1. data protection at a glance

1.1 General information and scope of application

The General Data Protection Regulation (GDPR) applies in accordance with Art. 2 (1) GDPR “to the fully or partly automated processing of personal data which is stored or intended to be stored in a filing system”.

In the following, we will inform you about the scope, purpose and use of your personal data collected by us. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

The operation of a website always leads to the automated processing of personal data. We therefore inform you about the processing of your personal data when you use our website. In addition, you will also find information here about the processing of your personal data when you send us your enquiries by email, telephone and fax or when you send us your application data (requested or unsolicited). This information is provided in order to fulfil our legal obligation in accordance with Art. 13 GDPR and the Federal Data Protection Act (BDSG).

The definitions in Art. 4 GDPR apply to this privacy policy.

Any changes to this privacy policy will be published on this website. This enables you to find out at any time what data we collect, how we use it and when we delete it.

This privacy policy does not apply to websites that can be accessed via hyperlinks on the website.

1.2 Responsible body and data protection officer

The responsible body for the processing of your personal data is:

a&n&a GmbH & Co. KG
Benzstraße 12
D- 35799 Merenberg,
represented by the general partner: a&n&a Nord-Südindustrie Vertriebs Geschäftsführungsgesellschaft mbH, represented by its managing directors Marc Krause, Jörg Ortmeier
Telephone: +49 (0) 6471 50 99 0
E-mail: info@ana-aqualine.de

If you have specific questions about the protection of your data at a&n&a GmbH & Co KG, please contact our data protection officer:

LAN Security Gesellschaft für Netzwerktechnik und Netzwerksicherheit mbH
Markus Mengen
Konnwiese 13
56477Rennerod
Telephone: +49 2664 997190
Email: dsb@lan-security.de

1.3 Competent Supervisory Authorities

The contact details of the supervisory authority responsible for the registered office of our company are as follows:

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163
65021 Wiesbaden
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
https://datenschutz.hessen.de

2. Data collection on and through this website

2.1 How do we collect your data and what data do we collect?

(1). Visiting the website (server log files):

Each time a user visits our website, certain data about this process is automatically and temporarily processed in a log file. In detail, the following data is stored for each access/retrieval:

  • Date and time of retrieval (timestamp),
  • the IP address or the device ID of the accessing terminal device,
  • the type of terminal device in question
  • Referrer URL
  • the operating system of the accessing device and
  • the browser type and version

This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose.

We store this data for a maximum of seven days to detect and track misuse.

This data will not be combined with data from other sources.

(2) Hosting (integration of service providers)

Our website is technically supported by a processor (“hosted”/“hosting”). This means that all personal data can also be transmitted to them. The commissioned data processor is the host provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS).

When you visit our website, IONOS collects various log files on our behalf, including your IP addresses. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

commissioned Data processing

We have concluded a commissioned data processing agreement (CDP) with IONOS for the use of the above-mentioned service. This is a contract required by data protection law, which guarantees that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

(3) Cookies

Our website uses so-called ‘cookies’. Cookies are small data packets and do not cause any damage to your terminal device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies can be used to evaluate user behaviour or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping basket function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are processed on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services.

If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) (a) GDPR and Section 25 (1) TTDPA); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and/or only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

(4) Real Cookie Banner

Our website uses the consent technology of Real Cookie Banner to obtain your consent or refusal to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in compliance with data protection regulations.

The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling (hereinafter referred to as ‘Real Cookie Banner’). If you have given your consent, you can revoke it at any time. We will inform you about the revocation and other rights in Section 6 of this declaration.

Real Cookie Banner is installed locally on our servers, so no connection is established to the servers of the provider of Real Cookie Banner. Real Cookie Banner stores a cookie in your browser in order to be able to assign the consent granted or its revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Real Cookie Banner cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention requirements remain unaffected.

