Data protection law information for the website

Dear Sir/Madam,

we inform you with the following data protection information about the processing of your personal data in the context of the use of our website.

A. The party responsible for data processing

CRONIMET Holding GmbH
Südbeckenstr. 22
76189 Karlsruhe
Telefon +49 721 95225-0
mail@cronimet.de

B. Data protection officer

CRONIMET Holding GmbH
Datenschutzbeauftragter
Südbeckenstr. 22
76189 Karlsruhe
Telefon +49 721 95225-0
datenschutz@cronimet.de

C. Purposes and legal basis of processing, data categories

1. Website access

If you only use our website for informational purposes, for instance if you do not register on the website or provide us with any information in some other manner (for instance via e-mail or using a contact form), we collect the following technical information (log file data):

• operating system of the device you use to visit our website

• browser (type, version & language settings)

• accessed quantity of data

• current IP address of the device you use to visit our website

• date and time of the access

• URL of the last visited website (referrer)

• URL of the (sub-)page you access on the website

• Internet service provider for the accessing system.

This data must be collected for technical reasons, in order to display our website and ensure it remains stable and secure. We (and our service providers) do not typically know who is using which IP address. We do not combine this data with any other data.

The legal basis for this processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Since we must collect this data to provide our website and we must store it in log files to operate our page and protect ourselves from misuse, our legitimate interest in data processing outweighs any user rights.

2. Contact by e-mail or contact form

When you contact us via e-mail or using a contact form, we store the data you provide (your e-mail address, and your name and telephone number if provided) to answer your questions and process your inquiry. The legal basis for this processing is Art. 6 para. 1 sent. 1 lit. f GDPR.

If we request information through our contact form and this information is not necessary to contact you, it will always be marked as optional. We use this information to better understand your inquiry and process your question. Such information is provided on a solely voluntary basis, and with your consent (Art. 6 para. 1 sent. 1 lit. a GDPR). Insofar as this includes information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to answer your inquiry. Of course, you can revoke this consent at any time with future effect.

Any data we collect in order to contact you is deleted once we no longer need it for this purpose, once we have processed your inquiry in full and we no longer need to communicate with you, or once you request that we stop communication. As a controller under data protection law, our company has implemented many different technical and organisational measures to ensure the most seamless protection possible for the personal data we process via our website. However, web-based data transmissions may always be subject to gaps in security. It is not possible to guarantee absolute protection. Non-encrypted e-mails are never entirely secure. Because of this, we request that you never send sensitive data in a non-encrypted e-mail. Instead, either use encrypted communication channels (e.g. our contact form) or send us your data by post.

3. Applications

You can apply online via our application portal at https://cronimet.softgarden.io/de/vacancies. Your online application will be forwarded there directly to the HR department via an encrypted connection and will of course be treated confidentially.

You can also apply to our company electronically, e.g. via e-mail or web form. Please note that e-mails sent unencrypted will not be protected against unauthorized access.

Your data will be used for the processing of your application and the decision on the establishment of an employment relationship. The legal basis is § 26 para. 1 in conjunction with para. 8 sent. 2 Federal Data Protection Act (“BDSG”). Furthermore, your personal data may be processed insofar as this should be necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 sent. 1 lit. f GDPR. The stated purposes also constitute the legitimate interest in the processing.

If an employment relationship is formed between you and us, we may, in accordance with § 26 para. 1 BDSG, further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works agreement or a service agreement.

Your application data will not be processed beyond the described use.

Your personal data will be deleted after completion of the application process after 6 months at the latest, provided that no other legitimate interests on our part oppose deletion or you have not given us consent for longer storage. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (“AGG”).

4. Friendly Captcha

We use the “Friendly Captcha” service of Friendly Captcha GmbH, Am Anger 3–5, 82237 Woerthsee on our websites. We use Friendly Captcha to protect our website from spam and bots. In order to find out whether entries on the website are made by a human or automatically by a programme, Friendly Captcha analyses various information:

• the request headers user-agent, origin and referrer

• the puzzle itself, which contains information about the account and the website key to which the puzzle relates

• the version of the widget

• a timestamp.

