Privacy policy

Privacy policy

Thank you very much for your interest in our company. Data protection is very important to the management of APCOA Luxembourg S.à.r.l. Generally, the use of the APCOA Luxembourg S.à.r.l. website is possible without providing any personal data. However, if a data subject wishes to take advantage of services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and if there is no legal basis for such processing, we generally request the consent of the data subject.

The processing of personal data, for example the name, address, e-mail address, or telephone number of a data subject, always takes place in compliance with the Generation Data Protection Regulation (GDPR) and in accordance with the national data protection regulations applicable to APCOA Luxembourg S.à.r.l. Through this privacy policy, our company wishes to inform the public of the type, scope and purpose of the personal data that we collect, use and process. In addition, this privacy policy informs data subjects of their rights.

For processing purposes, APCOA Luxembourg S.à.r.l. has implemented numerous technical and organisational measures to guarantee optimum protection of the personal data processed on this site. However, there may be security gaps in web transmissions, so that absolute protection is not possible. This is why any person concerned may also send us personal data by alternative means, for example by telephone.

 

1. Definitions

The privacy policy of APCOA Luxembourg S.à.r.l. is based on the definitions used by the legislator of the European directives and provisions when adopting the General Data Protection Regulation (GDPR). Our privacy policy must be easy to read and understand, both for the general public and for our customers and business partners. To ensure this, we would first like to clarify the terms used.

In particular, we use the following terms in this privacy policy:

 

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"). A natural person is considered identifiable when, directly or indirectly, it is possible to identify the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, in particular through a designation such as a name, identification number, location data, online identification or one or more specific characteristics.

 

b) Data subject

The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

 

c) Processing

Processing is any process carried out with or without the aid of automated procedures or any series of processes relating to personal data, such as collection, input, organisation, filing, storage, adaptation or alteration, retrieval, request, use, publication by transmission, dissemination or otherwise making available, comparison or combination, restriction, deletion or destruction.

 

d) Restriction of processing

Restriction of processing is the marking of stored personal data in order to restrict its future processing.

 

e) Profiling

Profiling is any type of automated processing of personal data whereby such personal data is used to evaluate personal aspects relating to a natural person, in particular in order to analyse or determine aspects relating to that person's work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or relocation.

 

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific person concerned without additional information, insofar as this additional information is recorded separately and technical and organisational measures are in place to ensure that the personal data cannot be attributed to an identified or identifiable natural person.

 

g) Data controller or data processor

The controller or data processor is the natural or legal person, authority, institution or any other body which, alone or together with others, decides on the purposes and means of the processing of personal data. If the purposes or means of such processing are determined by the legislation of the Union or the legislation of the Member States, then the controller or the precise criteria for his appointment may be prescribed by the legislation of the Union or the legislation of the Member States.

 

h) Person responsible for the order

The controller is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

 

i) Recipient

The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data in the context of an investigation under Union or Member State legislation are not considered to be recipients.

 

j) Third parties

The third party is a natural or legal person, an authority, an institution or another body excluding the data subject, the person responsible, the person responsible for the order and the persons under the direct responsibility of the person responsible or the person responsible for the order, who is authorised to process personal data.

 

k) Authorisation

Authorisation is any expression of will in the form of a declaration or other unambiguous confirmatory action by which the data subject explains by his or her own will that he or she approves the processing of personal data concerning him or her.

 

2. Name and address of the controller or data processor

The controller within the meaning of the General Data Protection Regulation, other laws in force in the Member States of the European Union and other provisions relating to data protection is :

 

APCOA Luxemburg S.A.r.l.
45, Boulevard Royal
2449 Luxembourg

Telephone: +352 42 22 29 1

Fax: +352 426443

E-Mail: service@apcoa.lu

 

3. Cookies

The APCOA Luxembourg S.à.r.l. web pages use cookies. Cookies are small text files stored on your hard disk by our server or possibly by a third-party server.

Many websites and servers use cookies. Many cookies contain a "cookie-ID". A cookie-ID is a unique identification of the cookie. It consists of a series of characters that enable web pages and servers to be allocated to the specific Internet browser in which the cookie was saved. This enables the websites and servers visited to differentiate the individual browser of the person concerned from other browsers containing other cookies. A specific Internet browser can be recognised and identified by a unique cookie ID.

Through the use of cookies, APCOA Luxembourg S.à.r.l. can provide users of this website with more user-friendly services that would not be possible without cookies.

Cookies make it possible to optimise the information and offers on our website for the user. As already mentioned, cookies enable us to recognise users of our website. The purpose of this identification is to make it easier for them to use our website. Users of a website that uses cookies do not have to re-enter their access data each time they visit the website, as this is taken care of by the website and by the user's cookie stored on the computer system. Another example is a shopping basket cookie in an online shop. Thanks to a cookie, the online shop remembers which items a customer has placed in the virtual shopping basket.

 

The person concerned can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used, thereby permanently objecting to the use of cookies. In addition, cookies that have already been stored can be deleted at any time using an Internet browser or other software. This is possible with all standard Internet browsers. If the person concerned disables the use of cookies in the Internet browser used, it is possible that not all the functions of our website will be fully available.

