Data protection

In general

As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on which legal basis we process your data.

Responsible for data processing on this website and in our company is:

Brandmaier measurement, control, software

Liststraße 1

72160 Horb

Telephone: +49 (0) 74 51 55 69 88 — 0

email: info@brandmaier.com

General notes

SSL or TLS encryption

When you enter your data on websites, place online orders or send emails over the Internet, you must always expect unauthorised third parties to access your data. There is no complete protection against such access. However, we do everything we can to protect your data in the best possible way and to close the security gaps as far as possible.

An important protective mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered Internet address in your browser and by the fact that our Internet address starts with https://and not with http://.

How long do we store your data?

In some places in this privacy policy, we will inform you how long we or the companies that process your data on our behalf will store your data. If such information is missing, we will store your data until the purpose of data processing no longer applies, you object to data processing or you withdraw your consent to data processing.

However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

  • We have compelling legitimate reasons for continuing data processing which outweigh your interests, rights and freedoms (only if you object to data processing; if the objection is directed against direct marketing, we cannot provide any legitimate reasons).
  • Data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct marketing).
  • We are required by law to keep your data.

In this case, we will delete your data as soon as the requirement (s) no longer apply or do not apply.

Transfer of data to the USA

On our website, we also use tools from companies that transfer your data to the USA and store it there and, if necessary, further process it. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This determines that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new guarantees and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and guarantees with regard to US intelligence services' access to the data. Mandatory guarantees have been introduced to limit access by US intelligence services to what is necessary and proportionate to protect national security. In addition, increased oversight of the activities of US intelligence agencies has been established to ensure that restrictions on surveillance activities are met. An independent appeal process has also been set up to handle and resolve complaints from European citizens about access to their data. The EU-USA data protection framework thus enables European companies to transfer data to certified US companies without having to introduce additional data protection guarantees. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search

An amendment to the European Commission's decision cannot be ruled out.

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE DO SO IN ACCORDANCE WITH ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO FILE AN OBJECTION UNDER ARTICLE 21 GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THE ABOVE PROVISION. THE PREREQUISITE IS THAT YOU GIVE REASONS FOR THE OBJECTION ARISING FROM YOUR PARTICULAR SITUATION. A JUSTIFICATION IS NOT REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE RESULT OF THE OBJECTION IS THAT WE ARE NO LONGER ALLOWED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING REQUIREMENTS IS MET:

  • WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS.
  • THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING ASSOCIATED WITH IT.

More rights

Withdrawal of your consent to data processing

Many data processing operations are based on your consent. You grant this, for example, by ticking online forms accordingly before you submit the form, or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Article 7 (3) GDPR). From the time of withdrawal, we may no longer process your data. The only exception: We are required by law to keep the data for a certain period of time. There are such retention periods in particular in tax and commercial law.

Right to lodge a complaint with the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Article 77 GDPR. You can contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right of appeal exists in addition to administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfilment of a contract must be handed over to you or to a third party in a standard machine-readable format if you request this. We can only transfer the data to another person responsible insofar as this is technically possible.

Right to access, delete and correct data

According to Article 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transfer the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Article 16 GDPR); under the conditions of Article 17 GDPR, you may request that we delete the data.

Right to restrict processing

In certain situations, you can require us to restrict the processing of your data in accordance with Article 18 GDPR. Apart from storage, the data may then only be processed as follows:

  • with your consent
  • to assert, exercise or defend legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a Member State

The right to restrict processing exists in the following situations:

  • You have denied the accuracy of your personal data stored by us and we need time to verify this. The right exists here for the duration of the examination.
  • The processing of your personal data is wrongfully or was unlawful in the past. As an alternative, you have the right to delete the data here.
  • We no longer need your personal data, but you need it to exercise, defend or assert legal claims. As an alternative, you have the right to delete the data here.
  • You have filed an objection in accordance with Article 21 (1) GDPR and now your interests and ours must be weighed against each other. The law exists here as long as the result of the consideration has not yet been determined.

Hosting and content delivery networks (CDN)

External hosting

Our website is located on a server from the following provider of Internet services (hoster):

Webflow, Inc.
398 11th Street
2nd Floor
San Francisco, CA 94103, United States

Has an order processing contract been concluded with the host or are standard contractual clauses (SCC) used?

yes

How do we process your data?

The host stores all data on our website. This includes all personal data that is collected automatically or through your input. In particular, this may include: your IP address, pages viewed, names, contact details and inquiries, as well as meta and communication data. When processing data, our host complies with our instructions and only ever processes the data to the extent necessary to fulfill the obligation to provide services to us.

On which legal basis do we process your data?

Since we address potential customers via our website and maintain contacts with existing customers, data processing by our host serves to initiate and fulfill contracts and is therefore based on Art. 6 para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR.

Data collection on this website

Using cookies

Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to be able to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to take advantage of the benefits of a shopping cart in an online shop. Still other cookies are used to analyze user behavior or optimize advertising measures. If we use third-party services on our website, for example to process payment transactions, these companies may also leave cookies on your device when you visit the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. For example, this can result in your user behavior being permanently analysed. You can use the settings in your browser to influence how it handles cookies:

  • Would you like to be informed when cookies are set?
  • Do you want to exclude cookies in general or in specific cases?
  • Do you want cookies to be automatically deleted when you close your browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this as part of this privacy policy. We also ask for your consent when you visit our website.

On which legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all desired functions are available to them. Necessary and functional cookies are therefore stored on your device on the basis of Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided that you give us appropriate consent. You can cancel this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when requesting consent, these cookies will also be stored exclusively on the basis of your consent.

