Deutsch
English

Privacy statement

We would like to thank you for your interest in our company. For the management of Marchhart GesmbH data protection is of particular significance. The internet website of Marchhart GesmbH can be generally used without any provision of personal data. Should an individual want to use any specific services offered by our company through our website this may however make processing of their personal data necessary. Should processing of personal data be required and there is no legal basis for such processing, we will normally obtain consent from the data subject. Processing of personal data such as name, address, email address or phone number of the data subject always remains in compliance with the General Data Protection Regulation (GDPR) and relevant country specific data protection regulations applicable for Marchhart GesmbH. With this privacy statement our company intends to inform the public about the form, scope and purpose of personal data which we collect, use and process. Furthermore this privacy statement clarifies the rights of the data subject.

Marchhart GesmbH in its role as the controller has implemented numerous technical and organisational measures to ensure as comprehensive as feasible protection of personal data processed through this website. Nevertheless internet based data transfer may have inherent security vulnerabilities so that no absolute protection may be ensured. For this reason, each data subject is free to also pass on their personal data using alternative methods such as over the phone.

1.       Definition of Terms

The Privacy Statement of Marchhart GesmbH is based on terms used by the European legislature during enactment of the General Data Protection Regulation (GDPR). Our Privacy Statement should be easy to follow and understand both for the public and our customers and partners. To this end we would like to clarify the terminology used upfront.

This Privacy Statement uses amongst others the following terms:

a)         personal data

Personal data is any information related to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is deemed identifiable when they can be directly or indirectly identified, in particular using assignment of an identifier such as name, an identifier number, location data, an online identifier, or to one or more specific characteristics expressing physical, physiological, genetic, psychological, economic, cultural or social identity of such natural person.

b)         data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c)         processing

Means any operation or set of operations, whether by automated means or not, which is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d)         restriction of processing

Restriction of processing serves marking of stored personal data aimed at limiting processing of such in the future.

e)         profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f)          pseudonomisation

Data is deemed pseudonymised when personal data is processed in such a manner that the personal data no longer can be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an indentified or identifiable natural person.

g)         controller

A controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Should such purposes and means of this processing be determined by European Union law or national law of a member state then the controller or the specific criteria for their nomination may be designated by European Union law or national law of a member state.

h)         processor

A processor means a natural or legal person, public authority, agency or any other body processing personal data on behalf of the controller.

i)          recipient

A recipient is a natural or legal person, public authority, agency or any other body to which personal data is being disclosed irrespective of whether they are a third party or not. Public authorities receiving possibly personal data within certain investigative inquiries pursuant to the European Union law or national law of a member state are however deemed not to be recipients.

j)          third party

A third party is a natural or legal person, public authority, agency or any other body excluding data subject, the controller, the processor and any persons authorised to process personal data under the direct accountability of the controller or processors.

k)         consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning them.

2.         Name and address of the controller

The controller as stipulated by GDPR and other data protection bills valid in the EU member states as well as other data protection relevant stipulations is:

Marchhart GesmbH
Fabriksgelände 6
7201 Neudörfl

Austria

Tel.: 0043(0)2622 77248
email: office@marchhart.at
Website: www.marchhart.at

3.         Cookies

The website of Marchhart GesmbH uses cookies. Cookies are text files placed and stored on a computer system by an internet browser.

Numerous internet websites and servers use cookies. Many cookies have a cookie ID which uniquely identifies a cookie. It is comprised of a string allowing relating of internet websites and servers to the specific internet browser in which the cookie has been saved. By doing so, the visited internet websites and servers can differentiate the specific browser of the data subject from other internet browsers containing other cookies. A specific internet browser can be recognised and identified through a unique cookie-ID.

By deployment of cookies Marchhart GesmbH is able to provide users of this website with user-friendly services which otherwise would not be possible.

Through cookies we can optimise information and offers on our website for each visitor. As mentioned before, cookies enable us to recognise users of our website. The purpose of this recognition is to facilitate use of our website for the users. A user of a website using cookies does not for instance need to re-enter their access data every time they visit such website since this is done by the cookies stored on the computer system of such a user. Another example is a cookie of a shopping basket in an online shop. The online shop remembers articles placed by the customer into the virtual shopping basket by using a cookie.

Data subjects may prevent setting of cookies by our website at any point by using the respective settings of their deployed internet browser and permanently object to setting of cookies. Furthermore, cookies already place can be deleted at any point using the internet browser or other software tools. This feature is supported by all popular internet browsers. If the data subject disables cookies in their internet browser, some of the functionalities of our website may possibly no longer be fully available.