 

4. Entry of general data and information

Each time a data subject or automated system accesses the website, the APCOA Luxembourg S.à.r.l. website records a series of general data and information. This general data and information is stored in the server log files. What is recorded is (1) the type of browser and version used, (2) the operating system of the system accessing the site, (3) the website from which a system accessing the site arrives on our website ("referrer"), (4) the sub-websites via which a system accessing the site is redirected to our website, (5) the date and time of access to our website, (6) an Internet Protocol address (IP address), (7) the Internet provider of the system accessing the website and (8) other similar data and information used to defend against attacks on our information technology systems.

 

When using these general data and information, APCOA Luxembourg S.à.r.l. does not draw any conclusions about the person concerned. Instead, this information is used (1) to provide the content of our website correctly, (2) to optimise the content of our website and advertising on it, (3) to ensure the long-term functionality of our information technology and technical systems on our website and (4) to provide the legal authorities with the necessary information in the event of a cyber attack. These anonymously collected data and information are therefore statistically evaluated by APCOA Luxembourg S.à.r.l. with the aim of increasing data protection and security within our company in order to ultimately guarantee an optimal level of protection for the personal data we process. Anonymous data from server log files are separated and saved separately from all personal data indicated.

 

5. Subscription to our newsletter

On the APCOA Luxembourg S.à.r.l. website, users also have the option of subscribing to our company newsletter. The personal data transmitted to the data controller when subscribing to the newsletter is determined by the input mask used for this purpose.

By means of a newsletter, APCOA Luxembourg S.à.r.l. regularly informs its customers and business partners about company offers. Our company's newsletter can generally only be received by the person concerned if (1) the person concerned has a valid e-mail address and if (2) the person concerned subscribes to the newsletter. For legal reasons, a confirmation e-mail is first sent as a double confirmation procedure to a person signing up to receive the newsletter for the first time. This confirmation e-mail is used to check whether the holder of the e-mail address has authorised receipt of the newsletter as the person concerned.

When subscribing to the newsletter, we also save the IP address provided by the Internet service provider of the data subject's computer system at the time of subscription, as well as the date and time of subscription. The collection of this data is necessary in order to be able to trace any (possible) misuse of the data subject's email address at a later date and therefore serves as legal protection for the data controller.

The personal data collected when subscribing to the newsletter is used exclusively for sending our newsletter. In addition, newsletter subscribers may be informed by e-mail, insofar as this is necessary for the operation of the newsletter service or for the corresponding registration, as is the case when changes are made to the newsletter offer or to the technical conditions. No personal data collected as part of the newsletter service is passed on to third parties. Subscriptions to our newsletter may be cancelled at any time by the person concerned. The data subject's consent to the storage of personal data for the purpose of sending the newsletter may be withdrawn at any time. There is a corresponding link in each newsletter so that you can withdraw your consent. It is also possible to unsubscribe from the newsletter at any time directly on the website of the data controller or to inform the data controller in another way.

 

6. Newsletter follow-up

The APCOA Luxembourg S.à.r.l. newsletter contains web beacons. A web beacon is a miniature graphic that is incorporated into such e-mails sent in HTML format in order to enable the log file to be recorded and analysed. This enables statistical evaluation of the success or otherwise of online marketing campaigns. Using embedded web beacons, APCOA Luxembourg S.à.r.l. can find out if and when an e-mail was opened by the data subject and which links contained in the e-mail were opened by the data subject.

Such personal data collected via web beacons in the newsletter is saved for processing by the person responsible and evaluated in order to optimise the sending of the newsletter and to tailor the newsletter even better to the interests of the person concerned in the future. This personal data is not passed on to third parties. Data subjects are entitled to revoke the corresponding special declaration of consent at any time via the double confirmation procedure. After revocation, this personal data is deleted by the data controller. APCOA Luxembourg S.à.r.l. automatically regards any unsubscription from the newsletter as a revocation.

 

7. Contact via the website

In accordance with the legal regulations, the website of the APCOA Luxembourg S.à.r.l. contains information that enables a quick electronic contact with our company as well as an immediate communication with us, which also includes a general "electronic mail" address (e-mail address). If a data subject contacts the data controller by e-mail or using a contact form, the personal data transmitted by the data subject is automatically saved. Such personal data voluntarily transmitted by a data subject to the data controller is saved for the purposes of processing or contacting the data subject. No personal data collected in this way is passed on to third parties.

 

8. Routine deletion and blocking of personal data

The data controller processes and stores the personal data of the data subject only for as long as is necessary to achieve the purpose of the storage or insofar as this has been provided for by the European legislator or by another legislator in the laws or directives to which the data controller is subject.

If the purpose of the safeguarding becomes obsolete or if the safeguarding period prescribed by the European legislator or by another legislator responsible expires, the personal data is blocked or deleted as a matter of routine and in accordance with the legal directives.

 

9. Rights of the data subject

a) Right of confirmation

Every data subject has the right, granted by the European legislator, to request confirmation from the data controller as to whether personal data is being processed. If a data subject wishes to make use of this right of confirmation, he or she may contact an employee of the data controller at any time.