Real Cookie Banner is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

(5) Contact Form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) (b) GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer applies (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

We process the following categories of data in connection with the contact form:

  • Name (mandatory)
  • Telephone number (mandatory)
  • E-mail address (mandatory)
  • Request (mandatory)
  • File attachment
  • Message

(6) Analysis tools

This website uses the analysis services of IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analyses with IONOS, visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which page the visitor comes from), visitor locations and technical data (browser and operating system versions) can be analysed. For this purpose, IONOS stores the following data in particular:

  • Referrer (previously visited website)
  • requested web page or file
  • Browser type and browser version
  • Operating system used
  • Type of device used
  • Time of access
  • IP address in anonymized form (only used to determine the location of access)

Only log files are stored for a maximum of 7 days. Cookies are not stored by IONOS WebAnalytics.

The data is stored and analysed on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further information on data collection and processing by IONOS WebAnalytics can be found in the IONOS privacy policy at the following link: https://www.ionos.de/terms-gtc/datenschutzerklaerung/

We have concluded a commissioned data processing agreement (CDP) for the use of the above-mentioned service. This is a contract required by data protection law, which guarantees that the personal data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.

(7) Further plug-ins and tools

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the standardised display of fonts. The Google Fonts are installed locally. There is no connection to the Google servers.

You can find more information about Google Fonts at: https://developers.google.com/fonts/faq

and in their privacy policy: https://policies.google.com/privacy?hl=de .

Avada Forms Plugin

We use the Avada Forms plugin to create and manage forms on our website. Avada Forms is a fully integrated solution for forms in the Avada Website Builder. It reduces the need for additional third-party plugins and allows us to design customised forms that meet our requirements.

Further information about Avada Forms can be found at:

https://avada.com/documentation/how-to-use-avada-forms and in Avada’s privacy policy: https://avada.com/privacy-policy

(8) Cross-references

Insofar as our website refers to other websites (third-party websites) via links, we would like to point out that we are not responsible for third-party content that can be accessed via such links. We only check the content of the cross-reference for legality the first time it is linked.

2.2 Information on data transfer and encryption

SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator.

You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

3. Enquiries by email, telephone, fax

If you contact us by email, telephone or fax, we will store and process your enquiry including all personal data (name, enquiry, email address, telephone number, fax number) for the purpose of processing your request. We do not pass on this data without your consent.

This data is processed on the basis of Art. 6 (1) (b) GDPR if your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact requests via email, telephone or fax will remain with us until you request us to delete it, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

The phone numbers transmitted during a call are deleted on a rolling basis: Our telephone system has the option of storing 50 calls; the oldest entry is deleted with the 51st call.

We would like to point out once again at this point that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

4. Applications

We offer you the opportunity to apply to us (e.g. by email, post or online application form).

If you send us an application, we process your associated personal data, e.g. contact and communication data, application documents, notes taken during interviews, etc. (applicant data), insofar as this is necessary for the decision on the establishment of an employment relationship.

The legal basis for this is Art. 6 (1) (b) GDPR (general contract initiation) if you have given your consent – Art. 6 (1) (a) GDPR and Section 26 BDSG. Consent can be revoked at any time. Your personal applicant data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) (b) GDPR for the purpose of conducting the employment relationship.

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will subsequently be deleted and the physical application documents destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.

5. Social media

We do not use any social media plugins on our websites. If our websites contain symbols from social media providers, we only use these to passively link to the pages of the respective providers.

However, we maintain publicly accessible profiles on the social media Facebook, Instagram, LinkedIn and Xing. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data we collect, use and store when you visit our profiles.

If you visit one of our social media channels, we are solely or jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. Joint controllership means that there are common purposes for the processing and data subjects can assert their rights under Art. 12-22 GDPR and Art. 77 GDPR with both controllers.

This means that you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal. You can find a more detailed description of your rights under point 1.8.

If you are logged into your social media account and visit our social media channel, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider processing may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policy of the respective social media portals.

We have no influence on the duration of the storage of your data, which is stored by the operators of the social networks for their own purposes.

