Status: August 19, 2025
We greatly appreciate your interest in our company and our training services. The protection of personal data is of particular importance to us.
In general, the use of our website is possible without actively providing personal data. However, with each visit to our website, certain general data and information are automatically collected by the accessing system and stored in the server log files. This includes, among other things, the IP address, the type and version of the browser used, the operating system of the accessing computer, the website from which an accessing system reaches our website (the so-called referrer), the subpages accessed on our website, the date and time of access, the internet service provider of the accessing system, as well as other similar data and information that serve to protect against threats in the event of attacks on our IT systems.
This data is used exclusively to correctly display the content of our website, to ensure the functionality of our IT systems and the technology of our website, and, if necessary, to provide law enforcement authorities with the information required for prosecution. These data are not combined with other data sources.
If a data subject wishes to make use of special services of our company via our website – such as registering for training courses, requesting information material, or contacting us – further processing of personal data may become necessary. If such processing is required and there is no legal basis for it, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to our company. By means of this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights under this privacy policy.
As the controller responsible for processing, our company has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. Nevertheless, internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, such as by telephone or by post.
The privacy policy of Bactrya is based on the terms used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the general public, as well as for our customers and business partners.To ensure this, we would like to first explain the terminology used in this privacy policy.
In this privacy policy, we use, among others, the following terms:
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency, or another body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
A third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:
Bactrya GmbH
Neumarkter Str. 21
81673 Munich
Germany
info{at}bactrya.com
The websites of Bactrya use cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser. Many websites and servers use cookies.
A large number of cookies contain what is called a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie has been stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain different cookies. A specific Internet browser can thus be recognized and identified by its unique cookie ID.
By using cookies, Bactrya can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.Durch den Einsatz von Cookies kann Bactrya den Nutzern dieser Internetseite nutzerfreundlichere Services bereitstellen, die ohne die Cookie-Setzung nicht möglich wären.
The data subject may, at any time, prevent the setting of cookies by our website through a corresponding adjustment of the Internet browser used and may thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all commonly used Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, it may not be possible to use all functions of our website to their full extent.
Each time the website of Bactrya is accessed by a data subject or an automated system, a series of general data and information is collected. These general data and information are stored in the server log files. The following may be recorded:
When using these general data and information, Bactrya does not draw any conclusions about the data subject. Rather, this information is required in order to
These anonymously collected data and information are therefore evaluated by Bactrya on the one hand for statistical purposes, and furthermore with the aim of increasing data protection and data security in our company, in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
The website of Bactrya contains, on the basis of statutory provisions, information that enables a quick electronic contact to our company as well as direct communication with us. This also includes a general address of the so-called electronic mail (e-mail address).
If a data subject contacts the controller responsible for processing by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller responsible for processing are stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
The controller responsible for processing shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the purpose of storage no longer applies, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
Every data subject has the right, granted by the European legislator, to obtain confirmation from the controller as to whether or not personal data concerning them are being processed.
If a data subject wishes to exercise this right of confirmation, they may, at any time, contact any employee of the controller.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain at any time from the controller, free of charge, information about their stored personal data and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:
Furthermore, the data subject has the right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of access, they may, at any time, contact any employee of the controller.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain without undue delay the rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, they may, at any time, contact any employee of the controller.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies, and insofar as the processing is not necessary:
If a data subject wishes to request the erasure of personal data stored by Bactrya, they may, at any time, contact any employee of the controller. An employee of Bactrya shall promptly ensure that the erasure request is complied with immediately.
Where the controller has made personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, Bactrya, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of, those personal data, insofar as processing is not required. An employee of Bactrya will arrange the necessary measures in individual cases.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller restriction of processing where one of the following applies:
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Bactrya, they may, at any time, contact any employee of the controller. An employee of Bactrya will arrange the restriction of the processing.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller by the data subject, in a structured, commonly used, and machine-readable format. He or she also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and where doing so does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject may at any time contact any employee of Bactrya.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
Bactrya shall no longer process the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.
