via its network. In addition, it should enable us, as the operator of the YouTube site, to receive statistics that YouTube creates based on visits to our YouTube page. This is intended to manage the marketing of our activity. For example, this enables us to gain knowledge of the profiles of visitors who appreciate our YouTube page or use applications on the site in order to be able to provide them with more relevant content and develop features that may be of greater interest to them.
So that we can better understand how we can better achieve our goals with our YouTube page, demographic and geographical evaluations are also prepared on the basis of the information collected and made available to us. We can use this information to display targeted, interest-based advertisements without immediately knowing the identity of the visitor. If visitors use YouTube on multiple devices, the collection and evaluation can also be carried out across devices if they are registered visitors logged in to their own profile. The generated visitor statistics are transmitted to us exclusively in anonymized form. We have no access to the respective underlying data.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) in the sense of TDDDG. The consent can be withdrawn at any time.
We have no influence on the collection of data by Google, nor on Google's existing data processing processes. We are also not aware of the scope of data collection, the purposes of processing or the stored storage periods. The transfer of data to anonymized statistics cannot therefore be ruled out.
When you visit our YouTube site, it is possible that some of the information collected is also processed outside the European Union by YouTube LLC or Google Inc., based in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. There is therefore a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without recourse. In the consent management of the YouTube page, you decide for yourself whether you want to agree to such a transfer or not. In such a case, the transfer is made on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
In addition, GoogleLC, 160 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA certified according to the EU-U.S. Data Privacy Framework Program. The EU-U.S. DataPrivacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. The certification certificate can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
We do not share any personal data ourselves.
YouTube users can influence the extent to which their user behavior may be recorded when visiting our YouTube page under their Google account settings. See also: https://policies.google.com/privacy?hl=de#infochoices. The fan page consent management offers further options.
The processing of information using the cookie used by YouTube or Google can also be prevented by not allowing third-party cookies or those from YouTube or Google in your browser settings.
The agreements with YouTube and Google also on joint responsibility essentially mean that requests for information and the assertion of further data subject rights are usefully asserted directly with YouTube or Google. Because as providers of the social network and the option to integrate YouTube pages there, YouTube or Google only have the information required via the immediate access options and can also immediately take any necessary measures and provide information. However, should our assistance be required, we can be contacted at any time.
Further information about our contact details, the rights of data subjects vis-à-vis us and how otherwise personal data is processed by us can be found in this privacy policy.
Information on YouTube's handling of personal data on Google can be found in the privacy policy (https://policies.google.com/privacy?hl=de).
As the operator of this LinkedIn page, we (Nesto Software GmbH. Tullastr. 58, 76131 Karlsruhe, Germany) together with the operator of the social network LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland a company of Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, United States) Responsible person as defined in Article 4 No. 7 of the General Data Protection Regulation (GDPR). When you visit our LinkedIn page, personal data is processed by the person responsible. In the following, we will inform you which data is involved, how it is processed and what rights you have in this regard.
As the person responsible for this site, we have made agreements with LinkedIn, which, among other things, govern the conditions for using the LinkedIn page. The terms of use of OnlinkedIn are decisive at: https://www.linkedin.com/legal/user-agreement?src=or-search&veh=www.google.com%7Cgo-pa&trk=sem_lms_gaw
The processing of the information should, among other things, enable LinkedIn to improve its advertising system, which it disseminates via its network. On the other hand, it should enable us, as the operator of the LinkedIn page, to receive statistics that LinkedIn creates based on visitors to our LinkedIn page. This is the purpose of managing the marketing of our activities. For example, this enables us to gain knowledge of the profiles of visitors who use our LinkedIn page estimates or site applications in order to be able to develop relevant content and features for you that could be of greatest interest to you.