An anonymised counter per IP address is stored to dynamically scale the puzzle difficulty on the edge network. The IP address is anonymised and the information is stored separately from the other personal data.

We use Friendly Captcha to ensure the security of our website and therefore base the data processing on Art. 6 para. 1 sent. 1 lit. f GDPR. You can find further information under https://friendlycaptcha.com/de/legal/privacy-end-users/

5. Cookies

Cookies are data that are stored on your computer by a website you visit and allow your browser to be reassigned. Cookies transmit information to the entity that sets the cookie. Cookies can store various information, such as your language preference, the duration of your visit to our website or the entries you have made there. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet more user-friendly and effective.

There are different types of cookies: session cookies are sets of data that are only temporarily held in memory and are deleted when you close your browser. Permanent or persistent cookies ae automatically deleted after a specified duration, which may vary depending on the cookie. The information can also be stored in text files on your computer with this type of cookie. However, you can also delete these cookies at any time via your browser settings.

The legal basis for possible processing of personal data by means of cookies and their storage period may vary. Insofar as you have given us your consent, the legal basis is Art. 6 para. 1 sent. 1 lit. a GDPR. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR. The stated purpose them corresponds to our legitimate interest./p>

We use cookies to ensure the proper operation of the website and to provide basic functionality.

You can delete cookies already stored on your end device at any time. If you want to prevent cookies from being stored, you can do this via the settings in your internet browser. You can find instructions for common browsers here: Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Google Chrome mobile, Microsoft Edge Browser, Safari, Safari mobile. Alternatively, you can also install ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.

6. Social Bookmarks

Social bookmarks of the following providers are integrated on our website:

• Facebook (provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), https://de-de.facebook.com/policy.php

• Xing (provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany), https://privacy.xing.com/de/datenschutzerklaerung

• LinkedIn (provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland), https://de.linkedin.com/legal/privacy-policy

• Instagram (provider: Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA), https://help.instagram.com/519522125107875/?maybe_redirect_pol=0

Social bookmarks are Internet bookmarks that allow users of such a service to collect links and news reports. These are only integrated on our website as a link to the corresponding services. These plugins usually collect data from you by default and transmit it to the servers of the respective provider. To ensure the protection of your privacy, we have taken technical measures to ensure that your data cannot be collected by the providers of the respective plugin without your consent. When you call up a page on which the plugins are integrated, they are initially deactivated. Only by clicking on the respective icon are the plugins activated and you thereby give your consent for your data to be transferred to the respective provider.

The legal basis for the use of the plugins is Art. 6 para. 1 sent. 1 lit. a GDPR. For information on the handling of your personal data when using these websites, please refer to the respective privacy policies of the providers.

D. Recipients or categories of recipients of personal data

As a matter of principle, your personal data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship, or you have previously expressly consented to the transfer of your data.

External service providers and partner companies, such as a shipping company commissioned with the delivery, only receive your data insofar as this is necessary to process your order/your request. In these cases, however, the scope of the transmitted data is limited to the necessary minimum. Insofar as our service providers process your personal data on our behalf, we ensure within the scope of processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the data protection information of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We value the fact that your personal data is processed within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contract clauses, Binding Corporate Rules, or special agreements to whose regulations the company can submit.

E. Duration of storage

Personal data is generally deleted after expiry of the legal (primarily trade and tax law) retention periods. If personal data is not affected by legal retention obligations, it will be deleted when it is no longer required for the purposes described in section C. above. A different retention period may apply if you consented when the data was collected.

F. Rights of data subjects

You have the right to receive information about your personal data we have saved, the right to arrange for incorrectly saved personal data to be corrected or – if relevant – to change or revoke your consent to data processing at any time, including without providing a reason with future effect, the right to restrict the processing of your personal data with future effect, to revoke the processing of your personal data with future effect or to demand the deletion of your personal data. Under the conditions set out in Art. 20 GDPR, you have the right to receive the personal data concerning you, which has been saved, in a structured, commonly used and machine-readable format and the right to transmit that data to another responsible party without hindrance on our part.