If Bactrya processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Bactrya to the processing for direct marketing purposes, Bactrya will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her by Bactrya for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact any employee of Bactrya. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
Every data subject affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is based on the data subject’s explicit consent, Bactrya shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.
If the data subject wishes to exercise rights concerning automated individual decision-making, he or she may contact an employee of the controller responsible for the processing at any time.
Every data subject affected by the processing of personal data has the right, granted by the European Directive and Regulation legislator, to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may contact an employee of the controller responsible for processing at any time.
The controller responsible for processing collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example by e-mail or via a web form located on the website, to the controller.
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose deletion. Another legitimate interest in this sense is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).
Our website is hosted by Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter “Webflow”), and delivered via the content delivery network (CDN) provided by Webflow. This means that all data generated in the course of using our website is processed on Webflow’s servers. This may include, in particular, IP addresses, metadata and communication data, contract and contact details, website accesses, as well as other data generated via a website.
The Webflow CDN ensures that our website content such as images, scripts, or stylesheets is delivered quickly and reliably via a worldwide network of servers, by providing the data from a server located geographically as close as possible to the user. This improves the loading speed, stability, and security of our website.
The use of Webflow is based on the necessity of fulfilling contractual obligations towards our prospects and customers (Art. 6 (1) lit. b GDPR) as well as on our legitimate interest in the secure, fast, and efficient provision of our online offering (Art. 6 (1) lit. f GDPR). Where consent has been requested (e.g., via a cookie consent tool), processing takes place exclusively on the basis of Art. 6 (1) lit. a GDPR; consent may be revoked at any time.
As the transfer of personal data to the USA may occur, the necessary data protection arrangements with Webflow are in place, including the use of the European Commission’s Standard Contractual Clauses, to ensure an adequate level of data protection.
Further information on data protection at Webflow can be found at: https://webflow.com/legal/eu-privacy-policy.
On our website, we offer interested individuals the opportunity to register for training courses, seminars, or further education programs by providing personal data. The specific personal data transmitted to the controller in this context is determined by the respective input form used for registration.
The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for purposes associated with the registration. This includes, in particular, the processing of the registration, the implementation of the training, the issuance of certificates of participation, and, if applicable, billing.
During the registration process, the data subject’s consent to the processing of this data is obtained. The processing of the data entered during registration is based on Art. 6 (1) lit. b GDPR (performance of a contract or implementation of pre-contractual measures). If processing is based on consent, the legal basis is Art. 6 (1) lit. a GDPR.
Disclosure of data to third parties will only occur insofar as it is necessary for the performance of the contract (e.g., to trainers or external service providers such as examination providers) or if there is a legal obligation to do so.
The personal data entered during registration will be stored for as long as is necessary for carrying out the training, including any post-processing (e.g., issuing certificates of participation or billing), or as long as statutory retention periods require.
As part of our training courses, we create participant lists that are used for organizational purposes, attendance control, and the issuance of certificates of attendance. The processing of this data is based on Art. 6 (1) lit. b GDPR, as it is necessary for the performance of the training contract.
Participant lists may, insofar as necessary for the organization of the training, also be made available to trainers or cooperation partners. No further disclosure of the data takes place.
After completion of the training, the personal data will be retained for as long as necessary for the issuance of certificates of attendance or as required by statutory retention obligations. Certificates of attendance may contain personal data such as name, training content, duration, and performance records.
Processing is also carried out on the basis of Art. 6 (1) lit. f GDPR, as we have a legitimate interest in being able to document participation in our training courses and in providing our participants with certificates of attendance.
For the delivery of online training, we use the Microsoft Teams service, which is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible operator for Europe is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
When using Microsoft Teams, various types of data are processed. The scope of the data depends, among other things, on the information provided by the data subject before or during participation in an online training session. This may include, in particular: registration data (e.g., name, email address), meeting metadata (e.g., topic, description, participant IP addresses, times), as well as text, audio, and video data if these are provided by the data subject during the training session.
