Processing of (personal) data by the entity in charge of the online application process
With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us in connection with visits to our website: www.flzr.com.
Streustraße 67-68
13086 Berlin
Phone: +49 (0) 30 509 307 500
Fax
Email: contact@flzr.com
Sandstrasse 33
80335 Munich, Germany
Phone: +49 (0) 89 7400 458 40
Email: datenschutz@dataguard.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection or the exercise of your rights.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for up to 24 hours and are accessible directly and exclusively to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after four weeks.
The legal basis for processing is Art. 6 (1) (f) GDPR, in order to guarantee the provision, security, and stability of our website.
To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from Combell nv, (Skaldenstraat 121, 9042 Ghent, Belgium). We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
The cookie stores information that is related to the specific device used. However, this does not mean that we immediately obtain knowledge of your identity.
The use of cookies serves, on the one hand, to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.
You can delete your data, including your customer account, at any time in the customer area. If you have canceled your customer account, the data relating to the customer account will be deleted, with the exception of order data, which must be retained for legal reasons.
You also have the option of uploading relevant documents such as a cover letter, your resume, and references, and providing additional personal data such as your appearance, tax number, creditor data, images, address, etc. The legal basis for the processing of this data is your consent in accordance with Art. 6 (1) (a) GDPR.
Creating a complete My-FLZR profile significantly facilitates and promotes the chances of successful job placement.
By submitting an application on our recruiting page, you are expressing your interest in working for us. In this context, you provide us with personal data, which we use and store exclusively for the purpose of your job search/application. In particular, the following data is collected:
Only authorized employees from the HR department or employees involved in the application process have access to your data.
The legal basis for the processing of this data is the initiation of a contract in accordance with Art. 6 (1) (b) GDPR, which takes place at your request. If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 (1) (a) GDPR. After completion of the application process, the data will be stored for up to six months. Your data will be deleted or anonymized after six months at the latest. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g., proportion of female or male applicants, number of applications per period, etc.).
In addition, we offer you the opportunity to be included in our “applicant pool.” You must give your consent in advance. With your consent, we will store your data for inclusion in our applicant pool for six months after the application process has ended in order to identify any other positions that may be of interest to you. This also applies, for example, to applications for training or internship positions.
If you receive an offer of employment from us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.
In the event of a legal obligation, the data will be stored in accordance with the applicable provisions. Longer storage is only possible if we add the personal data to our applicant pool as described above after obtaining your consent.
The data is generally processed on servers within the European Union. If, in individual cases, data is transferred to third countries, Personio ensures appropriate safeguards within the meaning of Art. 44 ff. GDPR (e.g., EU standard contractual clauses).
Further information on data processing by Personio can be found at: https://www.personio.com/privacy-policy/
The personal data you provide to us via the job boards will be processed under the above conditions in accordance with Art. 6 (1) lit. b, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG for the purpose of processing your application.
Please note that we do not have any data processing relationships with the job boards within the meaning of the GDPR. Therefore, please inform yourself about the data protection guidelines of the job board you are using.
When you contact and communicate with our WhatsApp chatbot, we process personal data resulting from the text messages or attachments you enter. This includes, for example, your first and last name, your phone number, information about your professional career, and other application data that you send us.
Depending on the communication channel you choose, the following personal data will also be processed:
WhatsApp app: When you use the WhatsApp chatbot via the WhatsApp messenger service, we collect and process your phone number and username in addition to the data mentioned above. We also process log files (e.g., information about the operating system and WhatsApp version you are using).
Chat widget: If you use the chat widget on our website to communicate with the WhatsApp chatbot, browser log files are also processed. These contain, for example, information about the access time, the IP or DNS address, bytes transferred, browser used, operating system used, etc.
Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp and our external service provider have access to the metadata generated during communication (e.g., sender, recipient, and time).
We use the following service providers to provide and handle this communication:
Insofar as personal data is transferred to third countries within the scope of the service, we have agreed on appropriate safeguards with the respective service providers in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are the standard contractual clauses (SCCs) issued by the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
Legal basis for processing:
When you visit our profiles, your personal data is collected, used, and stored not only by us, but also by the operators of the respective social network. This also happens if you do not have a profile on the respective social network yourself. The individual data processing operations and their scope differ depending on the operator of the respective social network and are not necessarily traceable for us. For details on the collection and storage of your personal data and the nature, scope, and purpose of its use by the operator of the respective social network, please refer to the following information.
In addition, the platform operator Meta, Meta Platforms Ireland Limited, [Serpentine Avenue, Block J, Dublin 4 Ireland; (Meta)] provides us with anonymized statistics and insights for our Facebook/Instagram page, which help us gain insights into the types of actions people take on our page (page insights). These page insights are generated based on certain information about people who have visited our page.
The processing of your personal data in connection with the operation of our Facebook/Instagram company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. Furthermore, the processing serves our legitimate interest in evaluating the types of actions taken on our Facebook/Instagram company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.
The processing of Page Insights is carried out by Meta and us as joint controllers. We cannot assign the information obtained via Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have entered into an agreement with Meta on processing as joint controllers, which specifies the distribution of data protection obligations between us and Meta. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found here. With regard to this data processing, you also have the option of asserting your rights as a data subject (see “Your rights as a data subject”) against Meta.
Further information on this can be found in Meta's privacy policy. Meta offers the option of objecting to certain data processing; information on this and opt-out options can be found here in your account.
Please note that, in accordance with Meta's privacy policy, user data may also be processed in the US or other third countries. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-US Data Privacy Framework. Based on this decision, data transfers to organizations based in the US that are certified accordingly are permitted. Meta is certified under the EU-US Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
In addition, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn), as the operator, processes personal data when you visit our LinkedIn company profile, follow this page, or engage with the page in order to provide us with statistics and insights in anonymized form. This gives us insights into the types of actions people take on our page (page insights).
To this end, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on your job title, country, industry, length of service, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g., whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personal data about you through Page Insights. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members from the Page Insights information.
The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.