In order for us to better understand how we can better achieve our goals with our LinkedIn page, demographic and geographical evaluations are also used on the basis of the information collected and made available to us. This information can be used wirewise to place targeted interest-based advertisements without immediately gaining knowledge of the visitor's identity. If remote visitors use LinkedIn on multiple devices, the collection and evaluation can also be carried out across devices if they are registered visitors who are logged in to their own profile.
The generated visitor statistics are transmitted to us exclusively in anonymized form. We have no access to the respective underlying data.
We operate this LinkedIn page to present ourselves to LinkedIn users and other interested persons who visit our LinkedIn page and to communicate with them. Users' personal data is processed on the basis of our legitimate interests in an optimized company presentation (Art. 6 para. 1 lit. f DSGVO).
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) in the sense of TDDDG. The consent can be withdrawn at any time.
When you visit our LinkedIn site, it is possible that some of the information collected may also be processed outside the European Union by Microsoft Corporation based in the USA. We point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. If so, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly even without legal remedies. In consent management on the LinkedIn page, you decide for yourself whether you want to agree to such a transfer or not. In such a case, the transfer is made on the basis of your consent in accordance with Art. 6 para. 1 lit. a DSGVO.
In addition, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA certified according to the EU-U.S. Data Privacy Framework Program. The EU-U.S. Data Privacy Framework is a bilateral adequacy decision for the transfer of personal data from the EU to the USA. You can find proof of certification here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active
We do not share any personal data ourselves.
LinkedIn users can influence the extent to which their user behavior may be recorded when visiting our LinkedIn page. LinkedIn offers further options in the LinkedIn account settings and via the consent management of the fan page.
The processing of information from the cookie used by LinkedIn can also be prevented by not allowing cookies from third-party providers or those from LinkedIn in your own browser settings.
The agreements with LinkedIn also on joint responsibility essentially mean that requests for information and the assertion of further data subject rights are usefully asserted directly with LinkedIn. Because as a provider of the social network and the option to integrate LinkedIn pages there, LinkedIn alone has immediate access to the required information and can also immediately take any necessary measures and provide information. Should our support be required, we can be contacted at any time.
Further information about our contact details, the rights of data subjects vis-à-vis us and how personal data is otherwise processed by us can be found in this privacy policy.
Information about LinkedIn's handling of personal data on LinkedIn can be found in their privacy policy (https://www.linkedin.com/legal/privacy-policy?_l=de_DE).
20. Data protection in applications and in the application process
We offer you the opportunity to apply to us (e.g. via our applicant platform or by email or post). In the following, we will inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other legal regulations and that your data is kept strictly confidential.
Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. Detailed information about the type and scope of the data collected can be found at (X). [GH1]
The legal basis for this is § 26 BDSG (initiation of an employment relationship), Art. 6 para. 1 lit. b DSGVO (general contract initiation) and — if you have given consent — Art. 6 para. 1 lit. a GDPR. The consent can be withdrawn at any time.
Within our company, your personal data will only be shared with people who are involved in processing your application.
If the application is successful, the data you submit will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.
Retention period of data
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you have provided with us for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR).
The data is then deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has elapsed (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
Longer storage may also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations preclude deletion.
Order processing
To handle the administrative process of the application process, we use the services of
Mana GmbH
Glückstraße 10
90763 Furth
email: info@mana-hr.com
as a service provider for job advertisements, for the analysis of applications and the technical processes of the application process via the application platform.
We have concluded an agreement with the subcontractor in accordance with Art. 28 GDPR for order processing.
a) Right to information
You can exercise your right of information from us at any time in accordance with Article 15 GDPR as to whether personal data concerning you is being processed by us.
b) Right to rectification
You can exercise your right of rectification against us in accordance with Article 16 GDPR and request the correction of incorrect personal data concerning you at any time.
c) Right to restrict processing
You can exercise your right to restrict processing in accordance with Article 18 GDPR at any time and request the restriction of processing as long as the legal requirements for this are met.
