Privacy Policy

Data Protection Policy

Last Update: 10. June 2025

Introduction

With the following data protection policy, we inform you about the purposes and scope of the processing of your personal data (hereinafter "data"). This data protection policy applies to all processing of personal data by us in the context of providing our services, in particular on our websites, mobile applications, and external online presences (e.g., social media pages, collectively "online presences").

Controller

Györbiro, Holocsi & Kovács Sprachschulen GbR
Linzer Str. 88b
70469 Stuttgart
Germany

E-mail address: info@level-up.stuttgart.school

Overview of processing operations

The following overview summarizes the types of data processed and the purposes for which they are processed and applies to the data subjects.

Types of data processed

  • Inventory data
  • Employee Data
  • Payment data
  • Contact data
  • Content data
  • Content data
  • Linked data
  • Applicant data
  • Driver Log data
  • Activity and behavior data
  • Usage data
  • Meta, communication and process data
  • Social data
  • Job applicant details
  • Images and/ or video recordings
  • Audio recordings
  • Log data
  • Performance and behavioural data
  • Working time information
  • Credit data
  • Salary information

Special Categories of data

  • Health information
  • Religious or ideological beliefs
  • Trade union membership

Categories of data Subjects

  • Training and continuing education participants
  • Communication partners
  • Service users and customers
  • Employees
  • Users
  • Interested parties
  • Applicants
  • Business and contractual partners
  • Interested parties
  • Third parties

Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Office and organisational procedures
  • Organisational and Administrative Procedures
  • Application Procedures
  • Feedback
  • Marketing
  • IT infrastructure
  • Establishment and execution of employment relationships
  • Information technology infrastructure
  • Financial and payroll accounting
  • Public relations
  • Sales promotion
  • Business processes and management procedures

Relevant legal bases

Relevant legal bases of the GDPR: Below you will find an overview of the legal bases of the GDPR under which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection laws in your or our country of residence may also apply. Should different legal bases apply in individual cases, we will inform you of this in the privacy policy.

  • Conclusion of contract and pre-contractual inquiry (Art. 6 (1) (b) GDPR) – The conclusion of a contract requires the conclusion of a contract to which the data subject is a party, or the implementation of measures taken at the request of the data subject to conclude the contract.
  • Legitimate interests (Art. 6 (1) (f) GDPR) – Processing is necessary to protect the legitimate interests of the controller or a third party, unless these outweigh the interests, fundamental rights, and fundamental rights of the data subject to the protection of personal data.
  • Consent (Art. 6 (1) (a) GDPR) – The data subject has given their consent to the processing of personal data for one or more specific purposes.
  • Legal obligations (Art. 6 (1) (c) GDPR) – Processing is necessary to fulfill the legal obligations of the controller.
  • Processing of various categories of health, employment, and social data (Article 9 (2) (h) GDPR) – Processing is necessary for the purposes of preventive healthcare or occupational medicine, assessing employees' ability to work, for medical diagnosis, providing healthcare or treatment in accordance with Union or Member State law or in accordance with an agreement with a healthcare professional.
  • Application process as a pre-contractual or contractual relationship (Article 6 (1) (b) GDPR) – If various types of personal data within the meaning of Article 9 (10) (2) (b) GDPR are processed as part of the application process, to protect the vital interests of applicants or other persons pursuant to Article 9 (10) (2) (c) GDPR, or for the purposes of preventive healthcare or occupational medicine, the assessment of an employee's ability to work, medical diagnostics, care or treatment in a healthcare or social care facility, or the administration of practices and services in a healthcare or social care facility pursuant to Article 9 (2) (h) GDPR. If various types of information are provided based on voluntary consent, processing is carried out in accordance with Article 9 (2) (a) GDPR.

German data protection law. In addition to the GDPR, German data protection law also applies in Germany. This includes, in particular, the Directive on the Protection of Personal Data against Misuse (Data Protection Directive – BDSG). The BDSG contains specific provisions regarding the right to information, the right to erasure, the right to object, the processing of personal data, processing for other purposes, as well as transfer and automated decision-making. In addition, the data protection laws of the respective jurisdiction may apply.

Third country (outside the EU and Switzerland): The data protection laws in the controller's country of residence apply to the GDPR data protection provisions. Some provisions of these Terms may go beyond the scope of the GDPR. These include protection against misuse, the right to information and erasure, the right to object, the processing of personal data, processing for other purposes, as well as transfer and automated decision-making.

Precautionary Measures

We look forward to welcoming more of our customers and clients in the UK and having them become part of the digital experience.

This includes, in particular, confidentiality, integrity, and physical and technical control of data, including access, encryption, access, and sharing. In addition, we have implemented procedures to ensure data protection compliance, data collection, and incident response. In addition, we believe that we can protect personal data through the design and selection of applications, systems and systems in a data protection-compliant manner and the implementation of standardized data protection policies and procedures.

IP address shortening: When an IP address is processed by us or by third parties and technologies we use, the IP address is shortened (also known as "IP masking") by removing the last two digits or parts of the IP address after a certain period of time. The purpose of IP address shortening is to prevent or disrupt the identification of an individual based on their IP address.

Internet connections are secured with TLS/SSL (HTTPS) encryption technology. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of data transmission on the Internet. These technologies protect information from unauthorized access by encrypting the data between a website or application and the browser (or between two servers). TLS, a secure version of SSL, ensures the highest level of security for data traffic. If a website is protected with an SSL/TLS certificate, this is indicated by the inclusion of HTTPS in the URL. This signals to users that their data is secure.

Transfer of Personal Data

Our use of personal data may involve the transfer or disclosure of your data to other companies, organizations, corporate groups, or individuals. Recipients of this data may include, for example, providers of IT-related services or providers of integrated services and website content. In such cases, we have entered into appropriate agreements with the data subjects to comply with legal requirements, in particular with regard to data protection.