This processing of personal data within the scope of Page Insights is carried out by LinkedIn and us as joint controllers. We have entered into an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available here. According to this agreement, the following applies:
LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn using the contact details in the privacy policy. You can contact LinkedIn's data protection officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
You can also contact us using the contact details provided to exercise your rights in relation to the processing of personal data within the scope of Page Insights. In such cases, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority that oversees the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.
In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research, as well as for advertising, customer support, analysis and security purposes. LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are described in LinkedIn's data policy. Further information about LinkedIn's processing of personal data can be found here:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Please note that, in accordance with LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the US or other third countries.
TikTok provides us, as a so-called business user, with its TikTok advertising tools (“Advertiser Tools”), such as TikTok Pixel, TikTok Custom Audience, Lead Generation, or interfaces (APIs), which also collect personal data from visitors to our TikTok company profile. This so-called event data includes information about your use of TikTok advertising tools or your devices (including HTTP header information such as user agent, IP address, country, language, and information about the web browser or app used), as well as (a) actions you take as a user in relation to our advertising on the TikTok company profile, and (b) actions you take outside of the TikTok company profile, e.g., on our
websites and apps (or those of third-party providers), including visits to our websites, installations of our apps, and purchases of our products. In addition, the event data includes statistical and analytical data as well as results from measurements and reporting, which help us gain insights into the types of actions people take on our site.
The processing of your personal data in connection with the operation of our TikTok company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. If the purpose of the contact is to conclude a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR. The processing via the Advertiser Tools serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR.
TikTok processes your data as a user to provide its services. TikTok is generally responsible for the processing of personal data when you visit our TikTok company profile. Personal data is processed in three categories:
data provided by you
automatically collected data
and data from other sources
Detailed information on the specific data processing of these categories and further information on the processing of personal data can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/de.
This processing of personal data is carried out in part by TikTok and us as joint controllers. In addition, TikTok acts as a processor in some cases. We have entered into an agreement with TikTok on processing as joint controllers, which specifies the distribution of data protection obligations between us and TikTok.
In addition, we have entered into a data processing agreement (DPA) with TikTok for cases where TikTok acts as a processor. This is a contract required by data protection law that ensures that TikTok only processes your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
Details about the processing of personal data for the creation of event data, as well as the agreement concluded between us and TikTok and the data processing agreement, can be found under Jurisdiction Specific Terms and TikTok Business Products (Data) Terms. With regard to this data processing, you also have the option of asserting your rights as a data subject (see “Your rights and choices”) against TikTok.
The personal data is also transferred to the United Kingdom. The European Commission has issued an adequacy decision for the United Kingdom in accordance with Art. 45 (3) GDPR. Based on this decision, data transfers to entities in the United Kingdom are permitted.
TikTok offers the option to object to certain data processing; information on this can be found at: https://www.tiktok.com/legal/page/global/right-to-object/en.
Further information on this can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.
When you visit our website or a sub-website for the first time, a “cookie banner” will be displayed. There you will be informed about the individual cookies we use. You can find out about each individual cookie in terms of its name, provider, purpose of processing, and storage duration.
Our cookie banner informs you about the specific cookies we use. In addition, we give you the option of deciding whether you want to consent to the setting of non-essential cookies. The following data is processed:
The cookie banner stores your preferences until you reset or change them. Otherwise, the key and consent status are stored in the browser for 12 months with the help of the cookie.
This Complianz service is hosted on our own servers, i.e., no data is passed on to Complianz B.V. or to third parties.
We process the following personal data, among other things, through Google Tag Manager:
Personal data is anonymized by Google after 14 months, unless there are legal obligations to retain it.
We have concluded a data processing agreement for the use of Google. This is a contract required by data protection law, which ensures that Google only processes your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/?hl=de.
Personal data is anonymized by Google 14 months after your last activity, provided there are no legal obligations to retain it.
We have concluded a data processing agreement for the use of Google Analytics. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/?hl=de.
Google Ads enables us to draw attention to our offers with the help of advertising material on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs.
We use conversion tracking as part of Google Ads. The advertising material is delivered by Google via so-called “ad servers.” For this purpose, we use so-called ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. When you click on an ad placed by Google, a cookie for conversion tracking is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify users. These cookies enable Google to recognize your web browser. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the specific ad and were redirected to this page.
Each Google Ads customer receives a different cookie. The cookies cannot therefore be tracked across the websites of Ads customers. The following information is usually stored as analysis values in the cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (indication that the user no longer wishes to be targeted). The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The legal basis for the use of Google Tag Manager is your voluntary and revocable consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings. By integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.
We have concluded a data processing agreement for the use of Google Ads & Conversion Tracking. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at:
https://policies.google.com/technologies/ads?hl=de.
Google AdSense uses so-called “cookies,” i.e., text files that are stored on your computer and serve to display advertisements on our website that match our content and your interests. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons enable statistical analysis of visitor traffic on our pages for online marketing purposes.
The information generated by cookies and web beacons about your use of our website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on to third parties by Google. However, Google will not merge your IP address with other data that Google may have stored about you.
The legal basis for the use of the service is Art. 6 (1) (a) GDPR, i.e., integration only takes place with your consent. You can revoke your consent at any time with effect for the future.
You can prevent the installation of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We have concluded a data processing agreement for the use of Google Adsense. This is a contract required by data protection law, which ensures that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred.
A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted.
Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:https://www.dataprivacyframework.gov/s/participant-searchFurther information and the privacy policy can be found in Google's privacy policy at:https://policies.google.com/technologies/ads?hl=de.10.6. OpenStreetMapWe have integrated the OpenStreetMap map service from the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road Cambridge, CB4 0WS, United Kingdom (OpenStreetMap), on our website. This allows us to display interactive maps directly on the website and enable you to use the map function conveniently. When you use the map service, records of this use are created and transmitted to the OpenStreetMap Foundation. According to the information in the OpenStreetMap Foundation's privacy policy at:https://osmfoundation.org/wiki/Privacy_PolicyTo the best of our knowledge, OpenStreetMap collects at least the following data:Information about your browser or application andyour interaction with our website, includingyour IP address,browser and device type,operating system,referring website,date and time of page visits, andthe pages accessed on our website.The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.We have concluded a data processing agreement with OSM provider for the use of OpenStreetMaps. This is a contract required by data protection law, which ensures that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR.The information collected is stored on OpenStreetMaps servers in the UK. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the UK. Based on this decision, data transfers to organizations based in the UK are permitted.10.7. Meta PixelWe use the so-called “Meta Pixel” from Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; (Meta)) – formerly Facebook Ireland Limited – on our websites under joint responsibility.The controller within the meaning of Art. 26 GDPR is:Meta Platforms Ireland LimitedMerrion Road, Dublin 4, D04 X2K5, IrelandThe agreement on joint responsibility pursuant to Art. 26 (1) sentence 2 GDPR is available at: https://www.facebook.com/legal/controller_addendumWe use Meta Pixel for marketing and optimization purposes, in particular to place relevant and interesting ads on Facebook for you, thereby improving our offering, making it more interesting for you as a user, and avoiding annoying ads. All information collected by the cookie is forwarded to Meta and allows Meta to draw conclusions about your user behavior. If you are registered on a Meta platform/service, Meta can associate this visit with you. Even if you are not registered on a Meta platform/service or are not logged in, it is possible that Meta will receive your IP address and other identifying features and store them in an assignable manner.When you visit our website via your browser, the Meta pixel built into it initiates cookie storage on your system, provided you have given your consent. The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.We only receive non-personal data from Meta, which is used for the purpose of optimizing and measuring the success of interest-based advertisements and events. Further information regarding the data processing for which Meta is responsible can be found in the following sources, for example:Meta Terms of Use: https://www.facebook.com/legal/terms/updateData Policy: https://de-de.facebook.com/privacy/explanationBy integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.Since Meta may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Meta is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:https://www.dataprivacyframework.gov/s/participant-search.10.8. TikTok PixelOur websites use the so-called pixel from the provider TikTok Pixel. TikTok Pixel is a service provided by TikTok Technology Limited, [10 Earlsfort Terrace, Dublin, D02 T380, Ireland; (TikTok)].TikTok Pixel enables us to identify visitors to our websites as a target group for advertising (ads) within the TikTok service. TikTok Pixel enables us to display advertisements only to users who are interested in our offers and services. In addition, we can track the effectiveness of the advertisements we place on TikTok and evaluate them for statistical and market research purposes by seeing whether users were redirected to our websites after clicking on a TikTok ad.The TikTok pixel collects information that is available via web browsers such as Chrome. This includes:Ad/event information: Information about ads that TikTok users have clicked on or events that have been triggered.Timestamp: This is used to determine when website actions (e.g., page views, product purchases) took place.IP address: Used to determine the geographic location of an event.User agent: Used to determine the device brand, model, operating system, and browser information.Cookies: These make it easier to measure, optimize, and target your campaigns. Learn more about the use of cookies with the TikTok Pixel.Metadata and button clicks: This includes descriptive page metadata, structured microdata, page performance data, and button clicks. TikTok can use this information to provide recommendations on how to optimally set up pixel events and provide automated solutions in the future. This information is also suitable for personalizing ad campaigns for TikTok users and improving ad delivery on TikTok.The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.Personal data is anonymized or deleted by TikTok Pixel after 13 months, unless there are legal obligations to retain it.We have concluded a data processing agreement for the use of TikTok Pixel. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at:https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.In this respect, TikTok's privacy policy applies, which also contains more detailed information about the TikTok pixel and its functions. TikTok's privacy policy is available at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.10.9. WPMLWe use the WPML service (WordPress Multilingual Plugin) from OnTheGoSystems Ltd. (22/F 3 Lockhart Road, Wanchai, Hong Kong) on our website.Only functional information about your browser settings regarding language is retrieved by the hosting service for the WPML service. These cookies are enabled by default on websites that use the language filtering feature for AJAX operations and are enabled for all website visitors when you use the browser language redirection feature. In addition, data about the current language of the WordPress administration area is collected. This data is essential for us to provide a smooth service on our website.The legal basis for processing is therefore Art. 6 (1) (f) GDPR in order to guarantee the provision, security, and stability of our website.The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.We have concluded a data processing agreement for the use of WPML. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR.Further information and the privacy policy can be found in WPML's privacy policy at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/10.10. All-in-One WP MigrationThis website uses the WordPress plugin All-in-One WP Migration from ServMask, Inc. (16192 Coastal Highway Lewes, Delaware 19958 USA).For operational and maintenance purposes, All-in-One WP Migration may collect data that records interaction with All-in-One WP Migration (system logs) or use other personal data (such as the IP address) for this purpose.
The use is based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR in order to ensure the provision, security, and stability of our website.
With the help of this service, the entire WordPress installation on the web host's servers is backed up at regular intervals.
Personal data is processed and stored for as long as the purpose for which it was collected requires, and may be stored for longer due to applicable legal obligations or the consent of users.
For more information on data processing via All-in-One WP Migration, please refer to the privacy policy of ServMask Inc. at https://www.iubenda.com/privacy-policy/715803.
When you access our website, a connection is established to Cloudflare's servers. Your IP address is transmitted to Cloudflare in order to deliver the content correctly. Cloudflare also uses cookies and other technologies to optimize loading times and defend against security threats (e.g., DDoS attacks). We have no influence on the scope and further use of the data collected and processed by Cloudflare itself through the use of Cloudflare.
The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used, or by deleting the cookies.
For more information on data processing by Cloudflare, please refer to Cloudflare's privacy policy.
When you visit our website, your browser downloads the necessary files directly from the jsDelivr servers. Your IP address is transmitted to jsDelivr, as the content cannot be delivered without it for technical reasons. Additional technical information, such as the browser type, operating system, and timestamp, may also be transmitted. This data is used to ensure the stability and security of the CDN service. To the best of our knowledge, jsDelivr does not permanently store any personal data and does not create profiles.