Cookie consent with ConsentPro (Finsweet)


What is ConsentPro?

ConsentPro is a cookie consent, monitoring, and control solution that is natively integrated with Webflow.

Who processes your data?

Finsweet Inc., 1001A E Harmony Rd. #15, Fort Collins, CO 80525, Verenigde Staten


Where can you find more information about data protection at Finsweet?
https://finsweet.com/legal/privacy-policy

How do we process your data?

We use ConsentPro to obtain your consent to store cookies on your device and to document them in accordance with data protection regulations. When you visit our website and give or decline your consent via the ConsentPro cookie banner, the following data is processed:

  • Your consent status (which cookie categories were accepted or rejected)
  • Date and time of approval or rejection
  • Your browser's user agent
  • The URL on which consent was given

The consent data is automatically stored to ensure verifiable documentation of user decisions. Consent Pro


ConsentPro stores a cookie in your browser in order to be able to assign the consents given or their revocation to your browser. All collected data is stored until you delete the cookie or ask us to delete the data. Statutory storage obligations remain unaffected.


On which legal basis do we process your data?

We are legally required to obtain the consent of our website visitors to use certain cookies. In order to fulfill this obligation, we use ConsentPro. The legal basis for data processing is therefore Art. 6 para. 1 lit. c) GDPR.


Transfer of data to third countries
Finsweet Inc. is based in the USA. Personal data may therefore be transferred to the USA. Finsweet uses appropriate protective measures to secure data transmission.

server log files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after just a short period of time, so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.

How do we process your data?

Our provider stores the server log files in order to be able to track the activity on our website and to identify errors. The files contain the following data:

  • Browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • Time of server request
  • IP address (anonymized if applicable)

We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.

On which legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymous overview of access to our website. Data processing is therefore lawful in accordance with Article 6 (1) (f) GDPR.

contact form

You can send us a message using the contact form on this website.

How do we process your data?

We save your message and the information from the form so that we can process your request, including follow-up questions. This also applies to the contact details provided. We will not share the data with other people without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request was finally processed.
  • You are asking us to delete the data.
  • You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

On which legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process inquiries addressed to us. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Analytical tools and advertising

We use the following tools to analyze the behavior of our website visitors and show you advertising.

Google Tag Manager

What is Google Tag Manager?

Tag management system for integrating tracking codes and conversion pixels from Google Ireland. Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Tag Manager?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage and play them out. Google Tag Manager does not create any user profiles itself, does not place cookies on your device and does not analyze your behavior as a user. However, it collects your IP address and transmits it to Google servers in the USA.

On which legal basis do we process your data?

We have a legitimate interest in quickly and easily integrating and managing various tools on our website. The use of Google Tag Manager is therefore lawful under Art. 6 para. 1 lit. f) GDPR. If you have consented to the transfer of your IP address, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Google Analytics

What is Google Analytics?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Analytics?

https://support.google.com/analytics/answer/6004245?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How can you prevent data collection?

With a browser plug-in, among other things: https://tools.google.com/dlpage/gaoptout?hl=de

How do we process your data?

We are always interested in optimising our website for visitors to our website and placing advertising optimally. Google Analytics, a tool that analyses user behavior and thus provides us with the necessary database for adjustments, helps us with this. The tool provides us with information about the origin of our visitors, their page views and their time spent on the pages, as well as the operating system they use.

standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting, or other technologies to recognize users. The data is transmitted to Google servers in the USA and, using the IP address also collected, is summarized in a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plug-in that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de

IP anonymization

We have activated the “IP anonymization” function within Google Analytics. For you, this means that Google abbreviates your IP address (from the EU or the EEA) before transmission to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and abbreviate it there.

How long do we store your data?

According to its own information, Google deletes or anonymizes data stored at user and event level that is linked to cookies, user IDs (e.g. user IDs) or advertising IDs (cf. https://support.google.com/analytics/answer/7667196?hl=de).

On which legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Article 6 (1) (f) GDPR. If, for example, you have consented to the storage of cookies or otherwise consented to data processing by Google Analytics, the legal basis is only Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future.

Google conversion tracking

What is Google Conversion Tracking?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection with Google Conversion Tracking?

https://www.google.de/intl/de/policies/privacy/

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We are always interested in optimising our website for users and placing advertising optimally. For this purpose, we also use Google's conversion tracking. With its help, we can record whether and how often visitors clicked on certain buttons on our website and which products were viewed and purchased particularly frequently (conversion statistics). In the course of data collection and storage, we do not receive any information with which we can personally identify individual visitors. Google itself uses cookies or comparable recognition technologies for identification.

On which legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Article 6 (1) (f) GDPR. If, for example, you have consented to the storage of cookies or otherwise consented to data processing by Google Conversion Tracking, the legal basis is only Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Plug-ins and tools

Google Fonts (local hosting)

We use fonts from the US company Google on our website. We have installed the fonts locally so that there is no connection to Google's servers when you visit our website.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de

jQuery

What is jQuery?

Service that allows access to a JavaScript library for use on this website

Who processes your data?

The OpenJS Foundation, 548 Market St, PMB 57274, San Francisco, California, United States of America

Where can you find more information about privacy at jQuery?

https://openjsf.org/privacy

On what basis do we transfer your data to the USA?

jQuery complies with the European Commission's standard contractual clauses (cf. https://openjsf.org/privacy)

How do we process your data?

We use jQuery services on our website. jQuery is a Javascript library. It simplifies Javascript programming by providing an easy-to-use interface for many common tasks. With jQuery, users can make their web pages faster and more interactive. When you visit our website, a direct connection is established between your browser and the jQuery servers. This is how jQuery learns that our website was accessed via your IP address.