The processing of data is carried out on the basis of Art. 6 (1) lit. b GDPR (performance of a contract, delivery of training) as well as Art. 6 (1) lit. f GDPR (legitimate interest in the efficient and secure conduct of our online training). Where consent is obtained (e.g., for recording training sessions), processing is based on Art. 6 (1) lit. a GDPR.
A transfer of personal data to the USA cannot be ruled out. Appropriate data processing agreements with Microsoft, including the incorporation of the EU Standard Contractual Clauses, are in place to ensure an adequate level of data protection.
Further information on data processing in Microsoft Teams can be found in Microsoft’s privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
On our website, users have the opportunity to subscribe to our newsletter. The personal data transmitted to the controller when ordering the newsletter can be seen from the input mask used for this purpose.
The newsletter provides regular information about our training courses, offers, and company updates. Delivery only takes place if the data subject has provided a valid email address and has consented to receive the newsletter. Consent is obtained using the so-called double opt-in procedure. After registering, the data subject receives a confirmation email in which they are asked to confirm, by clicking on a link, that they actually wish to receive the newsletter.
When registering, we also store the IP address assigned by the internet service provider (ISP) to the computer system used at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace any potential misuse of a data subject’s email address at a later point in time and thus serves the legal protection of the controller.
The personal data collected as part of a newsletter subscription will be used exclusively for the purpose of sending our newsletter. There will be no disclosure of this personal data to third parties. Consent to receive the newsletter can be revoked at any time. For this purpose, each newsletter contains a corresponding link. The legal basis for the processing is Art. 6 (1) lit. a GDPR.
In addition, we reserve the right to use the personal data received in the context of training registrations (e.g., name, address) for postal advertising about our training courses and offers, provided you have not objected. The processing is carried out on the basis of Art. 6 (1) lit. f GDPR in conjunction with Recital 47 GDPR. Our legitimate interest lies in direct marketing of our services.
You may object to the use of your personal data for direct marketing purposes at any time. In this case, we will no longer process your data for this purpose.
Our website includes videos from the YouTube platform, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The entity responsible for the processing of personal data in the United States is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When you visit a page on which a YouTube video is embedded, a connection to YouTube’s servers is established. In doing so, the YouTube server is informed about which of our pages you have visited. In addition, YouTube may store various cookies on your device or use comparable recognition technologies. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraudulent activities.
If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If consent to the storage of cookies has been requested (e.g., via a cookie consent tool), processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR; consent may be revoked at any time.
Since the transfer of personal data to the USA may occur, appropriate agreements with Google, including the EU Standard Contractual Clauses, are in place to ensure an adequate level of data protection.
Further information on data processing by YouTube can be found in Google’s privacy policy: https://policies.google.com/privacy.
The controller has integrated Google AdSense on this website. Google AdSense is an online service that enables the placement of advertising on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party websites according to the respective content of the third-party website. Google AdSense allows interest-based targeting of internet users, which is implemented by creating individual user profiles.
The operating company of the Google AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of the Google AdSense component is to integrate advertisements on our website. Google AdSense sets a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Alphabet Inc. is enabled to analyze the use of our website. Each time one of the individual pages of this website operated by the controller and integrated with a Google AdSense component is called up, the internet browser on the data subject’s IT system is automatically triggered by the respective Google AdSense component to transmit data to Alphabet Inc. for the purposes of online advertising and commission settlement.
As part of this technical process, Alphabet Inc. obtains knowledge of personal data such as the data subject’s IP address, which Alphabet Inc. uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.
The data subject may, at any time, prevent the setting of cookies by our website, as described above, by means of a corresponding setting of the internet browser used and may thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Alphabet Inc. from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Alphabet Inc. can be deleted at any time via the internet browser or other software programs.
Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic embedded in internet pages to enable log file recording and log file analysis, which allows for statistical evaluation. By means of the embedded tracking pixel, Alphabet Inc. can determine whether and when a website was opened by a data subject and which links were clicked by them. Tracking pixels, among other things, serve to analyze visitor traffic on a website.