 

b) Right to information

Each person concerned by the processing of personal data has the right, granted by the European legislator, to receive at any time free information about the personal data stored on his/her person and a copy of this information from the data controller. In addition, the European legislator authorises the data subject to obtain information about the following:

-the purposes of the processing

-the categories of personal data being processed

-the recipients or categories of recipients to whom the personal data has been disclosed or is to be disclosed, in particular for recipients in third countries or for international organisations

-if possible, the period for which the personal data is stored or, if this is not possible, the criteria for defining this period

-the existence of a right to information or to the deletion of personal data concerning them, or to the restriction of processing by the controller, or a right of revocation against such processing

-the existence of a right of complaint to a supervisory authority

-where personal data is not collected from the data subject: all available information about the origin of the data

the existence of a decision-making process, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, relevant information about the logistics involved and the scope and consequences of such processing for the data subject.

 

In addition, the data subject has a right of information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, then the data subject has the right to be informed about the corresponding guarantees in relation to this transfer.

If a data subject wishes to make use of this right to information, he or she may contact an employee of the data controller at any time.

 

c) Right of rectification

Any person concerned by the processing of personal data has the right, granted by the European legislator, to demand at any time the immediate rectification of erroneous personal data concerning him or her. In addition, the data subject has the right to request, taking into account the purposes of the processing, that incomplete personal data be supplemented, including by means of an additional explanation.

If a data subject wishes to make use of this right of rectification, he or she may contact an employee of the data controller at any time.

 

d) Right of deletion (right to be forgotten)

Each person concerned by the processing of personal data has the right, granted by the European legislator, to demand at any time that the controller delete the corresponding personal data immediately insofar as one of the following reasons applies and insofar as the processing is not necessary:

The personal data has been collected or processed for purposes that are no longer necessary.

The person revokes his or her authorisation on which the processing was based in accordance with art. 6 par. 1 l. a of the GDPR or art. 9 par. 2 l. a of the GDPR, and there is no other legal basis for the processing.

The data subject objects to the processing pursuant to art. 21 par. 1 of the GDPR and there is no justified reason for the processing, or the data subject objects to the processing pursuant to art. 21 par. 2 of the GDPR.

The personal data has been processed unlawfully.

The deletion of personal data is necessary to comply with a legal obligation under EU law or the law of the Member States, to which the controller is subject.

Personal data is collected in connection with services provided by the information company in accordance with art. 8 par. 1 of the RGPD.

 

If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by APCOA Luxembourg S.à.r.l., he or she may, at any time, contact an employee of the controller. The APCOA Luxembourg S.à.r.l. employee will ensure that the request for deletion is dealt with promptly.

 

If the personal data have been made public by APCOA Luxembourg S.à.r.l. and if our company is responsible for the deletion of the data according to art. 17 par. 1 of the RGPD, then, taking into account the available technologies and the implementation costs, APCOA Luxembourg S.à.r.l. shall take appropriate measures, also of a technical nature, to inform the other data controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to this personal data or copies or replicas of this personal data, insofar as the processing is not necessary. The APCOA Luxembourg S.à.r.l. employee will ensure that this is done on a case-by-case basis.

 

e) Right to restrict processing

Each person concerned by the processing of personal data has the right, granted by the European legislator, to demand that the data controller restrict the processing at any time when one of the following conditions applies:

-The truthfulness of the personal data is contested by the data subject, for a period allowing the data controller to verify the truthfulness of the personal data.

-The processing is unlawful, the data subject refuses the deletion of the personal data and instead demands that the use of the personal data be restricted.

-The data controller no longer needs the personal data for the purpose of processing. However, the data subject needs them to assert, exercise or defend his or her legitimate rights.

-The data subject has objected to the processing in accordance with Art. 21 par. 1 of the GDPR and it has not yet been determined whether the legitimate grounds of the controller prevail over those of the data subject.

If one of the aforementioned conditions applies, and a data subject wishes to request the restriction of personal data stored at APCOA Luxembourg S.à.r.l., he or she may, at any time, contact an employee of the controller. The APCOA Luxembourg S.à.r.l. employee will ensure that the processing is restricted.

 

f) Right to data portability

Each person concerned by the processing of personal data has the right, granted by the European legislator, to receive in a structured, customary and machine-readable format the personal data concerning him or her that has been made available by the person concerned to a data controller. In addition, he or she has the right to transmit this data to another controller without being prevented from doing so by the controller to whom the personal data was made available, insofar as the processing is based on authorisation in accordance with art. 6 par. 1 l. a of the RGPD or art. 9 par. 2 l. a of the RGPD or on the basis of a contract in accordance with art. 6 par. 1 l. b of the RGPD and the processing takes place via automated processes, insofar as the processing is not necessary for the performance of a task in the public interest or does not relate to the exercise of public authority delegated to the person responsible.

In addition, when exercising his or her right to data portability in accordance with art. 20 par. 1 of the RGPD, the data subject has the right to have personal data transferred directly from one controller to another, insofar as this is technically possible and the rights and freedoms of other persons are not affected.

In order to assert his or her right to data portability, the data subject may at any time contact an employee of APCOA Luxembourg S.à.r.l.

 

g) Right to object

Each person concerned by the processing of personal data has the right, granted by the European legislator, for reasons arising from his or her particular situation, to object at any time to the processing of personal data concerning him or her and occurring by reason of art. 6 par. 1 l. e or f of the RGPD. This also applies to profiling based on these guidelines.

