Data Protection statement

Data Protection is of especially great importance for our company. It is essentially possible to use the website without providing any personal data. Should a particular person wish to make use of special services of our company online, however, it may be necessary to process personal data. Should the processing of personal data be required, and should no legal basis exist for such processing, we will obtain the prior consent of the person concerned.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in line with the Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) that comes into force on 25/05/2018, and any laws which likewise apply. With this Data Protection statement, our company would like to provide information on the nature, scope and purpose of the personal data processed by us, and explain to persons concerned what rights they are entitled to assert.

Our company has implemented numerous technical and organisational measures in order to ensure that any personal data processed is protected as comprehensively as possible. Web-based data transmission may, however, possibly contain security gaps, so that absolute protection cannot be guaranteed.

1 Definitions

Our company’s Data Protection statement is based on the General Data Protection Regulation (DS-GVO/GDPR). It is formulated so as to be easy to read and understood. In order to ensure this, we are explaining the terms used in advance:

1.1 Personal data

Personal data is “any information which relates to an identified or identifiable natural person (hereinafter referred to as either ’affected person‘, ’person concerned‘ or ’Data Subject’). A natural person is considered identifiable if he or she can be directly or indirectly identified, in particular by means of being allocated to an identifier, such as a name, an ID number, site data, an online identifier or one or more special features which are the expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person” (see Art. 4(1) of the General Data Protection Regulation (GDPR)).

1.2 Data Subject (Person concerned/affected person)

A Data Subject, person concerned or affected person is any identified or identifiable natural person whose personal data is processed by the party responsible for the processing.

1.3 Processing

Processing is any procedure carried out with or without the aid of automated methods, or any such sequence of procedures in connection with personal data, such as the gathering, recording, organising, ordering, storage, adaptation or amendment of data, the reading out of it, querying of it, use, disclosure of it by way of transmission, dissemination or any other form of provision, the comparison or linking of it, or the limitation, deletion or destruction of it.

1.4 Limitation of processing

Limitation of processing means the marking of stored personal data with the aim of limiting its future processing.

1.5 Profiling

Profiling means any kind of automated processing of personal data where such personal data is used to assess certain personal aspects relating to a natural person, in particular in order to analyse or predict aspects in regard to work performance, economic position, health, personal preferences, interests, reliability, conduct, place of residence or change of location of such natural person.

1.6 Pseudonymisation

Pseudonymisation means processing personal data in the case where the personal data can no longer be assigned to a specific person concerned without drawing upon additional information. Such additional information that is subject to the technical and organisational measures is stored separately, and it is thus guaranteed that the personal data cannot be allocated to an identified or identifiable natural person.

1.7 Responsible party or party responsible (Controller or controller responsible) for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.8 Contract data processor

A contract data processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the party responsible.

1.9 Recipient

The recipient is a natural or legal person, authority, institution or other body to whom or which personal data is disclosed, irrespective of whether the latter is a third party or not. Authorities which may receive personal data in the context of a particular investigation mandate under EU law or the law of the Member States are not, however, deemed recipients.

1.10 Third party

A third party is a natural or legal person, authority, institution or other body other than the person concerned, the responsible party, the contract data processor and the persons who are authorised, under the direct responsibility of the party responsible or the contract data processor, to process the personal data.

1.11 Consent

Consent means any expression of intent in the form of a declaration or any other clear confirmatory action voluntarily submitted by the person concerned in regard to the particular case in an informed way and unmistakably, with which the person concerned makes it understood that he or she is in agreement with the processing of the personal data concerning him or her.

2 Name and address of the party responsible (Controller) for the processing

The party responsible (controller) within the meaning of the General Data Protection Regulation (DS_GVO/GDPR) is:

pascom GmbH & Co. KG
Berger Str. 42
D-94469 Deggendorf

Tel: +49 991 29 69 10
Info[at]pascom.net
www.pascom.net

3 Contact details of our external Data Protection Officer

Herr Michael Gruber
BSP-SECURITY
Franz-Mayer-Str. 1
D-93053 Regensburg

Tel. +49 (0) 941 46 29 09 29
info[at]bsp-security.de
www.bsp-security.de

Any person affected may, if he or she has any questions or suggestions on Data Protection, contact our Data Protection Officer directly.