To exercise your rights, you may contact our data protection officer mentioned in section B above. In order to avoid possible cases of misuse, we may require that inquiries be accompanied by a handwritten signature or that the inquirer otherwise legitimize himself.

Furthermore, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

G. Changes to this privacy policy

Constant technological development, changes to our services or the legal situation and other reasons may require adjustments to our data protection notice. We therefore reserve the right to change this privacy policy at any time with effect for the future. The current version is available on our website. Please visit our website regularly and inform yourself about the applicable data protection provisions.

Data protection law information for business partners and prospective business partners

Dear Sir/Madam,

we inform you with the following data protection information about the processing of your personal data in the context of the contractual relationship or contract initiation.

A. The party responsible for data processing and contact details of the data protection officer

B. Following CRONIMET subsidiaries come also into question as a party responsible for data processing

You can reach the data protection officer by post at the above address by stating “Data protection officer” or by email via: datenschutz@cronimet.de.

C. Data categories, purposes and legal basis of processing

We process your personal data which we receive from you within the scope of the business relationships or contract initiation. This is generally contact data (name, address, telephone number and email address) and, if required as part of the business transaction, bank and payment (transaction) data (bank, account details, reference, and credit card information if applicable), information from publicly available sources, information databases and credit check agencies (e.g. Internet, trade register, credit agencies) as well as other data, which you voluntarily provide us with within the scope of processing a project or a contractual relationship within the scope of contract negotiations (e.g. business cards). We process your personal data exclusively within the scope of the legal terms, particularly under consideration of the regulations of the General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (“BDSG”). We process your personal data on the basis of the following described legal bases and for the purposes of

• contract negotiation, contract implementation and termination of the contractual relationship (Art. 6 para. 1 sent. 1 lit. b GDPR) e.g. fulfilment of a contract (e.g. delivery or performance of a service and payment transaction), general communication with business partners e.g. answering enquiries about products and services, contract negotiations etc.;

• based on consent given (Art. 6 para. 1 sent. 1 lit. a GDPR) e.g. despatch of newsletters or information correspondence, participation in marketing campaigns or surveys etc.;

• based on legal stipulations (Art. 6 para. 1 sent. 1 lit. c GDPR), e.g. to fulfil trade law or tax law retention obligations, to fulfil reporting or information obligations towards authorities, etc.;

• based on a legitimate interest (Art. 6 para. 1 sent. 1 lit. f GDPR); e.g. measures for IT security or measures to ensure proper business operations, to protect the company code, for the protection of property and the investigation of criminal offences, to enforce legal claims or defend legal disputes, to ensure compliance requirements, etc.

As we also use the contact data of the person you have nominated to us as a contact partner, we ask you to pass on this information to the affected employees within your company.

D. Recipients or categories of recipients of personal data

We transmit your personal data to authorities/public bodies if required due to primary legal regulations. If necessary, we transmit your personal data to companies within our company group if required to fulfil the purposes stated above in section C. We employ external service providers for various business transactions as assignment processors in terms of Art. 28 GDPR. We have concluded order data processing contracts with these service providers to ensure that your personal data is protected. The above described recipients may also be located in countries outside of the European Economic Area (“third countries”). Third countries may not have the same level of data protection as in the European Economic Area. If data transmission takes place in a third country, we ensure that this transmission only takes place according to the terms of the legal regulations (chapter V GDPR).

E. Duration of storage

Personal data is generally deleted after expiry of the legal (primarily trade and tax law) retention periods. If personal data is not affected by legal retention obligations, it will be deleted when it is no longer required for the purposes described in section C. above. A different retention period may apply if you consented when the data was collected.

F. Rights of data subjects

You have the right to receive information about your personal data we have saved, the right to arrange for incorrectly saved personal data to be corrected or – if relevant – to change or revoke your consent to data processing at any time, including without providing a reason with future effect, the right to restrict the processing of your personal data with future effect, to revoke the processing of your personal data with future effect or to demand the deletion of your personal data. Under the conditions set out in Art. 20 GDPR, you have the right to receive the personal data concerning you, which has been saved, in a structured, commonly used and machine-readable format and the right to transmit that data to another responsible party without hindrance on our part.