4.         Collection of general data and information

The website of Marchhart GesmbH collects a set of general data information every time our website is called up by a data subject or an automated system. This general data and information is stored in the server log files. The following can be collected;

(1) used browser types and versions

(2) the OS running on the accessing system

(3) the website referring the accessing system to our website (i.e. the referrers)

(4) the subsites referred through an access system to our website

(5) the date and time when our website was accessed

(6) an internet protocol address (IP address)

(7) the internet service provider of the accessing system, and

(8) other similar data and information serving defence against threats in the case of attacks on our IT systems.

When using this general data and information Marchhart GesmbH does not draw any conclusions regarding the data subject. Such information is required to

(1) correctly provide the contents of our website

(2) optimise the contents of our website as well as advertising for such

(3) ensure continuous operability of our IT systems and our underlying website technology, as well as

(4) to provide law enforcement authorities with information required for prosecution should a cyber attack occur. This anonymously collected data and information will therefore be analysed by Marchhart GesmbH for statistical purposes on one hand and with the aim of enhancing data protection and data security at our company on the other, and finally to ensure optimal levels of protection for any personal data we process. The anonymous data of server log files are stored separately from any personal data specified by the data subject.

5.         Contact options over the website

In line with legal regulations the Marchhart GesmbH website contains details allowing fast electronic contact with our company as well as direct communication with us also including a general electronic mail address (email address). Should a data subject contact the controller using email or the contact form, then the personal data of the data subject will be automatically saved. Such personal data transferred voluntarily by the data subject to the controller will be stored for the purposes of processing or to contact the data subject. No personal data will be passed on to any third parties.

6.         Routine deletion and disabling of personal data

The controller processes and stores personal data of the data subject only for the period required for achieving the aim of such storage or as far as provided by the European or any other legislator in acts of law or regulations to which the controller is subject.

When the purpose of storage ends or a retention period stipulated by a European or other competent legislator lapses then such personal data will be routinely disabled or deleted in compliance with legal stipulations.

7.         Rights of the data subject

a)         right of confirmation

Any data subject has the right furnished them by the European legislator to request a confirmation from the controller whether any of their personal data is being processed. Should a data subject exercise this right, they may at any point contact any staff member of the controller.

b)         right of access

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to request from the controller at any point information about any personal data concerning them and to receive a copy of such information. Furthermore the European legislator has furnished the data subject the right to obtain information regarding the following:

the purposes of the processing;

the categories of the personal data processed

the recipients or categories of recipients to whom personal data has been or will be disclosed, in particular recipients in third countries or international organisations

where possible, the envisaged period for which the personal data will be stored, or if not possible the criteria used to determine that period

the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing

the existence of the right to lodge a complaint with a supervisory authority

where personal data is not collected from the data subject, any available information as to their source

the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore the data subject is furnished with the right to be informed whether personal data has been transferred to a third country or an international organisation. Should this be the case, then the data subject shall have the right to be informed of the appropriate safeguards related to such transfer.

Should a data subject exercise this right of access, they may at any point contact any staff member of the controller.

c)         right to rectification

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to demand rectification of inaccurate data concerning them without undue delay. Furthermore, taking the purpose of processing into account, the data subject has the right to have incomplete personal data completed, also including by means of providing a supplementary statement.

Should a data subject exercise this right to rectification, they may at any point contact any staff member of the controller.

d)         right to erasure (‘right to be forgotten’)

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies and such processing is not mandatory:

the personal data is no longer necessary in relation to the purposes for which such has been collected or otherwise processed;

the data subject withdraws their consent on which the processing is based pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR, and where there are no other legal grounds for the processing;

the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.

the personal data has been unlawfully processed;

the personal data has to be erased for compliance with a legal obligation under European Union law or national law of a member state to which the controller is subject;

the personal data has been collected in relation to offer of information society services referred to in Article 8 (1) GDPR.

Should one of the aforesaid grounds apply and the data subject desires erasure of personal data stored at Marchhart GesmbH, they can contact the staff of the controller at any point. The staff of Marchhart GesmbH will arrange to comply with such erasure request without undue delay.