On which legal basis do we process your data?

The jQuery fonts ensure a uniform typeface on our websites. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Google Maps

What is Google Maps?

Map service provided by Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Maps on our website. So that you can use all functions of the map service, Google stores your IP address on one of its servers in the USA.

On which legal basis do we process your data?

The maps from Google Maps ensure that the locations listed on our website are easier for visitors to find. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Google reCAPTCHA

What is Google reCAPTCHA?

Test tool to differentiate between people and computers from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

With Google reCAPTCHA, we check whether data entered into forms on our website comes from a person or from a computer. For you, this means that the test tool analyses your behavior as a visitor to our website based on various characteristics. The analysis does not only start when you use the test tool, but as soon as you visit our website. Various data are collected, such as the IP address, the time spent on our website and mouse movements made. The data is forwarded to Google.

On which legal basis do we process your data?

As a company, we have a legitimate interest in protecting our web offerings from spam and abusive spying. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Make

What is Make?

Visual platform that includes tools for process automation, design, and development

Who processes your data?

Celonis Inc.; One World Trade Center, 87th Floor, New York, NY, 10007, USA

Where can you find more information about privacy at Make?

https://www.make.com/en/privacy-notice

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

Make is used to automatically forward and process inquiries received via the contact form on our website. The following personal data is transmitted in the process:

  • Requester's name
  • undertakings
  • email address
  • Request description

The data will only be used to process your request. Only anonymized data is used for analyses.

On which legal basis do we process your data?

If your request is related to a contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In addition, as a company, we have a legitimate interest in designing our processes efficiently. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Audio and video conferences

As a company, we are in contact with many people: customers, business partners, service providers, etc. In addition to other means of communication, we also use so-called online conference tools for exchange. Data protection-relevant information about the provider (s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool, process your personal data.

How do we process your data?

Online conference tools collect and store various personal data to enable participation in an online conference and its smooth execution. In addition to registration, conference and technical data, this also applies to certain communication content.

  • Registration details: Your email address and/or telephone number and, if applicable, other information that you provide when registering for the conference.
  • Conference dates: The start, end and duration of your participation in the conference, the number of participants and other metadata about the conference.
  • Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or speaker, and type of connection.
  • Communication content: cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

For details on data processing, please refer to the privacy policies of the respective conference tool provider.

How long do we store your data?

As your communication partner, we delete your data from our systems as soon as one of the following occurs:

  • The purpose of data processing does not apply.
  • You are asking us to delete the data.
  • You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

Cookies remain on your device until you delete them.

Conference tool providers also store your data for their own purposes. Please ask the providers directly what this means for the duration of storage of your data.

On which legal basis do we process your data?

If we are already contractually bound or would you like to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves for easy and fast communication, without which we would not be able to run our company efficiently. We therefore also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. Another legal basis may be your consent. In this case, Art. 6 para. 1 lit. a) GDPR is relevant. This basis does not apply in the future if you withdraw your consent.

Which online conference tools do we use?

Microsoft Teams

What is Microsoft Teams?

Communication platform for team collaboration

Who processes your data?

Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, United States of America

Where can you find more information about data protection at Microsoft Teams?

https://privacy.microsoft.com/de-de/privacystatement

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

Own services/miscellaneous

Handling applicant data

If you would like to work for us, we would be happy to receive your application. We treat all submitted personal data strictly confidentially. This also applies to data that we only collect later in the course of the application process.

How do we process your data?

We store and use all data that we collect as part of the application process to the extent necessary to decide whether to establish an employment relationship. In addition to contact and communication data and application documents, this also includes notes that we make during job interviews. Within our company, we will only share your data with people who are involved in processing your application.

If the application is successful, we store the data required to carry out the employment relationship in our data processing systems.

How long do we store your data?

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to keep your documents and other application data for up to 6 months after the application process has ended. The reason is that in the event of a legal dispute, we may need the data for evidence purposes. After the deadline, we delete the data and destroy the documents. If a legal dispute is actually imminent or is it already pending, we delete the data and documents when they are no longer required for evidentiary purposes.

Deleting your data always requires that we are not legally obliged to keep it for longer.

On which legal basis do we process your data?

We process your applicant data on the basis of § 26 BDSG-neu (initiation of an employment relationship) and Art. 6 para. 1 lit. b) GDPR (general contract initiation).

The same applies if your application is successful.

If we are unable to make you a job offer, you reject a job offer, or withdraw your application, we have a legitimate interest in using your information for evidentiary purposes in a potential legal dispute. Data processing is therefore based on Art. 6 para. 1 lit. f) GDPR.

If you have expressly consented to the storage of your data, we process your data on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly available profiles, as well as platforms whose share functions we use on our website. Read below which social networks and platforms these actually are.

Who processes your data?

The respective operators of the social networks. The individual operators can be found below in the respective networks.

How is your data processed?

Social network operators are usually able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to understand all processing operations in the social networks we use, which is why further processing operations that are not listed here may be carried out by the operators of the social networks. You can find more information about this in the terms of use and privacy policies of the respective social networks.

The processing of your data can be triggered by visiting the social network website or our profile page there. Even if you visit a website that uses certain content from the network, e.g. like or share buttons, data can already be transferred to the operators of the social network. If you yourself are a user of the social network and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the network operator may still collect your personal data, e.g. by collecting your IP address or setting cookies. With this data, operators can create user profiles tailored to your behavior and interests and show you interest-based advertising within and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.

