Thank you for visiting our website and for your interest in our company. When processing your data, we strive to take the greatest possible care. The following information provides a compact and simple overview of what happens to your personal data when you visit our website. Your personal data will be processed in accordance with the relevant legal provisions.

Controller

The controller within the meaning of the European General Data Protection Regulation (GDPR) and other national data protection laws of the member states of the EU as well as other data protection regulations is:

TWAICE Technologies GmbH
Joseph-Dollinger-Bogen 26
80807 Munich
Germany
+49 (0) 89 997 324 58
contact@twaice.com

https://twaice.com/

Legal representatives:

Dr. Stephan Rohr, Dr. Michael Baumann

Contact information for questions about data protection

We have appointed a data protection officer. For questions on the subject of data protection, please contact: datenschutz@confidentdata.de

Validity and changes of the data protection notice

This data protection notice is valid and is dated from

20th June 2024

Due to the further development of our website or the implementation of new technologies and features, it may become necessary to change this data protection notice. We reserve the right to make appropriate changes at any time.

Data protection rights and information on the right to object

Your rights of access, rectification, restriction, erasure, data portability and to lodge a complaint with the supervisory authority

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object pursuant to Art. 21 GDPR and the right to data portability pursuant to Art. 20 GDPR.

With regard to the right of access and the right of erasure, the restrictions pursuant to §§34 and 35 BDSG apply.

You may object to the processing of your personal data at any time. This also applies to objections of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018. Please note that the objection is only effective for the future. Processing that took place before the objection is not affected by it.

In addition, there is a right to lodge a compliant with the supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). A list of the supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

Information on the right to object pursuant to Art. 21 GDPR

Right to object to the collection of personal data in special cases and recipient of the request

You have the right to object at any time, based on reasons relating to your particular situation, to the processing of your personal data on the basis of Art. 6para. 1(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The objection can be made informally with the subject "Objection" stating your name, address or other identification features to the contact data stored in the imprint.

General information

Data security

We use technical and organizational security measures to protect your personal data against misuse, loss, destruction or access by unauthorized persons. The security measures taken into account (such as encryption procedures, firewall and virus protection, back-up and recovery procedures) correspond to the current state of the art and are continuously updated.

Nevertheless, we would like to point out that there is always a certain residual risk when communicating on the Internet, which depends on the user's respective usage behavior and over which we consequently have no influence.

Scope (external links)

This data protection notice applies exclusively to visits to our own website.

At some points on our website, external websites of third parties are linked. These websites are subject to the liability of the respective operators. If you notice that links on the websites refer to Internet pages whose contents violate applicable law, please notify us via the e-mail address provided in the imprint.

We will then immediately remove these links from our website. The providers do not assume any liability for the topicality, correctness, completeness or quality of the information provided.

Data erasure routine

As a matter of principle, we only store your personal data for the period of time required to achieve the purpose of storage or if this is stipulated by national or European legislation.

In Germany there is an obligation to retain documents for 6 years in accordance with § 257 para. 1 HGB (Handeslgesetzbuch), which effects the e.g. the storage period of commercial books, inventories, opening balances, annual financial statements, business letters or accounting vouchers. And pursuant to § 147 para. 1 & 3 Abgabenordnung (AO), it is 10 years for books, records, management reports, accounting vouchers, documents relevant to taxation, and 6 years in particular for commercial and business letters.

If the purpose of storage no longer applies or if a legally prescribed storage period expires, your personal data will be deleted routinely and in accordance with the statutory provisions.

Please also be aware of the specific explanations on individual storage and deletion periods of the respective data processing in this data protection declaration.

Transfers to third countries

When browsing our website, personal data may be transferred to servers in third countries outside the European Union through the integration of individual plug-ins and tools. Details about these data transfers, if any, including the respective valid legal basis, can be found in the section of the respective third-party tool in this data protection notice.

Data processing by processors

Tools and plug-ins from third-party providers are used on our website as part of commissioned processing. A data processing agreement  has been duly concluded with all commissioned processors used, which ensures an appropriate level of data protection.