We strive to provide efficient and effective solutions that meet the needs of our customers and their customers, as well as their customers, suppliers, and customers.

International Studies

In the fourth quarter of 2020, the country's economy suffered from the pandemic. The 2013/14 election introduced the death penalty. If the data protection standard in the third country is clearly defined and identified (Article 45 GDPR), this forms the basis for data transfers. Otherwise, data transfers will occur once the cache level is specified. We will also inform you about the reasons for data transfers by each international transport company, for which appropriate decisions are prioritized. Details regarding exports and adequacy decisions can be found in the information provided by the EU Commission. This decision, dated July 10, 2023, recognizes that data protection standards are too high for some companies in the United States. Information about this can be found at https://www.dataprivacyframework.gov/ (in English).

In this Privacy Policy, we inform you whether our service providers have rights under this Privacy Policy.

Information on data storage and retrieval

We delete the personal data we process in accordance with legal requirements as soon as processing has ended or the legitimate purpose no longer exists. This is appropriate when the original purpose no longer applies or the information is no longer needed. Exceptions to this rule apply when legal or special interests require longer retention or storage of the data.

In principle, information that must be protected for commercial, tax, or legal reasons, or to protect legally recognized third-party rights, must be stored securely.

Our Privacy Policy contains further information on data storage and deletion in connection with specific services.

If multiple retention or retrieval intervals are specified for a specific date, the longer interval applies.

If a period does not begin on a specific date, it automatically begins at the end of the year in which the triggering event occurs. For ongoing contracts between databases, the triggering date is the date of termination or suspension of legal proceedings. We process your data for legal or other reasons that justify its retention, even if we do not store your data for the original purpose.

Further information on procedures, methods, and services:

  • Data storage and deletion: The following retention periods apply to data storage and retrieval under German law:
    • 10 Years - Retention period for books and records, annual financial statements, inventories, management reports, opening financial statements, as well as company regulations and other documents necessary for understanding, accounting documents, and payment receipts (Section 14 (13) in conjunction with Nos. 4 and 4 (4) UStG, Section 257 (1) Nos. 1 and 4 HGB).
    • 6 Years - Other business documents: sales invoices, cash register receipts, other tax-relevant documents, e.g. B. Plans, contracts, accounting documents, accounting statements, but not payment documents, accounting documents, and invoices (Section 147 (3) in conjunction with Chapter 1 Nos. 2, 3, and 5 of the German Fiscal Code (AO), Chapter 1 (17) of the German Commercial Code (HGB).
    • 3 Years - Data required for the assessment of complaints, warranty claims, or similar claims and approvals, as well as for the processing of complaints based on historical business data and user experience, will be stored for three years (Sections 195 and 199 of the German Civil Code).

Rights of Data Subjects

Rights of the Data Subjects under the GDPR: As a data subject, you have a number of rights under Articles 15 to 21 of the GDPR:

  • Right to Objection: You have the right to object to the processing of your personal data for data protection reasons at any time in accordance with Article 6 (1) (e) or (f) of the GDPR. This also includes classification based on these criteria. If your personal data is used for marketing purposes, you have the right to object to the processing of your personal data for such marketing purposes at any time. This also applies to the provision of marketing consistency.
  • Right of withdrawal: You have the right to withdraw your consent at any time.
  • Right of access: You have the right to receive confirmation that the requested data is being used and to receive this information and, where permitted by law, further information and a copy of this data.
  • Right to rectification: You have the right to request the rectification of your personal data or the rectification of inaccurate data in accordance with the law.
  • Right to erasure and restriction of processing: You have the right to request the immediate erasure of your personal data or the restriction of processing in accordance with the law.
  • Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transmitted to another controller.
  • Complaint to a supervisory authority: You have the right to lodge a complaint with a supervisory authority in accordance with the law and without prejudice to any administrative or judicial proceedings. You have the right to lodge a complaint with a data protection officer, in particular with the data protection officer. You have the right to lodge a complaint with a data protection authority, in particular with the data protection authority in your country of residence, if you believe that the processing of your personal data violates the GDPR.

Business services

We work with our contractual and business partners, i.e., our customers and stakeholders (collectively, "Contractual Partners"), within the framework of contractual and similar legal relationships, as well as to carry out related and related measures with Contractual Partners (or pre-contractual measures), for example, to respond to inquiries.

We use this information to fulfill our contractual obligations. This includes, in particular, the obligation to provide the agreed services, any repair obligations, and warranty and other remedial measures in the event of service interruptions. We also use information to protect our rights and for the associated administrative activities and for the organization of the company. We also process data based on our legitimate interests in the proper and efficient conduct of our business operations in order to protect our contractual and business partners from misuse and damage to their data, confidentiality, information, and rights (e.g., telecommunications, support, transport, and other services, as well as subcontractors, banking advisory services, and legal advisors). Within the framework of applicable law, we only share contractual partners' data with third parties if this is necessary for the purposes stated above or to fulfill legal obligations. Contractual partners are informed about other types of processing, such as for marketing purposes, within the framework of this privacy policy. For example, we inform contractual partners before and during data collection about the information required for the aforementioned purposes, for example in an online form, through special markings (e.g., colors) or symbols (e.g., stars, etc.), or in person.

We delete the data after the expiration of statutory warranty and similar obligations, i.e., generally after four years, unless the data is stored in the customer account for statutory archiving purposes (e.g., for tax purposes, in particular, ten years). We generally delete the data that the contractual partner has provided to us as part of an order after the order has been completed.

Types of data processed: Inventory data (e.g., full name, residential address, contact details, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact details (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, expiration date, customer category).

