Data Protection

Data protection statement
Thank you for your interest in our organization. Data protection is of particular importance to the management of Anhalt University of Applied Sciences. Generally, the website of Anhalt University may be used without any declaration of personal data. If, however, a data subject intends to use particular services of our organization through our website, the processing of personal data could be necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, for example the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with national and other data protection regulations applying to Anhalt University. With this data protection statement, our organization intends to inform the public about the type, scope and purpose of personal data collected, used and processed by Anhalt University. In addition, this data protection statement informs data subjects about the rights they may exercise.
As person in charge of processing (controller), Anhalt University has implemented numerous technical and organizational measures to ensure that personal data processed via this website is protected as completely as possible. However, Internet-based data transfer may be vulnerable so that absolute protection cannot be guaranteed. Therefore, any data subject has the right to transfer personal data to us using alternative transmission channels, such as the telephone.

 

1. Definitions
The data protection statement of Anhalt University is based on the terminology used by European laws or regulations upon the adoption of the General Data Protection Regulation (GDPR). Our data protection statement should be easy to read and understand both for the public as well as for our clients and partners. So as to ensure this, we want to explain the terms used in advance.
Among others, we use the following terms in this data protection statement:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
A data subject is any identified or identifiable natural person, whose personal data are processed by the person responsible for the processing.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in 
the future.
e)    Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to 
evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
f) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be linked with a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Person in charge / responsible for data processing (controller)
Person in charge or person responsible for data processing (controller) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject,
 controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of the entity responsible for the processing
Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity is:
Hochschule Anhalt
Bernburger Straße 55

06366 Köthen
Germany
Ph.  +49 (0)3496 67 1000
Email: marketing(at)hs-anhalt.de
Website: www.hs-anhalt.de


3. Name and address of Data Protection Officer
The Data Protection Officer of the person responsible for the processing is:
Prof. Dr. Sebastian Volkmann
Hochschule Anhalt
Bernburger Straße 55

06366 Köthen
Germany
Ph.  +49 (0)3471 355 1313
Email: sebastian.volkmann(at)hs-anhalt.de
Website: www.hs-anhalt.de
Any data subject may contact our Data Protection Officer at any time with questions and suggestions on data protection.


4. Cookies
The website of Anhalt University uses cookies. Cookies are text files that are stored and saved on a computer system via an Internet browser.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters that websites and servers can link with the browser on which the cookie has been saved. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that store different cookies. A particular browser can be recognized and identified through its unique cookie ID during the same or subsequent visits.
The use of cookies enables Anhalt University to provide user-friendly services on its website. This would not be possible without the use of cookies.
Cookies can help optimize the information displayed on our website, thereby improving the user’s experience.  As previously mentioned, cookies allow us to recognize returning visitors to our website. The purpose of this is to make it easier for users to navigate our website. For instance, visitors to a website that uses cookies will not need to re-enter log-in information each time they visit the website, because the website and the cookie stored on the user’s computer will provide that information. Another example is the cookie of a shopping basket in an online shop. Articles added to a virtual shopping basked by a customer are recorded through a cookie.
The data subject may, at any time, choose to refuse cookies from our website by changing browser settings  to permanently disable cookies. In addition, cookies already stored can be deleted at any time, either via the browser or other software programs. All commonly used browsers offer this option. By disabling cookies on his or her browser, a data subject may no longer be able to access all the features of our website.


5. Collection of general data and information
Each time a data subject or automated system accesses its website, Anhalt University collects a range of general data and information. These general data and information are stored in the log files of the server.  Data collected may include (1) the type and version of the browser used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subsites of our website accessed by an accessing system, (5) the date and time of access to the website, (6) An Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) any other similar data and information that may need to be used in the event of attacks on our IT systems.
Anhalt University does not use these general data and other information to draw conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimize the content and advertisement of our website, (3) to ensure the long-term operational reliability of our IT systems and website technology, and (4) in the event of a cyber-attack, provide law enforcement authorities with the information needed for the prosecution of criminal offenses. Anhalt University uses these anonymously collected data and information for statistical purposes and to improve both data protection and data security within the organization, thus making sure that the personal data processed by us are safeguarded with the highest possible protection. All anonymous data in the log files of the server are stored separately from the personal data provided by a data subject.