You can find more information about the data processing by the  processors used in the section of the third-party tool in this data protection notice.

Hosting

External hosting provider: We use an external provider to host our website.

Purpose: Reliable accessibility and presentation of our website.

Legal basis: The use of our hoster is based on our legitimate interest in the most reliable accessibility and presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Data processing agreement: We have concluded a data processing agreement (DPA) with our hoster, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

SSL- / TLS: To protect the security of your data during transmission, we use the SSL or TLS encryption method via HTTPS.

Server-Log-Files: When you browse our website technical information of your browser session is automatically processed by our server. This data (so-called server log files) includes for example: the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

Purpose: Ensuring a stable and smooth connection to the website, a responsive use of our website and the guarantee of system security and stability. We also reserve the right to check the server log files on a regular basis if there are concrete indications of illegal use.

Legal Basis: The legal basis for the processing of the server log files is our legitimate interest in an error-free and secure presentation of our website, pursuant to Art. 6 para. 1 lit. f GDPR.

Provision of your data voluntary or mandatory: The provision of server log files is neither legally nor contractually required. However, without the collection of the log files, the functionality of our website is not guaranteed.

Storage period: The server-log-files are deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended.

Content Delivery Networks (CDN): To ensure the global accessibility and performance of our website, we use so-called Content Delivery Network (CDN) service providers. For more information on the data processing by the CDN service providers, please refer to the section on third-party tools used.

Cookies

Use of Cookies

Cookies are pieces of information that are transmitted from our web server or third-party web servers to users' web browsers, where they are stored for later retrieval. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

If you agree, cookies from third-party companies may also be stored on your end device (third-party cookies). These enable us or you to use certain services of the third-party company (e.g., reach measurement and evaluation of the usage behavior of our website, etc.)

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. saving your cookie preferences). Other cookies are used to evaluate user behavior or, for example, to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for storing your cookie preferences) or to optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG); a given consent can be objected at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

As far as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, ask for your consent.

Cookiebot

Provider: Cookiebot by Usercentrics - Cybot A/, Havnegade 39, 1058 Copenhagen, Denmark.

Purpose: Cookiebot is used to obtain consent from website users for the storage of certain cookies and for the use of certain third-party tools, and to document this consent in a compliant manner.  

Description of data processing: When you visit the website for the first time, you will be asked for your cookie preferences in our consent management plattform provided by Cookiebot. A cookie is then set in your browser, which stores your data processing preferences or the withdrawal of your consent for future browsing on our site. According to Cookiebot, no personal data is transfered to the provider.

Legal basis: Obtaining the legally required consent for the use of cookies according to Art. 6 (1) lit. c GDPR and §25 (2) no. 2 TTDSG.

Provision of data voluntarily or required: Obtaining your cookie preferences is required by law.

Storage period: The collected data is stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies.

No data processing: No personal data is transmitted to Cookiebot. Cookiebot is therefore, according to its own statement, not a processor. For more information: https://support.cookiebot.com/hc/en-us/articles/360003776534-Can-you-issue-a-DPA-as-per-GDPR-Article-28-.

Further notes on data protection: https://www.cookiebot.com/de/privacy-policy/.

Data processing on the website

Contact requests

Purpose: Processing of the request.

Description of data processing: Requests by e-mail, telephone or fax, including all resulting personal data, are stored and processed for the purpose of processing. A passing on of the data does not take place without your consent.

Legal basis: The processing of your request is based on our legitimate interest of pursuing our business interests pursuant to Art. 6 para. 1 lit. f GDPR. If you contact us to request a contractual offer, the processing is carried out for the implementation of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.

Provision of data voluntarily or required: The provision of your data is neither legally nor contractually required. However, without the information a processing of your request is not possible.

Storage period: Your data will be deleted at the latest 6 months after processing the request. If a contractual relationship exists, we are subject to the statutory retention periods and delete your data after six or ten years.

Online contact form: By providing an online contact form, we would like to enable you to contact us easily. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions, taking into account the above-mentioned storage period.