  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational processes; organizational and administrative processes; business processes and operational procedures.
  • Special categories of personal data: Health Data.
  • Data subjects: Service recipients and customers; interested parties; business and contractual partners; training and course participants.
  • Storage and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion."
  • Legal Basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legal obligation (Art. 6 (1) (c) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processes, methods, and services:

  • Employee training: The processes involved in employee training include the collection and management of customer information, the collection, storage, and use of contact data, training preferences, and individual goals. Extensive health information such as allergies, pre-existing conditions, medications, and injury history is collected at the beginning of the coaching relationship to develop safe and effective training programs. Personal fitness information is used to create personalized training plans based on personal fitness information, goals, and to measure client progress. Personal data is used to coordinate training days and locations to ensure consistency and communication. Regular fitness assessments and performance tests require the collection and analysis of individual performance data to track progress and adjust training plans. Additional personal data is collected for add-on services such as nutritional advice or lifestyle coaching to ensure comprehensive support. To continuously improve training quality and client satisfaction, we conduct regular feedback sessions and reviews, which may contain personal data. Communication with clients takes place via various channels such as email, telephone, or messenger services. Personal data is exchanged to schedule appointments, answer questions, and provide support. Legal bases: Contractual and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligations (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).
  • Training and continuing education offerings: We process data from participants in our training and continuing education programs (hereinafter "trainees") to provide our continuing education offerings. The data processed, as well as the type, scope, purpose, and necessity of the processing, depend on the respective contractual relationship and the relationship established. These types of processing include the evaluation of our services and the performance of our lecturers. As part of our activities, we may process special categories of data, in particular data on the health status of training and continuing education participants, as well as data revealing ethnic origin, political opinions, religious or ideological beliefs. For this purpose, we obtain the express consent of the training and continuing education participants and process special categories of data to the extent necessary to protect the health, social security, or vital interests of the training and continuing education participants. Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
  • Training: We process data from our clients, interested parties, and other customers or contractual partners (collectively, "customers") in order to provide them with our services. The processes carried out within the framework of training and for training purposes include: contacting and communicating with customers, needs analysis to determine suitable training measures, planning and conducting training, logging the training process, collecting and managing customer-specific data and information, planning and organizing training materials, consulting, billing, and monitoring and supporting feedback processes for training and quality assurance.

    • The type, scope, purpose, and necessity of the data processed are determined by the internal contract and the customer relationship.

    If this is necessary to protect vital interests for our contract processing or is required by law, or the customer has consented, we will disclose or transmit customer data to third parties or agents, such as authorities, accounting firms, or to comply with professional regulations in the field of IT, office, or similar services. Legal basis: Contractual performance and pre-contractual inquiries (Article 6 (1) (b) GDPR).

Consulting

We provide services to our customers, prospective customers, and other clients or contractual partners (collectively referred to as "customers"). The processes within the scope and purpose of consulting include contacting and communicating with customers, conducting needs and requirements analyses, planning and implementing consulting projects, documenting project progress and results, collecting and managing customer-related data and information, planning and organizing consulting sessions, providing consulting resources and materials, and providing quality assurance and billing services and feedback. The data processed, as well as the type, scope, purpose, and necessity of their processing, are determined by the internal contract and the customer relationship.

We disclose or transmit customer data to third parties or agents, for example, authorities, subcontractors, or specialists in IT, office, or similar services, provided this is necessary to fulfill our contractual obligations or with the customer's consent. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Online courses and online training courses: We process data of participants in our online courses and online training courses (hereinafter collectively referred to as "participants") to provide our course and training services. The data processed in this process, as well as the type, scope, purpose, and necessity of their processing, are determined by the respective contractual relationship. The data generally includes information on the courses and services used and, to the extent that these are part of our services, employee profiles, and participant results. These types of processing include the evaluation and performance assessment of our services as well as the courses and trainers. Depending on the type and structure of the learning content or the characteristics of the course, further processing operations may be necessary, such as: B. tracking participation, collecting test and exam results to measure and analyze learning progress, and analyzing interactions on learning platforms, such as post-work platforms and submissions. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Business procedures and processes

Personal data of service recipients and customers – clients, customers, or in exceptional cases, customers, patients, business partners, and other third parties – is processed within the framework of contractual and comparable legal relationships as well as pre-contractual measures, such as establishing business relationships. This data processing supports and simplifies business processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The data collected serves to fulfill contractual obligations and better organize business processes. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies, and the management of internal accounting and financial processes. In addition, this data serves to protect the rights of the controller and to support administrative tasks and company organization.

Personal data may be passed on to third parties if this is necessary to fulfil the stated purposes or due to legal obligations. The data will only be deleted when the statutory retention periods have expired or the purpose of processing no longer applies. In addition, there is data that must be retained for longer periods due to tax and legal requirements. • Type of data processed: Inventory data (e.g. full name, address, contact details, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact details (e.g. postal and email addresses or telephone numbers); content data (e.g. text or image messages and contributions as well as relevant information such as author or time of creation); contract data (e.g. subject matter of the contract, term, customer category); log data (e.g. logs or data retrievals or access times); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, types of device and operating system used, interactions with content and functions); Credit information (e.g., obtained credit score, predicted probability of default, risk category based on it, historical payment behavior); metadata, communication, and system data (e.g., IP addresses, timestamps, account numbers, parties involved).

  • Data subjects: Service users and customers; prospective customers; communication partners; business and contractual partners; third parties; users (e.g., website visitors, users of online services); customers; employees (e.g., employees, applicants, temporary workers, and other employees).
  • Processing purposes: Provision of contractual services and fulfillment of contractual obligations; office and organizational processes; business processes and administrative procedures; communication; marketing; sales promotion; public relations; credit and credit checks; payment transactions; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.))
  • Storage and deletion: Deletion takes place in accordance with the information in the section "General information on data storage and deletion."
  • Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR); Legitimate interests (Art. 6 (1) (f) GDPR); Legal obligation (Art. 6 (1) (c) GDPR).