In addition, you may contact our data protection officer mentioned in section B. above. In order to avoid possible cases of misuse, we may require that inquiries be accompanied by a handwritten signature or that the inquirer otherwise legitimize himself.

Furthermore, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

Data protection law information for video conferences

Dear Sir/Madam,

we inform you with the following data protection information about the processing of your personal data in the context of the participation in video conferences.

A. The party responsible for data processing and contact details of the data protection officer

B. Following CRONIMET subsidiaries come also into question as a party responsible for data processing

You can reach the data protection officer by post at the above address by stating “Data protection officer” or by email via: datenschutz@cronimet.de.

C. Purposes and legal basis of processing, data categories

We process your personal data that we receive from you in the course of using the video conferencing systems (in particular “Skype for Business”).

The following personal data are subject to processing:

• User details: First name, last name, phone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional).

• Meeting metadata: Topic, description (optional), attendee IP addresses, device/hardware information.

• If recording (optional): MP4 file of all video, audio and presentation recordings.

• When dialling in with the telephone: information about the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

• Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Skype” applications.

To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing:

• We use in particular “Skype for Business” to conduct “online meetings”. If we want to record “online meetings”, we will transparently communicate this to you in advance and – if necessary – ask for consent (Art. 6 para. 1 sent. 1 lit. a GDPR). The fact of the recording will also be displayed to you in the “Skype for Business” app.

If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will generally not be the case.

In detail, your personal data will be processed for the following purposes and on the basis of the following legal grounds:

• Art. 6 para. 1 sent. 1 lit. f GDPR: Our legitimate interest in these cases is the effective implementation of “online meetings”.

• Art. 6 para. 1 sent. 1 lit. b GDPR: Insofar as the “online meetings” take place in the context of contract initiation, contract execution and termination of contractual relationships, e.g. fulfilment of a contract (such as delivery or provision of a service and payment processing) or general communication with business partners (such as answering inquiries about products and services, contract negotiations, etc.).

• Art. 6 para. 1 sent. 1 lit. a GDPR: Giving consent when recording the video conference.

D. Recipients or categories of recipients of the personal data

The names of all participants are transferred to all participants by the software; if necessary, the software offers the separate option of entering the participant data. If the data subject has activated their camera and microphone, data is transferred to all other participants.

Personal data processed in connection with participation in “online meetings” will generally not be disclosed to third parties unless it is specifically intended for disclosure. Please note that, as in the case of face-to-face meetings, content from “online meetings” is often used precisely to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

In addition, your personal data will be transferred to the processors commissioned to carry out the video conferences and, if applicable, to their subcontractors. Insofar as our service providers process your personal data on our behalf, we ensure within the scope of processing pursuant to Art. 28 GDPR that they comply with the provisions of the data protection laws in the same manner. Please also note the data protection information of the respective providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We value the fact that your personal data is processed within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contract clauses, Binding Corporate Rules, or special agreements to whose regulations the company can submit.

E. Duration of the storage of personal data

Your personal data will be processed for the duration of the fulfilment of the purposes set out in section C. above; the data processing is necessary for the duration of the video conference, for example. Personal data is generally deleted after expiry of the legal (primarily trade and tax law) retention periods. If personal data is not affected by legal retention obligations, it will be deleted when it is no longer required for the purposes described in section C. above. A different retention period may apply if you consented when the data was collected.

F. Rights of data subjects

You have the right to receive information about your personal data we have saved, the right to arrange for incorrectly saved personal data to be corrected or – if relevant – to change or revoke your consent to data processing at any time, including without providing a reason with future effect, the right to restrict the processing of your personal data with future effect, to revoke the processing of your personal data with future effect or to demand the deletion of your personal data. Under the conditions set out in Art. 20 GDPR, you have the right to receive the personal data concerning you, which has been saved, in a structured, commonly used and machine-readable format and the right to transmit that data to another responsible party without hindrance on our part.