d) Right to deletion
You can exercise your right of deletion against us at any time in accordance with Article 17 GDPR and request that personal data relating to you be deleted immediately if this data is no longer necessary for the purposes for which it was collected or otherwise processed. This right of deletion may be precluded by other legal obligations (e.g. storage obligations).
e) Right to be informed
You can exercise your right to be informed against us in accordance with Article 19 GDPR at any time. If you have asserted a right to delete, correct or restrict the processing of personal data concerning you, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of the correction or deletion of the data or the restriction of processing, unless this proves impossible or only involves disproportionate effort. You have the right to be informed about these recipients.
f) Right to data portability
You can exercise the right to data portability with us in accordance with Art. 20 GDPR at any time. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another person responsible if this is technically feasible.
g) Right to object to data collection in special cases and to direct marketing (Art. 21 DSGO)
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) letter e or f GDPR; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims (objection under Article 21 (1) GDPR).
If we process personal data for direct marketing purposes, the person concerned has the right to object at any time to the processing of personal data for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If the data subject objects to us processing for direct marketing purposes, we will no longer process the personal data for these purposes (objection under Article 21 (2) GDPR).
h) Right to withdraw consent under data protection law
You have the right to withdraw your data protection consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the time of withdrawal.
i) Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular the Member State of your habitual residence, place of work or place of alleged infringement, if you believe that the processing of personal data concerning you is contrary to the GDPR.
Unless otherwise stated:
The person responsible for processing processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or insofar as this has been provided for in laws or regulations to which the controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by another competent legislator expires, the personal data will be blocked or deleted in accordance with legal requirements.
Unless stated otherwise:
Art. 6 para. 1 sentence 1 lit. a GDPR serves as a legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, in processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 paragraph 1 sentence 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for compliance tax obligations, the processing is based on Art. 6 paragraph 1 sentence 1lit. c GDPR. In rare cases, the processing of personal data could be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Processing would then be based on Art. 6 paragraph 1 sentence 1 lit. DDS GVO.
Ultimately, processing operations could be based on Art. 6 paragraph 1 sentence 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary to protect the legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the data subject is a customer of the person responsible (recital 47 sentence 2 GDPR).
If the processing of personal data is based on Article 6 paragraph 1 sentence 1 lit. FdS-GVO, our legitimate interest is to carry out our business activities for the benefit of all our employees and shareholders.
The criterion for the duration of storage of personal data is the respective legal retention period. At the end of the period, the corresponding data will be routinely deleted, provided that it is no longer required to fulfill or initiate a contract.
We will inform you that the provision of personal data is required by partial law (e.g. tax regulations) or may result in non-contractual arrangements (e.g. information about the contractual partner).
In order to conclude a contract, it may be necessary for a data subject to provide inpersonal data, which must subsequently be processed by us. For example, the data subject is required to provide us with personal data when our company concludes a contract with him. Failure to provide personal data would mean that the contract with the person concerned could not be concluded.
Before personal data is provided by the data subject, the data subject must contact the person responsible under 2 or our data protection officer under 3. On a case-by-case basis, we will inform the person concerned whether the provision of personal data is required by law or contract or for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.
1) This[Günter Hi2] The privacy policy was created in the marked points by the privacy statement generator, which is operated and made available in cooperation between DGD DeutscheGesellschaft für Datenschutz GmbH, Dachau (available at: https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de) and the law firm Wilde/Beuger/Solmecke Rechtsanwälte GbR, Cologne (available at: https://www.wbs-law.de/it-recht/datenschutzrecht/datenschutzerklaerung-generator/). These texts are subject to the copyright of DGD DeutschGesellschaft für Datenschutz GmbH, Dachau and Kanzleiwilde/Beuger/Solmecke Rechtsanwälte GbR, Cologne.
[GH1] Here we should store the information for applicants in accordance with Art. 13 GDPR.
[Günter Hi2] The notice must also be placed on the website, as I have removed these parts from the generator and the copyrights are held accordingly by DGD and WBS.