What is the legal basis for processing your data?

Our profiles on social networks should ensure that our company has as extensive an online presence as possible. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

The data processing and analyses carried out by social network operators themselves may be based on other legal bases. These must be provided by the operators of the social networks.

Who is responsible for processing your data and how can you assert your rights?

If you visit one of our profiles on social networks, we, together with the operator of the respective network, are responsible for the data processing processes triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.

Despite joint responsibility with the operators of social networks, our influence on the data processing processes of the respective operator is limited and is primarily based on the operator's requirements.

How long is your data stored?

When we collect data via our profiles on social networks, it is deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it or you withdraw your consent to storage. Saved cookies remain on your device until you delete them. Mandatory legal provisions — in particular retention periods — remain unaffected.

We have no influence on how long social network operators store your data, which the operators collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, e.g. in the respective privacy policy.

Which social media do we use?

linkedin

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Is your data transferred to third countries?

yes

Where can you find more information about privacy on LinkedIn?

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Where can you, as a user, adjust your privacy settings?

As a registered LinkedIn user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://www.linkedin.com/psettings/

Facebook (share function)

What is Facebook?

A social network

Who processes your data?

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Is your data transferred to third countries?

yes

Where can you find more information about data protection on Facebook?

https://www.facebook.com/privacy/policy/

How do we process your data?

On certain pages of our website (e.g. career pages), we offer a share link that allows you to share content on Facebook. When loading our website, no data is transferred to Facebook. Only when you actively click on the share link will you be redirected to the Facebook website. Meta's privacy policy applies there.

On which legal basis do we process your data?

The share links are used to easily share content from our website. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

WhatsApp (share feature)

What is WhatsApp?

A messenger service

Who processes your data?

WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (Meta Group)

Is your data transferred to third countries?

yes

Where can you find more information about WhatsApp privacy?

https://www.whatsapp.com/legal/privacy-policy-eea

How do we process your data?

On certain pages of our website (e.g. career pages), we offer a share link that allows you to share content via WhatsApp. When loading our website, no data is transferred to WhatsApp. Only when you actively click on the share link will the WhatsApp application be opened on your device. The privacy policies of WhatsApp and Meta apply there.

On which legal basis do we process your data?

The share links are used to easily share content from our website. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

In general

As the operator of this website and as a company, we come into contact with your personal data. This means all data that says something about you and with which you can be identified. In this privacy policy, we would like to explain to you how, for what purpose and on which legal basis we process your data.

Responsible for data processing on this website and in our company is:

Brandmaier measurement, control, software

Liststraße 1

72160 Horb

Telephone: +49 (0) 74 51 55 69 88 — 0

email: info@brandmaier.com

General notes

SSL or TLS encryption

When you enter your data on websites, place online orders or send emails over the Internet, you must always expect unauthorised third parties to access your data. There is no complete protection against such access. However, we do everything we can to protect your data in the best possible way and to close the security gaps as far as possible.

An important protective mechanism is the SSL or TLS encryption of our website, which ensures that data that you transmit to us cannot be read by third parties. You can recognize the encryption by the lock icon in front of the entered Internet address in your browser and by the fact that our Internet address starts with https://and not with http://.

How long do we store your data?

In some places in this privacy policy, we will inform you how long we or the companies that process your data on our behalf will store your data. If such information is missing, we will store your data until the purpose of data processing no longer applies, you object to data processing or you withdraw your consent to data processing.

However, in the event of an objection or revocation, we may continue to process your data if at least one of the following conditions is met:

  • We have compelling legitimate reasons for continuing data processing which outweigh your interests, rights and freedoms (only if you object to data processing; if the objection is directed against direct marketing, we cannot provide any legitimate reasons).
  • Data processing is necessary to assert, exercise or defend legal claims (does not apply if your objection is directed against direct marketing).
  • We are required by law to keep your data.

In this case, we will delete your data as soon as the requirement (s) no longer apply or do not apply.

Transfer of data to the USA

On our website, we also use tools from companies that transfer your data to the USA and store it there and, if necessary, further process it. The European Commission has adopted an adequacy decision for the EU-US data protection framework. This determines that the USA ensures an adequate level of protection for personal data from the EU that is transferred to US companies. This decision is based on new guarantees and measures introduced by the USA to meet data protection requirements. The adequacy decision includes, among other things, restrictions and guarantees with regard to US intelligence services' access to the data. Mandatory guarantees have been introduced to limit access by US intelligence services to what is necessary and proportionate to protect national security. In addition, increased oversight of the activities of US intelligence agencies has been established to ensure that restrictions on surveillance activities are met. An independent appeal process has also been set up to handle and resolve complaints from European citizens about access to their data. The EU-USA data protection framework thus enables European companies to transfer data to certified US companies without having to introduce additional data protection guarantees. A list of all certified companies can be found at the following link: https://www.dataprivacyframework.gov/s/participant-search

An amendment to the European Commission's decision cannot be ruled out.

Your rights

Objection to data processing

IF YOU READ IN THIS PRIVACY POLICY THAT WE HAVE LEGITIMATE INTERESTS IN PROCESSING YOUR DATA AND THEREFORE DO SO IN ACCORDANCE WITH ART. 6 PARA. 1 SENTENCE 1 LIT. F) GDPR, YOU HAVE THE RIGHT TO FILE AN OBJECTION UNDER ARTICLE 21 GDPR. THIS ALSO APPLIES TO PROFILING BASED ON THE ABOVE PROVISION. THE PREREQUISITE IS THAT YOU GIVE REASONS FOR THE OBJECTION ARISING FROM YOUR PARTICULAR SITUATION. A JUSTIFICATION IS NOT REQUIRED IF THE OBJECTION IS DIRECTED AGAINST THE USE OF YOUR DATA FOR DIRECT MARKETING.