The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used, or by deleting the cookies.
Further information on data processing by jsDelivr can be found in the jsDelivr privacy policy (Prospect One).
Our privacy policy also contains further information on the storage and deletion of personal data, which takes precedence for the respective processing operations.
If you wish to exercise any of your rights, please contact us at the above contact addresses or our data protection officer.
If we further develop our website and our offerings, or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here.
As of: June 2025
1. Responsible
The responsible party within the meaning of the GDPR is
FLZR GmbHStreustraße 67-68
13086 Berlin
Phone: +49 (0) 30 509 307 500
Fax
Email: contact@flzr.com
2.
You can contact our data protection officer as follows:
DataCo GmbHSandstrasse 33
80335 Munich, Germany
Phone: +49 (0) 89 7400 458 40
Email: datenschutz@dataguard.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection or the exercise of your rights.
3. Definitions
This privacy policy is based on the terminology used in the GDPR. For the sake of simplicity, we would like to explain some important terms in this context in more detail:Personal data
Our website uses Google Tag Manager, a service that is designed for individuals from Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.Data subjects
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of provision, alignment or combination, restriction, erasure or destruction.Recipient
A recipient is a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.Third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.4. Data for the provision of the website and the creation of log files
When you access our website in your browser, we collect technically necessary data via server log files, which is automatically transmitted to our server, including:- Date and time of access
- IP address
- Host name of the accessing computer
- Website from which the website was accessed; websites accessed via the website
- Page visited on our website; amount of data transferred
- Information about the browser type and version used
- Operating system
- Access status (e.g., whether the website could be accessed without problems or whether you received an error message)
- Use of website functions
- Search terms entered
- Frequency of access to individual web pages
- Amount of data transferred
- Other websites that you visit from this website, either by clicking on a link on this website or by directly entering the domain in the input bar in the same window of your browser
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for up to 24 hours and are accessible directly and exclusively to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after four weeks.
The legal basis for processing is Art. 6 (1) (f) GDPR, in order to guarantee the provision, security, and stability of our website.
To provide our online services, we use storage space, computing capacity, and software that we rent or otherwise obtain from Combell nv, (Skaldenstraat 121, 9042 Ghent, Belgium). We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
5. Technically necessary cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.The cookie stores information that is related to the specific device used. However, this does not mean that we immediately obtain knowledge of your identity.
The use of cookies serves, on the one hand, to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.
6. Registration for my-profiflitzer
You have the option of registering for our login area in order to use the full functionality of our website. We have highlighted the data that you are required to provide (title, name, date of birth, email address) by marking them as mandatory fields. Registration is not possible without this data. The legal basis for processing is Art. 6 (1) (b) GDPR, as the aforementioned processing is necessary to provide you with your customer account. The data entered is forwarded to my-profiflitzer, where a user account is automatically created. For further data processing, please also refer to the privacy policy of my-profiflitzer:You can delete your data, including your customer account, at any time in the customer area. If you have canceled your customer account, the data relating to the customer account will be deleted, with the exception of order data, which must be retained for legal reasons.
6.1. Information for creating a My-flzr profile
In your login area, you have the option of providing additional personal data in order to create a complete My-flzr profile. The data collected is used for the purpose of order placement. Specifically, the following data is collected:- Title
- Name
- Date of birth
- Email address
- Phone number
- Channel through which you became aware of us
You also have the option of uploading relevant documents such as a cover letter, your resume, and references, and providing additional personal data such as your appearance, tax number, creditor data, images, address, etc. The legal basis for the processing of this data is your consent in accordance with Art. 6 (1) (a) GDPR.
Creating a complete My-FLZR profile significantly facilitates and promotes the chances of successful job placement.
7. Applications
You can apply for jobs on our website. We use Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, as cloud-based HR management software to manage applicant and employee data. We collect and process your personal data for the purpose of handling the application process and implementing pre-contractual measures.By submitting an application on our recruiting page, you are expressing your interest in working for us. In this context, you provide us with personal data, which we use and store exclusively for the purpose of your job search/application. In particular, the following data is collected:
- Name (first and last name)
- Gender
- Email address
- Place of residence
- Salary expectations
- Availability
- Phone number
- Channel through which you became aware of us
Only authorized employees from the HR department or employees involved in the application process have access to your data.
The legal basis for the processing of this data is the initiation of a contract in accordance with Art. 6 (1) (b) GDPR, which takes place at your request. If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 (1) (a) GDPR. After completion of the application process, the data will be stored for up to six months. Your data will be deleted or anonymized after six months at the latest. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g., proportion of female or male applicants, number of applications per period, etc.).
In addition, we offer you the opportunity to be included in our “applicant pool.” You must give your consent in advance. With your consent, we will store your data for inclusion in our applicant pool for six months after the application process has ended in order to identify any other positions that may be of interest to you. This also applies, for example, to applications for training or internship positions.
If you receive an offer of employment from us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.
In the event of a legal obligation, the data will be stored in accordance with the applicable provisions. Longer storage is only possible if we add the personal data to our applicant pool as described above after obtaining your consent.
The data is generally processed on servers within the European Union. If, in individual cases, data is transferred to third countries, Personio ensures appropriate safeguards within the meaning of Art. 44 ff. GDPR (e.g., EU standard contractual clauses).
Further information on data processing by Personio can be found at: https://www.personio.com/privacy-policy/
7.1. Applications via job boards
We also offer you the opportunity to apply online for job vacancies on various job boards.The personal data you provide to us via the job boards will be processed under the above conditions in accordance with Art. 6 (1) lit. b, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG for the purpose of processing your application.
Please note that we do not have any data processing relationships with the job boards within the meaning of the GDPR. Therefore, please inform yourself about the data protection guidelines of the job board you are using.