In addition, you may contact our data protection officer mentioned in section B. above. In order to avoid possible cases of misuse, we may require that inquiries be accompanied by a handwritten signature or that the inquirer otherwise legitimize himself.

Furthermore, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

G. Changes to this privacy policy

Constant technological development, changes to our services or the legal situation and other reasons may require adjustments to our data protection notice. We therefore reserve the right to change this privacy policy at any time with effect for the future. The current version is available on our website. Please visit our website regularly and inform yourself about the applicable data protection provisions.

Data protection law information for social media channels

Dear Sir/Madam,

we inform you with the following data protection information about the processing of your personal data in the context of our social media channels. If you have any further questions regarding the handling of your personal data, please do not hesitate to contact our data protection officer.

A. The party responsible for data processing

CRONIMET Holding GmbH
Südbeckenstr. 22
76189 Karlsruhe
Telefon +49 721 95225-0
mail@cronimet.de

B. Data protection officer

CRONIMET Holding GmbH
Data protection officer
Südbeckenstr. 22
76189 Karlsruhe
Telefon +49 721 95225-0
datenschutz@cronimet.de

C. Social media channels

We operate the following social media websites to draw attention to ourselves:

• LinkedIn

• Instagram

• TikTok

• Facebook

• YouTube

• Xing

• Kununu.

The operators of the following social media channels share responsibility with us:

• LinkedIn

• Instagram

• TikTok

• Facebook

• YouTube

• Xing

• Kununu.

Where our influence on data processing ends, the limit of our responsibility is reached. At these points, it is not possible for us to influence the data processing by the operator of the social media channel. We are therefore unable to provide any information about what personal data is processed by them. For further information on the processing of the collected personal data and the possibilities to object, we refer to the corresponding data protection declarations of the channel operators.

D. Data processing by us

Submitted data such as comments, videos, pictures, likes, public messages that you leave on our social media channels may be published by the social media platforms. These will only be used or processed by us for the following purposes.

Personal data transmitted to us via social media by private message, such as documents or communication data, will not be published by us, but it cannot be ruled out that the social media operator will process or publish this data.

We would like to point out that we do not wish to receive applications via messengers, such as Facebook Messenger, as these cannot guarantee the protection of your personal data to the extent that is required and desired on our part.

We also reserve the right to delete content should this be necessary. We may share your content on our site if this is a function of the social media platform and permissible and communicate with you via the social media platform.

The legal basis for our data processing within the framework of the social media channels is Art. 6 para. 1 sent. 1 lit. f GDPR. The data processing is carried out in the interest of our public relations work and timely communication.

The social media providers are partly located in the USA and other countries outside the EU and the EEA. The data may therefore also be processed by the provider of the respective platform in countries outside the EU and EEA. Please note that companies in these countries may be subject to data protection laws that do not offer the same level of protection for your personal data as is the case in the member states of the EU.

We would also like to point out that we have no influence on the scope, type and purpose of the data processing by the provider of the social media platform. You can find more information about the processing of your data by the social media providers in the privacy policy of the respective platform provider.

E. Data processing by social media channels

On our website, you will find links to other company websites on social media platforms. You can recognise links to the websites of the social media services by the respective company logo, for example. If you follow these links, you will reach our corporate presence on the respective social media platform. When you click on a link to such a platform, a connection to the platform's servers is established. This transmits to the servers of the platform that you have visited our website.

In addition, further data is transmitted to the provider of the platform. This may include the following data:

• address of the website on which the activated link is located

• date and time the website was accessed or the link was activated

• information on the browser and operating system used

• IP address.

We expressly draw your attention to the fact that the social media provider stores the data (e.g. IP address, preferences and personal interests, behavior on the platform, any personal information stored on the platform, etc.) of users and uses it for business purposes.

We would like to point out that the respective operator of the social media platform uses web tracking methods. We would also like to point out that web tracking could also take place regardless of whether you are logged in and/or registered with the social media platform. It is not possible for us to influence the web tracking methods of the platforms. If, for example, you would like to switch off the web tracking, you must arrange this on the respective website of the operator.