6. Subscribing to our newsletter
The website of Anhalt University allows users to subscribe to the newsletter of our organization. The kind of the personal data transmitted to the controller depends on the input mask used to subscribe to our newsletter.
Anhalt University issues regular newsletters to inform its clients and partners about news concerning the organization. A data subject can only receive our organization’s newsletter if (1) the data subject has a valid email address and (2) the data subject has registered for the newsletter service. For legal reasons, a confirmation email is sent to the email address entered when a data subject first subscribes to our newsletter service. This is in line with our double-opt in procedure. The purpose of this confirmation email is to verify the data subject as the owner of the email address and that he or she has authorized the receipt of the newsletter.
During the registration process for our newsletter service, we also store the IP address of the computer used by the data subject at the point of registration, which is assigned by the Internet service provider, as well as the date and time of registration. The collection of these data is necessary in order to be able to verify any (potential) misuse of a data subject's email address at a later point in time and therefore serves as the legal protection for the controller.
The personal data collected in the context of a newsletter registration are used exclusively for sending out our newsletter. We may also use these data to provide information to subscribers of our newsletter via email, if this is necessary for the operation of the newsletter service or its registration process, such as in the event of any changes made to the newsletter service or the technology involved. There will be no disclosure of any personal data collected as part of the newsletter service to third parties. The data subject can cancel the subscription to our newsletter at any time. The consent to the storage of personal data, which we have obtained from the data subject for sending newsletters, may be withdrawn at any time. Every newsletter contains a link which can be used for the purposes of withdrawing consent. In addition, data subjects may unsubscribe from the newsletter service directly via the website of the controller at any time or may choose a different way of informing the controller about their decision.


7. Newsletter tracking
The newsletter of Anhalt University contains so-called tracking pixels. Tracking pixels are thumbnail images and are transmitted in HTML format allowing log files to be created and analyzed. They enable statistical evaluation of success or failure of online marketing campaigns. On the basis of the embedded tracking pixel, Anhalt University can establish if and when a data subject has opened an email and which links contained in the email the data subject has used.
Personal data collected via the tracking pixels contained in newsletters are stored and analyzed by the controller. This is done to optimize the newsletter service and to adapt the content of future newsletters to better match the interests of the data subject. These personal data will not be disclosed to third parties. A data subject may withdraw his or her consent to this data collection procedure, which was given via the double-opt in procedure, at any time. After the consent has been withdrawn, the controller will delete these personal data. Unsubscribing from receiving the newsletter is automatically regarded as withdrawal of consent by Anhalt University.

 

8. Contact options via the website

In line with statutory provisions, the website of Anhalt University contains information enabling users to contact the organization quickly via electronic means and to communicate directly with us (using an email address). If a data subject contacts the controller via e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. If the data subject voluntarily transmits any personal data to the controller, the data will be stored for further processing purposes or to get in contact with the data subject. These personal data will not be disclosed to third parties.


9. Subscribing to blog comments on the website
Third parties may subscribe to comments left via Anhalt University’s blog. In particular, it is possible that a commentator may subscribe to the comments that followed his or her blog entry.
If a data subject chooses the option to subscribe to comments, the controller will send an automatic confirmation email to verify, using the double-opt in procedure, that the owner of the specified email actually chose this option. The option of subscription to comments may be terminated at any time.

 

10. Routine deletion and blocking of personal data
The controller will process and store the personal data of the data subject only for the time required to achive the intended purpose of storage, or when this is mandated by European regulations or laws and regulations of another legislator to which the controller is subject.
If the intended purpose for storing data no longer applies or the retention period mandated by European laws and regulations or laws and regulations of another responsible legislator has expired, personal data will be routinely blocked or deleted in compliance with the relevant legal provisions.


11.  Rights of the data subject
a) Right to confirmation
European laws or regulations mandate that every data subject has the right to request a confirmation from the controller to determine whether or not personal data concerning him or her are being or have been processed.
 If a data subject wants to exercise this right to confirmation, he or she may contact our Data Protection Officer or any member of staff of the controller at any time.
b) Right to information
Data subjects affected by the processing of personal data shall have the right, under European laws or regulations, to contact the controller at any time, and without having to make a payment, to obtain information about any personal data being held on them, and to request a copy of such information. In addition, European laws or regulations mandate that the data subject shall have the right to request information about the following:

  • the purposes of the processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data have been disclosed, in particular with regard to recipients in third countries or at international organizations
  • the planned duration of storage of the personal data or, if specific information in this regard cannot be provided, criteria that determine the storage period
  • the existence of the right to request from the controller rectification or deletion of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • Information to be provided where personal data have not been obtained from the data subject: All available information about the origin of the data
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject


In addition, the data subject has a right to be informed as to whether or not any personal data have been transmitted to a third country or to an international organization.  If this is the case, the data subject shall have the right to request information on the appropriate safeguards relating to the transfer.
A data subject wishing to make use of this right of information may do so at any time, by contacting our Data Protection Officer or a member of the controller’s staff.
c) Right to rectification
Data subjects affected by the processing of personal data shall have the right, under European laws or regulations, to demand that any incorrect data concerning him or her is immediately rectified. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
A data subject wishing to make use of this right of rectification may do so at any time by contacting our Data Protection Officer or a member of the controller’s staff.
d) Right to erasure (right to be forgotten)
Data subjects affected by the processing of personal data shall have the right, under European laws or regulations, to request from the controller the prompt erasure of any personal data concerning him or her, provided one of the following reasons applies and there is no need to process these data:

  • the personal data was collected for such purposes or otherwise processed, for which they are no longer necessary.
  • the data subject withdraws consent on which the processing is based according to Article 6(1), lit. a GDPR, or Article 9(2) lit. a GDPR, and where there is no other legal ground for the processing.
  • the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
  • the personal data have been unlawfully processed.
  • the personal data have to be erased in compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • the personal data were collected in relation to the information society services offered in accordance with Article 8(1) GDPR.


If one of the above reasons applies and a data subject wishes to have the personal data erased which concern him or her and are stored at Anhalt University, he or she may do so at any time by contacting our Data Protection Officer or a member of the controller’s staff. The Data Protection Officer of Anhalt University or another member of staff will ensure that the request for erasure is promptly complied with.
Where Anhalt University has made the personal data public and, as controller, is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that the data subject has requested the erasure of all links to such personal data or have copies or replications of it erased from the controllers responsible for data processing, unless processing is necessary. In each case, the Data Protection Officer of Anhalt University or a member of staff will ensure that the necessary steps are taken.
e) Right to restriction of processing
Any data subject affected by the processing of personal data shall have the right, under European laws or regulations, to request the restriction of the processing from the controller if one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period of time that enables the controller to verify the accuracy of the personal data.
  • the processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims.
  • the data subject has objected to the processing pursuant to Article 21(1) GDPR, and it is not yet certain as to whether or not the legitimate reasons of the controller override those of the data subject. 


If one of the above-mentioned grounds applies and a data subject wishes to arrange the restriction of processing of personal data stored by Anhalt University, he or she may do so by contacting our Data Protection Officer or any member of the controller’s staff at any time. The Data Protection Officer of Anhalt University or another member of staff will ensure that the request for restriction of processing is complied with.
f) Right to data portability
A data subject affected by the processing of personal data shall have the right, under European laws or regulations, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. A data subject shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been made available, provided the processing is based on consent pursuant to Article 6(1) lit. a GDPR or Article 9(2) lit. a GDPR or on a contract pursuant to Article 6(1) lit. b GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.  
In addition, in exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, provided this is technically feasible and does not affect the rights and freedoms of others.
So as to exercise the right to data portability, the data subject may contact the Data Protection Officer of Anhalt University or another member of staff at any time.
g) Right to object
A data subject affected by the processing of personal data shall have the right, under European laws or regulations, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is based on Article 6(1) lit. e or f GDPR. This also applies to profiling processes based on the above provisions.
In the event of an objection, Anhalt University shall no longer process the personal data, unless we can establish compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or if processing serves to assert, exercise or defend legal claims.
If personal data are processed to operate direct mail advertising, the data subject shall have the right, at any time, to object to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is related to direct marketing. If a data subject objects to the processing of personal data for purposes of direct mail advertising by Anhalt University, Anhalt University shall no longer process his or her personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data relating to him or her for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may directly contact Anhalt University's Data Protection Officer or another member of staff. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
Any data subject affected by the processing of personal data shall have the right, under European laws or regulations, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects against him or her or significantly affects him or her in a similar way. This does not apply if the decision (1) is necessary for entering in or performance of a contract between the data subject and the controller, or (2) is legitimate according to legislation of the Union or the Member States which the controller is subject to and this legislation contains adequate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) is carried out with the express consent of the data subject.
If the decision (1) is required for entering into or performance of a contract between the data subject and the controller, or (2) it is made with the explicit consent of the data subject, Anhalt University shall implement appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
If the data subjects wishes to exercise rights with regard to automated decisions, he or she may contact our Data Protection Officer or any member of the controller’s staff at any time.
i) Right to withdraw a privacy consent
Any data subject affected by the processing of personal data has the right, under European laws or regulations, to withdraw his or her consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact our Data Protection Officer or any member of the controller’s staff at any time.