The APCOA Luxembourg S.à.r.l. will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or unless the processing serves to assert, exercise or defend legitimate claims.

If APCOA Luxembourg S.à.r.l. processes personal data for the purposes of direct advertising, the data subject shall have the right to object at any time to processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If the data subject objects to APCOA Luxembourg S.à.r.l. to the processing for direct marketing purposes, APCOA Luxembourg S.à.r.l. will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of his or her personal data by APCOA Luxembourg S.à.r.l. for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise his or her right to object, the data subject may at any time contact any employee of APCOA Luxembourg S.à.r.l. or another employee. Furthermore, the data subject may exercise his/her right to object, in relation to the use of information society services, notwithstanding Directive 2002/58/EU, via automated processes using technical specifications.

 

h) Automated decisions in a specific case, including profiling

Any person concerned by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effects or which adversely affects him in a similar manner, insofar as (1) the decision is not necessary for the conclusion or performance of a contract between the data subject and the controller, (2) the decision, by reason of legal directives of the Union or of Member States to which the data controller is subject, is authorised and these legal directives contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (3) the decision is made with the explicit authorisation of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller or (2) if it takes place with the explicit authorisation of the data subject, APCOA Luxembourg S.à.r.l. shall take appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, where at least the right to challenge the intervention of a person on the part of the controller is based on the presentation of one's own point of view and the acknowledgement of the decision.

If the data subject wishes to exercise his rights in relation to automated decisions, he may contact an employee of the data controller at any time.

 

i) Right to revoke data protection authorisation

Each person concerned by the processing of personal data has the right, granted by the European legislator, to revoke the authorisation to process personal data at any time.

 

If the data subject wishes to exercise his or her right to revoke authorisation, he or she may contact an employee of the data controller at any time.

 

j) Existence of a right of complaint to the supervisory authority

If you believe that your personal data is being processed in a contentious manner, you may report this to a supervisory authority in accordance with art. 77 of the RGPD.

 

10. Data protection for applications and application processes

The data controller collects and processes the personal data of applicants in order to manage the application process. Processing may take place electronically. This is particularly the case when an applicant sends the data controller application documents electronically, for example by e-mail or via an online form on the website. If the data controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of drawing up the employment report in compliance with the statutory guidelines. If the data controller does not conclude a contract of employment with the applicant, the application documents are automatically deleted two months after the announcement of the decision to reject, insofar as deletion does not conflict with other legitimate interests of the data controller. Another legitimate interest in this respect would be, for example, an obligation to provide justification for legal proceedings under anti-discrimination legislation.

 

11. Data protection guidelines relating to the use of Facebook

The data controller has integrated components of the Facebook company into this website. Facebook is a social network.

A social network is an online meeting place, an online community that generally allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences, and enables the online community to make personal or company-related information available. In particular, Facebook allows users of the social network to create private profiles, upload photos and interact via friend requests.

The company operating Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for processing personal data when a data subject lives outside the United States or Canada.

Each time a data subject accesses one of the sub-pages of this website operated by the data controller on which a Facebook component ("Facebook plugin") has been integrated, the Internet browser is automatically authorised by the corresponding Facebook component to download a representation of the corresponding Facebook component to the data subject's computer system.

An overview of all Facebook Plugins can be found at developers.facebook.com/docs/plugins/ As part of this technical procedure, Facebook receives information about the specific sub-pages of our website that are accessed by the data subject.

Provided that the data subject is logged in to Facebook at the same time, Facebook identifies which specific sub-page the data subject is accessing each time the data subject accesses our website and for the entire duration of the respective visit to our website. This information is collected by the Facebook components and assigned by Facebook to the corresponding Facebook account of the person concerned. If the data subject clicks on one of the Facebook buttons integrated into our website, for example the "Like" button, or if the data subject posts a comment, Facebook links this information to the data subject's personal Facebook user account and saves this personal data.

Facebook's Facebook components always inform Facebook that the person concerned has visited our website if the person concerned is logged in to Facebook at the same time. This is the case regardless of whether or not the data subject clicks on the Facebook components. If the person concerned does not want this information to be passed on to Facebook, they can prevent this by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which can be accessed at de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains how Facebook can be configured to protect the privacy of the data subject. There are also a number of applications available that can be used to prevent data being passed on to Facebook. These applications can be used by the data subject to prevent data from being passed on to Facebook.

 

12. Data protection guidelines for the use of Google AdSense

The controller has integrated Google AdSense into this website. Google AdSense is an online service which makes it possible to place advertisements on third-party websites. Google AdSense is based on an algorithm which selects the advertisements displayed on third-party sites according to the content of the corresponding third-party site. Google AdSense allows users to be targeted according to their interests, which is then implemented by generating individual user profiles.

The company operating the Google AdSense component is Alphabet Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of the Google AdSense component is to integrate advertising on our website. Google AdSense places a cookie on the data subject's computer system. Cookies have already been explained above. Storing a cookie enables Alphabet Inc. to analyse the use of our website. Each time a user accesses one of the sub-pages of this website operated by the controller and on which a Google AdSense component has been integrated, the Internet browser is automatically authorised by the corresponding AdSense component to download data to the data subject's computer system for the purposes of online advertising and billing of commissions to Alphabet Inc. As part of this technical process, Alphabet Inc. is informed of personal data such as the IP address of the data subject, which Alphabet Inc. uses in particular to trace the origin of visitors and clicks and subsequently to enable commission billing.