If you are a member of the social media channels and are logged into your user account, the social media provider can associate your visit to our page with your user account. If you would like to prevent the provider from linking data about your visit to our fan page with your membership data stored with the platform, you must

• log out of the social media platform before each visit to our fan page,

• delete the cookies stored on your device and

• close and restart your browser.

In this way, according to the social media providers, all information through which you can be identified by social media providers is deleted.

It cannot be ruled out that the provider of the social media platform uses your data to create a profile about you, for example, and thus generates tailored advertising for you.

For more information on data processing by the provider of the social media platform and further objection options, you can view the privacy statements of the respective operators here:

• LinkedIn:

  https://de.linkedin.com/legal/privacy-policy

  and

  https://de.linkedin.com/legal/cookie-policy

• Instagram:

  https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

• TikTok:

  https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE

  and

  https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de-DE

• Facebook:

  https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

• YouTube:

  https://policies.google.com/privacy?hl=de

• Xing:

  https://privacy.xing.com/de/datenschutzerklaerung

• Kununu:

  https://www.kununu.com/de/info/agb#h3-datenschutz

  and

  https://privacy.xing.com/de/datenschutzerklaerung

Instagram, TikTok, YouTube (Google), Xing and Kununu unfortunately do not currently provide an addendum or similar.

F. LinkedIn

We operate our LinkedIn company page to inform you and to communicate with you as a user, interested party or potential employee/applicant.

The provider of the platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

In accordance with LinkedIn's terms of use, which each user must agree to when creating a LinkedIn profile, we may identify subscribers to our site and view their profiles or other shared information. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our company page or comment on our posts. We therefore only collect personal data that has become an obvious part of our LinkedIn company page through your participation.

LinkedIn uses small text files that are stored on the various end devices of the users (cookies) to store and further process this information. According to LinkedIn, the cookies used by LinkedIn are for authentication, security, settings, personalised advertising features and services, and analysis and research. You can view details of the cookies used by LinkedIn here: https://de.linkedin.com/legal/cookie-policy

The operation of the LinkedIn company page, including the processing of users' personal data, is legal based on Art. 6 para. 1 sent. 1 lit. f GDPR in order to safeguard our legitimate interests in providing information and interaction opportunities via LinkedIn for and with our users and visitors. For the LinkedIn retargeting cookie and applications via our LinkedIn company page, your consent serves as the legal basis, Art. 6 para. 1 sent. 1 lit. a GDPR. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 sent. 1 lit. b GDPR. We delete personal data as soon as the purpose of the data processing has been achieved and there are no further legal grounds against the deletion of the data. In the case of data transfers outside the EU or EEA, LinkedIn states that it guarantees an adequate standard of protection as defined in Art. 44 etc seq. GDPR. This is implemented in particular by concluding standard contractual clauses.

Further information on data processing can be found in LinkedIn's privacy policy here: https://de.linkedin.com/legal/privacy-policy

G. Instagram

We operate our Instagram company page to inform you and to communicate with you as a user, interested party, business partner or potential employee/applicant.

The platform provider is Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA.

When calling up Instagram profiles, personal data (e.g. IP address or information on the end device) may already be collected by Instagram. If you carry out an action on our Instagram company website (e.g. comments, posts, likes, etc.), it may be that you make personal data (e.g. clear name or photo of your user profile) public. Every user is free to publish personal data through activities. The user information is used, among other things, to provide us as operators of the company pages with statistical information about the use of the pages. However, since we generally or to a large extent have no influence on the processing of your personal data by Instagram, we cannot make any binding statements about the purpose and scope of the processing of your data.

The legal basis for the operation of our Instagram company page and the associated data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors. The use of tracking and analysis tools by Instagram is based on Art. 6 para. 1 sent. 1 lit. a GDPR. To ensure appropriate safeguards for the protection of the transfer and processing of personal data outside the EU or EEA, the transfer of data to and processing of data by Instagram is based on appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular by concluding so-called standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Further information on data processing can be found in Instagram's privacy policy here: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

H. TikTok

We operate our TikTok company website to inform you and communicate with you as a user, interested party, business partner or potential employee/applicant.