 

12. Data protection arrangements for applicants and the application process
The controller collects and processes the personal data of applicants for the purposes of administering the application process. The processing may also be carried out by electronic means, particularly in cases where an applicant submits his or her application documents to the controller by electronic means, such as via email or by using an online form. Where the controller enters into a contract of employment with an applicant, the transmitted data shall be stored for the purpose of administering the employment relationship and in line with the relevant legal provisions. Where the controller does not enter into a contract of employment with the applicant, the application documents shall be automatically deleted two months after the decision to decline employment was taken, provided that deletion is not in conflict with the legitimate interests of the controller. Other legitimate interest in this context may be burden of proof in proceedings under the General Act on Equal Treatment (AGG).

 

13.  Data protection arrangements regarding the use of Facebook
The controller has integrated components of the company Facebook on this website. Facebook is a social network.
A social network is a social meeting place in the Internet, an online community, usually allowing its users to communicate with each other and to interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or enables the Internet community to provide personal or business-related information. Among other things, Facebook enables its users to create private profiles, upload photos and network via friend requests.
Operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd., Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is the responsible person for the processing of personal data of those data subjects living outside the United States or Canada.
Every time individual pages of this website, which is operated by the controller and on which a Facebook component (Facebook plugin) has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component of Facebook. An overview of all Facebook plugins can be accessed at developers.facebook.com/docs/plugins/. Under this technical procedure, Facebook receives information about the particular page(s) of our website visited by the data subject.
Provided the data subject is also logged in to Facebook while visiting our website, Facebook detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected through the Facebook component and allocated to the data subject’s respective Facebook account by Facebook. Whenever the data subject uses one of the Facebook buttons integrated on our website, such as the "like" button, or submits a comment, Facebook allocates this information to the data subject’s personal Facebook account and stores these personal data.
Facebook receives information about the fact that the data subject has visited our website in cases in which the data subject is logged in to Facebook while calling up our website; this data transfer takes places regardless of whether or not the data subject clicks the Facebook component. If the data subject objects to such transmission of information to Facebook, he or she may prevent this transmission by logging off their Facebook account prior to calling up our website.
The privacy policy published by Facebook, which is available at de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. This privacy policy also provides information on setting options made available by Facebook to protect the privacy of the data subject. In addition, different applications are available to suppress a data transfer to Facebook, such as the Facebook blocker of the provider Webgraph, which can be obtained under webgraph.com/resources/facebookblocker/. Such applications may be used by the data subject to suppress a data transfer to Facebook.

 

14. Data protection arrangements regarding the use of Google Analytics (with anonymizer function)
The controller has integrated the component Google Analytics (with anonymizer function) on this website. Google Analytics is a web analytics service. Web analytics is the collection and analysis of data about the behavior of visitors to websites. Among other things, a web analytics service collects data about the website a data subject is visiting when calling up another website (so-called referrer) and shows which particular pages of this website were accessed or how often and for how long a page was visited. First and foremost, web analytics is used to optimize a website and the cost-benefit analysis of Internet advertising.
Operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the addition "_gat. _anonymizeIp" for web analytics through Google Analytics. Using this addition, the IP address of the data subject’s Internet connection is truncated and anonymized by Google, whenever our website is accessed from a Member State of the European Union or from any other signatory country to the Agreement on the European Economic Area.
The Google Analytics component is used to analyze the user flow on our website. Among other things, Google uses the collected data and information to evaluate the use of our website, to provide us with online reports, which show the activities on our websites, and to provide other services in relation to the use of our website.
Google Analytics places a cookie on the IT system of the data subject. The nature of cookies has been explained above. Setting the cookie enables Google to analyze the use of our website. Every time an individual page of this website, which is operated by the controller and on which a Google Analytics component has been integrated, is called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Google Analytics component to transfer data to Google for the purpose of an online analysis. Under this technical procedure, Google receives personal information, such as the data subject’s IP address, which is used by Google, among other things, to trace the origin of the users and the clicks and thus enable the generation of subsequent commission calculations.
Through the cookie personal information is stored, such as the time and place the website was accessed by the data subject and the frequency of visits to our website.  With each visit to our website, these personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data, which were collected through the technical procedure, to third parties.
As stated above, the data subject may, at any time, choose to refuse the setting of cookies through our website by changing browser settings to permanently disable cookies. Such a change of browser settings would also prevent Google from placing a cookie on the data subject’s IT system. A cookie already placed by Google Analytics can be deleted at any time via the browser or other software programs.
In addition, the data subject may object to the collection of data generated by Google Analytics relating to the use of this website, as well as the processing of these data by Google, and to prevent such collecting and processing of data. To this end, the data subject needs to download and install a browser add-on using the link tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that neither data nor information about the visits to websites may be transmitted to Google Analytics. Google classifies the installation of the browser add-on as an objection. If the data subject’s IT system is deleted, formatted or newly installed at a later stage, the data subject needs to reinstall the browser add-on in order to disable Google Analytics. If the data subject or another person within his or her sphere of influence uninstalls or deactivates the browser add-on, it may be reinstalled or reactivated.
For more information and the privacy policy of Google go to www.google.de/intl/de/policies/privacy/ and www.google.com/analytics/terms/de.html. Google Analytics is further explained at  www.google.com/intl/de_de/analytics/.