As already mentioned above, the person concerned can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used and thus permanently objecting to the use of cookies. Such a configuration of the Internet browser used would also prevent Alphabet Inc. from storing a cookie on the data subject's computer system. Furthermore, a cookie already stored by Alphabet Inc. can be deleted at any time via the online browser or other software.

Google AdSense also uses web beacons. A web beacon is a miniature graphic that is incorporated into websites to enable log files to be recorded and analysed, thus making statistical evaluation possible. With the help of embedded web beacons, Alphabet Inc. can find out if and when an e-mail was opened on a website by the person concerned and which links were opened by the person concerned. Web beacons are used in particular to analyse the flow of visitors to a website.

Via Google AdSense, personal data and information, including the IP address, required for the registration and billing of advertisements are transmitted to Alphabet.Inc in the USA. This personal data is stored and processed in the USA. Alphabet Inc. may pass on the personal data collected to third parties via technical processes.

This link explains how Google AdSense works in more detail: www.google.de/intl/de/adsense/start/.

 

13. Data protection guidelines for the use of Google Analytics

The controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analysis service. Web analysis is the collection, aggregation and evaluation of data about the behaviour of visitors to websites. In particular, a web analysis service collects data concerning the website from which a data subject has accessed another website ("referrer"), the sub-pages opened on the website or how often and for how long a sub-page was viewed. Web analysis is mainly used to optimise a website and for cost-utility analysis of online advertising.

The company operating the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

 

The controller uses the "_gat._anonymizeIp" extension for web analysis via Google Analytics. Thanks to this extension, the IP address of the Internet connection of the person concerned is shortened and anonymised by Google when our web pages are accessed from a member state of the European Union or another state that has signed the European Economic Area agreement.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. In particular, Google uses the data and information collected to evaluate the use of our website, to compile online reports analysing activities on our web pages and to provide services related to the use of our website.

Google Analytics places a cookie on the data subject's computer system. Cookies have already been explained above. Storing a cookie enables Google to analyse the use of our website. Each time you access one of the sub-pages of this website operated by the controller and on which a Google Analytics component has been integrated, the Internet browser is automatically authorised by the corresponding Google Analytics component to transmit data to Google for online analysis purposes. As part of this technical process, Google is informed of personal data such as the IP address of the data subject, which Google uses in particular to trace the origin of visitors and clicks and to enable subsequent billing of commissions.

Cookies are used to store personal information such as the time and place of access and the frequency of visits to our website by the person concerned. On each visit to our website, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the USA. This personal data is stored and processed by Google in the USA. Google may pass on this collected personal data to third parties via technical processes.

As already mentioned above, the data subject can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used, thereby permanently blocking the use of cookies. Such a configuration of the Internet browser used would also prevent Google from storing a cookie on the data subject's computer system. In addition, a cookie already stored by Google Analytics can be deleted at any time using the online browser or other software.

The data subject also has the option of objecting to the collection of data generated by Google Analytics in relation to this website and to the processing of this data by Google. To do this, the data subject must download and install a browser extension from tools.google.com/dlpage/gaoptout. This browser extension informs Google Analytics via JavaScript that no data and information relating to your visit to the website will be transmitted to Google Analytics. Google regards the installation of this browser extension as an objection. If the data subject's computer system is subsequently deleted, formatted or reinstalled, the data subject must reinstall the browser extension in order to deactivate Google Analytics. Insofar as the browser extension is uninstalled or deactivated by the data subject or another person within his or her sphere of influence, reinstallation or reactivation of the browser extension is possible.

Further information and Google's data protection guidelines can be found at www.google.fr/intl/fr/policies/privacy/ and www.google.com/analytics/terms/fr.html. This link explains Google Analytics in more detail at www.google.com/intl/de_de/analytics/.

 

14. Data protection guidelines for the use of Google Remarketing

The controller has integrated Google Remarketing services into this website. Google Remarketing is a function of Google Ads that enables a company to display advertising to users who have previously visited the company's website. The integration of Google Remarketing therefore enables a company to create personalised advertising and then display advertisements in line with the user's interests.

The company operating the Google Remarketing services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing enables us to display advertising tailored to the individual needs and interests of Internet users via the Google advertising network or on other websites.

Google Remarketing places a cookie on the data subject's computer system. Cookies have already been explained above. By storing a cookie, Google can recognise a visitor to our website when that visitor subsequently accesses websites that are also part of the Google advertising network. Each time a website on which the Google Remarketing service has been integrated is accessed, the Internet browser of the person concerned automatically identifies itself to Google. As part of this technical process, Google is informed of personal data such as the IP address of the person concerned or the user's browsing behaviour, which Google uses in particular to display personalised advertising.

Cookies are used to store personal information, such as the websites visited by the data subject. Personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the USA each time the user visits our website. This personal data is stored and processed by Google in the USA. Google may pass on this collected personal data to third parties via technical processes.

As already mentioned above, the data subject can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used, thereby permanently blocking the use of cookies. Such a configuration of the Internet browser used would also prevent Google from storing a cookie on the data subject's computer system. In addition, a cookie already stored by Google Analytics can be deleted at any time using the online browser or other software.