4 Cookies

Our company’s web pages make use of cookies. Cookies are text files that are stored on a computer system via a web browser.

Numerous websites and servers make use of cookies. Many cookies contain a so-called “cookie ID”. A cookie ID is a unique identifier of the cookie. It consists of a character string, through which web pages and servers can be allocated to the specific web browser in which the cookie is stored. This makes it possible for the web pages and servers visited to distinguish the individual browser of the person concerned from other web browsers containing other cookies. A particular web browser can be recognised again and identified via the unique cookie ID. Through the use of cookies, pascom GmbH & Co. KG can provide the users of this website with user-friendly services, which would not be possible without placing the cookie.

The information and services available on our website can be optimised to the benefit of the user using a cookie. As already mentioned, cookies enable us to recognise the user of our website again. The purpose of such recognition is to facilitate the use of our website for users. The user of a website that uses cookies does, for example, not need to enter his or her access data again every time he or she visits the website, because this is handled by the website and the cookie stored on the user’s computer system. A further example is a cookie administering a shopping cart in the web shop. The web shop notes the items that a customer has placed in the virtual shopping cart via a cookie.

The person concerned can at any time prevent cookies from being placed by our website by adjusting the setting of the web browser used accordingly, and thus permanently oppose the placing of cookies. Furthermore, any cookies already placed can be deleted via a web browser or other software program at any time. This is possible in all common web browsers. Should the person concerned disable the placing of cookies in the web browser used, it will be the case that, under certain circumstances, not all functions of our website can be used in full.

5 Gathering general data and information

Every time the website is accessed by a particular person or an automated system, the web server of pascom GmbH & Co. KG gathers a range of pieces of general data and information. This general data and information is stored in the log files of the server. The browser types and versions used, the operating system used by the accessing system, the website from which an accessing system reaches our website, the sub-pages of the website which are accessed on our website via an accessing system, the date and time of any access to the website, an Internet protocol address (IP address), the Internet Service Provider of the accessing system and any other similar data and information which serves to fend off risk in the event of our IT systems being attacked may be gathered.

When using such general data and information, pascom GmbH & Co. KG does not draw any conclusions concerning the person concerned. Rather, such information is needed in order to deliver the content of our website correctly, optimise the content of our website, as well as the advertising for it, guarantee the ongoing functionality of our IT systems and the technology of our website, and provide law enforcement agencies with the information necessary for prosecution in the event of a cyber-attack. Such data and information gathered anonymously is therefore evaluated by pascom GmbH & Co. KG on the one hand statistically, and also with the aim of increasing Data Protection and data security at our company, in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from any personal data given by a person concerned.

6 The option to make contact via the website

Based on statutory regulations, our company’s website contains details which make it possible to make fast contact with our company electronically, as well as enable direct communication with us, which likewise comprises a general e-mail address. Should a person concerned take up contact with the party responsible for the processing via a contact form, the personal data transmitted by the person concerned will automatically be saved. Such personal data transmitted to the person responsible for the processing by a person concerned on a voluntary basis is saved for the purposes of processing the request or taking up contact with the person concerned. Such personal data is not passed on to third parties.

7 Routine deletion and blocking of personal data

The party responsible for the processing only processes and stores personal data of the person concerned for the period of time which is necessary in order to achieve the purpose of the processing, or in so far as the latter has been stipulated in laws or regulations forming the basis for the processing by the party responsible by the legislative authority. Should the purpose of such storage lapse, or should a storage period prescribed by the legislative authority expire, the personal data is routinely blocked or deleted, in line with the statutory regulations.