 

15. Data protection arrangements regarding the use of Google Remarketing
The controller has integrated services of Google Remarketing on this website. Google Remarketing is a feature of Google AdWords, which allows a company to display advertising to those Internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-based advertising and thus display interest-based advertisements.
Operating company of Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is the display of interest-based advertising. Google Remarketing enables us to display advertising, which is tailored to the individual needs and interests of Internet users, via the Google Display Network or have it displayed on other websites.
Google Remarketing places a cookie on the IT system of the data subject. The nature of cookies has been explained above. By placing the cookie, Google is able to identify a returning visitor to our website, if, following this visit, the user calls up websites which are also members of the Google Display Network. With each visit to a website on which Google Remarketing services have been integrated, Google receives an automatic identification from the data subject’s browser. Under this technical procedure, Google receives personal information, such as the IP address or the web browsing behavior of the user, and uses such information, amongst other things, for the display of interest-based advertising.
The cookie allows the storage of personal information, such as the websites visited by the data subject. Consequently, each visit to our webpages results in personal information, including the IP address of the Internet connection used by the data subject, to be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data, which were collected through the technical procedure, to third parties.
As stated above, the data subject may, at any time, choose to refuse the setting of cookies through our website by changing browser settings to permanently disable cookies. Such a change of browser settings would also prevent Google from placing a cookie on the data subject’s IT system. A cookie already placed by Google Analytics can be deleted at any time via the browser or other software programs.
The data subject may also object to Google’s interest-based advertising. To this end, the data subject needs to open the link www.google.de/settings/ads in each browser used by him or her and adjust the settings accordingly.
For more information and the Google Privacy Policy go to www.google.de/intl/de/policies/privacy/.

16. Data protection arrangements regarding the use of Google+
The controller has integrated the Google+ button as a component on this website. Google+ is a social network. A social network is a social meeting place in the Internet, an online community, usually allowing its users to communicate with each other and to interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences, or enables the Internet community to provide personal or business-related information. Amongst other things, Google+ allows its users to create private profiles, upload photos and network via friend requests.
Operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time individual pages of this website, which is operated by the controller and on which a Google+ button has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Google+ button to download a representation of the corresponding Google+ button of Google. Under this technical procedure, Google receives information about the particular page(s) of our website visited by the data subject. For more information about Google+ go to developers.google.com/+/.
Provided the data subject is also logged in to Google+ while visiting our website, Google detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected through the Google+ button and allocated by Google to the relevant Google+-account of the data subject.
Whenever the data subject uses one of the Google+ buttons integrated on our website and submits a Google+1 recommendation, Google links this information with the data subject’s personal Google+ account and stores these personal data. Google stores the data subject’s Google+1 recommendation and, in accordance with the relevant terms and conditions accepted by the data subject, makes it publicly available. A Google+1 recommendation made by the data subject on this website is subsequently stored and processed with other personal data, such as the name of the data subject’s Google+1 account and the photo stored in this account, in other Google services, for example the search engine results of Google’s search engine, the data subject’s Google account and in other places, like on websites or in relation to advertisements. Google is furthermore able to link the visit to this website with other personal data stored by Google. Google will also record this personal information with the purpose of improving or optimizing its various services.
Provided the data subject is also logged in to Google+ while visiting our website, Google is made aware of this fact via the Google+ button, regardless of whether or not the data subjects clicks the Google+ button.
If the data subjects objects to the transfer of personal data to Google, he or she may prevent this by logging out of his or her Google+ account before calling up our website.
For more information and the Google Privacy Policy go to www.google.de/intl/de/policies/privacy/. For more information on Google+1 button provided by Google go to developers.google.com/+/web/buttons-policy.