- Indeed [Indeed Ireland Operations Limited, Block B, Capital Dock, 80 Sir John Rogerson’s Quay Grand Canal Dock, Dublin, 2, D02 HE36, Ireland]:
- https://hrtechprivacy.com/de/brands/about-indeed#privacypolicy
8. Recruiting campaign
We use a WhatsApp chatbot for the purpose of conducting a recruiting campaign. This can be accessed either via the WhatsApp app or a chat widget on our website. The intelligent WhatsApp chatbot automatically answers your inquiries and provides you with relevant information via the selected communication channel. If you are specifically interested in a position or have any questions, a member of our recruiting team will contact you directly in the chat.When you contact and communicate with our WhatsApp chatbot, we process personal data resulting from the text messages or attachments you enter. This includes, for example, your first and last name, your phone number, information about your professional career, and other application data that you send us.
Depending on the communication channel you choose, the following personal data will also be processed:
WhatsApp app: When you use the WhatsApp chatbot via the WhatsApp messenger service, we collect and process your phone number and username in addition to the data mentioned above. We also process log files (e.g., information about the operating system and WhatsApp version you are using).
Chat widget: If you use the chat widget on our website to communicate with the WhatsApp chatbot, browser log files are also processed. These contain, for example, information about the access time, the IP or DNS address, bytes transferred, browser used, operating system used, etc.
Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp and our external service provider have access to the metadata generated during communication (e.g., sender, recipient, and time).
We use the following service providers to provide and handle this communication:
- Superchat GmbH, Oranienstraße 6, 10997 Berlin, provides the technical infrastructure for cross-channel communication via WhatsApp and the chat widget.
- To automate internal processes (e.g., forwarding, status checks, workflows for categorizing inquiries), we also use the n8n tool from n8n GmbH, Gerichtstraße 47, 13347 Berlin.
Insofar as personal data is transferred to third countries within the scope of the service, we have agreed on appropriate safeguards with the respective service providers in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are the standard contractual clauses (SCCs) issued by the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
Legal basis for processing:
- Section 26 (1) BDSG – if the processing is necessary for the decision on the establishment of an employment relationship.
- Art. 6 (1) lit. b GDPR – for preparatory measures for the initiation of a contract, provided that no employment relationship under German law is affected (e.g., internships, freelancers).
- Art. 6 (1) (f) GDPR – for our legitimate interest in processing applicant inquiries efficiently and in a user-friendly manner and in optimizing the selection process.
- Art. 6 (1) (a) GDPR – if express consent has been obtained (e.g., for further storage in a talent pool); consent can be revoked at any time.
9. Social media
We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below, we provide an overview of which of your personal data we collect, use, and store when you visit our profiles.When you visit our profiles, your personal data is collected, used, and stored not only by us, but also by the operators of the respective social network. This also happens if you do not have a profile on the respective social network yourself. The individual data processing operations and their scope differ depending on the operator of the respective social network and are not necessarily traceable for us. For details on the collection and storage of your personal data and the nature, scope, and purpose of its use by the operator of the respective social network, please refer to the following information.
9.1. Facebook/Instagram
When you visit our Facebook/Instagram page, certain information about you is processed. We can only see the information stored in your public Facebook/Instagram profile (such as your profile picture or information you share on a Facebook profile or public Instagram profile), and only if you have such a profile and are logged in to it while visiting our Facebook/Instagram page.In addition, the platform operator Meta, Meta Platforms Ireland Limited, [Serpentine Avenue, Block J, Dublin 4 Ireland; (Meta)] provides us with anonymized statistics and insights for our Facebook/Instagram page, which help us gain insights into the types of actions people take on our page (page insights). These page insights are generated based on certain information about people who have visited our page.
The processing of your personal data in connection with the operation of our Facebook/Instagram company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. Furthermore, the processing serves our legitimate interest in evaluating the types of actions taken on our Facebook/Instagram company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6 (1) (f) GDPR. If the contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR.
The processing of Page Insights is carried out by Meta and us as joint controllers. We cannot assign the information obtained via Page Insights to individual Facebook/Instagram profiles that interact with our Facebook/Instagram page. We have entered into an agreement with Meta on processing as joint controllers, which specifies the distribution of data protection obligations between us and Meta. Details about the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found here. With regard to this data processing, you also have the option of asserting your rights as a data subject (see “Your rights as a data subject”) against Meta.
Further information on this can be found in Meta's privacy policy. Meta offers the option of objecting to certain data processing; information on this and opt-out options can be found here in your account.
Please note that, in accordance with Meta's privacy policy, user data may also be processed in the US or other third countries. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-US Data Privacy Framework. Based on this decision, data transfers to organizations based in the US that are certified accordingly are permitted. Meta is certified under the EU-US Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
9.2. LinkedIn
When you visit our LinkedIn company profile, certain information about you is processed. When you send us direct messages or comments on our LinkedIn company profile or under our posts, we receive the message, the comments, and your username.In addition, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn), as the operator, processes personal data when you visit our LinkedIn company profile, follow this page, or engage with the page in order to provide us with statistics and insights in anonymized form. This gives us insights into the types of actions people take on our page (page insights).
To this end, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on your job title, country, industry, length of service, company size, and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company profile, e.g., whether you are a follower of our LinkedIn company page. LinkedIn does not provide us with any personal data about you through Page Insights. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members from the Page Insights information.
The processing of your personal data in connection with the operation of our LinkedIn company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company profile and improving our company profile based on these findings.
This processing of personal data within the scope of Page Insights is carried out by LinkedIn and us as joint controllers. We have entered into an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available here. According to this agreement, the following applies:
LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn using the contact details in the privacy policy. You can contact LinkedIn's data protection officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.
You can also contact us using the contact details provided to exercise your rights in relation to the processing of personal data within the scope of Page Insights. In such cases, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority that oversees the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other supervisory authority.
In addition, LinkedIn processes your data as a user for the provision of services, communication, further development of services and research, as well as for advertising, customer support, analysis and security purposes. LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes in this context are described in LinkedIn's data policy. Further information about LinkedIn's processing of personal data can be found here:
https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
Please note that, in accordance with LinkedIn's privacy policy, personal data may also be processed by LinkedIn in the US or other third countries.