In detail:

5.1 Facebook and Instagram

In order to advertise our products and services and communicate with interested parties, customers or applicants, we operate a company presence on the Facebook & Instagram platforms.

If the user contacts us via Facebook or Instagram, the personal data provided by the user will be used to process the enquiry. The user’s data will be deleted by us as soon as the user’s enquiry has been conclusively answered and there are no statutory retention obligations to the contrary, e.g. for subsequent contract processing.

Facebook/Instagram also receive data protection-relevant information about you when you visit our site. If you do not have a Facebook/Instagram account, so-called ‘log data’ will be collected, which may include the IP address, browser type, operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the terminal device you are using (including device ID and application ID), the search terms you have used and cookie information.

Facebook and/or Instagram buttons or widgets integrated into our websites and the use of cookies enable Facebook & Instagram to record your visits to our websites and assign them to your Facebook and/or Instagram profile. This data can be used to offer you customised content or advertising.

However, when using Facebook and Instagram, your personal data will be collected, stored, disclosed, used and possibly transferred by Facebook Ireland Ltd., especially if you have an account there yourself. This user data is used by Facebook/Instagram for statistical information about the use of our company presence on Facebook and Instagram. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. Using these profiles, Facebook Ireland Ltd. is able, for example, to advertise to users according to their interests within and outside of Facebook. If the user is logged into their Facebook account at the time of accessing the website, Facebook Ireland Ltd. can also link the data to the respective user account.

We have no influence on the type and scope of the data collected by Facebook & Instagram, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this regard.

Facebook & Instagram process your voluntarily entered data such as name and user name, email address, telephone number or the contacts in your address book when you upload or synchronise it. On the other hand, Facebook & Instagram also evaluate the content you share to determine which topics you are interested in, store and process confidential messages that you send directly to other users and can determine your location using GPS data, information on wireless networks or your IP address in order to send you advertising or other content.

Facebook Ireland Ltd. also uses the ‘Facebook and Instagram Insights’ analysis tool for evaluation purposes. In connection with the operation of our accounts on Instagram and Facebook, we use this ‘Insights’ function to obtain anonymised statistical data on the users of our accounts. Here, the platforms store a cookie on the terminal device of the user who visits our account, which contains a user code that can be linked to the data of other users who are registered with Facebook and/or Instagram. The meta privacy policy ( https://www.facebook.com/privacy/policy ) contains all information on data processing when using Facebook or Instagram.

The legal basis for the resulting processing of personal data described below is Article 6 (1) (f) GDPR. Our legitimate interest lies in analysing, communicating, selling and advertising our products and services. The legal basis may also be the user’s consent pursuant to Art. 6 (1) (a) GDPR vis-à-vis the platform operator. In accordance with Art. 7 (3) GDPR, the user can revoke their consent for the future at any time by notifying the platform operator.

For more information about which data is processed by Facebook & Instagram and for what purposes it is used, which processing operations are carried out, how you can prevent and/or delete them if necessary, please refer to the Facebook/Instagram privacy policy:

Facebook: https://www.facebook.com/privacy/policy

Instagram: https://help.instagram.com/155833707900388

There you will also find all information on your rights under the GDPR, in particular regarding data access, rectification, erasure, blocking, restriction, transfer, complaint, revocation and objection.

We cannot rule out that processing by Facebook Ireland Ltd. also takes place via Facebook Inc. based at 1601 Willow Road, Menlo Park, California 94025 in the USA.

Further information on these points is also available on the following Facebook support page:https://www.facebook.com/about/privacy/

You can find out more about the possibility of viewing and downloading your own data on Facebook here: https://www.facebook.com/settings?tab=your_facebook_information

You can find information about the conclusions Facebook draws about you here:https://www.facebook.com/settings?tab=your_facebook_information

Information on the available personalisation and data protection setting options can be found here https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen and here https://www.facebook.com/settings?tab=facerec

You also have the option of contacting Facebook’s data protection officer via the Facebook data protection form: https://www.facebook.com/help/contact/540977946302970

Information on rights of objection in relation to data processing by Facebook can be found here: https://www.facebook.com/help/2069235856423257

The Facebook & Instagram data protection officer can be reached via a contact form at https://www.facebook.com/help/contact/540977946302970.