8 Rights of the person concerned

8.1 The right to receive confirmation

Every person concerned is entitled to request from the person responsible for the processing a confirmation on whether personal details concerning him or her are processed. Should a person concerned wish to lay claim to this right of confirmation, he or she may contact our Data Protection Officer or any other employee of the party responsible for the processing for that purpose.

8.2 Right to information

Any person affected by the processing of personal data is entitled to receive the information on the personal data stored on his or her person from the party responsible for the processing, free of charge, and be given a copy of such information along with the information cited here:

  • The purposes of processing the personal data
  • The categories of personal data that is being processed
  • The recipient or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed, in particular in the case of recipients in non-EU countries or at international organisations
  • If possible, the scheduled duration for which the personal data will be saved, or, if this is not possible, the criteria for laying down such duration
  • The existence of a right to correction or deletion of the personal data concerning him or her or to restricting the processing by the party responsible or of a right of opposition against such processing
  • The existence of a right to appeal to a regulatory authority
  • If the personal data is not gathered from the person concerned: any information available on the origin of the data
  • The existence of automated decision making, including profiling pursuant to Article 22(1) and (4) General Data Protection Regulation (GDPR), and — at least in such cases — meaningful information on the logic involved, as well as the reach, and the effects of such processing aimed for, for the person concerned.

The person concerned moreover has a right to information on whether personal data has been transmitted to a non-EU country or an international organisation. Should this be the case, the person concerned shall also be entitled to receive information on the appropriate warranties in connection with the transmission.

Should a person concerned wish to lay claim to such a right to information, he or she may contact our Data Protection Officer for this purpose at any time.

8.3 Right to correction

Any person affected by the processing of personal data has the right to demand immediate correction of any incorrect personal data concerning him or her. The person concerned is, furthermore, entitled, taking into account the purpose of the processing, to demand that incomplete personal data is completed - also by way of a supplementary statement.

Should a person concerned wish to lay claim to such a right to information, he or she may contact our Data Protection Officer for this purpose at any time.

8.4 The right to deletion (the right to be forgotten)

Any person affected by the processing of personal data has the right to demand of the party responsible that the personal data concerning him or her is deleted immediately, if one of the following grounds applies and if the processing is not necessary:

  • The personal data has been gathered for such purposes, or processed in another way, for which it is no longer needed.
  • The person concerned revokes his or her consent, on which he or she based the processing pursuant to Art. 6(1)(a) General Data Protection Regulation (GDPR) or Art. 9(2)(a) General Data Protection Regulation (GDPR), and there is no other legal basis for the processing.
  • Pursuant to Art. 21(1) General Data Protection Regulation (GDPR), the person concerned is filing an opposition to the processing, and there are no overriding justified grounds for the processing, or the person concerned is filing an opposition against the processing pursuant to Art. 21(2) General Data Protection Regulation (GDPR).
  • The personal data has been processed illegitimately.
  • The deletion of the personal data is necessary in order to fulfil a legal obligation in accordance with EU law or the law of the Member States to which the party responsible is subject.
  • The personal data has been gathered in regard to services offered in the information society pursuant to Art. 8(1) General Data Protection Regulation (GDPR).

Should one of the above-mentioned grounds apply and an affected person wish to arrange for the deletion of personal data that is stored with our company, he or she may contact our Data Protection Officer for this purpose at any time. Our Data Protection Officer will arrange for the request for deletion to be complied with without delay.

Should the personal data have been published by our company, and should our company, as the party responsible pursuant to Art. 17(1) General Data Protection Regulation (GDPR), be obliged to delete said personal data, our company shall, taking into account the available technology and the implementation costs, take appropriate steps, also of a technical nature, to inform other parties responsible for the data processing, who process the published personal data, that the person concerned has requested from such other parties responsible for processing the data that all links to said personal data or copies or replications of such personal data be deleted, provided that the processing is not necessary. The Data Protection Officer will arrange for whatever is necessary in the individual case.