17. Data protection arrangements regarding the use of Google AdWords
The controller has integrated Google AdWords on this website. Google AdWords is a service for Internet advertising, allowing advertisers to place ads in Google search-engine results and in the Google Display Network. Google AdWords allows an advertiser to pre-define specific keywords by which an ad on Google's search results is only displayed when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Display Network, the ads are distributed on relevant web pages using an automatic algorithm and taking the previously defined keywords into account.
Operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is the promotion of our website through the display of interest-based advertising on the websites of third parties and in the search engine results of the Google search engine, as well as a display of third-party advertising on our website.
If a data subject reaches our website via a Google ad, a so-called conversion cookie is placed on the data subject’s IT system by Google. The nature of cookies has been explained above. A conversion cookie expires after thirty days and is not intended to identify the data subject. Provided the conversion cookie has not expired, it is used to check whether certain pages, e.g. the shopping cart of an online shop system, were opened on our website. Through the conversion cookie, both the controller and Google can understand whether a data subject who reached our website via an AdWords ad has generated a turnover, i.e. executed or canceled a sale of goods.
The data and information collected through the use of the conversion cookie is used by Google to create visitor statistics for our website. We use these visitor statistics to determine the total number of users who have been forwarded to our website by AdWords ads, so as to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our organization nor other Google AdWords advertisers receive information from Google by means of which the data subject could be identified.
The conversion cookie stores personal data, e.g. the websites visited by the data subject. Consequently, each visit to our webpages results in personal information, including the IP address of the Internet connection used by the data subject, to be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data, which were collected through the technical procedure, to third parties.
As stated above, the data subject may, at any time, choose to refuse the setting of cookies through our website by changing browser settings to permanently disable cookies. Such a change to the settings of the browser used would also prevent Google from placing a conversion cookie on the data subject’s IT system. Also, a cookie already placed by Google AdWords can be deleted at any time via the browser or other software programs.
The data subject may also object to Google’s interest-based advertising. To this end, the data subject needs open the link www.google.de/settings/ads in each browser used by him or her and adjust the settings accordingly.
For more information and the Google Privacy Policy go to www.google.de/intl/de/policies/privacy.

18. Data protection arrangements regarding the use of Instagram
The controller has integrated components of the service Instagram on this website. Instagram is a service which qualifies as an audiovisual platform allowing users to share photos and videos and also enables a proliferation of such data on other social networks.
Operating company of Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Every time individual pages of this website, which is operated by the controller and on which an Instagram component (Insta button) has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Instagram component to download a representation of the corresponding Instagram component. Under this technical procedure, Instagram receives information about the particular page of our website visited by the data subject.
Provided the data subject is also logged in to Instagram while visiting our website, Instagram detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected through the Instagram component and allocated to the data subject’s relevant Instagram account by Instagram. Whenever the data subject uses one of the Instagram buttons integrated on our website, the data and information thus transmitted are allocated to the data subject’s personal Instagram account as well as stored and processed by Instagram.
Provided the data subject is also logged in to Instagram while visiting our website, Instagram is made aware of this fact via the Instagram component, regardless of whether or not the data subjects clicks the Instagram component. If the data subjects objects to the transfer of this information to Instagram, he or she may prevent this by logging out of his or her Instagram account before calling up our website.
For more information and Instagram’s current privacy policy go to help.instagram.com/15583370790038 and www.instagram.com/about/legal/privacy/.


19. Data protection arrangements regarding the use of LinkedIn
The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and establish new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.
Operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Privacy matters outside the USA are dealt with by LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Every time this website, on which a LinkedIn component (LinkedIn plugin) has been integrated, is called up, the Internet browser of the data subject’s IT system is prompted by this component to download a representation of the component of LinkedIn. More information on the LinkedIn plug-in is available at developer.linkedin.com/plugins. Under this technical procedure, Instagram receives information about the particular page of our website visited by the data subject.
Provided the data subject is also logged in to LinkedIn while visiting our website, LinkedIn detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected through the LinkedIn component and allocated to the data subject’s relevant LinkedIn account by LinkedIn. Whenever the data subject makes use of one of the LinkedIn buttons integrated on our website, LinkedIn allocates this information to the data subject’s personal LinkedIn account and stores these personal data.
LinkedIn receives information about the fact that the data subject has visited our website, whenever the data subject is logged in to LinkedIn while calling up our website; this data transfer takes places regardless of whether or not the data subject clicks the LinkedIn component. If the data subject objects to such transmission of information to LinkedIn, he or she may prevent this transmission by logging off their LinkedIn account prior to calling up our website.
LinkedIn has made provisions to unsubscribe from email messages, SMS messages and targeted ads as well as to manage display settings under www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, comScore, Eloqua, and Lotame, who may place cookies. Such cookies may be rejected under www.linkedin.com/legal/cookie-policy. The current privacy policy of LinkedIn is available under www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy is available at www.linkedin.com/legal/cookie-policy.