5.2 LinkedIn

You can also contact us via LinkedIn. As the operator of our LinkedIn presence, we also process your personal data when you visit this presence.

The presentation of our company and the interaction with our users represent the purpose of data processing at LinkedIn. The purpose of our LinkedIn presence is therefore to provide information about our company, our products and services, combined with the opportunity for users to interact with us in a targeted manner. The legal basis for data processing is Art. 6 (1) (f) GDPR.

If we publish images of individuals, this is done with consent (legal basis: Art. 6 (1) (a) GDPR) on the basis of a contractual agreement (legal basis: Art. 6 (1) (b) GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 (1) (f) GDPR in conjunction with Sections 22, 23 of the Artistic Copyright Act).

You can find LinkedIn’s data protection officer via the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

The LinkedIn Terms of Use and the other terms and policies listed at the bottom of the page https://www.linkedin.com/legal/user-agreement apply.

Information about which data is processed by LinkedIn and for what purposes can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy.

By using LinkedIn, your personal data will be collected, transferred, stored, disclosed and used by the LinkedIn Corporation. LinkedIn transfers personal data to the USA on the basis of the standard contractual clauses https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.

We have no influence on the type and scope of the data processed by LinkedIn, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this regard.

We also have no knowledge of the content of your data transmitted to LinkedIn and cannot provide any information about what data is stored about you through the use of the LinkedIn service.

In addition to your voluntarily entered data such as profile, login, contact and calendar data, LinkedIn also collects and processes location and device information, for example, as well as internet protocol addresses (IP addresses). LinkedIn can also use cookies or similar technologies to identify you outside of its own services and across different devices.

LinkedIn collects and analyses data from the content, news and messages you publish and upload, as well as data from partners and affiliated companies, such as information provided by your workplace/educational institution, websites or third-party services.

Further information can be found at: https://www.linkedin.com/legal/privacy-policy

LinkedIn states that it will use your personal data to provide you with additional services (including advertisements) and customise them to make them more relevant and useful to you and others, including by using automated systems and its own inferences. For this purpose, LinkedIn may also merge data internally via various services covered in its privacy policy (details at: https://www.linkedin.com/legal/privacy-policy#use).

How LinkedIn uses the data from visits to LinkedIn pages for its own purposes, to what extent activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data and whether data from a visit to the LinkedIn page is passed on to third parties is not conclusively and clearly stated by LinkedIn and is not known to us.

LinkedIn also states that it may use the services of third parties (partner companies and external service providers) to assist it in providing its services (e.g. maintenance, analysis, verification, payment, fraud detection, marketing and development). These third parties have access to your information to the extent reasonably necessary to perform the relevant tasks for LinkedIn and are obligated not to disclose or use your information for any other purpose. More information can be found at: https://www.linkedin.com/legal/privacy-policy#share

If third-party services are used by LinkedIn for our LinkedIn page, we have not commissioned, approved or otherwise supported this in any way. The personal data obtained during the analysis is also not made available to us. Only certain non-personal, aggregated information about the activity, such as the number of profile or link clicks on a particular post or page or certain demographic data (e.g. the region or activity areas of the visits), can be viewed by us via our account. Furthermore, we have no way of preventing or switching off the use of such services on our LinkedIn page.

Finally, LinkedIn also receives information when you view content, for example, even if you have not created an account (e.g. via a public LinkedIn profile). This so-called ‘log data’ can be the IP address, the browser type, the operating system, information about the previously accessed website and the pages you have accessed, your location, your mobile phone provider, the terminal device you are using (including device ID and application ID), the search terms you have used and cookie information.

LinkedIn buttons or widgets integrated into websites and the use of cookies enable LinkedIn to record your visits to these websites and assign them to your LinkedIn profile. This data can be used to offer you customised content or advertising.