9.3. TikTok
When you visit our TikTok company profile, certain information about you is processed by the operators TikTok Technology Limited, (10 Earlsfort Terrace, Dublin, D02 T380, Ireland; hereinafter collectively referred to as TikTok) and TikTok Information Technologies UK Limited, (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom; hereinafter collectively referred to as TikTok). We can only view the information stored in your public TikTok company profile (such as your profile picture or information you share on your profile), provided you have such a profile and are logged in to it while visiting our site.TikTok provides us, as a so-called business user, with its TikTok advertising tools (“Advertiser Tools”), such as TikTok Pixel, TikTok Custom Audience, Lead Generation, or interfaces (APIs), which also collect personal data from visitors to our TikTok company profile. This so-called event data includes information about your use of TikTok advertising tools or your devices (including HTTP header information such as user agent, IP address, country, language, and information about the web browser or app used), as well as (a) actions you take as a user in relation to our advertising on the TikTok company profile, and (b) actions you take outside of the TikTok company profile, e.g., on our
websites and apps (or those of third-party providers), including visits to our websites, installations of our apps, and purchases of our products. In addition, the event data includes statistical and analytical data as well as results from measurements and reporting, which help us gain insights into the types of actions people take on our site.
The processing of your personal data in connection with the operation of our TikTok company profile is based on a balancing of interests pursuant to Art. 6 (1) (f) GDPR in order to offer you a modern and supportive means of information and interaction with and about us. If the purpose of the contact is to conclude a contract, the legal basis for the processing is Art. 6 (1) (b) GDPR. The processing via the Advertiser Tools serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on these findings. The legal basis for this processing is Art. 6 (1) (f) GDPR.
TikTok processes your data as a user to provide its services. TikTok is generally responsible for the processing of personal data when you visit our TikTok company profile. Personal data is processed in three categories:
data provided by you
automatically collected data
and data from other sources
Detailed information on the specific data processing of these categories and further information on the processing of personal data can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/de.
This processing of personal data is carried out in part by TikTok and us as joint controllers. In addition, TikTok acts as a processor in some cases. We have entered into an agreement with TikTok on processing as joint controllers, which specifies the distribution of data protection obligations between us and TikTok.
In addition, we have entered into a data processing agreement (DPA) with TikTok for cases where TikTok acts as a processor. This is a contract required by data protection law that ensures that TikTok only processes your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
Details about the processing of personal data for the creation of event data, as well as the agreement concluded between us and TikTok and the data processing agreement, can be found under Jurisdiction Specific Terms and TikTok Business Products (Data) Terms. With regard to this data processing, you also have the option of asserting your rights as a data subject (see “Your rights and choices”) against TikTok.
The personal data is also transferred to the United Kingdom. The European Commission has issued an adequacy decision for the United Kingdom in accordance with Art. 45 (3) GDPR. Based on this decision, data transfers to entities in the United Kingdom are permitted.
TikTok offers the option to object to certain data processing; information on this can be found at: https://www.tiktok.com/legal/page/global/right-to-object/en.
Further information on this can be found in TikTok's privacy policy at: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE.
10. Third-party tools
10.1. Consent management via the “Complianz” consent management platform
We use the consent management service Complianz, provided by Complianz B.V., (Kalmarweg 14-5, 9723JG Groningen, Netherlands). This enables us to obtain and manage the consent of website users for data processing.When you visit our website or a sub-website for the first time, a “cookie banner” will be displayed. There you will be informed about the individual cookies we use. You can find out about each individual cookie in terms of its name, provider, purpose of processing, and storage duration.
Our cookie banner informs you about the specific cookies we use. In addition, we give you the option of deciding whether you want to consent to the setting of non-essential cookies. The following data is processed:
- • the IP address of the connection you are using (in anonymized form)
- the description of the web browser and operating system used
- the language used by your browser and operating system
- the address of the website on which you give your consent
- the date and time of consent
- the country from which you are making your request
- a pseudonym used to distinguish between different users
- your consent status with regard to the cookies and similar technologies we use or with regard to the services used, which serves as proof of your consent
The cookie banner stores your preferences until you reset or change them. Otherwise, the key and consent status are stored in the browser for 12 months with the help of the cookie.
This Complianz service is hosted on our own servers, i.e., no data is passed on to Complianz B.V. or to third parties.
10.2. Google Tag Manager
We use Google Tag Manager to control the use of code snippets (“tags”), such as tracking code on our website. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager allows us to quickly and easily exchange code on our website via a web interface without having to interfere with the source code.We process the following personal data, among other things, through Google Tag Manager:
- IP address
- Device data, such as operating system, browser version, screen resolution
Personal data is anonymized by Google after 14 months, unless there are legal obligations to retain it.
We have concluded a data processing agreement for the use of Google. This is a contract required by data protection law, which ensures that Google only processes your personal data in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/?hl=de.
10.3. Google Analytics
Our website uses functions of the web analysis service Google Analytics from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)]. With the help of Google Analytics, we analyze your user behavior in order to make decisions regarding product and marketing optimization based on the results. Through Google Analytics, we process the following personal data, among other things:- Time of the request
- IP addresses
- Online identifiers
- Device identifiers
- Technical characteristics of users (e.g., browser type and version, device type, operating system)
- Measurement of usage behavior (e.g., visits to individual pages/content, visits to content in different areas, session duration/length of stay, bounce rate
- Use of individual website features (e.g., search queries, downloads)
- eCommerce activity (e.g., products purchased, sales)
- Referrer URL (the previously visited page)
Personal data is anonymized by Google 14 months after your last activity, provided there are no legal obligations to retain it.
We have concluded a data processing agreement for the use of Google Analytics. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/?hl=de.
10.4. Google Ads & Conversion Tracking
Our website uses Google Ads (formerly Google AdWords) from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)].Google Ads enables us to draw attention to our offers with the help of advertising material on external websites and to determine how successful individual advertising measures are. This helps us to show you advertising that is of interest to you, to make our website more interesting for you, and to achieve a fair calculation of advertising costs.