Through Google AdSense, personal data and information—which also includes the IP address and is necessary for the collection and billing of the displayed advertisements—are transmitted to Alphabet Inc. in the United States of America. These personal data are stored and processed in the United States of America. Alphabet Inc. may disclose these personal data collected via the technical process to third parties under certain circumstances.
Further information on Google AdSense can be found at the following link: https://www.google.de/intl/de/adsense/start/.
The controller has integrated the component Google Analytics (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and evaluation of data about the behavior of visitors to websites. A web analytics service collects, among other things, data about the website from which a data subject has accessed a website (the so-called referrer), which subpages were accessed, or how often and for what duration a subpage was viewed. Web analyses are mainly used for the optimization of a website and for the cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The controller uses the “_gat._anonymizeIp” add-on for web analysis via Google Analytics. With this add-on, the IP address of the data subject’s internet connection is truncated and anonymized by Google when access to our website originates from a Member State of the European Union or from another contracting state of the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the collected data and information, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our websites, and to provide other services related to the use of our website.
Google Analytics places a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. Each time one of the individual pages of this website, operated by the controller and integrated with a Google Analytics component, is accessed, the internet browser on the data subject’s IT system is automatically prompted to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the data subject’s IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable billing.
By means of the cookie, personal information such as the access time, the location from which access was made, and the frequency of visits to our website by the data subject is stored. On each visit to our website, such personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data collected via the technical process to third parties under certain circumstances.
The data subject may, at any time, prevent the setting of cookies by our website, as described above, by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website, as well as the processing of this data by Google. To do so, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject’s IT system is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of influence, it is possible to reinstall or reactivate the browser add-on.
Further information and the applicable data protection provisions of Google may be retrieved at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at the following link: https://www.google.com/intl/de_de/analytics/.
The controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google Ads that allows a company to display advertising to internet users who have previously visited the company’s website. The integration of Google Remarketing therefore enables a company to create user-specific advertising and to display interest-relevant ads to internet users.
The operating company of the Google Remarketing services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google Remarketing is the display of interest-based advertising. Google Remarketing allows us to show ads through the Google advertising network or have them displayed on other websites tailored to the individual needs and interests of the internet user.
Google Remarketing sets a cookie on the data subject’s IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to recognize the visitor of our website when he or she subsequently accesses websites that are also members of the Google advertising network. With each call-up of a website on which the Google Remarketing service is integrated, the data subject’s internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data, such as the user’s IP address or browsing behavior, which Google uses, among other things, to display interest-relevant advertising.
By means of the cookie, personal information is stored, such as the websites visited by the data subject. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data collected via the technical process to third parties under certain circumstances.
The data subject may, at any time, prevent the setting of cookies by our website, as described above, by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject’s IT system. In addition, a cookie already set by Google may be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility of objecting to Google’s interest-based advertising. To do so, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and set the desired preferences there.
Further information and the applicable data protection provisions of Google may be retrieved at https://www.google.de/intl/de/policies/privacy/.
The controller has integrated Google AdWords on this website. Google AdWords is an online advertising service that enables advertisers to place ads both in the search engine results of Google and within the Google advertising network. Google AdWords allows an advertiser to define specific keywords in advance, whereby an ad will only appear in the Google search engine results if the user retrieves a keyword-relevant search result. In the Google advertising network, the ads are distributed to relevant websites by means of an automatic algorithm, taking into account the previously defined keywords.
The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to promote our website by displaying interest-relevant advertising on third-party websites and in the search engine results of Google, as well as by displaying third-party advertising on our own website.
If a data subject reaches our website via a Google advertisement, a so-called conversion cookie is placed on the data subject’s IT system by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to determine whether certain subpages, such as the shopping cart of an online store, were accessed on our website. Both we and Google can track whether a data subject who arrived at our website via an AdWords ad generated revenue, i.e., completed or canceled a purchase.
The data and information collected through the use of the conversion cookie are used by Google to create visitor statistics for our website. These visitor statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, to assess the success or failure of each AdWords ad, and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
By means of the conversion cookie, personal information is stored, such as the web pages visited by the data subject. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may disclose these personal data collected via the technical process to third parties under certain circumstances.