Further information on processing procedures, processes, and services:

  • Customer management: Customer management: Mandatory measures within the scope of customer management include, for example, the development of strategies for acquiring, initiating, and retaining new customers, as well as ensuring effective customer communication and appointment scheduling. Comprehensive customer services are provided. These procedures also include the maintenance and management of customer files, the secure documentation of legal processes, and the protection of the confidentiality and integrity of customer data. In addition, processes have been defined for the transfer of customer information to third parties such as courts or other legal service providers. As soon as customer data no longer needs to be deleted or the statutory retention period expires, secure deletion procedures compliant with data protection regulations are implemented. Legal Basis: Contractual performance and pre-contractual review (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interest (Art. 6 (1) (f) GDPR).
  • Contact management and contact maintenance: Procedures for organizing, managing, and protecting contact data (e.g., setting up and maintaining a central contact database, regularly updating contact data, monitoring data integrity, implementing data protection measures, ensuring access controls, backing up and restoring contact data, training employees in the effective use of contact management software, regularly reviewing communication history, and adapting contact strategies); Legal Basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).
  • General Payment Transactions: Procedures for processing payment transactions, monitoring bank accounts, and controlling payment flows (e.g., creating and verifying transfers, processing direct debits, checking account statements, monitoring incoming and outgoing payments, managing direct debits, reconciliation, cash management); Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR). • Accounting, accounts payable, accounts receivable: Procedures for recording, processing, and controlling business transactions in accounting (e.g., creating and checking incoming and outgoing invoices, monitoring and maintaining open items, managing payment transactions, processing receivables, reconciling accounts receivable and accounts receivable, balancing accounts payable and accounts receivable; Legal Basis: contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).
  • Tax and financial accounting: Transaction recording processes with significant financial implications, including accounting, reporting, and taxes (e.g., maintaining accounting and transaction records, preparing quarterly financial statements, and accounting, accounting, accounting, accounting, and tax administration). Legal Issues: contractual performance and non-contractual issues (Art. 6 (1) (b) GDPR), legal obligations (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).
  • Marketing, advertising, and sales activities: Requires responsibilities in the areas of marketing, advertising, and sales (e.g., market research and target audience analysis, development of marketing strategies, planning and implementation of campaigns, active online marketing plans, management of online SEO and customer success, customer service and customer support). Legal Issues: Legitimate interests (Art. 6 (1) (f) GDPR).
  • Public Relations: Responsible for public relations and public relations (e.g., creation and implementation of advertising, planning of PR campaigns, creation and editing of press releases, management of media relations, conducting meetings and meetings with local event journalists for advertising and social media); Legal Issues: Legitimate interest (Art. 6 (1) (f) GDPR).

Use of Cookies

The term "cookies" refers to the processing and storage of information on users' devices. Cookies are used externally for various purposes, for example To improve information, security, and online services, and to analyze visitor movements. We use cookies to save individual settings. Where appropriate, we require the translator's prior consent. If we cannot consent, we may rely on our legitimate interests. In this context, data management and filtering is crucial for providing relevant information and services immediately. This means establishing direct connections and improving the performance and security of our online services. Consent can be renewed at any time. We will explain the nature of this consent and the cookies used.

Data collection notice: The use of cookies for personal data is based on our belief that the following reasons are valid. Should we object, we may rely on our legitimate interests as set out in this section and our terms of use and policies.

Specification: The following types of cookies are set:

  • Temporary cookies (also: session cookies): Temporary cookies are set when a user (via a browser or mobile device) successfully completes an online order.
  • Persistent cookies: Persistent cookies can also be displayed on the subpage. For example, they can display income status and provide requested information directly upon visiting a website. The information obtained through cookies is therefore used for communication. Unless we explicitly inform you how the cookie is shared (e.g., through a contract), you should be aware that these methods are available and can be valid for up to two years.

General withdrawal and opt-out notices (if applicable): Users can withdraw their consent at any time and retain the website's privacy restrictions.

  • Types of data processed: Meta, data, and application features (e.g., IP addresses, timestamps, calls, personal calls).
  • Authenticated data: Users (e.g., web searchers, internet service users).
  • Legal component: Legitimate interest (Art. 6 (1) (f) GDPR). Consent (Art. 6 (1) (a) GDPR).

Further information on recruitment, personnel, and human resources:

  • Cookie information Permissive storage: We only use the consent solution if the user has consented to the use of cookies or if they are integrated as part of the consent solution and in connection with the offer. These privacy practices include the use of cookies and similar technologies to communicate, display, and process data. This Privacy Policy includes the user's consent to the use of cookies and related information about the services, as well as the services and specific features described in the access. It also allows users to change likes and share. Consent statements are provided to demonstrate the clarity of reason and to meet the necessary requirements at the consent stage. The information is processed on the server and/or through the use of cookies (so-called opt-in cookies) or similar technologies to enable a specific user to consent to these services. If no specific information is provided to applicants in the Investment Services area, please note the following: A pseudonymous user identity will be created, and access times, login attempts (i.e., cookie categories and/or activities), as well as information about the user's browser, system, and device will be stored. Legal Basis: Voluntary consent (Art. 6 (1) (a) GDPR).

Online meetings, video conferences, webinars, and screen sharing

We offer professional facilities and applications (hereinafter referred to as "conference facilities") for video and audio conferences, webinars, and other types of video and audio meetings. We will review the most suitable options in the details of the conference and provide you with optimal advice.

Data analysis via the platform: The platform is essential for analyzing the underlying data. Activities include a summary of the conference (e.g., briefing or meeting) and independent reporting by the parties. Member data in the conference room may be used for security or service management purposes. The service includes personal information (first name), contact information (email, phone number), contact, profile, contact information, Internet IP address, operating system, browser, and technical and language configuration, contact information, i.e., audio and video editors and other editing types (see Appendix B). Information is disseminated through various communication channels, including conference rooms. Registered conference attendees can access schedule information for various conference events.