Where Marchhart GesmbH has made personal data public and pursuant to Article 17 (1) GDPR is as the controller obliged to erase personal data, Marchhart GesmbH, taking account of available technology and the cost of implementation, shall take reasonable steps including technical measures to inform controllers processing the personal data that the data subject has requested erasure by such controller of any links to, or copy or replication of such personal data, provided that such processing is not mandatory. A staff member of Marchhart GesmbH will initiate the necessary steps when required.

e)         right to restriction of processing

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to obtain from the controller restriction of processing of their personal data where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and the data subject opposes the erasure of the personal data and requests restriction of processing instead;

the controller no longer needs the personal data for the purposes of processing, but this data is required by the data subject for the establishment, exercise or defence of legal claims;

the data subject has objected to processing pursuant to Article 21 (1) GDPR pending verification whether the legitimate grounds of the controller override those of the data subject.

Should one of the aforesaid grounds apply and the data subject wishes to obtain restriction of processing of their personal data stored at Marchhart GesmbH they can contact the staff of the controller at any point. A staff member of Marchhart GesmbH will initiate restriction of processing.

f)          right to data portability

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to receive the personal data concerning them which the data subject has provided to a controller in a structured, commonly used and machine-readable format. Furthermore the data subject has the right to transmit such personal data to another controller without hindrance from the controller to which the personal data has been supplied, provided that the processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR, or on a contract pursuant to point (b) of Article 6 (1) GDPR, and the processing is carried out by automated means, provided that such processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, the data subject when exercising their right to data portability has pursuant to Article 20 (1) GDPR the right to have their personal data transmitted directly from one controller to another, where technically feasible, and provided that the rights and freedoms of others are not adversely affected thereby.

To exercise their right to data portability the data subject may contact a staff member of Marchhart GesmbH at any point.

g)         right to object

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to object at any time, on grounds relating to their personal situation, to processing of personal data concerning them which is based on point (e) or (f) of Article 6 (1) GDPR, including profiling based on those provisions.

In such case Marchhart GesmbH will no longer processes the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishment, exercise or defence of legal claims.

Where Marchhart GesmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to Marchhart GesmbH processing for direct marketing purposes, Marchhart GesmbH will no longer process personal data for such purposes.

Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject has, on grounds relating to their particular situation, the right to object to processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for the reasons of public interest.

To exercise their right to object the data subject may directly contact any staff member of Marchhart GesmbH or any other staff member at any point. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise their right to object by automated means using technical specifications.

h)         automated individual decision-making, including profiling

Any data subject concerned by processing of their personal data has the right furnished to them by the European legislator not to be subject to a decision based solely on automated processing of their personal data, including profiling, which produces legal effects concerning them, or similarly significantly affects them, provided that such decision (1) is not necessary for entering into; or performance of, a contract between the data subject and the controller, or (2) is authorised by European Union law or national law of a member state to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is based on the data subject’s explicit consent.

Where the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller; or (2) is based on the data subject’s explicit consent, Marchhart GesmbH shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

Should a data subject exercise this right concerning automated decision-making, they may at any point contact any staff member of the controller.

i)          right to withdraw data privacy-based consent

Any data subject concerned by processing of their personal data has the right furnished them by the European legislator to withdraw their consent to the processing of data concerning them.

Should a data subject exercise this right concerning withdrawal of their consent, they may at any point contact any staff member of the controller.

8.         Privacy concerning job applications and the job application process

The controller collects and processes personal data of applicants for the purposes of a job application process. This processing can also be electronic. This is in particular the case when an applicant electronically transmits a respective job application to the controller using for instance email or a web form available on the website. When the controller conducts an employment contract with an applicant then the transmitted data will be stored for handling the employment in compliance with the applicable legal regulations. Should the controller not employ the applicant then such application will be automatically deleted two months after publication of the rejection decision provided that such deletion is not obstructed by any other legitimate interests of the controller. Other legitimate interests herein are deemed for instance burden of proof in proceedings pursuant to the General Law on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG).

9.         Data privacy regulations concerning deployment and use of Google Analytics (along with anonymization function)

The controller has integrated the Google Analytics component (along with anonymization function) on their website. Google Analytics is a web-based analysis service. Web analysis is gathering, collection and analysis of data concerning the behaviour of website visitors. A web-based analysis service collects amongst others data concerning the referrer website through which the data subject was referred to a website, which website pages have been visited, and how long a visitor stayed on a website page. Web-based analysis is primarily used to optimise a website and run cost-benefit analysis of internet advertising.

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA is the company operating the Google Analytics component.

The controller uses the add-on “_gat._anonymizedlp” for web-based analysis using Google Analytics. Using this add-on Google truncates and anonymises the IP address of the data subject’s internet connection when our websites are accessed from an EU Member State or another contracting state under the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor streams on our website. Google uses the collected data and information amongst others to analyse the usage of our website to generate online reports on activities on our websites as well as to render services linked to the usage of our website.