The data subject also has the option of objecting to personalised advertising by Google. To do this, the data subject must access the link www.google.fr/settings/ads from their Internet browser in order to make the appropriate settings.

Further information and Google's data protection guidelines can be found at www.google.fr/intl/fr/policies/privacy/.

 

15. Data protection guidelines for the use of Google Ads

The controller has integrated Google Ads into this website. Google Ads is an online advertising service that enables advertisers to display ads both in Google search results and in the Google advertising network. Google Ads enables an advertiser to define in advance certain keywords via which an ad is displayed in Google's search results when the user accesses a search result related to this keyword with the search engine. In the Google advertising network, ads are distributed using an automatic algorithm that takes into account the relevance of websites in relation to the keywords defined in advance.

The company operating the Google Ads services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google Ads is to promote our website by displaying personalised advertisements on the websites of third-party companies and in the results of the Google search engine, as well as to display third-party advertisements on our website.

If a data subject accesses our website via a Google ad, a conversion cookie is stored by Google on the data subject's computer system. Cookies have already been explained above. A conversation cookie loses its validity after thirty days and no longer allows the person concerned to be identified. By means of the conversion cookie, insofar as it is still valid, it is possible to determine whether the user has accessed certain sub-pages, for example the shopping basket of our website's online shop system. Thanks to the conversion cookie, both we and Google are able to determine whether a data subject who has accessed our website via an Ads ad has generated sales, i.e. whether or not an item has been purchased.

The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. We then use these visit statistics to determine the total number of users who have accessed our site via Ads, i.e. to determine the success or otherwise of the respective Ads and to optimise our Ads in future. Neither our company nor other Google Ads advertising clients receive any personally identifiable information from Google.

The conversion cookie stores personal information, such as the websites visited by the data subject. Personal data, including the IP address of the Internet connection used by the data subject, is therefore transmitted to Google in the USA each time our websites are visited. This personal data is stored and processed by Google in the USA. Google may pass on this collected personal data to third parties via technical processes.

As already mentioned above, the data subject can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used, thereby permanently blocking the use of cookies. Such a configuration of the Internet browser used would also prevent Google from storing a conversion cookie on the data subject's computer system. In addition, a cookie already stored by Google Ads can be deleted at any time using the online browser or other software.

The data subject also has the option of objecting to personalised advertising by Google. To do this, the data subject must access the link www.google.fr/settings/ads from their Internet browser in order to make the appropriate settings.

Further information and Google's data protection guidelines can be found at www.google.fr/intl/fr/policies/privacy/.

 

 

16. Data protection guidelines for the use of LinkedIn

The controller has integrated components of LinkedIn Corporation into this website. LinkedIn is an online social network that enables users to connect with existing professional contacts and to make new professional contacts. More than 400 million registered users in over 200 countries use LinkedIn. LinkedIn is therefore currently the world's largest platform for professional contacts and one of the most visited websites in the world.

The company operating LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection outside the United States.

Each time our website is accessed with a LinkedIn component (LinkedIn plugin), this component enables the browser used by the data subject to download a corresponding representation of the LinkedIn components. Further information on LinkedIn plugins can be found at developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about the specific sub-pages of our site that are accessed by the data subject.

Insofar as the data subject is connected to LinkedIn at the same time, LinkedIn identifies which specific sub-page the data subject is accessing each time the data subject accesses our website and for the entire duration of the respective visit to our website. This information is collected by the LinkedIn components and assigned by LinkedIn to the corresponding LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated into our website, LinkedIn links this information to the data subject's LinkedIn user account and saves this personal data.

Through the LinkedIn components, LinkedIn is then always informed that the data subject has visited our website if the data subject is simultaneously connected on LinkedIn when accessing. This is the case irrespective of whether the data subject clicks on the LinkedIn components or not. If the data subject does not want this information to be passed on to LinkedIn, he or she can prevent this by logging out of his or her LinkedIn account before accessing our website.

At www.linkedin.com/psettings/guest-controls, LinkedIn offers the option of deleting e-mail notifications, SMS notifications and targeted ads, as well as managing the configuration of ads. In addition, LinkedIn uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may store cookies. Such cookies can be refused at www.linkedin.com/legal/cookie-policy. LinkedIn's current data protection guidelines can be found at www.linkedin.com/legal/privacy-policy. LinkedIn's cookie policy can be accessed at www.linkedin.com/legal/cookie-policy.

 

17. Data protection directives relating to the use of SlideShare

The data controller has integrated SlideShare components into this website. As a file hosting service, LinkedIn SlideShare makes it possible to exchange and archive presentations and other documents such as PDF files, videos and online seminars. The file hosting service allows users to upload media content in all common formats. Documents can be either publicly accessible or private.

The company operating SlideShare is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection outside the United States.

LinkedIn SlideShare provides integration codes ("emebed codes") for stored media content (presentations, PDF files, videos, photos, etc.). Integration codes are programming codes that are integrated into websites in order to display external content on your own website. Integration codes make it possible to publish content on your own website without storing it on your own server, possibly infringing the copyright of the content's author. Another advantage of using an embed code is that the website operator does not have to use its own storage space, thus relieving the load on its own server. An embed code can be integrated at any point on another website so that external content can also be embedded within its own text. The purpose of using LinkedIn SlideShare is to relieve the load on our servers and to avoid copyright infringement when external content is used simultaneously.