Recording and logging: Received documents, orders (transmissions), and video and audio recordings are organized and ready for immediate dispatch. You can view details of how conference participants handle data, their data management policies, and the conference guidelines, which is why protecting and managing your data is important to you. Setting up video conferences to ensure data security and privacy during travel is important (e.g., by providing accommodation options, allocating towers and access roads where technically feasible, and considering unknown delays). Links to conference locations and travel information are not displayed due to unintentional comments. Documentation of legal bases: Unlike platforms, we process user data and require users' consent to use platforms or terms and conditions (e.g., written consent in the consent form), provided the legal basis for this consent exists. Furthermore, our service may be necessary for the fulfillment of our contract (e.g., in the participant directory, in the negotiation process, etc.). Otherwise, the processing of personal data is limited to our legitimate interest in effective and secure communication with our communication partners.

Types of information generated: Sales information (e.g., full name, address, contact details, customer list, etc.); contact details (e.g., postal and email addresses or telephone numbers); content (e.g., text or image information and related support and information such as author or production time); usage data (e.g., page views and display duration, number of clicks, intensity and frequency of use, device type and operating system used, interaction with content and services); image and/or video recordings (e.g., photos or video recordings of a person); sound recordings. Recording data (e.g., log files related to access, data access, or access sessions).

Sources of information: Information partners; users (e.g., website visitors, internet users); characters depicted.

For the following purposes: provision of contractual services and fulfillment of contractual obligations; communication; office and organizational functions.

Storage and disposal: Disposal as described in the "General information on storage and disposal" section.

Legal aspects: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on activities, providers, and activities:

Social Media management

We use our online services on social networks and analyze user profiles there to communicate with users active there and to share information about us.

Therefore, we assume that data may be processed outside the European Union. In this case, problems with the product may arise, for example.

Internal social media usage data is used for market research and marketing purposes. For example, users can interact with the spokesperson and thus communicate their information preferences. This profile can then be used to tailor the offerings both within and outside the network to the user's needs. For example, cookies are presented in product designs that reflect ingredients and interests. In addition, user profiles can also reveal information about users' activities (regardless of whether they are members or subscribers of the platforms).

To summarize the various service and waiver forms, we examine the current statements and practices of the various network providers.

Furthermore, in the event of a rejection or conviction, we believe it is more effective if the applicant provides this information. We have only analyzed this data and can directly extract relevant roles and characteristics. If you still need help, please feel free to contact us.

  • Date of use: Contact details (e.g., postal address, email address, or phone number); Access to information (e.g., text or image references and similar information such as authorization information or expiration date); Available data (e.g., page readability and usability, clickable features, usability and frequency, use of apps and applications, interaction with content and services).
  • People affected: Users (e.g., website searchers, users of online services).
  • Goals: Information; Extract (e.g., feedback on an online form); Public works.
  • Language and pronunciation: The pronunciation contains the information in the "General information on language and pronunciation" section.
  • Legitimate reasons: Legitimate interest (Art. 6 (1) (f) GDPR).

Further information on product design, functions and features:

  • Instagram: Social network that allows you to share photos and videos, comment on and favorite articles, send updates and subscribe to profiles and pages; Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legitimate grounds: Legitimate interest (Art. 6 (1) (f) GDPR); Available at: https://www.instagram.com; Date: https://privacycenter.instagram.com/policy/. Basis for ongoing export: Data Privacy Framework (DPF).
  • Facebook Pages: Profiles on the social network Facebook – We work with Meta Platforms Ireland Limited (but no longer do) to collect information about our Facebook fans (the “Fan Page”). This information includes all content users view or interact with, or activities (see "What you and others do and prepare" on Facebook: https://www.facebook.com/privacy/policy/), as well as information about users' usage preferences (see IP address, operating system, browser type, language settings, cookie date; see "Public Preferences" on the right side of Facebook: available at: https://www.facebook.com/privacy/policy/). As described in the Facebook contact information under "How do we use this information?", Facebook collects and uses the information as described above and creates analytics called "Page Insights" to gain insights into how users interact with their Pages and the content associated with them. We have agreed to a special disclosure obligation (“Page Insights,” https://www.facebook.com/legal/terms/page_controller_addendum) with Facebook, which accordingly stipulates that Facebook must integrate any security features and users must check their rights with Facebook based on their actions (i.e., users can, for example, send notifications or deletion requests directly to Facebook). Users' rights (subject to the right to use, distribute, share, and order data under appropriate inspection conditions) are not limited to transactions with Facebook. Further information is available under “Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

    Collective agreement for information gathering by Meta Platforms Ireland Limited, an EU company. The other contractual terms and conditions for transactions hosted by Meta Platforms Ireland Limited relate to the transmission of information by the parent company Meta Platforms, Inc.; EE.UU. Provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Available at: https://www.facebook.com ; Available at: https://www.facebook.com/privacy/policy/. Basis for export in progress: Data Privacy Framework (DPF).

  • Facebook-Groups: We use the "Groups" function of the Facebook platform to create interest groups within which Facebook users can contact each other or us and exchange information. In doing so, we process personal data of the users of our groups as far as this is necessary for the purpose of the group use as well as its moderation. These data include information on first and last names, as well as published or privately shared content, as well as values on the status of group membership or group-related activities, such as entry or exit, as well as the time information on the aforementioned data. Our guidelines within the groups may contain further specifications and information on the use of the respective group. Furthermore, we would like to point out the processing of data of the users by Facebook itself. This data includes information about the types of content users view or interact with, or the actions they take (see under "Things You and Others Do and Provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see under "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Insights," to group operators to provide them with insights about how people interact with their groups and with content associated with them; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).
  • LinkedIn: Social network - We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of visitor data, which is used to create "Page Insights" (statistics) for our LinkedIn profiles. This data includes information about the types of content users view or interact with, as well as the actions they take. It also includes details about the devices used, such as IP addresses, operating systems, browser types, language settings, and cookie data, as well as profile details of users, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
    We have entered into a special agreement with LinkedIn Ireland ("Page Insights Joint Controller Addendum," https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures LinkedIn must comply with and in which LinkedIn has agreed to fulfill the rights of data subjects (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of users (particularly the right to information, deletion, objection, and to lodge a complaint with the competent supervisory authority) are not restricted by our agreements with LinkedIn. The joint responsibility is limited to the collection of data and its transmission to LinkedIn Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of LinkedIn Ireland Unlimited Company, particularly concerning the transfer of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Processing of data in the context of employment relationships

In the context of employment relationships, the processing of personal data aims to effectively manage the establishment, execution, and termination of such relationships. This data processing supports various operational and administrative functions necessary for managing employee relations.