8.5 Right to limit the processing

Any person affected by the processing of personal data has the right, granted by the Legislator of the respective European Directives and Regulations, to require the party responsible to limit the processing of the data if one of the following prerequisites exists:

  • The accuracy of the personal data is disputed by the person concerned, and in fact for a period of time which enables the party responsible to check the accuracy of the personal data.
  • The processing is illegitimate, and the person concerned refuses to have the personal data deleted, and instead demands that the use of the personal data be restricted.
  • The party responsible no longer requires the personal data for the purposes of the processing, the person concerned does, however, require it to assert, exercise or defend legal claims.
  • The person affected has filed an opposition against the processing of the data pursuant to Art. 21(1) General Data Protection Regulation (GDPR), and it has not yet been established whether the justified grounds of the party responsible outweigh those of the affected person.

Should any of the above-mentioned prerequisites apply and an affected person wish to request that the personal data that is stored with our company be limited, he or she may contact our Data Protection Officer for this purpose at any time. The Data Protection Officer will arrange for the processing of the data to be limited.

8.6 The right to data portability

Any person affected by the processing of personal data is entitled to receive the personal data concerning him or her, which has been provided to a party responsible by the affected person, in a structured, up-to-date and machine-readable format. He or she additionally has the right to transmit such data to a different party responsible, without being hindered by the party responsible, to which or whom the personal data has been provided, as long as the processing is based on the consent pursuant to Art. 6(1)(a) General Data Protection Regulation (GDPR) or Art. 9(2)(a) General Data Protection Regulation (GDPR) or an agreement pursuant to Art. 6(1)(b) General Data Protection Regulation (GDPR), and the processing is undertaken with the aid of automated procedures, as long as the processing is not necessary in order to complete a task that is in the public interest or completed to exercise official authority that has been conferred upon the party responsible.

When exercising his or her right to data portability pursuant to Art. 20(1) General Data Protection Regulation (GDPR), the person concerned is, moreover, entitled to cause the personal data to be transmitted directly from one party responsible to another party responsible, if the latter is technically feasible, and as long as the rights and freedoms of other persons are not thereby impaired.

In order to assert the right to data portability, the person concerned may contact the Data Protection Officer appointed by us at any time.

8.7 Right to file an opposition

Any person affected by the processing of personal data has the right, for reasons which arise from his or her particular situation, to file an opposition against the processing of personal data concerning him or her that is being undertaken based on Art. 6(1)(e) or (f) General Data Protection Regulation (GDPR), at any time. This also applies to any profiling based on these provisions.

In the event of an opposition, our company no longer processes the personal data, unless we can provide evidence of mandatory grounds for the processing, worthy of protection, which outweigh the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

Should our company process personal data in order to carry out direct marketing, the person concerned is entitled to file an opposition against the processing of the personal data for the purposes of such marketing, at any time. This also applies to profiling, in so far as it is connected with such direct marketing. Should the person concerned oppose the data being processed for the purposes of direct marketing, vis-à-vis our company, we will no longer process the personal data for such purposes.

In addition, the person concerned is entitled, for reasons arising from his or her particular situation, to file an opposition against the processing of personal data concerning him or her that is performed by our company for scientific or historic research purposes or for statistical purposes pursuant to Art. 89(1) General Data Protection Regulation (GDPR), unless such processing is necessary in order to complete a task that falls within the scope of the public interest.

In order to exercise the right of opposition, the person concerned may contact the Data Protection Officer directly.

8.8 Automated decisions in the individual case, including profiling

Any person affected by the processing of personal data has the right not to be subjected to a decision based exclusively on automated processing - including profiling - which develops legal validity in regard to him or her or affects him or her considerably in a similar way, as long as the decision is not required for concluding or fulfilling an agreement between the person concerned and the party responsible, or admissible based on legislation of the Union or the Member States, to which the party responsible is subject, with such legislation containing appropriate steps to preserve the rights and freedoms, as well as the justified interests of the person concerned, or effected with the express consent of the person concerned.