The data subject may, at any time, prevent the setting of cookies by our website, as described above, by means of a corresponding adjustment of the internet browser used, and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Google AdWords may be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject has the possibility of objecting to Google’s interest-based advertising. To do this, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there.
Further information and the applicable data protection provisions of Google may be retrieved at https://www.google.de/intl/de/policies/privacy/.
The controller has integrated components of LinkedIn Corporation into this website. LinkedIn is an internet-based social network that enables users to establish business contacts and present companies.
The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For data transfers to the USA, the responsible entity is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time an individual page of our website equipped with a LinkedIn component (LinkedIn plug-in) is accessed, this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information about LinkedIn plug-ins may be retrieved at: https://developer.linkedin.com/plugins.
As part of this technical process, LinkedIn gains knowledge of which specific subpage of our website is visited by the data subject. If the data subject is simultaneously logged in to LinkedIn, LinkedIn recognizes with each visit to our website by the data subject—and for the entire duration of their stay on our website—which specific subpage is visited. This information is collected through the LinkedIn component and assigned to the respective LinkedIn account of the data subject. If the data subject clicks a LinkedIn button integrated into our website, LinkedIn assigns this information to the personal LinkedIn account of the data subject and stores these personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our website whenever the data subject is logged in to LinkedIn at the time of accessing our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If such transmission of this information to LinkedIn is not desired by the data subject, they can prevent this by logging out of their LinkedIn account before visiting our website.
LinkedIn provides the option to unsubscribe from e-mail messages, SMS messages, and targeted ads, and to manage advertising settings at: https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, who may set cookies. Such cookies can be rejected at: https://www.linkedin.com/legal/cookie-policy.
The applicable privacy policy of LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.
The controller has integrated components of XING into this website. XING is an Internet-based social network that enables users to connect with existing business contacts as well as establish new business contacts. Individuals can create a personal profile on XING, while companies may create corporate profiles or publish job offers.
The operating company of XING is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Each time one of the individual pages of this website equipped with a XING component (XING plug-in) is accessed, the Internet browser on the data subject’s information technology system is automatically prompted to download a representation of the corresponding XING component from XING. Further information about the XING plug-ins may be retrieved at: https://dev.xing.com/plugins.
As part of this technical procedure, XING becomes aware of which specific subpage of our website is visited by the data subject. If the data subject is logged in at the same time on XING, XING recognizes with each visit to our website by the data subject and throughout the entire duration of their stay, which specific subpage the data subject visits. This information is collected via the XING component and associated with the respective XING account of the data subject. If the data subject clicks on one of the XING buttons integrated on our website, such information will be assigned to the personal XING user account and stored by XING.
XING receives information via the XING component whenever the data subject visits our website while simultaneously logged in at XING; this occurs regardless of whether the data subject clicks on the XING component or not. If such transmission of information to XING is not desired, it can be prevented by logging out of the XING account before accessing our website.
The data protection provisions published by XING, which can be retrieved at https://www.xing.com/privacy, provide information on the collection, processing, and use of personal data by XING. Furthermore, XING has published data protection information regarding the XING Share Button at: https://www.xing.com/app/share?op=data_protection.
The controller has integrated components of the microblogging service X (formerly Twitter) into this website. X is a multilingual, publicly accessible microblogging service on which users may publish and disseminate short messages, known as “tweets” (now called “posts”). These posts are accessible to everyone, including individuals not registered with X. The posts are also displayed to the so-called followers of the respective user. Followers are other X users who subscribe to a user’s posts. Furthermore, X allows communication with a broad audience via hashtags, links, or reposts.
The operating company of X is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. For the European region, the responsible entity is Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
Each time an individual page of this website equipped with an X component (X button) is accessed, the browser on the information technology system of the data subject is automatically prompted to download a representation of the corresponding X component. Further information on the “X button” can be found at: https://developer.x.com/en/docs/x-for-websites/privacy.