THE RESULT OF THE OBJECTION IS THAT WE ARE NO LONGER ALLOWED TO PROCESS YOUR DATA. THIS ONLY DOES NOT APPLY IF ONE OF THE FOLLOWING REQUIREMENTS IS MET:

  • WE CAN PROVE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS.
  • THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

THE EXCEPTIONS DO NOT APPLY IF YOUR OBJECTION IS DIRECTED AGAINST DIRECT ADVERTISING OR AGAINST PROFILING ASSOCIATED WITH IT.

More rights

Withdrawal of your consent to data processing

Many data processing operations are based on your consent. You grant this, for example, by ticking online forms accordingly before you submit the form, or by allowing certain cookies when you visit our website. You can withdraw your consent at any time without giving reasons (Article 7 (3) GDPR). From the time of withdrawal, we may no longer process your data. The only exception: We are required by law to keep the data for a certain period of time. There are such retention periods in particular in tax and commercial law.

Right to lodge a complaint with the competent supervisory authority

If you believe that we are violating the General Data Protection Regulation (GDPR), you have the right to complain to a supervisory authority under Article 77 GDPR. You can contact a supervisory authority in the Member State of your residence, place of work or the place where the alleged infringement took place. The right of appeal exists in addition to administrative or judicial remedies.

Right to data portability

Data that we process automatically on the basis of your consent or in fulfilment of a contract must be handed over to you or to a third party in a standard machine-readable format if you request this. We can only transfer the data to another person responsible insofar as this is technically possible.

Right to access, delete and correct data

According to Article 15 GDPR, you have the right to receive information free of charge about what personal data we have stored about you, where the data comes from, to whom we transfer the data and for what purpose it is stored. If the data is incorrect, you have the right to rectification (Article 16 GDPR); under the conditions of Article 17 GDPR, you may request that we delete the data.

Right to restrict processing

In certain situations, you can require us to restrict the processing of your data in accordance with Article 18 GDPR. Apart from storage, the data may then only be processed as follows:

  • with your consent
  • to assert, exercise or defend legal claims
  • to protect the rights of another natural or legal person
  • for reasons of important public interest of the European Union or a Member State

The right to restrict processing exists in the following situations:

  • You have denied the accuracy of your personal data stored by us and we need time to verify this. The right exists here for the duration of the examination.
  • The processing of your personal data is wrongfully or was unlawful in the past. As an alternative, you have the right to delete the data here.
  • We no longer need your personal data, but you need it to exercise, defend or assert legal claims. As an alternative, you have the right to delete the data here.
  • You have filed an objection in accordance with Article 21 (1) GDPR and now your interests and ours must be weighed against each other. The law exists here as long as the result of the consideration has not yet been determined.

Hosting and content delivery networks (CDN)

External hosting

Our website is located on a server from the following provider of Internet services (hoster):

Webflow, Inc.
398 11th Street
2nd Floor
San Francisco, CA 94103, United States

Has an order processing contract been concluded with the host or are standard contractual clauses (SCC) used?

yes

How do we process your data?

The host stores all data on our website. This includes all personal data that is collected automatically or through your input. In particular, this may include: your IP address, pages viewed, names, contact details and inquiries, as well as meta and communication data. When processing data, our host complies with our instructions and only ever processes the data to the extent necessary to fulfill the obligation to provide services to us.

On which legal basis do we process your data?

Since we address potential customers via our website and maintain contacts with existing customers, data processing by our host serves to initiate and fulfill contracts and is therefore based on Art. 6 para. 1 lit. b) GDPR. In addition, it is our legitimate interest as a company to provide a professional Internet offering that meets the necessary requirements for security, speed and efficiency. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR.

Data collection on this website

Using cookies

Our website places cookies on your device. These are small text files that are used for different purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are needed to be able to perform certain actions or functions on the site (functional cookies). For example, without cookies, it would not be possible to take advantage of the benefits of a shopping cart in an online shop. Still other cookies are used to analyze user behavior or optimize advertising measures. If we use third-party services on our website, for example to process payment transactions, these companies may also leave cookies on your device when you visit the website (so-called third-party cookies).

How do we process your data?

Session cookies are only stored on your device for the duration of a session. As soon as you close the browser, they disappear by themselves. Permanent cookies, on the other hand, remain on your device unless you delete them yourself. For example, this can result in your user behavior being permanently analysed. You can use the settings in your browser to influence how it handles cookies:

  • Would you like to be informed when cookies are set?
  • Do you want to exclude cookies in general or in specific cases?
  • Do you want cookies to be automatically deleted when you close your browser?

If you disable or do not allow cookies, the functionality of the website may be limited.

If we use cookies from other companies or for analysis purposes, we will inform you about this as part of this privacy policy. We also ask for your consent when you visit our website.

On which legal basis do we process your data?

We have a legitimate interest in ensuring that our online offerings can be used by visitors without technical problems and that all desired functions are available to them. Necessary and functional cookies are therefore stored on your device on the basis of Art. 6 para. 1 lit. f) GDPR. We use all other cookies on the basis of Art. 6 para. 1 lit. a) GDPR, provided that you give us appropriate consent. You can cancel this at any time with effect for the future. If you have consented to the placement of necessary and functional cookies when requesting consent, these cookies will also be stored exclusively on the basis of your consent.

Cookie consent with ConsentPro (Finsweet)


What is ConsentPro?