20. Data protection arrangements regarding the use of PIWIK
The controller has integrated the PIWIK component on this website. PIWIK is an open source software tool for web analysis. Web analytics is the collection and analysis of data about the behavior of visitors to websites. Among other things, when a data subject is on a website, the web analysis tool collects data from the previous website the data subject was on (so-called referrer), and collects data about the particular pages of a website accessed or how often and for how long a particular page was visited. First and foremost, web analytics is used to optimize a website and the cost-benefit analysis of Internet advertising.
The software is operated on the server of controller; the log files, which are sensitive in terms of privacy regulations, are exclusively stored on this server.
The purpose of the PIWIK component is the analysis of traffic on our website. Among other things, the controller uses the collected data and information to analyze the use of this website and to compile online reports, which show the activities on our website.
PIWIK places a cookie on the IT system of the data subject. The nature of cookies has been explained above. By placing a cookie, we are able analyze the use of our website. Every time individual pages of this website are called up, the Internet browser of the data subject’s IT system is automatically prompted by the PIWIK component to transfer data to the server for the purposes of online analysis. Under this technical procedure, we receive personal information, such as the IP address of the data subject, which we use, among other things, to trace the origin of visitors and clicks.
The cookie stores personal information, e.g. the access time, the place from which our website was accessed and the frequency of visits to our website. With each visit to our website, these personal data, including the IP address of the Internet connection used by the data subject, are transmitted to our server. We store these personal data.  We do not disclose these personal data to third parties.
As stated above, the data subject may, at any time, choose to refuse the setting of cookies through our website by changing browser settings to permanently disable cookies. Such a change of browser settings would also prevent PIWIK from pacing a cookie on the data subject’s IT system. Also, a cookie already placed by PIWIK can be deleted at any time via the browser or other software programs.
In addition, the data subject may object to the collection of data that are generated by PIWIK and related to the use of this website and to prevent such collection and processing. To this end, the data subject needs to place an opt-out cookie under the link piwik.org/docs/privacy/. If the data subject’s IT system is deleted, formatted or newly installed at a later stage, the data subject needs to place another opt-out cookie under piwik.org/docs/privacy/.
By placing the opt-out cookie, however, the websites of the controller may no longer be fully functional for the data subject.
For more information and the current privacy policy of PIWIK go to piwik.org/docs/privacy/.

21. Data protection arrangements regarding the use of Twitter
The controller has integrated components of Twitter on this website. Twitter is a multi-lingual public microblogging service, where users can publish and spread so-called tweets, i.e. short messages limited to 140 characters. These messages are available for everyone, including people not registered with Twitter. The tweets are also visible to the so-called followers of the respective user. Followers are other Twitter users who follow the tweets of a user. Furthermore, Twitter provides access to a wide audience via links, hashtags or retweets.
Operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Every time individual pages of this website, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component of Twitter. More information about the Twitter buttons is available at about.twitter.com/de/resources/buttons. Under this technical procedure, Twitter receives information about the particular page of our website visited by the data subject. The Twitter component has been integrated on this website so as to enable our users to spread the contents of this website, to raise awareness of this website in the digital sphere and to increase our visitor numbers.
Provided the data subject is also logged in to Twitter while visiting our website, Twitter detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected through the Twitter component and allocated to the data subject’s relevant Twitter account by Twitter. Whenever the data subject makes use of one of the Twitter buttons integrated on our website, the data and information thus transmitted are allocated to the data subject’s personal Twitter account as well as stored and processed by Twitter.
Twitter receives information, via the Twitter component, about the fact that the data subject has visited our website in cases in which the data subject is logged in to Twitter while calling up our website; this data transfer takes places regardless of whether or not the data subject clicks the Twitter component. If the data subject objects to such transmission of information to Twitter, he or she may prevent this transmission by logging off their Twitter account prior to calling up our website.
The privacy policy of Twitter is available at twitter.com/privacy.