Google Analytics sets a cookie on the IT system of the data subject. The definition of cookies has already been made. By setting the cookie, Google enables analysis of the usage of our website. Every time one of the pages on this website is called up which is operated by the controller and on which a Google Analytics component has been integrated, the respective Google Analytics component makes the internet browser on the IT system of the data subject automatically transmit data to Google for the purpose of online analysis. In the course of this technical process Google obtains knowledge of personal data such as the IP address of the data subject which amongst others allows Google to trace the origin of the visitors and clicks and allow subsequent commission billing.

Using cookies personal data such as time of access, location where the access originated from and the frequency of visits to our website by the data subject will be stored. During every visit to our website this personal data including the IP address of data subject’s internet connection is transmitted to Google in the United States of America. Such personal data is then stored by Google in the United States of America. Google may pass on personal data obtained through such technical process to third parties.

Data subjects may prevent setting of cookies by our website (as already explained above) at any point by using the respective settings of their deployed internet browser and permanently objecting to setting of cookies. Such setting made in the used internet browser would also prevent Google from setting a cookie on the IT system of the data subject. Furthermore, any cookies already placed by Google Analytics can be deleted at any point using the internet browser or other software tools.

Furthermore the data subject may object to collection of data generated by Google Analytics concerning the use of our website as well as to processing of such data by Google and to prevent such processing. To this end the data subject only needs to download and install a browser add-on available at tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics using a JavaScript that no data and information on the visits to websites may be transmitted to Google Analytics. Installing the browser add-on is deemed by Google as an objection. Should the IT system of the data subject be deleted, formatted or reinstalled at a later point, then the data subject has to reinstall the browser add-on to disable Google Analytics. Should the browser add-on be uninstalled or disabled by the data subject or other person within the data subject’s sphere of control then the browser add-on can be reinstalled respectively re-enabled.

For more details and the applicable data privacy regulations of Google please visit https://policies.google.com/privacy and https://google.com/analytics/terms. For more details on Google Analytics please visit https://google.com/analytics.

10.       Data privacy regulations concerning deployment and use of Google+

The controller has integrated the Google+ button as a website component on their website. Google+ is a social network; a social network is an internet-based meeting area, an online community normally allowing the users to communicate and interact with each other in a virtual room. A social network can serve as a platform for exchanging opinions and experiences, or it allows the internet community to provide personal or corporate information. Google+ users are able to set up a private profile, upload pictures, and networking through friend requests.

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, US is the company operating the Google+.

Every time one of the pages on this website is called up which is operated by the controller and on which a Google+ button has been integrated, the respective Google+ button makes the internet browser on the IT system of the data subject automatically download a representation of the respective Google+ button from Google. In the course of this technical process Google obtains knowledge which page of our internet website has been actually visited by the data subject. For more details on Google+ please visit developers.google.com/+/.

Should the data subject be logged in at Google+ at the same time, then Google recognises which pages of our website have been actually visited by the data subject with every calling up of our website by the data subject as well as during the complete duration of the visit to our website. This information is collected through the Google+ button and assigned by Google to the respective Google+ account of the data subject.

If the data subject clicks on one of the Google+ buttons integrated on our website and hence makes a Google+1 recommendation, then Google assigns this information to the personal Google+ user account of the data subject and stores their personal data. Google stores the Google+1 recommendation of the data subject and makes such public in compliance with the conditions previously accepted by the data subject. A Google+1 recommendation made by the data subject on our website will be subsequently stored and processed along with other personal data such as the name of the Google+1 account used by the data subject and a photo stored by them in other Google services, such as search engine results of the Google search engine, the Google account of the data subject, or any other places such as internet websites or in conjunction with advertisements. Furthermore Google can link the visit to our website to other personal data stored at Google. Google further records such personal data with the purpose of improving or optimising various Google services.

Google only receives the notification that the data subject has visited our website through the Google+ button when the data subject is simultaneously logged in at Google+ while visiting our website, irrespective of whether the data subject clicks on the Google+ button or not.

Should the data subject not want their personal data to be transmitted to Google, they can prevent such transmission by logging out from their Google+ account before visiting our website.

For more details and the applicable Google data privacy regulations please visit https://policies.google.com/privacy. For more information from Google on Google+1 button please visit developers.google.com/+/web/buttons-policy.