ConsentPro is a cookie consent, monitoring, and control solution that is natively integrated with Webflow.

Who processes your data?

Finsweet Inc., 1001A E Harmony Rd. #15, Fort Collins, CO 80525, Verenigde Staten


Where can you find more information about data protection at Finsweet?
https://finsweet.com/legal/privacy-policy

How do we process your data?

We use ConsentPro to obtain your consent to store cookies on your device and to document them in accordance with data protection regulations. When you visit our website and give or decline your consent via the ConsentPro cookie banner, the following data is processed:

  • Your consent status (which cookie categories were accepted or rejected)
  • Date and time of approval or rejection
  • Your browser's user agent
  • The URL on which consent was given

The consent data is automatically stored to ensure verifiable documentation of user decisions. Consent Pro


ConsentPro stores a cookie in your browser in order to be able to assign the consents given or their revocation to your browser. All collected data is stored until you delete the cookie or ask us to delete the data. Statutory storage obligations remain unaffected.


On which legal basis do we process your data?

We are legally required to obtain the consent of our website visitors to use certain cookies. In order to fulfill this obligation, we use ConsentPro. The legal basis for data processing is therefore Art. 6 para. 1 lit. c) GDPR.


Transfer of data to third countries
Finsweet Inc. is based in the USA. Personal data may therefore be transferred to the USA. Finsweet uses appropriate protective measures to secure data transmission.

server log files

Server log files log all requests and accesses to our website and record error messages. They also include personal data, in particular your IP address. However, this is anonymized by the provider after just a short period of time, so that we cannot assign the data to you personally. The data is automatically transmitted from your browser to our provider.

How do we process your data?

Our provider stores the server log files in order to be able to track the activity on our website and to identify errors. The files contain the following data:

  • Browser type and version
  • operating system used
  • referrer URL
  • host name of the accessing computer
  • Time of server request
  • IP address (anonymized if applicable)

We do not combine this data with other data, but only use it for statistical evaluation and to improve our website.

On which legal basis do we process your data?

We have a legitimate interest in ensuring that our website runs error-free. It is also our legitimate interest to obtain an anonymous overview of access to our website. Data processing is therefore lawful in accordance with Article 6 (1) (f) GDPR.

contact form

You can send us a message using the contact form on this website.

How do we process your data?

We save your message and the information from the form so that we can process your request, including follow-up questions. This also applies to the contact details provided. We will not share the data with other people without your consent.

How long do we store your data?

We delete your data as soon as one of the following occurs:

  • Your request was finally processed.
  • You are asking us to delete the data.
  • You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

On which legal basis do we process your data?

If your request is related to our contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In all other cases, it is our legitimate interest to effectively process inquiries addressed to us. The legal basis for data processing is therefore Art. 6 para. 1 lit. f) GDPR. If you have consented to the storage of your data, Art. 6 para. 1 lit. a) GDPR is the legal basis. In this case, you can withdraw your consent at any time with effect for the future.

Analytical tools and advertising

We use the following tools to analyze the behavior of our website visitors and show you advertising.

Google Tag Manager

What is Google Tag Manager?

Tag management system for integrating tracking codes and conversion pixels from Google Ireland. Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Tag Manager?

https://policies.google.com/privacy

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Tag Manager. The tool helps us to integrate tracking codes and conversion pixels into our website, manage and play them out. Google Tag Manager does not create any user profiles itself, does not place cookies on your device and does not analyze your behavior as a user. However, it collects your IP address and transmits it to Google servers in the USA.

On which legal basis do we process your data?

We have a legitimate interest in quickly and easily integrating and managing various tools on our website. The use of Google Tag Manager is therefore lawful under Art. 6 para. 1 lit. f) GDPR. If you have consented to the transfer of your IP address, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Google Analytics

What is Google Analytics?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google Analytics?

https://support.google.com/analytics/answer/6004245?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How can you prevent data collection?

With a browser plug-in, among other things: https://tools.google.com/dlpage/gaoptout?hl=de

How do we process your data?

We are always interested in optimising our website for visitors to our website and placing advertising optimally. Google Analytics, a tool that analyses user behavior and thus provides us with the necessary database for adjustments, helps us with this. The tool provides us with information about the origin of our visitors, their page views and their time spent on the pages, as well as the operating system they use.

standard processing

To collect the data, Google Analytics uses cookies, device fingerprinting, or other technologies to recognize users. The data is transmitted to Google servers in the USA and, using the IP address also collected, is summarized in a profile that can be assigned to you or your device.

You can prevent Google from processing your data by installing a browser plug-in that Google itself provides: https://tools.google.com/dlpage/gaoptout?hl=de

IP anonymization

We have activated the “IP anonymization” function within Google Analytics. For you, this means that Google abbreviates your IP address (from the EU or the EEA) before transmission to the USA. Only in exceptional cases does Google transmit the full IP address to servers in the USA and abbreviate it there.

How long do we store your data?

According to its own information, Google deletes or anonymizes data stored at user and event level that is linked to cookies, user IDs (e.g. user IDs) or advertising IDs (cf. https://support.google.com/analytics/answer/7667196?hl=de).

On which legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Article 6 (1) (f) GDPR. If, for example, you have consented to the storage of cookies or otherwise consented to data processing by Google Analytics, the legal basis is only Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future.

Google conversion tracking

What is Google Conversion Tracking?