The data processing covers various aspects ranging from contract initiation to termination. Included are the organization and management of daily working hours, management of access rights and permissions, as well as handling personnel development measures and staff appraisals. The processing also serves payroll accounting and management of wage and salary payments, which represent critical aspects of contract execution.

Additionally, the data processing considers legitimate interests of the responsible employer, such as ensuring workplace safety or capturing performance data for evaluating and optimizing operational processes. Moreover, the data processing includes disclosing employee data in external communication and publication processes where necessary for operational or legal purposes.

The processing of this data always takes place with due regard for the applicable legal frameworks, aiming always to create and maintain a fair and efficient working environment. This also includes considering the privacy of affected employees, anonymizing or deleting data after fulfilling the processing purpose or according to legal retention periods.

  • Processed data types: Employee Data (Information about employees and other individuals in an employment relationship); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.); Social data (Data subject to a special social confidentiality obligation and processed, for example, by social insurance institutions, social welfare institutions or pension authorities.); Log data (e.g. log files concerning logins or data retrieval or access times.); Performance and behavioural data (For example, performance and behavioural data aspects such as performance evaluations, feedback from supervisors, training attendance, compliance with company policies, self-assessments, and behavioural assessments.); Working hours data (e.g. start of work time, end of work time, actual working hours, target working hours, break times, overtime, vacation days, special leave days, sick days, absences, home office days, business trips); Salary data (e.g. basic salary, bonus payments, premiums, tax class information, surcharges for night work/overtime, tax deductions, social security contributions, net payout amount); Images and/ or video recordings (e.g. photographs or video recordings of a person); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
  • Special categories of personal data: Health Data; Religious or philosophical beliefs. Trade union membership.
  • Data subjects: Employees (e.g. employees, job applicants, temporary workers, and other personnel.).
  • Purposes of processing: Establishment and execution of employment relationships (Processing of employee data in the context of the establishment and execution of employment relationships); Business processes and management procedures; Provision of contractual services and fulfillment of contractual obligations; Public relations; Security measures. Office and organisational procedures.
  • Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Compliance with a legal obligation (Article 6 (1) (c) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR). Healthcare, occupational and social security processing of special categories of personal data (Article 9 (2)(h) GDPR).

Further information on processing methods, procedures and services used:

  • Time Recording: Processes for recording employees' working hours include both manual and automated methods, such as the use of punch clocks, time tracking software, or mobile apps. Activities involved include entering clock-in and clock-out times, break times, overtime, and absences. To verify and validate the recorded working hours, they are compared with deployment or shift schedules, checked for absences, and approved for overtime by supervisors. Reports and analyses are generated based on the recorded working hours to provide work time records, overtime reports, and absence statistics for management and the human resources department; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Authorization Management: Procedures required for the definition, management, and control of access rights and user roles within a system or an organisation (e.g., creation of authorisation profiles, role- and access-based control, review and approval of access requests, regular review of access rights, tracking and auditing of user activities, creation of security policies and procedures); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Special categories of personal data: Special categories of personal data are processed in the context of employment relationships or to fulfil legal obligations. The processed special categories of personal data include information concerning the health, trade union membership, or religious affiliation of employees. This data may be transferred to health insurance companies or processed for assessing the employees' work capacity, for corporate health management, or for declarations to the tax authorities; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Sources of Processed Data: Personal data received during the application process and/or employment relationship will be processed. Furthermore, where required by law, personal data will be collected from other sources. These may include financial authorities for tax-related information, the respective health insurance company for information on work incapacity, third parties such as employment agencies, or publicly accessible sources like professional social networks in the context of application procedures; Legal Basis: Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Purposes of Data Processing: The personal data of employees are primarily processed for the establishment, execution, and termination of the employment relationship. Furthermore, the processing of this data is necessary to fulfil legal obligations in the field of tax and social security law. In addition to these primary purposes, the data of employees are also used to meet regulatory and supervisory requirements, to optimise processes of electronic data processing, and to compile company-internal or cross-company data, possibly including statistical data. Moreover, the data of employees may be processed for the assertion of legal claims and defense in legal disputes; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Transmission of Employee Data: The data of employees is processed internally only by those departments that require it to fulfil operational, contractual, and legal obligations. The transfer of data to external recipients only occurs if it is legally required, or if the affected employees have given their consent. Possible scenarios for this can include requests for information from authorities or in the case of asset formation benefits. Furthermore, the controller may transfer personal data to further recipients as far as this is necessary for fulfilling his contractual and legal obligations as an employer. These recipients can include: a) banks b) health insurance companies, pension insurance institutions, providers of old-age provisions and other social insurance carriers c) authorities, courts (e.g., tax authorities, labour courts, further supervisory authorities within the framework of fulfilling reporting and information obligations) d) tax and legal advisors e) third-party debtors in the case of wage and salary garnishments f) other entities to which legally obligatory declarations must be made.
    In addition, data can be transferred to third parties if this is necessary for communication with business partners, suppliers or other service providers. Examples include details in the sender area of emails or letterheads as well as creating profiles on external platforms; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Transmission of Employee Data to Third Countries: The transfer of employee data to third countries, meaning countries outside the European Union (EU) and the European Economic Area (EEA), occurs only if it is necessary for the fulfilment of the employment relationship, legally required, or if employees have given their consent. Employees will be informed about the details separately, as far as legally required; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).
  • Business Travel and Travel Expense Settlement: Procedures required for planning, executing, and accounting for business trips (e.g., booking of travel, organizing accommodations and transportation, managing travel expense advances, submitting and reviewing travel expense reports, controlling and recording incurred costs, compliance with travel policies, handling of the travel expense management); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Payroll and wage accounting: Procedures required for calculating, disbursing, and documenting wages, salaries, and other remuneration for employees (e.g., recording of working hours, calculation of deductions and surcharges, remittance of taxes and social security contributions, preparation of payroll statements, management of wage accounts, reporting to the tax authorities and social security institutions); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR).
  • Deletion of Employee Data: Employment data will be deleted under German law when it is no longer required for the purpose for which it was collected, unless there is a legal obligation to retain or archive it, or it needs to be kept for the interests of the employer. The following retention and archiving obligations are observed:
    • General personnel records - General personnel records (such as employment contracts, references, supplementary agreements) are retained for up to three years after the termination of the employment relationship (§ 195 German Civil Code (BGB)).
      Tax-relevant documents - Tax-relevant documents in the personnel file are kept for six years (§ 147 Tax Code (AO), § 257 Commercial Code (HGB)).
      Information on wages and working hours - Information on wages and working hours for (accident) insured with wage proof are kept for five years (§ 165 I 1, IV 2 Social Code Book VII (SGB VII)).
    • Payrolls including lists for special payments - Payrolls including lists for special payments, if a booking receipt is available, are kept for ten years (§ 147 Tax Code (AO), § 257 Commercial Code (HGB)).
    • Wage lists for interim, final, and special payments - Wage lists for interim, final, and special payments are kept for six years (§ 147 Tax Code (AO), § 257 Commercial Code (HGB)).
    • Documents on employee insurance - Documents on employee insurance, if booking receipts are available, are kept for ten years (§ 147 Tax Code (AO), § 257 Commercial Code (HGB)).
    • Contribution statements to social security institutions - Contribution statements to social security institutions are kept for ten years (§ 165 Social Code Book VII (SGB VII)).
      Wage accounts - Wage accounts are kept for six years (§ 41 I 9 Income Tax Act (EStG)).
    • Applicant data - Kept for a maximum of six months from the receipt of rejection.
    • Working time records (for more than 8 hours on workdays) - Kept for two years (§ 16 II Working Time Act (ArbZG)).
    • Application documents (following online job advertisement) - Kept for three to a maximum of six months from the receipt of rejection (§ 26 Federal Data Protection Act (BDSG) n.F., § 15 IV General Act on Equal Treatment (AGG)).
    • Certificates of incapacity for work (AU) - Kept for up to five years (§ 6 I Act on the Compensation of Expenses (AAG)).
    • Documents on company pension schemes - Kept for 30 years (§ 18a Act to Improve Occupational Pensions (BetrAVG)).
    • Sickness data of employees - Kept for twelve months from the start of the illness, if the absence in a year does not exceed six weeks.
    • Documents on maternity protection - Kept for two years (§ 27 para. 5 Maternity Protection Act (MuSchG)).
    Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Healthcare, occupational and social security processing of special categories of personal data (Article 9 (2)(h) GDPR).
  • Personnel file management: Procedures required for the organisation, updating, and management of employee data and records (e.g., recording of basic personnel data, retention of employment contracts, certificates and attestations, updating data upon changes, compilation of documents for employee discussions, archiving of personnel files, compliance with data protection regulations); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Healthcare, occupational and social security processing of special categories of personal data (Article 9 (2)(h) GDPR).
  • Personnel development, performance evaluation, and staff appraisals: Procedures required in the area of employee promotion and development, as well as in assessing their performance and during employee discussions (e.g., needs analysis for further training, planning and implementation of training measures, creation of performance evaluations, conducting goal-setting and feedback discussions, career planning and talent management, succession planning); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR), Healthcare, occupational and social security processing of special categories of personal data (Article 9 (2)(h) GDPR).
  • Obligation to Provide Data: The person in charge informs the employees that the provision of their data is required. This is generally the case when the data are necessary for the establishment and execution of the employment relationship, or when their collection is mandated by law. The provision of data may also be required when employees assert claims or are entitled to claims. The implementation of these measures or fulfilment of services depends on the provision of such data (for example, providing data for the receipt of wages); Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Compliance with a legal obligation (Article 6 (1) (c) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).
  • Publication and Disclosure of Employee Data: The data of employees will only be published or disclosed to third parties if it is necessary for the performance of work tasks according to the employment contract. This applies, for example, when employees are named as contact persons in correspondences, on the website, or in public registers following an agreement or specified job description, or if their field of work includes representative functions. Similarly, this may occur if representation or communication with the public takes place as part of performing these tasks, such as image recordings during public relations activities. Otherwise, employee data is published only with their consent or based on the legitimate interests of the employer, for example, in the case of stage or group photographs taken during a public event; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

Job Application Process

The application process requires applicants to provide us with the data necessary for their assessment and selection. The information required can be found in the job description or, in the case of online forms, in the information contained therein.

In principle, the required information includes personal information such as name, address, a contact option and proof of the qualifications required for a particular employment. Upon request, we will be happy to provide you with additional information.

Where available, applicants are welcome to submit their applications via our online form, which is securely encrypted to the latest standards. Alternatively, applications can also be sent to us by email. However, we kindly remind you that emails are not inherently encrypted over the Internet. While emails are usually encrypted in transit, they are not encrypted on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the security of the application during its transmission from the sender to our server.