22. Data protection arrangements regarding the use of Xing
The controller has integrated components of Xing on this website. Xing is an Internet-based social network that enables users to connect with existing business contacts and establish new business contacts. Individual users can create a personal profile on Xing. Companies can, for example, create company profiles or publish vacancies on Xing.
Operating company of Xing is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.
Every time individual pages of this website, which is operated by the controller and on which a Xing component (Xing plugin) has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component of Xing. More information on the Xing plugin is available at dev.xing.com/plugins. Under this technical procedure, Xing receives information about the particular page of our website visited by the data subject.
Provided the data subject is also logged in to Xing while visiting our website, Xing detects which particular page of our website is visited by the data subject every time our website is called up by the data subject and during the entire visit to our website. This information is collected by the Xing component and allocated to the data subject’s relevant Xing account by Xing. Whenever the data subject uses one of the Xing buttons integrated on our website, such as the ÒshareÓ button, Xing links this information with the data subject’s personal Xing account and stores these personal data.
Xing receives information, via the Xing component, about the fact that the data subject has visited our website in cases in which the data subject is logged in to Xing while calling up our website; this data transfer takes places regardless of whether or not the data subject clicks the Xing component. If the data subject objects to such transmission of information to Xing, he or she may prevent this transmission by logging off their Xing account prior to calling up our website.
The privacy policy published by Xing, which is available under www.xing.com/privacy, provide information on the collection, processing and use of personal data by Xing. In addition, Xing has published information on the Xing share button under www.xing.com/app/share.

23. Data protection arrangements regarding the use of YouTube
The controller has integrated components of YouTube on this website. YouTube is an Internet-based video portal that allows video publishers to upload video clips free of charge and other users to view, review and comment on these clips, also free of charge. YouTube allows the publication of all types of videos, which is why not only feature-length movies and television series are available via the portal, but also music videos, trailers or videos made by users themselves.
Operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time individual pages of this website, which is operated by the controller and on which a YouTube component (YouTube video) has been integrated, are called up, the Internet browser of the data subject’s IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component of YouTube. More information on YouTube is available at www.youtube.com/yt/about/de/. Under this technical procedure, YouTube and Google receive information about the particular page of our website visited by the data subject.
Provided the data subject is also logged in to YouTube, YouTube detects which particular page of our website is visited by the data subject, once a page containing a YouTube video is called up. This information is collected by YouTube and Google and allocated to the respective YouTube account of the data subject.
YouTube and Google receive information about the fact that the data subject has visited our website in cases in which the data subject is logged in to YouTube while calling up our website; this data transfer takes places regardless of whether or not the data subject clicks a YouTube video. If the data subject objects to such transmission of information to YouTube and Google, he or she may prevent this transmission by logging off their YouTube account prior to calling up our website.
The privacy policy published by YouTube and available under www.google.de/intl/de/policies/privacy/ provides information on the collection, processing and use of personal data by YouTube and Google.

24. Legal basis for processing
In our organization, Article 6(1) lit. a GDPR is used as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, such as when completing processing steps necessary for the supply of goods or the delivery of any other service or consideration, this processing is covered by Article 6(1) lit. b GDPR. The same applies to such processing operations that are required prior to entering into a contract, such as  when receiving inquiries regarding our products or services. If the processing of personal data is necessary for compliance with a legal obligation to which our organization is subject, such as compliance with tax obligations, this processing shall be covered by Article 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case if a visitor to our organization was injured and we would need to transmit his or her name, age, health insurance details or other vital information to a medical doctor, hospital or other third party. In such cases, the processing would be based on Article 6(1)lit. d GDPR.  Finally, processing operations could be based on Article 6(1) lit. f GDPR. This provides the legal basis for processing operations not covered by any of the above-mentioned points, where this processing is necessary for the purposes of the legitimate interests pursued by our organization or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject. Above all, our organization is permitted to carry out such processing operations, because the European legislator specifically referred to them. The European legislator was of the opinion that a legitimate interest might be assumed in cases where the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

 

25. Legitimate interests in the processing, pursued by the controller or a third party
Where the processing of personal data is based on Article 6(1) lit. f GDPR, our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.

 

26. Duration for which the personal data will be stored
The criterion used to determine the duration of storage of personal data is the relevant statutory retention period. When the retention period has expired, the respective data are routinely deleted, except where they are necessary for entering into or the performance of a contract.

 

27. Statutory or contractual requirements for the provision of the personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide

We inform you that the provision of personal data may be required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). When concluding a contract, it may be necessary for the data subject to provide us with personal data and that this personal data is subsequently processed by us. The data subject is, for example, obliged to provide us with personal data, when our organization signs a contract with him or her. Failure to provide us with the personal data
 would mean that the contract could not be concluded with the data subject. Before providing us with personal data, the data subject is required to contact our Data Protection Officer. Our Data Protection Officer informs the data subject, on a case-by-case basis, whether the provision of the personal data is required by law or contract or if it is necessary for the conclusion of the contract, and whether or not there is an obligation to provide the personal data and about the consequences of non-provision of the personal data.

 

28. Existence of automated decision making
As a responsible organization, we do not use automatic decision-making or profiling.