Tool for analyzing user behavior from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection with Google Conversion Tracking?

https://www.google.de/intl/de/policies/privacy/

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We are always interested in optimising our website for users and placing advertising optimally. For this purpose, we also use Google's conversion tracking. With its help, we can record whether and how often visitors clicked on certain buttons on our website and which products were viewed and purchased particularly frequently (conversion statistics). In the course of data collection and storage, we do not receive any information with which we can personally identify individual visitors. Google itself uses cookies or comparable recognition technologies for identification.

On which legal basis do we process your data?

As a website operator, we have a legitimate interest in analyzing user behavior for the purpose of optimizing our website and the advertising placed there. Data processing is therefore lawful under Article 6 (1) (f) GDPR. If, for example, you have consented to the storage of cookies or otherwise consented to data processing by Google Conversion Tracking, the legal basis is only Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Plug-ins and tools

Google Fonts (local hosting)

We use fonts from the US company Google on our website. We have installed the fonts locally so that there is no connection to Google's servers when you visit our website.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=de

jQuery

What is jQuery?

Service that allows access to a JavaScript library for use on this website

Who processes your data?

The OpenJS Foundation, 548 Market St, PMB 57274, San Francisco, California, United States of America

Where can you find more information about privacy at jQuery?

https://openjsf.org/privacy

On what basis do we transfer your data to the USA?

jQuery complies with the European Commission's standard contractual clauses (cf. https://openjsf.org/privacy)

How do we process your data?

We use jQuery services on our website. jQuery is a Javascript library. It simplifies Javascript programming by providing an easy-to-use interface for many common tasks. With jQuery, users can make their web pages faster and more interactive. When you visit our website, a direct connection is established between your browser and the jQuery servers. This is how jQuery learns that our website was accessed via your IP address.

On which legal basis do we process your data?

The jQuery fonts ensure a uniform typeface on our websites. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Google Maps

What is Google Maps?

Map service provided by Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

We use Google Maps on our website. So that you can use all functions of the map service, Google stores your IP address on one of its servers in the USA.

On which legal basis do we process your data?

The maps from Google Maps ensure that the locations listed on our website are easier for visitors to find. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Google reCAPTCHA

What is Google reCAPTCHA?

Test tool to differentiate between people and computers from Google Ireland Ltd.

Who processes your data?

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland

Where can you find more information about data protection at Google?

https://policies.google.com/privacy?hl=de

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

With Google reCAPTCHA, we check whether data entered into forms on our website comes from a person or from a computer. For you, this means that the test tool analyses your behavior as a visitor to our website based on various characteristics. The analysis does not only start when you use the test tool, but as soon as you visit our website. Various data are collected, such as the IP address, the time spent on our website and mouse movements made. The data is forwarded to Google.

On which legal basis do we process your data?

As a company, we have a legitimate interest in protecting our web offerings from spam and abusive spying. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time. From the time of withdrawal, we may no longer process your data.

Make

What is Make?

Visual platform that includes tools for process automation, design, and development

Who processes your data?

Celonis Inc.; One World Trade Center, 87th Floor, New York, NY, 10007, USA

Where can you find more information about privacy at Make?

https://www.make.com/en/privacy-notice

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

How do we process your data?

Make is used to automatically forward and process inquiries received via the contact form on our website. The following personal data is transmitted in the process:

  • Requester's name
  • undertakings
  • email address
  • Request description

The data will only be used to process your request. Only anonymized data is used for analyses.

On which legal basis do we process your data?

If your request is related to a contractual relationship or serves to carry out pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b) GDPR. In addition, as a company, we have a legitimate interest in designing our processes efficiently. In this respect, we also process your data on the basis of Art. 6 para. 1 lit. f) GDPR. If you have consented to data processing, we process your data exclusively on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Audio and video conferences

As a company, we are in contact with many people: customers, business partners, service providers, etc. In addition to other means of communication, we also use so-called online conference tools for exchange. Data protection-relevant information about the provider (s) of the tools we use can be found at the end of this section. If you communicate with us via such a tool, not only we, but in particular the provider of the respective tool, process your personal data.

How do we process your data?

Online conference tools collect and store various personal data to enable participation in an online conference and its smooth execution. In addition to registration, conference and technical data, this also applies to certain communication content.

  • Registration details: Your email address and/or telephone number and, if applicable, other information that you provide when registering for the conference.
  • Conference dates: The start, end and duration of your participation in the conference, the number of participants and other metadata about the conference.
  • Technical data: IP address, MAC address, device ID, device type, operating system and version, client version, camera type, microphone or speaker, and type of connection.
  • Communication content: cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

For details on data processing, please refer to the privacy policies of the respective conference tool provider.

How long do we store your data?

As your communication partner, we delete your data from our systems as soon as one of the following occurs:

  • The purpose of data processing does not apply.
  • You are asking us to delete the data.
  • You withdraw your consent to storage.

This only does not apply if we are required by law to store the data.

Cookies remain on your device until you delete them.

Conference tool providers also store your data for their own purposes. Please ask the providers directly what this means for the duration of storage of your data.

On which legal basis do we process your data?

If we are already contractually bound or would you like to conclude a contract with us, we use conference tools to fulfill the contract or to inform you about our services or products. Data processing is therefore carried out on the basis of Art. 6 para. 1 lit. b) GDPR. Otherwise, the use of conference tools serves for easy and fast communication, without which we would not be able to run our company efficiently. We therefore also have a legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. Another legal basis may be your consent. In this case, Art. 6 para. 1 lit. a) GDPR is relevant. This basis does not apply in the future if you withdraw your consent.

Which online conference tools do we use?

Microsoft Teams

What is Microsoft Teams?

Communication platform for team collaboration

Who processes your data?