Processing of special categories of data: To the extent that special categories of personal data (Article 9(1) GDPR, e.g., health data, such as disability status or ethnic origin) are requested from applicants or communicated by them during the application process, their processing is carried out so that the controller or the data subject can exercise rights arising from employment law and the law of social security and social protection, in the case of protection of vital interests of the applicants or other persons, or for purposes of preventive or occupational medicine, for the assessment of the employee's work ability, for medical diagnosis, for the provision or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

Ereasure of data: In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. Applicants' data will also be deleted if an application is withdrawn, to which applicants are entitled at any time. Subject to a justified revocation by the applicant, the deletion will take place at the latest after the expiry of a period of six months, so that we can answer any follow-up questions regarding the application and comply with our duty of proof under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.

Admission to a talent pool - Admission to a talent pool, if offered, is based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.

Duration of data retention in the applicant pool in months: 6

  • Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Content data (e.g. textual or pictorial messages and contributions, as well as information pertaining to them, such as details of authorship or the time of creation.). Job applicant details (e.g. Personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letter, curriculum vitae, certificates, etc., as well as other information on the person or qualifications of applicants provided with regard to a specific job or voluntarily by applicants).
  • Data subjects: Job applicants.
  • Purposes of processing: Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).
  • Retention and deletion: Deletion in accordance with the information provided in the section "General Information on Data Retention and Deletion".
  • Legal Basis: Job application process as a pre-contractual or contractual relationship (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Changes and Updates

We kindly ask you to inform yourself regularly about the contents of our data protection declaration. We will adjust the privacy policy as changes in our data processing practices make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

If we provide addresses and contact information of companies and organizations in this privacy policy, we ask you to note that addresses may change over time and to verify the information before contacting us.

Supervisory authority competent for us:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32
70025 Stuttgart

Terminology and Definitions

In this section, you will find an overview of the terminology used in this privacy policy. Where the terminology is legally defined, their legal definitions apply. The following explanations, however, are primarily intended to aid understanding.

  • Contact data: Contact details are essential information that enables communication with individuals or organizations. They include, among others, phone numbers, postal addresses, and email addresses, as well as means of communication like social media handles and instant messaging identifiers.
  • Content data: Content data comprise information generated in the process of creating, editing, and publishing content of all types. This category of data may include texts, images, videos, audio files, and other multimedia content published across various platforms and media. Content data are not limited to the content itself but also include metadata providing information about the content, such as tags, descriptions, authorship details, and publication dates.
  • Contract data: Contract data are specific details pertaining to the formalisation of an agreement between two or more parties. They document the terms under which services or products are provided, exchanged, or sold. This category of data is essential for managing and fulfilling contractual obligations and includes both the identification of the contracting parties and the specific terms and conditions of the agreement. Contract data may encompass the start and end dates of the contract, the nature of the agreed-upon services or products, pricing arrangements, payment terms, termination rights, extension options, and special conditions or clauses. They serve as the legal foundation for the relationship between the parties and are crucial for clarifying rights and duties, enforcing claims, and resolving disputes.
  • Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Employees: As employees, individuals are those who are engaged in an employment relationship, whether as staff, employees, or in similar positions. Employment refers to a legal relationship between an employer and an employee, established through an employment contract or agreement. It entails the obligation of the employer to pay the employee remuneration while the employee performs their work. The employment relationship encompasses various stages, including establishment, where the employment contract is concluded, execution, where the employee carries out their work activities, and termination, when the employment relationship ends, whether through termination, mutual agreement, or otherwise. Employee data encompasses all information pertaining to these individuals within the context of their employment. This includes aspects such as personal identification details, identification numbers, salary and banking information, working hours, holiday entitlements, health data, and performance assessments.
  • Inventory data: Inventory data encompass essential information required for the identification and management of contractual partners, user accounts, profiles, and similar assignments. These data may include, among others, personal and demographic details such as names, contact information (addresses, phone numbers, email addresses), birth dates, and specific identifiers (user IDs). Inventory data form the foundation for any formal interaction between individuals and services, facilities, or systems, by enabling unique assignment and communication.
  • Log data: Protocol data, or log data, refer to information regarding events or activities that have been logged within a system or network. These data typically include details such as timestamps, IP addresses, user actions, error messages, and other specifics about the usage or operation of a system. Protocol data is often used for analyzing system issues, monitoring security, or generating performance reports.
  • Meta, communication and process data: Meta-, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Meta-data, also known as data about data, include information that describes the context, origin, and structure of other data. They can include details about file size, creation date, the author of a document, and modification histories. Communication data capture the exchange of information between users across various channels, such as email traffic, call logs, messages in social networks, and chat histories, including the involved parties, timestamps, and transmission paths. Procedural data describe the processes and operations within systems or organisations, including workflow documentations, logs of transactions and activities, and audit logs used for tracking and verifying procedures.
  • Payment Data: Payment data comprise all information necessary for processing payment transactions between buyers and sellers. This data is crucial for e-commerce, online banking, and any other form of financial transaction. It includes details such as credit card numbers, bank account information, payment amounts, transaction dates, verification numbers, and billing information. Payment data may also contain information on payment status, chargebacks, authorizations, and fees.
  • Performance and behavioural data: Performance and behavioral data refer to information related to how individuals perform tasks or behave within a certain context, such as in an educational, work, or social setting. This data may include metrics such as productivity, efficiency, quality of work, attendance, and adherence to policies or procedures. Behavioral data could encompass interactions with colleagues, communication styles, decision-making processes, and responses to various situations. These types of data are often used for performance evaluations, training and development purposes, and decision-making within organizations.
  • Personal Data: "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing: The term "processing" covers a wide range and practically every handling of data, be it collection, evaluation, storage, transmission or erasure.
  • Usage data: Usage data refer to information that captures how users interact with digital products, services, or platforms. These data encompass a wide range of information that demonstrates how users utilise applications, which features they prefer, how long they spend on specific pages, and through what paths they navigate an application. Usage data can also include the frequency of use, timestamps of activities, IP addresses, device information, and location data. They are particularly valuable for analysing user behaviour, optimising user experiences, personalising content, and improving products or services. Furthermore, usage data play a crucial role in identifying trends, preferences, and potential problem areas within digital offerings
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.