As part of this technical process, X gains knowledge of which specific subpage of our website is visited by the data subject. If the data subject is simultaneously logged in to X, X recognizes with each visit to our website and for the entire duration of the stay, which specific subpage the data subject visits. This information is collected via the X component and associated with the respective X account of the data subject. If the data subject clicks on one of the X buttons integrated into our website, such information is assigned to the personal X user account and stored by X.
X receives information via the X component whenever the data subject visits our website while simultaneously logged into X; this occurs regardless of whether the data subject clicks on the X component or not. If such transmission of this information to X is not desired by the data subject, it can be prevented by logging out of their X account before visiting our website.
The applicable data protection provisions of X may be retrieved at: https://x.com/en/privacy.
The controller has integrated components of the service Instagram on this website. Instagram is an audiovisual social network that enables users to share photos and videos as well as disseminate such content in other social networks.
The operating company of Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For data transfers to the United States, the responsible entity is Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
Each time one of the individual pages of this website equipped with an Instagram component (Insta button) is accessed, the Internet browser on the information technology system of the data subject is automatically prompted to download a representation of the corresponding Instagram component from Instagram. Further information about the Instagram plug-ins can be found at: https://developers.facebook.com/docs/instagram.
As part of this technical procedure, Instagram receives knowledge of which specific subpage of our website is visited by the data subject. If the data subject is logged in at the same time on Instagram, Instagram recognizes with each visit to our website by the data subject and throughout the entire duration of their stay, which specific subpage the data subject visits. This information is collected by the Instagram component and associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, such information will be assigned to the personal Instagram user account and stored by Instagram.
Instagram receives information via the Instagram component whenever the data subject visits our website while simultaneously logged in at Instagram; this occurs regardless of whether the data subject clicks on the Instagram component or not. If such transmission of information to Instagram is not desired, it can be prevented by logging out of the Instagram account before accessing our website.
The applicable privacy policy of Instagram is available at: https://privacycenter.instagram.com/policy.
We maintain publicly accessible company presences on social networks and platforms (e.g., TikTok, Instagram, YouTube, LinkedIn, X [formerly Twitter],). Through these channels, we provide information about our company, our services, and current offers. In addition, we use these platforms to engage with interested persons and customers.
When visiting our social media pages, personal data is collected and processed by the respective platform operators. This may include, for example, IP addresses, information about the device used, interactions on the platform (likes, comments, messages), as well as other data you provide within the networks. We have no influence on the type and scope of the data processed by the platform operators or on the possible transfer of such data to third parties.
The processing of your personal data on our social media presences is based on Art. 6 (1) lit. f GDPR. Our legitimate interest lies in providing a modern and supportive channel of information and interaction with our customers and interested parties. If you send us a specific inquiry via a social media channel, the processing may also be based on Art. 6 (1) lit. b GDPR (fulfillment of a contract or initiation of pre-contractual measures).
Please note that platform operators may process data outside the European Union. For details on data processing and your rights, please refer to the privacy policies of the respective providers:
Art. 6 (1) lit. a GDPR serves as the legal basis for processing operations in our company where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries about our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 (1) lit. c GDPR. In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured on our premises and, as a result, their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third party. In such a case, the processing would be based on Art. 6 (1) lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 (1) lit. f GDPR. This legal basis applies to processing operations that are not covered by any of the aforementioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not override such interests. Such processing operations are particularly permitted because they have been expressly mentioned by the European legislator. In this regard, the legislator considered that a legitimate interest could be assumed where the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).
Where the processing of personal data is based on Art. 6 (1) lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit and well-being of all our employees and shareholders.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data are routinely deleted, provided they are no longer required for the fulfillment of a contract or the initiation of a contract.
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual obligations (e.g., information about the contracting party). In some cases, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject, on a case-by-case basis, whether the provision of personal data is legally or contractually required, whether there is an obligation to provide such data, and what consequences the non-provision of personal data would have.
As a responsible company, we refrain from automatic decision-making or profiling.