Use of a third-party CRM-Tool: The personal data resulting from your inquiry may be stored in our third-party Customer Relationship Management System (CRM). For more information on the CRM system that is used, please refer to the section Third-party tools.

Applications

Purpose: Processing of applications.

Description of data processing: On our website, users have the possibility of applying to us either via our application form or directly by e-mail. In this context, we will inform you separately about the details of the processing of your application data with corresponding data protection information according to Art. 13, 14 and 21 GDPR.

Legal basis: The processing of your application is primarily based on the decision on the establishment of an employment relationship (Art. 88 GDPR in conjunction with § 26 BDSG).  Furthermore, we may process your data for the fulfillment of legal obligations if this is necessary (Art. 6 para. 1 lit. c GDPR) and on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), for example in the case of assertion of legal claims and defense in legal disputes.

Provision of data voluntarily or required: The provision of your application is voluntary. However, we can only make a decision on the establishment of an employment relationship if you provide such personal data that is required for the execution of the application.

Storage period: Your application documents will be deleted no later than six months after the end of the application process (e.g. notification of the rejection decision), unless longer storage is legally required or permitted.

Use of a third-party HR Tool: Your application data may be entered into our external HR software solution. For more information on the tool used, please refer to the section Third-party tools.

Newsletter mailing

Purpose: Sending a newsletter for marketing purposes.

Description of data processing: On our website visitors can sign up for a newsletter. If you decide to subscribe, your data will only be used to send you the newsletter you have subscribed to by e-mail and, if you have also consented to this, to evaluate how you use the newsletter and any content linked to it. To receive the newsletter, it is only mandatory to provide a valid e-mail address. All other information requested is voluntary.

Legal basis and objection: The receipt of our newsletter requires your consent. This consent is obtained as part of the newsletter sign up process. Legal basis is therefore Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. You can object your given consent in every newsletter mail by clicking on unsubscribe. You then will no longer receive the newsletter.

Provision of data voluntarily or required: The provision of your data is voluntary, based on your consent. However, without your consent, the receipt of our newsletter is not possible.

Storage period: Your data will only be processed as long as we have your consent in receiving our newsletter.

Use of a third-party newsletter tool: To ensure an efficient and performative newsletter mailing, we use a third-party newsletter tool. You can find more information about the newsletter tool we are using in the section about third-party tools.

Third-party tools

Cloudflare CDN

Provider: Cloudflare – Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Purpose: Increase the global accessibility and performance of our website by using the Cloudflare Content Delivery Network (CDN).

Description of data processing: A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected via the Internet. Simply put, a CDN creates a copy of our website on the network's own servers and ensures that our website is accessible everywhere in the world through shorter transmission distances. This network thereby ensures that the content of the website is delivered quickly and reliably, even when there is a lot of web traffic. In the case of Cloudflare CDN, the data transfer between your browser and our website is routed through Cloudflare's network. Cloudflare collects various access and log data in this process and also sets a cookie, which helps the provider to maintain a high level of security protection.

Legal basis and objection: The use of Cloudflare CDN requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary. However, without the distribution via Cloudflare's Network, the performance of our website may be severely limited.

Storage period: Cloudflare assures to store the submitted user data for less than 24 hours.

Further notes on data protection:

Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

Data Processing Addendum: By accepting Cloudflares terms of use of we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. Cloudflares DPA can be viewed here: https://www.cloudflare.com/cloudflare_customer_DPAv3.pdf.

Transfers to third countries: Processing also takes place outside the EU. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Cloudflares SCCs can be found here: https://www.cloudflare.com/cloudflare-customer-scc/.

Google Analytics

Provider: Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: Analysis of the behavior of website visitors by evaluating, for example, page views, dwell time, operating system, etc., in order to optimize the website.

Description of data processing: Google Analytics helps us to analyze the traffic of our website. For this to work, a tracking code provided by Google Analytics and integrated via the Google Tag Manager is implemented on our website. If you consent to tracking by Google Analytics, a cookie is set on your device, which gives your device a unique identifier (tracking ID). This cookie is linked to Google Analytics. It records the surfing behavior of our website visitors and the resulting statistics may provide information about which target groups feel addressed by our website.