Should the decision regarding the conclusion or fulfilment of an agreement between the person concerned and the party responsible be required, or should it be taken with the express consent of the person concerned, our company will take appropriate steps to preserve the rights and freedoms of the person concerned, as well as his or her justified interests, which at least includes the right to arrange for the intervention of a person on the part of the party responsible, the right to explain one’s own position and the right to contest the decision.

Should the person concerned wish to assert rights in regard to automated decisions, he or she may, for this purpose, contact our Data Protection Officer at any time.

8.9 The right to revocation of any consent under Data Protection law

Any person affected by the processing of personal data has the right to revoke any consent given to the processing of personal data at any time. Should the person concerned wish to assert his or her right to revoke any consent granted, he or she may contact our Data Protection Officer for this purpose at any time.

9 Data Protection in the case of applications and in the application process

The party responsible for the processing gathers and processes the personal data of applicants for the purpose of executing the application procedure. The processing may also be carried out electronically. This is in particular the case if an applicant transmits corresponding application documents to our company electronically, for example by e-mail or via a web form to be found on the website. Should our company conclude an employment contract with an applicant, the data transmitted will be saved for the purpose of handling the employment relationship, adhering to the statutory regulations. Should no employment contract with the applicant be concluded by our company, the application documents will automatically be deleted six months after announcing the decision to turn down the application, unless such deletion is in conflict with any justified interests on the part of the party responsible for the processing. A justified interest, in this sense, may, for example, be an obligation to provide evidence in any proceedings under the German General Equal Treatment Act (AGG).

10 Data Protection provisions: Tracking-Tools

Data Protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site - which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, as found here https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there, which setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration / application options are made available to allow the elimination of data transmission to Facebook, for example the Facebook blocker provided by Webgraph, which can be obtained under http://webgraph.com/resources/facebookblocker/. Such applications may be used by the data subject in order to eliminate a data transmission to Facebook.

Data Protection provisions about the application and use of Google AdSense

On this website, the controller has integrated Google AdSense. Google AdSense is an online service which allows the placement of advertising on third-party sites. Google AdSense is based on an algorithm that selects advertisements displayed on third-party sites to match with the content of the respective third-party site. Google AdSense allows an interest-based targeting of the Internet user, which is implemented by means of generating individual user profiles.

The operating company of Google's AdSense component is Alphabet Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

The purpose of Google's AdSense component is the integration of advertisements on our website. Google AdSense places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Alphabet Inc. is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google AdSense component is integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google AdSense component for the purpose of online advertising and the settlement of commissions to Alphabet Inc. During the course of this technical procedure, the enterprise Alphabet Inc. gains knowledge of personal data, such as the IP address of the data subject, which serves Alphabet Inc., inter alia, to understand the origin of visitors and clicks and subsequently create commission settlements.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Alphabet Inc. from setting a cookie on the information technology system of the data subject. Additionally, cookies already in use by Alphabet Inc. may be deleted at any time via a web browser or other software programs.

Furthermore, Google AdSense also uses so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in web pages to enable a log file recording and a log file analysis through which a statistical analysis may be performed. Based on the embedded tracking pixels, Alphabet Inc. is able to determine if and when a website was opened by a data subject, and which links were clicked on by the data subject. Tracking pixels serve, inter alia, to analyze the flow of visitors on a website.

Through Google AdSense, personal data and information—which also includes the IP address, and is necessary for the collection and accounting of the displayed advertisements—is transmitted to Alphabet Inc. in the United States of America. These personal data will be stored and processed in the United States of America. The Alphabet Inc. may disclose the collected personal data through this technical procedure to third parties.

Google AdSense is further explained under the following link https://www.google.com/intl/en/adsense/start/.

Data Protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.

Further information and the applicable data protection provisions from Google can be retrieved here https://www.google.com/intl/en/policies/privacy/ and under https://www.google.com/analytics/terms/gb.html

Google Analytics is further explained https://www.google.com/intl/en_gb/analytics/.