Each time you access our website, which is equipped with a SlideShare component (integration codes), this component enables the browser used by the person concerned to download integrated SlideShare data. As part of this technical process, LinkedIn receives information about the specific sub-pages of our website that are accessed by the data subject.

Insofar as the data subject is connected to SlideShare at the same time, SlideShare identifies which specific sub-page the data subject is accessing each time the data subject accesses our web page and for the entire duration of the respective visit to our web page. This information is collected by the SlideShare components and assigned by LinkedIn to the corresponding SlideShare account of the person concerned.

Through the SlideShare components, LinkedIn is always informed that the person concerned has visited our website if the person concerned is simultaneously connected to SlideShare when accessing our website. This is the case regardless of whether or not the data subject clicks on the integrated media data. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent this by logging out of his or her SlideShare account before accessing our website.

In addition, LinkedIn uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may store cookies. Such cookies can be refused at www.linkedin.com/legal/cookie-policy. LinkedIn's current data protection guidelines can be found at www.linkedin.com/legal/privacy-policy.

 

18. Data protection guidelines for the use of Twitter

The controller has integrated Twitter components into this website. Twitter is a public micro-blogging service on which users can publish and broadcast "tweets", i.e. short messages limited to 280 characters. These short messages are accessible to everyone, even people who are not registered on Twitter. But tweets are also displayed to the "followers" of the respective user. Followers are other Twitter users who follow a user's tweets. What's more, Twitter makes it possible to reach a wide audience via hashtags, links or retweets.

The company operating Twitter is Twitter, Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the sub-pages of this website operated by the controller is accessed, on which a Twitter component (Twitter button) has been integrated, the Internet browser is automatically authorised by the corresponding Twitter component to download a representation of the corresponding Twitter component from Twitter to the data subject's computer system. Further information on Twitter buttons can be found at about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives information about the specific sub-pages of our website that are accessed by the data subject. The purpose of integrating Twitter components is to enable our users to disseminate the content of this website, to promote this website in the digital world and to increase our visitor numbers.

Insofar as the person concerned is connected to Twitter at the same time, Twitter identifies which specific sub-page the person is accessing each time they access our website and for the entire duration of their visit to our website. This information is collected by the Twitter components and assigned by Twitter to the relevant Twitter account of the person concerned. If the data subject clicks on one of the Twitter buttons integrated into our website, the data and information transmitted in this way is assigned to the data subject's personal Twitter account and stored and processed by Twitter.

Twitter will always be informed via the Twitter components that the data subject has visited our website if the data subject is logged into Twitter at the same time as accessing our website. This is the case regardless of whether or not the data subject clicks on the Twitter component. If the person concerned does not want this information to be passed on to Twitter, they can prevent this by logging out of their Twitter account before accessing our website.

Twitter's current data protection guidelines can be found at twitter.com/privacy.

 

19. Data protection guidelines for the use of Xing

The controller has integrated components of Xing into this website. Xing is an online social network that enables users to connect with existing business contacts and make new business contacts. Individual users can create a personal profile on Xing. Companies, for example, can create company profiles or publish job vacancies on Xing.

The company operating Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time you access one of the subpages of this website operated by the controller, on which a Xing component (Xing plugin) has been integrated, the Internet browser is automatically authorised by the corresponding Xing component to download a representation of the corresponding Xing component from Xing onto the data subject's computer system. Further information on Xing plugins can be found at dev.xing.com/plugins. As part of this technical procedure, Xing receives information about the specific sub-pages of our website accessed by the data subject.

Insofar as the data subject is connected to Xing at the same time, Xing identifies which specific sub-page the data subject is accessing each time the data subject accesses our website and for the entire duration of the respective visit to our website. This information is collected by the Xing components and assigned by Xing to the corresponding Xing account of the data subject. If the data subject clicks on one of the Xing buttons integrated into our website, for example the "Share" button, Xing links this information to the data subject's Xing user account and saves this personal data.

Through the Xing component, Xing is then always informed that the data subject has visited our website when the data subject is simultaneously logged into Xing when accessing our website. This is the case regardless of whether or not the data subject clicks on the Xing component. If the data subject does not want this information to be passed on to Xing, he or she can prevent this by logging out of his or her Xing account before accessing our website.

The data policy published by Xing, which can be accessed at www.xing.com/privacy/, provides information about the collection, processing and use of personal data by Xing. In addition, Xing has published data protection information for the Xing Share button at www.xing.com/app/share.

 

20. Data protection guidelines for the use of YouTube

The controller has integrated YouTube components into this website. YouTube is an online video portal which enables publishers to post video clips free of charge and other users to view, rate and comment on these videos. YouTube allows all types of videos to be published. This means that not only films and TV programmes, but also music videos, trailers and videos created by users can be accessed on the online portal.

The company operating YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time you access one of the sub-pages of this website operated by the controller, on which a YouTube component (YouTube video) has been integrated, the Internet browser is automatically authorised by the corresponding YouTube component to download a representation of the corresponding YouTube component from YouTube onto the data subject's computer system. Further information on YouTube can be found at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about the specific sub-pages of our website that are accessed by the data subject.