Legal basis and objection: The use of Google Analytics requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary.

Further notes on data protection:

Notes on data protection and Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de.

General information about Google Analytics: https://marketingplatform.google.com/about/analytics/terms/de/.

Googles privacy policy: https://policies.google.com/privacy.

Browser Plug-In to Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en.

Storage period 14 months: We have configured Google Analytics so that the stored data at user and event level is automatically deleted after 14 months. You can find more information about the storage period of the tool here: https://support.google.com/analytics/answer/7667196?hl=de.

Anonymize IP: We have activated the IP anonymization function. This means that no full IP addresses of visitors within the European Economic Area (EEA) are stored and transmitted unabbreviated to the USA. A transmission of unabbreviated IP addresses to servers in the USA can nevertheless not be completely ruled out and may occur in exceptional cases.

Data Processing Terms: We have entered into a direct customer agreement with Google for the use of Google Analytics by accepting their "Data Processing Addendum" in the Google Analytics settings. You can find more information about these data processing conditions here: https://privacy.google.com/businesses/controllerterms/mccs/.

Transfers to third countries: Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on Googles SCCs can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Tag Manager

Provider: Google - Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose: Efficient organization and integration of Google tools on our website.

Description of data processing: The Google Tag Manager allows us to centrally integrate and manage various Google tools. For this purpose, small sections of code (so-called tags) of the various Google products (such as Google Analytics, Google Ads, etc.), but also tags from other companies are integrated into the Google Tag Manager and managed from there. The Google Tag Manager itself does not store any personal data, so it only acts as an "intermediary". The situation is different for the tools that are integrated via the Tag Manager. The data protection relevance of these tools is indicated in the corresponding text passages.

Legal basis and objection: The use of the Google Tag Manager requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary.

Storage period: The Google Tag Manager itself does not store cookies, user profiles, analyses, etc.. How long the analysis tools integrated via the Google Tag Manager store your data can therefore be found in the respective text passages.

Further notes on data protection:

How the Google Tag Manager works: https://support.google.com/tagmanager/?hl=de#topic=3441530.

Google's privacy policy: https://policies.google.com/privacy?hl=de.

Hubspot

Provider: Hubspot – Hubspot Inc. 25 Street, Cambridge, MA 02141 USA.

Purpose: Efficient customer communication and customer management.

Description of data processing: To manage our customers, we use the customer relationship management system (CRM) Hubspot. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Hubspot CRM system. There we can centrally manage your request and control and analyze customer-related processes. In this process personal data is transmitted to Hubspot`s servers. Furthermore, in case of your consent, we can also control marketing measures (e.g. newsletter campaigns) with Hubspot or record and analyze the usage behavior of our contacts on our website.

Legal basis and objection: The processing of customer data with Hubspot CRM is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR. The storage of Hubspot's third-party cookies when you visit our website on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: The customer data transmitted to Hubspot is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Further notes on data protection:

Hubspot's privacy policy: https://legal.hubspot.com/de/privacy-policy.

Data Processing Addendum: We have concluded Hubspots data processing addendum (DPA), which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Hubspot's DPA can be found here: https://legal.hubspot.com/dpa.

Data transfers to third countries: Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Further Information on Hubspot and the SCCs can be found here: https://legal.hubspot.com/dpa.

jsDelivr CDN

Provider: jsDelivr – Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, EN4 9EB, England.

Purpose: Increase the global accessibility and performance of our website by using the jsDelivr Content Delivery Network (CDN).

Description of data processing: A Content Delivery Network (CDN) is a network of regionally distributed servers that are connected via the Internet. Simply put, a CDN creates a copy of our website on the network's own servers and ensures that our website is accessible everywhere in the world through shorter transmission distances. This network thereby ensures that the content of the website is delivered quickly and reliably, even when there is a lot of web traffic. In the case of jsDelivr CDN, the data transfer between your browser and our website is routed through the providers` network. jsDelivr collects various access and log data in this process. According to jsDelivr no personal data is stored during the process. The privacy policy of jsDelivr clearly states that no cookies or similar tracking technologies are used when using the service.