We use conversion tracking as part of Google Ads. The advertising material is delivered by Google via so-called “ad servers.” For this purpose, we use so-called ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. When you click on an ad placed by Google, a cookie for conversion tracking is set. Cookies are small text files that the Internet browser stores on the user's computer. These cookies expire after 30 days and are not used to personally identify users. These cookies enable Google to recognize your web browser. If you visit certain pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the specific ad and were redirected to this page.
Each Google Ads customer receives a different cookie. The cookies cannot therefore be tracked across the websites of Ads customers. The following information is usually stored as analysis values in the cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (indication that the user no longer wishes to be targeted). The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The legal basis for the use of Google Tag Manager is your voluntary and revocable consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings. By integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.
We have concluded a data processing agreement for the use of Google Ads & Conversion Tracking. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other suitable safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred. A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:
https://www.dataprivacyframework.gov/s/participant-search
Further information and the data protection provisions can be found in Google's privacy policy at:
https://policies.google.com/technologies/ads?hl=de.
10.5. Google Adsense
Our website uses Google AdSense, a service for integrating advertisements from Google LLC, [1600 Amphitheatre Parkway, Mountain View, California 94043, USA; (Google)]. In the European Union (EU) and the European Economic Area (EEA), the services are provided by Google Ireland Limited [Gordon House, Barrow Street, Dublin 4, Ireland; (Google)].Google AdSense uses so-called “cookies,” i.e., text files that are stored on your computer and serve to display advertisements on our website that match our content and your interests. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons enable statistical analysis of visitor traffic on our pages for online marketing purposes.
The information generated by cookies and web beacons about your use of our website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on to third parties by Google. However, Google will not merge your IP address with other data that Google may have stored about you.
The legal basis for the use of the service is Art. 6 (1) (a) GDPR, i.e., integration only takes place with your consent. You can revoke your consent at any time with effect for the future.
You can prevent the installation of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
We have concluded a data processing agreement for the use of Google Adsense. This is a contract required by data protection law, which ensures that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses (SCCs) of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. These clauses ensure an adequate level of data protection when your data is transferred.
A copy of these standard contractual clauses can be found at:
https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. Based on this decision, data transfers to organizations based in the USA that are certified accordingly are permitted.
Google is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:https://www.dataprivacyframework.gov/s/participant-searchFurther information and the privacy policy can be found in Google's privacy policy at:https://policies.google.com/technologies/ads?hl=de.10.6. OpenStreetMapWe have integrated the OpenStreetMap map service from the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road Cambridge, CB4 0WS, United Kingdom (OpenStreetMap), on our website. This allows us to display interactive maps directly on the website and enable you to use the map function conveniently. When you use the map service, records of this use are created and transmitted to the OpenStreetMap Foundation. According to the information in the OpenStreetMap Foundation's privacy policy at:https://osmfoundation.org/wiki/Privacy_PolicyTo the best of our knowledge, OpenStreetMap collects at least the following data:Information about your browser or application andyour interaction with our website, includingyour IP address,browser and device type,operating system,referring website,date and time of page visits, andthe pages accessed on our website.The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.We have concluded a data processing agreement with OSM provider for the use of OpenStreetMaps. This is a contract required by data protection law, which ensures that your personal data will only be processed in accordance with our instructions and in compliance with the GDPR.The information collected is stored on OpenStreetMaps servers in the UK. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the UK. Based on this decision, data transfers to organizations based in the UK are permitted.10.7. Meta PixelWe use the so-called “Meta Pixel” from Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland; (Meta)) – formerly Facebook Ireland Limited – on our websites under joint responsibility.The controller within the meaning of Art. 26 GDPR is:Meta Platforms Ireland LimitedMerrion Road, Dublin 4, D04 X2K5, IrelandThe agreement on joint responsibility pursuant to Art. 26 (1) sentence 2 GDPR is available at: https://www.facebook.com/legal/controller_addendumWe use Meta Pixel for marketing and optimization purposes, in particular to place relevant and interesting ads on Facebook for you, thereby improving our offering, making it more interesting for you as a user, and avoiding annoying ads. All information collected by the cookie is forwarded to Meta and allows Meta to draw conclusions about your user behavior. If you are registered on a Meta platform/service, Meta can associate this visit with you. Even if you are not registered on a Meta platform/service or are not logged in, it is possible that Meta will receive your IP address and other identifying features and store them in an assignable manner.When you visit our website via your browser, the Meta pixel built into it initiates cookie storage on your system, provided you have given your consent. The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.We only receive non-personal data from Meta, which is used for the purpose of optimizing and measuring the success of interest-based advertisements and events. Further information regarding the data processing for which Meta is responsible can be found in the following sources, for example:Meta Terms of Use: https://www.facebook.com/legal/terms/updateData Policy: https://de-de.facebook.com/privacy/explanationBy integrating the services on our websites, data is transmitted to the above-mentioned recipients and processed there for as long as is necessary to achieve the stated purposes.Since Meta may transfer personal data to affiliated companies and subcontractors in countries outside the EU and the EEA, additional safeguards are required to ensure the level of data protection provided by the GDPR. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR with regard to companies certified under the EU-U.S. Data Privacy Framework. Meta is certified under the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link:https://www.dataprivacyframework.gov/s/participant-search.10.8. TikTok PixelOur websites use the so-called pixel from the provider TikTok Pixel. TikTok Pixel is a service provided by TikTok Technology Limited, [10 Earlsfort Terrace, Dublin, D02 T380, Ireland; (TikTok)].TikTok Pixel enables us to identify visitors to our websites as a target group for advertising (ads) within the TikTok service. TikTok Pixel enables us to display advertisements only to users who are interested in our offers and services. In addition, we can track the effectiveness of the advertisements we place on TikTok and evaluate them for statistical and market research purposes by seeing whether users were redirected to our websites after clicking on a TikTok ad.The TikTok pixel collects information that is available via web browsers such as Chrome. This includes:Ad/event information: Information about ads that TikTok users have clicked on or events that have been triggered.Timestamp: This is used to determine when website actions (e.g., page views, product purchases) took place.IP address: Used to determine the geographic location of an event.User agent: Used to determine the device brand, model, operating system, and browser information.Cookies: These make it easier to measure, optimize, and target your campaigns. Learn more about the use of cookies with the TikTok Pixel.Metadata and button clicks: This includes descriptive page metadata, structured microdata, page performance data, and button clicks. TikTok can use this information to provide recommendations on how to optimally set up pixel events and provide automated solutions in the future. This information is also suitable for personalizing ad campaigns for TikTok users and improving ad delivery on TikTok.The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or cookie banner or by deleting the cookies.Personal data is anonymized or deleted by TikTok Pixel after 13 months, unless there are legal obligations to retain it.We have concluded a data processing agreement for the use of TikTok Pixel. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed other appropriate safeguards with the data recipients within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at:https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.In this respect, TikTok's privacy policy applies, which also contains more detailed information about the TikTok pixel and its functions. TikTok's privacy policy is available at https://www.tiktok.com/legal/privacy-policy-eea?lang=de.10.9. WPMLWe use the WPML service (WordPress Multilingual Plugin) from OnTheGoSystems Ltd. (22/F 3 Lockhart Road, Wanchai, Hong Kong) on our website.Only functional information about your browser settings regarding language is retrieved by the hosting service for the WPML service. These cookies are enabled by default on websites that use the language filtering feature for AJAX operations and are enabled for all website visitors when you use the browser language redirection feature. In addition, data about the current language of the WordPress administration area is collected. This data is essential for us to provide a smooth service on our website.The legal basis for processing is therefore Art. 6 (1) (f) GDPR in order to guarantee the provision, security, and stability of our website.The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected.We have concluded a data processing agreement for the use of WPML. This is a contract required by data protection law, which ensures that your personal data is only processed in accordance with our instructions and in compliance with the GDPR. In cases where there is no adequacy decision by the European Commission, we have agreed on other suitable safeguards with the data recipients in accordance with Art. 44 ff. GDPR.Further information and the privacy policy can be found in WPML's privacy policy at: https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/10.10. All-in-One WP MigrationThis website uses the WordPress plugin All-in-One WP Migration from ServMask, Inc. (16192 Coastal Highway Lewes, Delaware 19958 USA).For operational and maintenance purposes, All-in-One WP Migration may collect data that records interaction with All-in-One WP Migration (system logs) or use other personal data (such as the IP address) for this purpose.
The use is based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR in order to ensure the provision, security, and stability of our website.
With the help of this service, the entire WordPress installation on the web host's servers is backed up at regular intervals.
Personal data is processed and stored for as long as the purpose for which it was collected requires, and may be stored for longer due to applicable legal obligations or the consent of users.
For more information on data processing via All-in-One WP Migration, please refer to the privacy policy of ServMask Inc. at https://www.iubenda.com/privacy-policy/715803.
10.11 Cloudflare
When you visit our website, certain content is loaded via Cloudflare's Content Delivery Network (CDN). Cloudflare is a service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, which serves to deliver websites faster and more securely via a globally distributed network.When you access our website, a connection is established to Cloudflare's servers. Your IP address is transmitted to Cloudflare in order to deliver the content correctly. Cloudflare also uses cookies and other technologies to optimize loading times and defend against security threats (e.g., DDoS attacks). We have no influence on the scope and further use of the data collected and processed by Cloudflare itself through the use of Cloudflare.
The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used, or by deleting the cookies.
For more information on data processing by Cloudflare, please refer to Cloudflare's privacy policy.
10.12. jsDelivr
On our website, we use the open-source content delivery network (CDN) service jsDelivr, provided by Prospect One, Królewska 65A/1, 30-081 Kraków, Poland. jsDelivr enables us to deliver certain content—in particular JavaScript libraries and CSS files—quickly and reliably via a globally distributed network.When you visit our website, your browser downloads the necessary files directly from the jsDelivr servers. Your IP address is transmitted to jsDelivr, as the content cannot be delivered without it for technical reasons. Additional technical information, such as the browser type, operating system, and timestamp, may also be transmitted. This data is used to ensure the stability and security of the CDN service. To the best of our knowledge, jsDelivr does not permanently store any personal data and does not create profiles.
The legal basis for the use of the service is Art. 6 (1) (1) (a) GDPR and § 25 (1) TDDDG, i.e., integration only takes place with your consent. You can revoke your consent at any time by changing the corresponding cookie settings in your browser or in the cookie banner used, or by deleting the cookies.
Further information on data processing by jsDelivr can be found in the jsDelivr privacy policy (Prospect One).
11. Transfer of personal data
In the course of our processing of personal data, it may happen that personal data is transferred to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your personal data that serve to protect your personal data.12. Deletion of data
The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other permissions cease to apply (e.g., if the purpose of processing this personal data no longer applies or it is not necessary for the purpose).Our privacy policy also contains further information on the storage and deletion of personal data, which takes precedence for the respective processing operations.
13. Your rights as a data subject
As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR.If you wish to exercise any of your rights, please contact us at the above contact addresses or our data protection officer.
13.1. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; This also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.13.2. Right to information
You have the right to request confirmation as to whether personal data concerning you is being processed and to obtain information about this personal data, as well as further information and a copy of the personal data in accordance with the legal requirements.13.3. Right to rectification
In accordance with the legal requirements, you have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.13.4. Right to erasure and restriction of processing
You have the right to request that we erase personal data concerning you without undue delay if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.13.5. Restriction of processing
You have the right to request that we restrict processing if one of the legal requirements is met.13.6. Right to data portability
You have the right to receive personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format in accordance with legal requirements, or to request that it be transferred to another controller.13.7. Right to withdraw consent
You have the right to withdraw your consent at any time.13.8 Complaint to supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.14. Changes and updates to the privacy policy
We will amend the privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require action on your part (e.g., consent) or other individual notification.If we further develop our website and our offerings, or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here.
As of: June 2025