The provider of the platform is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

TikTok may collect data when you visit our company website. In the context of interactive functions (e.g. commenting, sharing, rating), personal data is also processed by TikTok. Based on the processed user data, TikTok provides us with statistical evaluations and analyses. TikTok does not disclose full information about the processing of user data for its own purposes. Therefore, it is not possible for us to provide binding information on the processing of user data by TikTok.

The processing of your data when contacting or interacting with our company website or its content is carried out by us on the legal basis of Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors. If data transfers to third countries outside the EU or the EEA occur, TikTok states that it takes appropriate safeguards within the meaning of Art. 44 et seq. GDPR.

Further information on data processing can be found in TikTok's privacy policy here: https://www.tiktok.com/legal/page/eea/privacy-policy/de-DE and https://www.tiktok.com/legal/tiktok-website-cookies-policy?lang=de-DE

I. Facebook

We operate our Facebook company page to inform you and to communicate with you as a user, interested party, business partner or potential employee/applicant.

The platform provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Via the so-called “Insights” of the Facebook page, statistical data of different categories are available to us. These statistics are generated and provided by Facebook. As the operator of the company page, we have no influence on the generation and presentation of these statistics. We cannot disable this function or prevent the generation and processing of the data.

For a selectable period of time and for the categories “fans”, “subscribers”, “reached persons” and “interacting persons”, the following data is provided by Facebook in relation to our Facebook company page:

• Total number of page views, likes, page activity, post interactions, reach, video views, post reach, comments, shared content, replies, proportion of men and women, country and city origin, language, clicks on route planners, clicks on telephone numbers.

• Data on the Facebook groups linked to our Facebook company page are also provided in this way.

We use this data, which is available in aggregated form, to make our posts and activities on our Facebook page more attractive to users. In this context, we receive anonymised data on the users of our Facebook fan page. It is therefore not possible for us to draw any conclusions about your person. For example, we use the distribution according to age and gender for an adapted approach and the preferred visiting times of the users for a time-optimised planning of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of the posts accordingly. In accordance with the Facebook terms of use, which each user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles as well as other information shared by them.

The processing of your data when contacting or interacting with our company website or its content is carried out by us on the legal basis of Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors. If data transfers to third countries outside the EU or the EEA occur, Facebook states that it will take appropriate safeguards in accordance with Art. 44 et seq. GDPR.

Further information on data processing can be found in Facebook's privacy policy here: https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer

J. YouTube

We operate our YouTube company page to inform you and to communicate with you as a user, interested party, business partner or potential employee/applicant.

The platform provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, and stored and used in, the United States, Ireland and any other country in which Google does business, regardless of your country of residence. There is a transfer to Google-affiliated companies as well as to other trustworthy companies or persons who process them on behalf of Google. On the one hand, Google processes your voluntarily entered data such as name and user name, email address or telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. On the other hand, Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location using GPS data, wireless network information or your IP address in order to send you advertising or other content. Google may use analysis tools such as Google Analytics for evaluation purposes. We have no influence on the use of such tools by Google and have not been informed about such potential use. If tools of this type are used by Google for our company page on YouTube, we have neither commissioned this nor supported it in any other way. Nor will the data obtained during the analysis be made available. Only certain data of the subscribers' profiles are visible to us via our account. Moreover, we have no possibility to prevent or turn off the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID) as well as the search terms you used and cookie information.

We have embedded YouTube videos in our newsroom on the website, which are stored on http://www.YouTube.com and can be played directly from our website. In principle, when you call up a page with embedded videos, your IP address is already sent to YouTube/Google and cookies are installed on your computer. However, we have embedded our videos in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube/Google if you do not play the videos. Only when you click on the video to play it will the following data be transmitted: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted, website from which the request came, browser, operating system and its interface, language and version of the browser software, hardware used (PC, smartphone, etc.), location (if Google Maps is activated). We have no influence on this data transmission. By visiting our website and playing the videos, YouTube/Google receives the information that you have accessed the corresponding sub-page of our website. If you are logged in to Google, this data is directly assigned to your account. If you do not wish this to be associated with your YouTube profile, you must log out before activating the button. We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect.