11.       Data privacy regulations concerning deployment and use of Google AdWords

The controller has integrated the Google AdWords on their website. Google AdWords is an internet advertising service allowing advertisers to place ads in the Google search engine results as well as in the Google advertising network. With Google AdWords an advertiser can predefine certain keywords used to only display an ad in the Google search engine results when the search engine user calls up keyword-relevant search results. To distribute advertising the Google advertising network uses an automated algorithm considering the predefined keywords on topic-relevant websites.

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, US is the company operating Google AdWords.

The purpose of Google AdWords is to advertise our website by showing interest-relevant advertisements on websites of third party companies as well as in the Google search engine results, and to show third party advertisements on our website.

When a data subject visits our website redirected through a Google ad, then a conversion cookie will be placed on the IT system of such data subject. The definition of cookies has already been provided. Validity of a conversion cookie lapses after thirty days, and such cookies do not serve to identify the data subject. Provided such a conversion cookie is still valid it allows tracing of whether certain pages of a website have been called up on our website, such as a shopping basket in an online shop. The conversion cookie allows both us and Google to trace whether a data subject referred to our website through an AdWords ad has generated turnover, i.e. made a purchase or they have aborted a transaction.

Data and information collected by Google through the use of conversion cookies is used by Google to generate visitor statistics for our website. We then use these visitor statistics to determine the total number of users referred to us through AdWords ads, i.e. to determine success or failure of the respective AdWords ad as well as to be able to optimise our AdWords ads in the future. Neither our company nor other advertising customers of Google AdWords receive information from Google allowing identification of the data subject.

Personal information such as internet websites visited by them is stored using conversion cookies. Personal data, including the IP address of data subject’s internet connection, is therefore transmitted to Google in the United States of America upon every visit to our website. Such personal data is then stored by Google in the United States of America. Google may pass on personal data obtained through such technical process to third parties.

Data subjects may prevent setting of cookies by our website (as already explained above) at any point by using the respective settings of their internet browser to permanently object to the setting of cookies. Making such a setting in the internet browser would also prevent Google from setting a conversion cookie on the IT system of the data subject. Furthermore, any cookies already placed by Google AdWords can be deleted at any point through the internet browser or other software tools.

In addition, the data subject can also object to interests-related advertising by Google. To this end the data subject has to call up the link https://adssettings.google.com in every internet browser they are using and make the desired setting for each browser.

For more details and the applicable Google data privacy regulations please visit https://policies.google.com/privacy.

12.       Data privacy regulations concerning the deployment and use of LinkedIn

The controller has integrated LinkedIn components on their website. LinkedIn is a web-based social network allowing connecting of users with existing business contacts as well as establishment of new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries making LinkedIn the largest business contact platform today and one of the most visited internet websites worldwide.

LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA, is the company operating LinkedIn. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland is responsible for any privacy related issues outside the USA.

Every time our website, which is equipped with a LinkedIn plug-in, is called up, this plug-in makes the browser used by the data subject download a corresponding representation of the LinkedIn plug-in. For more information on the LinkedIn plug-ins please visit developer.linkedin.com/plugins. In the course of this technical process LinkedIn can see which page of our internet website has actually been visited by the data subject.

Should the data subject be simultaneously logged in at LinkedIn, then LinkedIn recognises which pages of our website have actually been called up by the data subject upon every visit to our website by the data subject, as well as during the complete duration of the visit to our website. This information is collected through the LinkedIn plug-in and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated on our website then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores their personal data.

LinkedIn only receives notification that the data subject has visited our website through the LinkedIn plug-in when the data subject is simultaneously logged in at LinkedIn while visiting our website, irrespective of whether the data subject clicks on the LinkedIn component or not. Should the data subject not want their personal data to be transmitted to LinkedIn, they can prevent such transmission by logging out from their LinkedIn account before visiting our website.

At www.linkedin.com/psettings/guest-controls LinkedIn offers the possibility to disable email messaging, text messages and targeted advertising as well as management of advertisement settings. Furthermore, LinkedIn uses partner companies such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, who can all set cookies. Go to www.linkedin.com/legal/cookie-policy to object to such cookies. The applicable LinkedIn data privacy regulations are available at www.linkedin.com/legal/privacy-policy. The LinkedIn cookie policy is available at www.linkedin.com/legal/cookie-policy.

13.       Data privacy regulations concerning deployment and use of Xing

The controller has integrated Xing components on their website. Xing is a web-based social network allowing connecting of users with existing business contacts as well as establishment of new business contacts. Every user can create their personal profile on Xing. Companies can for instance create corporate profiles or publish vacancies on Xing.