Data Protection provisions about the application and use of Google Remarketing

On this website, the controller has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise's Internet site. The integration of Google Remarketing therefore allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users.

The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users.

Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, for the insertion of interest relevant advertising.

The cookie is used to store personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs.

In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose, the data subject must call up the link to www.google.de/settings/ads and make the desired settings on each Internet browser used by the data subject.

Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

Data Protection provisions about the application and use of Google+

On this website, the controller has integrated the Google+ button as a component. Google+ is a so-called social network. A social network is a social meeting place on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Google+ allows users of the social network to include the creation of private profiles, upload photos and network through friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google+ button has been integrated, the Internet browser on the information technology system of the data subject automatically downloads a display of the corresponding Google+ button of Google through the respective Google+ button component. During the course of this technical procedure, Google is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Google+ is available under https://developers.google.com/+/.

If the data subject is logged in at the same time to Google+, Google recognizes with each call-up to our website by the data subject and for the entire duration of his or her stay on our Internet site, which specific sub-pages of our Internet page were visited by the data subject. This information is collected through the Google+ button and Google matches this with the respective Google+ account associated with the data subject.

If the data subject clicks on the Google+ button integrated on our website and thus gives a Google+ 1 recommendation, then Google assigns this information to the personal Google+ user account of the data subject and stores the personal data. Google stores the Google+ 1 recommendation of the data subject, making it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. Subsequently, a Google+ 1 recommendation given by the data subject on this website together with other personal data, such as the Google+ account name used by the data subject and the stored photo, is stored and processed on other Google services, such as search-engine results of the Google search engine, the Google account of the data subject or in other places, e.g. on Internet pages, or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information with the purpose of improving or optimizing the various Google services.

Through the Google+ button, Google receives information that the data subject visited our website, if the data subject at the time of the call-up to our website is logged in to Google+. This occurs regardless of whether the data subject clicks or doesn’t click on the Google+ button.

If the data subject does not wish to transmit personal data to Google, he or she may prevent such transmission by logging out of his Google+ account before calling up our website.

Further information and the data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

More references from Google about the Google+ 1 button may be obtained under https://developers.google.com/+/web/buttons-policy.

Data Protection provisions about the application and use of Google-AdWords

On this website, the controller has integrated Google AdWords. Google AdWords is a service for Internet advertising that allows the advertiser to place ads in Google search engine results and the Google advertising network. Google AdWords allows an advertiser to pre-define specific keywords with the help of which an ad on Google‘s search results only then displayed, when the user utilizes the search engine to retrieve a keyword-relevant search result. In the Google Advertising Network, the ads are distributed on relevant web pages using an automatic algorithm, taking into account the previously defined keywords.

The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

The purpose of Google AdWords is the promotion of our website by the inclusion of relevant advertising on the websites of third parties and in the search engine results of the search engine Google and an insertion of third-party advertising on our website.

If a data subject reaches our website via a Google ad, a conversion cookie is filed on the information technology system of the data subject through Google. The definition of cookies is explained above. A conversion cookie loses its validity after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check whether certain sub-pages, e.g, the shopping cart from an online shop system, were called up on our website. Through the conversion cookie, both Google and the controller can understand whether a person who reached an AdWords ad on our website generated sales, that is, executed or canceled a sale of goods.

The data and information collected through the use of the conversion cookie is used by Google to create visit statistics for our website. These visit statistics are used in order to determine the total number of users who have been served through AdWords ads to ascertain the success or failure of each AdWords ad and to optimize our AdWords ads in the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

The conversion cookie stores personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.

The data subject may, at any time, prevent the setting of cookies by our website, as stated above, by means of a corresponding setting of the Internet browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the information technology system of the data subject. In addition, a cookie set by Google AdWords may be deleted at any time via the Internet browser or other software programs.

The data subject has a possibility of objecting to the interest based advertisement of Google. Therefore, the data subject must access from each of the browsers in use the link www.google.de/settings/ads and set the desired settings.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.