Microsoft Corp., One Microsoft Way, Redmond, WA 98052-6399, United States of America

Where can you find more information about data protection at Microsoft Teams?

https://privacy.microsoft.com/de-de/privacystatement

On what basis do we transfer your data to the USA?

Based on the adequacy decision of the European Commission and the corresponding certification of the company.

Own services/miscellaneous

Handling applicant data

If you would like to work for us, we would be happy to receive your application. We treat all submitted personal data strictly confidentially. This also applies to data that we only collect later in the course of the application process.

How do we process your data?

We store and use all data that we collect as part of the application process to the extent necessary to decide whether to establish an employment relationship. In addition to contact and communication data and application documents, this also includes notes that we make during job interviews. Within our company, we will only share your data with people who are involved in processing your application.

If the application is successful, we store the data required to carry out the employment relationship in our data processing systems.

How long do we store your data?

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to keep your documents and other application data for up to 6 months after the application process has ended. The reason is that in the event of a legal dispute, we may need the data for evidence purposes. After the deadline, we delete the data and destroy the documents. If a legal dispute is actually imminent or is it already pending, we delete the data and documents when they are no longer required for evidentiary purposes.

Deleting your data always requires that we are not legally obliged to keep it for longer.

On which legal basis do we process your data?

We process your applicant data on the basis of § 26 BDSG-neu (initiation of an employment relationship) and Art. 6 para. 1 lit. b) GDPR (general contract initiation).

The same applies if your application is successful.

If we are unable to make you a job offer, you reject a job offer, or withdraw your application, we have a legitimate interest in using your information for evidentiary purposes in a potential legal dispute. Data processing is therefore based on Art. 6 para. 1 lit. f) GDPR.

If you have expressly consented to the storage of your data, we process your data on the basis of Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

Data processing on social media

What is social media?

By social media, we mean the social networks on which we have created publicly available profiles, as well as platforms whose share functions we use on our website. Read below which social networks and platforms these actually are.

Who processes your data?

The respective operators of the social networks. The individual operators can be found below in the respective networks.

How is your data processed?

Social network operators are usually able to collect and evaluate comprehensive data about the behavior of visitors and users of the network. It is not possible for us to understand all processing operations in the social networks we use, which is why further processing operations that are not listed here may be carried out by the operators of the social networks. You can find more information about this in the terms of use and privacy policies of the respective social networks.

The processing of your data can be triggered by visiting the social network website or our profile page there. Even if you visit a website that uses certain content from the network, e.g. like or share buttons, data can already be transferred to the operators of the social network. If you yourself are a user of the social network and are logged into your user account, your visit to our profile page can be assigned to your account by the operator of the social network. Even if you have not registered a user account yourself or are not logged in, the network operator may still collect your personal data, e.g. by collecting your IP address or setting cookies. With this data, operators can create user profiles tailored to your behavior and interests and show you interest-based advertising within and outside the network. If you are a registered user of the network, interest-based advertising can also be displayed on all devices on which you are or were logged in.

What is the legal basis for processing your data?

Our profiles on social networks should ensure that our company has as extensive an online presence as possible. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

The data processing and analyses carried out by social network operators themselves may be based on other legal bases. These must be provided by the operators of the social networks.

Who is responsible for processing your data and how can you assert your rights?

If you visit one of our profiles on social networks, we, together with the operator of the respective network, are responsible for the data processing processes triggered during this visit. In principle, you can assert your rights against both us and the operator of the respective network.

Despite joint responsibility with the operators of social networks, our influence on the data processing processes of the respective operator is limited and is primarily based on the operator's requirements.

How long is your data stored?

When we collect data via our profiles on social networks, it is deleted from our systems as soon as the purpose for storing it no longer applies, you ask us to delete it or you withdraw your consent to storage. Saved cookies remain on your device until you delete them. Mandatory legal provisions — in particular retention periods — remain unaffected.

We have no influence on how long social network operators store your data, which the operators collect for their own purposes. You can obtain information about this directly from the operator of the respective social network, e.g. in the respective privacy policy.

Which social media do we use?

linkedin

What is LinkedIn?

A social network for business contacts

Who processes your data?

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Is your data transferred to third countries?

yes

Where can you find more information about privacy on LinkedIn?

https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Where can you, as a user, adjust your privacy settings?

As a registered LinkedIn user, you can adjust your privacy settings in your user account. To do so, click on the following link and log in:
https://www.linkedin.com/psettings/

Facebook (share function)

What is Facebook?

A social network

Who processes your data?

Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland

Is your data transferred to third countries?

yes

Where can you find more information about data protection on Facebook?

https://www.facebook.com/privacy/policy/

How do we process your data?

On certain pages of our website (e.g. career pages), we offer a share link that allows you to share content on Facebook. When loading our website, no data is transferred to Facebook. Only when you actively click on the share link will you be redirected to the Facebook website. Meta's privacy policy applies there.

On which legal basis do we process your data?

The share links are used to easily share content from our website. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.

WhatsApp (share feature)

What is WhatsApp?

A messenger service

Who processes your data?

WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (Meta Group)

Is your data transferred to third countries?

yes

Where can you find more information about WhatsApp privacy?

https://www.whatsapp.com/legal/privacy-policy-eea

How do we process your data?

On certain pages of our website (e.g. career pages), we offer a share link that allows you to share content via WhatsApp. When loading our website, no data is transferred to WhatsApp. Only when you actively click on the share link will the WhatsApp application be opened on your device. The privacy policies of WhatsApp and Meta apply there.

On which legal basis do we process your data?

The share links are used to easily share content from our website. As a company, we have a legitimate interest in this. Data processing is therefore lawful under Article 6 (1) (f) GDPR.