XING SE, Dammtorstraße 30, 20354 Hamburg, Germany, is the company operating Xing.

Every time one of the pages on this website is called up which is operated by the controller and on which a Xing component (an Xing plug-in) has been integrated, this plug-in will make the internet browser on the IT system of the data subject automatically download a representation of the respective Xing plug-in from Xing. For more information on the Xing plug-ins please visit dev.xing.com/plugins. In the course of this technical process Xing can see which page of our internet website has actually been visited by the data subject.

Should the data subject be simultaneously logged in at Xing, then Xing recognises which pages of our website have actually been called up by the data subject upon every visit to our website by the data subject, as well as during the complete duration of the visit to our website. This information is collected through the Xing plug-in and assigned by Xing to the respective Xing account of the data subject. If the data subject clicks on a Xing button integrated on our website, such as the Share button, then Xing assigns this information to the personal Xing user account of the data subject and stores their personal data.

Xing only receives notification that the data subject has visited our website through the Xing plug-in when the data subject is simultaneously logged in at Xing while visiting our website, irrespective of whether the data subject clicks on the Xing component or not. Should the data subject not want their personal data to be transmitted to Xing, they can prevent such transmission by logging out from their Xing account before visiting our website.

For details regarding collection, processing and use of personal data by Xing please visit Data Privacy regulations published by Xing at www.xing.com/privacy. Data protection notes concerning the XING Share button have been published by Xing at www.xing.com/app/share.

14.       Legal basis of processing

Article 6 (1) point a GDPR serves our company as the legal basis for processing for which we obtain consent for any specific processing purpose. Should the processing of personal data be necessary for the performance of a contract to which the data subject is a party, as may be the case for some forms of processing where processing of personal data is necessary for delivery of goods or rendering of any other service or of another service in return, then Article 6 (1) point b GDPR is the underlying legal basis of such processing. The same applies to processing required for any pre-contractual steps, as is the case in enquiries concerning our products or services. When our company is subject to a legal obligation making processing of personal data necessary, including for instance compliance with our tax obligations, then Article 6 (1) point (c) GDPR forms the legal basis of such processing. On rare occasions processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be for instance the case when a visitor to our premises is injured and their name, age, health insurance details or any other vital details would have to be passed on to a medical doctor, hospital or other such third party. The underlying basis of such processing is then Article 6 (1) point (d) GDPR. In conclusion the underlying basis of some processing can be Article 6 (1) point (f) GDPR. Processing where none of the aforesaid legal bases are deemed applicable is based thereon, where such processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing by us is therefore lawful as it has been specifically declared by the European legislator. In the opinion of the European legislator, a legitimate interest may be assumed where the data subject is a customer of the controller (substantiation reason (47), second sentence GDPR “Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.”)

15.       Legitimate interests in processing pursued by the controller or a third party

Should the underlying basis of processing of personal data be Article 6 (1) point (f) GDPR then our legitimate interest is to carry out our business operations for the benefit of all our staff members and shareholders.

16.       Duration of personal data storage

The legally specified retention period for personal data is the criterion regulating the duration of such retention period. After the lapse of such period the respective data is deleted in a routine operation provided that such data is no longer required for contractual performance or initiation of a contract.

17.       Legal regulations respectively contractual stipulations concerning provision of personal data; requirement for entering into contract; obligation of the data subject to provide personal data; potential consequences of non-provision

We would like to clarify that provision of personal data may in part be legally prescribed (e.g. tax regulations) or may result from contractual stipulations (e.g. details of the contractual party). A conclusion of a contract may also require the data subject to make their personal data available to us which will then have to be processed by us. A data subject is for instance obliged to provide personal data when our company concludes a contract with them. Non-provision of personal data would lead to an impossibility of such conclusion of a contract with the respective data subject. Prior to providing their personal data the data subject is to contact one of our staff members who will clarify with the data subject their individual case, and whether such provision of personal data is legally prescribed or contractually stipulated, or necessary for conclusion of a contract, whether there is an obligation to provide personal data, and what would be the consequences of non-provision of their personal data.

18.       Automated decision-making

Being a responsible company we forego automated decision-making or profiling.

This Privacy Statement was drafted by the Privacy statement generator of DGD (Deutsche Gesellschaft für Datenschutz GmbH) acting as an appointed external data protection officer in cooperation with the data protection lawyer Christian Solmecke.