The processing of your data when contacting or interacting with our company website or its content is carried out by us on the legal basis of Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors.

You have options to restrict the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers specific privacy settings on YouTube. For more information on data processing, please see the Google and YouTube privacy policy here: https://policies.google.com/privacy?hl=de&gl=de#infocollect and https://policies.google.com/technologies/product-privacy?hl=de&gl=de and https://policies.google.com/privacy?hl=de&gl=de#infochoices

K. Xing

We operate our Xing company page to inform you and to communicate with you as a user, interested party or potential employee/applicant.

The platform provider is Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany.

While you are using Xing, user data is automatically processed by the provider. Through interactions on the platform (commenting, sharing content, etc.), further data processing may occur. We would like to point out that we, as the provider of our company website, have no knowledge of the content of the transmitted data or its use by Xing. We have no influence on the scope of the data that Xing collects.

The processing of your data when contacting or interacting with our company website or its content is carried out by us on the legal basis of Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 sent. 1 lit. b GDPR. If data is collected by Xing for the purpose of measuring and optimising advertising, the legal basis is Art. 6 para. 1 lit. a GDPR. We delete personal data as soon as the purpose of the data processing has been achieved and there are no further legal grounds against the deletion of the data. Should data transfers to third countries outside the EU or EEA occur, Xing guarantees an adequate standard of protection within the meaning of Art. 44 et seq. GDPR.

Further information on data processing can be found in Xing's privacy policy here: https://privacy.xing.com/de/datenschutzerklaerung

L. Kununu

We operate our Kununu company page to inform you and to communicate with you as a user, interested party or potential employee/applicant.

The provider of the platform is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

While you are using Kununu, the provider automatically processes user data. Through interactions on the platform (commenting, sharing content, etc.), further data processing may occur. According to Kununu, personal data is only collected, processed and/or used if the users have consented or if this is permitted by law. We would like to point out that we, as the provider of our company website, have no knowledge of the content of the transmitted data or its use by Kununu. We have no influence on the scope of the data that Kununu collects.

The processing of your data when contacting or interacting with our company website or its content is carried out by us on the legal basis of Art. 6 para. 1 sent. 1 lit. f GDPR. Our legitimate interest is the interaction or communication with our users and visitors. Further legal bases for data processing may arise in individual cases from Art. 6 para. 1 sent. 1 lit. b GDPR. If data is collected by Kununu for the purpose of measuring and optimising advertising, the legal basis is Art. 6 para. 1 sent. 1 lit. a GDPR. We delete personal data as soon as the purpose of the data processing has been achieved and there are no further legal grounds against the deletion of the data. Should data transfers to third countries outside the EU or EEA occur, Kununu (Xing) guarantees an adequate standard of protection within the meaning of Art. 44 et seq. GDPR.

For more information on data processing, please see Kununu's privacy policy here: https://www.kununu.com/de/info/agb and https://privacy.xing.com/de/datenschutzerklaerung

M. Rights of data subjects

You have the right to receive information about your personal data we have saved, the right to arrange for incorrectly saved personal data to be corrected or – if relevant – to change or revoke your consent to data processing at any time, including without providing a reason with future effect, the right to restrict the processing of your personal data with future effect, to revoke the processing of your personal data with future effect or to demand the deletion of your personal data. Under the conditions set out in Art. 20 GDPR, you have the right to receive the personal data concerning you, which has been saved, in a structured, commonly used and machine-readable format and the right to transmit that data to another responsible party without hindrance on our part.

To exercise your rights, you may contact our data protection officer mentioned in section B above. In order to avoid possible cases of misuse, we may require that inquiries be accompanied by a handwritten signature or that the inquirer otherwise legitimize himself.

Furthermore, without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.

N. Changes to this privacy policy

Constant technological development, changes to our services or the legal situation and other reasons may require adjustments to our data protection notice. We therefore reserve the right to change this privacy policy at any time with effect for the future. The current version is available on our website. Please visit our website regularly and inform yourself about the applicable data protection provisions.