Even if the LinkedIn Corporation is a non-European provider, it is bound by the GDPR in the designated countries. This concerns, for example, your rights to information, correction, deletion, blocking, restriction, transfer, complaint, cancellation or objection.

Further information on these points is available on the following LinkedIn Help pages:

https://www.linkedin.com/help/linkedin

The option to view and download your own data from LinkedIn can be found in your account navigation under ‘Settings and data protection’ in the ‘Data protection’ tab under ‘How LinkedIn uses your data’ or at https://www.linkedin.com/psettings/member-data.

Information about the comprehensive data collection by LinkedIn and other data protection settings can be found at: http://www.linkedin.com/legal/privacy-policy

The option to switch off interest-based advertising (not advertising in general) can be found here: Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

You also have the option of contacting LinkedIn via the LinkedIn contact form or via the LinkedIn office in Ireland responsible for the designated countries if you have any questions about the privacy policy or user agreement:

Online contact form at https://www.linkedin.com/help/linkedin/ask/PPQ

Postal address:

LinkedIn Ireland Unlimited Company
Attn: Legal Dept. (Privacy Policy and User Agreement)
Wilton Plaza
Wilton Place, Dublin 2
Ireland

5.3 Xing

We also maintain an online presence on XING to present our company and our services and to communicate with applicants/interested parties.

Some of the XING applications may appear under other brand names or using other XING websites, such as Kununu

XING is an internet-based social network that enables users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile of themselves at Xing. As a company, for example, we have created a company profile and can publish job vacancies. The operating company of the platform is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

When you visit our company profile, XING collects, among other things, your IP address and other information that is stored on your device in the form of cookies. XING uses this information primarily to provide and maintain the security of the service. In addition, this data is used by XING to evaluate user behaviour and to measure and optimise advertising.

XING & Kununu provide more information on this at

https://privacy.xing.com/de/datenschutzerklaerung

and

https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing.

The data collected about you in this context will be processed by New Work SE and may be transferred to countries outside the European Union. In its privacy policy, XING describes in general terms what information XING receives and how it is used. There you will also find information on how to contact XING.

The privacy policy is available at the following link: https://privacy.xing.com/en/privacy-policy.

We have no influence on the type and scope of the data processed by Xing, the type of processing and utilisation or the forwarding of this data to third parties. We also have no effective control options in this regard.

We also have no knowledge of the content of your data transmitted to Xing and cannot provide any information about what data is stored about you through the use of the Xing service.

You have all legal rights to information, reporting, deletion, restriction and objection to processing as well as a right to data portability and the right to revoke consent once given or to complain to the supervisory authority. Information about these rights at Xing can be found here:

https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen-

6. Storage period

Unless a specific storage period is specified in this privacy policy, your personal data will remain with us until the purpose for the processing of data no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have any other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion takes place after these reasons no longer apply.

7. no automated decision-making

The provider does not use automated decision-making within the meaning of Art. 22 (1) GDPR.

8. rights of users (data subjects)

  • Right to information (Art. 15 GDPR): You have the right to request information free of charge at any time as to whether we process personal data about you and, if so, for what purposes, which categories of data we process, the origin of the data, the recipients of the data, if possible, also the duration of storage and, if not possible, the criteria for determining the duration (Art. 15 GDPR).
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR): You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
  • Right to lodge a complaint with the competent data protection supervisory authority. You will find their contact details in Section 1.3 above. 1.3.
  • Right of withdrawal at any timeif the data processing is based on your consent pursuant to Art. 6 para. (1) (a) or Art. 9 (2) (a) GDPR.
  • Right of objection (Art. 21 GDPR): If and insofar as the processing of your personal data is carried out by us on the basis of a legitimate interest, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

    We will cease processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.

To exercise your rights or if you have any other questions regarding your personal data, please send an email or letter to our data protection officer, whose contact details can be found above under Section 1.2.