Provided that the data subject is connected to YouTube at the same time, YouTube identifies which specific sub-page the data subject is visiting each time he or she accesses our sub-page containing a YouTube video. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the person concerned.

By means of the YouTube component, YouTube and Google are always informed that the data subject has visited our website if the data subject is logged into YouTube at the same time as accessing our website. This is the case regardless of whether or not the data subject clicks on the YouTube component. If the data subject does not want this information to be passed on to YouTube and Google, he or she can prevent this by logging out of his or her YouTube account before accessing our website.

The data policy published by YouTube, which can be accessed at www.google.de/intl/de/policies/privacy/, provides information on the collection, processing and use of personal data by YouTube and Google.

 

21. Data protection guidelines for the use of DoubleClick

The controller has integrated components of DoubleClick by Google into this website. DoubleClick is a trademark of Google under which special online marketing solutions for advertising agencies and publishers are marketed.

The company operating the DoubleClick by Google component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

DoubleClick by Google transmits data to the DoubleClick server for each impression as well as for clicks and other activities. Each of these data transmissions results in a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick by Google places a cookie on the data subject's computer system. Cookies have already been explained above. The purpose of these cookies is to optimise and display advertising. In particular, the cookie is used to activate and display personalised advertising and to compile or improve reports relating to advertising campaigns. The cookie is also used to prevent multiple displays of the same advertisement.

DoubleClick uses a cookie-ID that is necessary for the technical process. In particular, the cookie ID is required to display an advertisement in a browser. In addition, the cookie ID enables DoubleClick to know which advertisements have already been displayed in a browser in order to avoid double activation. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser's website using the same Internet browser.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain an additional campaign identifier. A campaign identifier makes it possible to identify campaigns with which the user has already been in contact.

Each time a user accesses one of the sub-pages of this website operated by the controller on which a DoubleClick component has been integrated, the Internet browser is automatically authorised by the corresponding DoubleClick component to download data to the data subject's computer system for the purposes of online advertising and billing Google for commissions. As part of this technical process, Google is informed of the data which is also used by Google to bill commissions. In particular, Google is able to determine whether the data subject has clicked on certain links on our website.

As already mentioned above, the data subject can prevent the use of cookies by our website at any time by making the appropriate settings in the Internet browser used, thereby permanently blocking the use of cookies. Such a configuration of the Internet browser used would also prevent Google from storing a cookie on the data subject's computer system. In addition, cookies stored by Google can be deleted at any time using an Internet browser or other software programme.

Further information and DoubleClick's data protection guidelines can be found at www.google.fr/intl/fr/policies/policies/.

 

22. Legal basis for processing

Art. 6 I l. a of the GDPR serves as the legal basis for our company for processing processes for which we request authorisation for a particular purpose of processing. If the processing of personal data is necessary for the performance of the contract whose contracting party is the data subject, as is the case, for example, for processing operations that are necessary for the delivery of goods or the provision of other services, then the processing is based on art. 6 I l. b of the RGPD. The same applies to processing operations that are necessary for pre-contractual measures, such as enquiries about our products or services. If our company is subject to a legal obligation that makes the processing of personal data necessary, such as for the fulfilment of tax obligations, then the processing is based on art. 6 I lit. C of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor has been injured in our company and subsequently his or her name, age, health card details or other vital information must be sent to a doctor, hospital or third party. The processing would then be based on art. 6 l. d of the RGPD. Lastly, processing operations may be based on art. 6 l. f of the GDPR. Other processing operations based on this legal basis are those that do not form part of any of the aforementioned legal bases and which are necessary in order to guarantee a justified interest of our company or of a third party, insofar as the interests, basic rights and basic freedoms of the data subject do not predominate. Such processing operations are particularly authorised because they have been specifically mentioned by the European legislator. In this context, it stipulates that a justified interest may be assumed when the data subject is a customer of the controller (Recital 47 sentence 2 of the GDPR).

 

23. Justified interests for processing carried out by the controller or a third party

If the processing of personal data is based on art. 6 l. f of the RGPD, our justified interest is the performance of our business activity for the benefit of the well-being of all our employees and shareholders.

 

24. Duration of storage of personal data

The criterion for the duration of the storage of personal data is the respective legal retention period. Once this period has expired, the relevant data will be deleted as a matter of routine, insofar as it is no longer required for the performance of the contract or the preparation of the contract.

 

25. Legal or contractual directives for the provision of personal data; necessity for the conclusion of the contract; undertaking by the data subject to provide personal data; possible consequences of failure to provide data

We would like to explain that the provision of personal data is in some cases required by law (e.g. tax regulations) or may result from contractual regulations (e.g. details of the contractual partner). In order to conclude a contract, it may be necessary for a data subject to provide us with personal data which we will then have to process. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with him or her. Failure to provide personal data would result in the contract with the data subject not being concluded. Before a data subject provides us with personal data, he or she should contact one of our employees. On a case-by-case basis, our employee will explain to the data subject whether the provision of personal data is required by law or contract or necessary for the conclusion of the contract, whether he or she is obliged to provide the personal data, and what the consequences of not providing the personal data would be.

 

26. Existence of an automated decision-making process

As a responsible company, we refrain from any automated decision-making process or profiling.