Data Protection provisions about the application and use of LinkedIn.

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn receives information via the LinkedIn component that the data subject has visited our website, provided that the data subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under https://www.linkedin.com/legal/cookie-policy.

The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

Data Protection provisions about the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 (prev. 140) characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available here https://about.twitter.com/en/resources/buttons . During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made. The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

Data protection provisions about the application and use of Xing

On this website, the controller has integrated components of XING. XING is an Internet-based social network that enables users to connect with existing business contacts and to create new business contacts.

The individual users can create a personal profile of themselves at XING. Companies may, e.g. create company profiles or publish jobs on XING.

The operating company of XING is XING AG, Dammtorstraße 30, 20354 Hamburg, Germany.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a XING component (XING plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding XING component of XING. Further information about the XING plug-in the may be accessed under https://dev.xing.com/plugins. During the course of this technical procedure, XING gains knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on the XING button integrated on our Internet site, e.g. the „Share“-button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data.

XING receives information via the XING component that the data subject has visited our website, provided that the data subject is logged in at XING at the time of the call to our website. This occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made.

The data protection provisions published by XING, which is available under https://www.xing.com/privacy, provide information on the collection, processing and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under https://www.xing.com/app/share?op=data_protection.

Data protection provisions about the application and use of YouTube

On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component.

Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

YouTube‘s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

Payment Method: Data Protection provisions for the PayPal payment method

The controller has integrated components of PayPal into this Web site. PayPal is an online payment service provider. Payments are transacted through PayPal accounts, which effectively act as online bank accounts for private or commercial use. Moreover, PayPal offers the option of processing virtual payments via credit card if a user does not have a PayPal account. PayPal accounts are held under an e-mail address, for which reason they do not have an account number. PayPal makes it possible to trigger online payments to third parties and to receive payments too. PayPal also acts in a fiduciary capacity and offers purchase protection for buyers.

The company operating PayPal in Europe is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If a data subject selects the PayPal payment option during our online shop's order process, the data subject's data will be transferred to PayPal automatically. By selecting this payment option, the data subject gives his or her consent to the transfer of personal data required to process payment.

The personal data transferred to PayPal usually includes the data subject's first name, surname, physical address, e-mail address, IP address, landline phone number, mobile phone number, or other data as necessary to process payment. Personal data related to the respective order is also required in order to fulfill the purchase agreement.

Data is transferred in order to process payment and prevent fraud. Note that the controller will transfer personal data to PayPal when there is a legitimate interest for doing so. The personal data exchanged between PayPal and the controller may in some cases be transferred by PayPal to credit agencies. Where this occurs, it is for the purposes of verifying the data subject's identity and creditworthiness.

PayPal may potentially share personal data with affiliated companies and service providers or subcontractors to the extent that it is required to fulfill contractual obligations or if the data is to be processed by an external contractor.

The data subject is free to withdraw his or her consent to PayPal's handling of personal data. A withdrawal of consent does not have an effect on personal data that is compelled to be processed, used, or transferred so that payment can be transacted (as contractually agreed).

You can view PayPal's applicable privacy provisions at https://www.paypal.com/de/webapps/mpp/ua/privacy-full (German) or https://www.paypal.com/uk/webapps/mpp/ua/privacy-full (English).

11 Competent regulatory authority for Data Protection

Bayerisches Landesamt für Datenschutzaufsicht (Data Protection Supervisory)
Promenade 27 (Schloss)
D-91522 Ansbach
Germany

Telephone: +49 (0) 981 53 1300
Telefax: +49 (0) 981 53 98 1300
E-Mail: poststelle@lda.bayern.de

12 Amendments to the Data Protection provisions

We reserve the right to alter our security and Data Protection provisions, should it be necessary due to technological developments. We will, in such cases, also adapt our Data Protection statement accordingly. Please note the respective current version of our Data Protection statement.

(Stand 05/2018)