Legal basis and objection: The use of jsDelivr CDN requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary. However, without the distribution, the performance of our website may be severely limited.

Storage period: The data transmitted to jsDelivr is deleted as soon as it is no longer required or you request us to delete it.

Further notes on data protection:

Privacy policy: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

Transfers to third countries: Processing also takes place outside the EU. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR.

Data Processing Addendum: We have concluded jsDelivr's Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR.

LinkedIN Insight Tag

Provider: LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Plaze, Dublin 2, Ireland.

Purpose: Optimization of our website by analyzing the behavior of our website visitors.

Description of data processing: The LinkedIn Insight Tag helps us to get information about the visitors of our website. If a user is registered with LinkedIn, the tool allows us to analyze the key professional data available in LinkedIn (position, employer, industry, location, etc.) and align our website accordingly. For this purpose, the tool sets a browser cookie that stores your IP address, timestamp, page activity and your information published on LinkedIn if you are an active LinkedIn member at the time of the visit. The collected data is hashed (pseudonymized).

Legal basis and objection: The use of LinkedIN Insight Tag requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary.

Storage period: The direct IDs of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within the next 180 days. We store your data for as long as you need for the purpose of campaign evaluation and web audience analysis, or you have objected to the storage of your data or revoked your consent.

Right to object / Opt-Out: Information on your right to object according to Art. 21 of the GDPR can be found in the section on data subject rights. In the footer area of the website, you have the option of resubmitting your cookie preferences. Another option for opting out is to manually delete the website cookies in your browser settings.

Further notes on data protection:

LinkedIn privacy statement: https://www.LinkedIn.com/legal/privacy-policy#choices-oblig.

Opt-Out Cookie for LinkedIN Retargeting: https://docs.microsoft.com/en-us/clarity/faq.

Data Processing Addendum: By accepting LinkedIns services agreement, we have also concluded the providers Data Processing Addendum (DPA). The DPA guarantees that the personal data of our website visitors will only be processed according to our instructions and in compliance with the GDPR. The DPA can be found via the following document search: LinkedINs DPA can be found here: https://www.linkedin.com/legal/l/dpa.

Data transfers to third countries: Processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Information on LinkedIN and the SCCs can be found here:

https://www.linkedin.com/legal/l/customer-sccs.

Personio

Provider: Personio – Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.

Purpose: Efficient HR-Management and application management.

Description of data processing: Our Human Resources Management uses the cloud-based HR operating system Personio. The tool helps us to deal with HR processes, such as the applications via our website. When you apply for a job at our company, your data can be transferred in to the Personio HR Operating System. There we can centrally manage your application and control and analyze HR-related processes. All applicants will, of course, be informed separately about the data processing in the context of their application.

Legal basis and objection: The processing of applicant data with Personio is based on our legitimate interest in the most efficient HR-Management possible, pursuant to Art. 6 lit. f GDPR.

Provision of data voluntarily or required: The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: The applicant data transmitted to Personio is deleted as soon as it is no longer required (after 6 months the latest) or you request us to delete it. If the application leads to an employment relationship, other retention periods apply.

Further notes on data protection:

Personio's privacy policy: https://www.personio.com/privacy-policy/

Data processing addendum: We have concluded Personio`s data processing addendum, which ensures that Personio only processes the personal data according to our instructions and in compliance with the GDPR.


Salesforce Sales Cloud

Provider: Salesforce – salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany.

Purpose: Efficient customer communication and customer management.

Description of data processing: To manage our customers, we use the customer relationship management system (CRM) Salesforce Sales Cloud. When you contact us, for example by filling out one of our website forms, your data can be transferred to the Salesforce CRM system. There we can centrally manage your request and control and analyze customer-related processes. This happens in the Salesforce Sales Cloud, which means that personal data is transmitted to Salesforce's servers. Salesforce has assured us that our customer data is hosted exclusively on servers in the EU. In exceptional cases - for example, in the event of technical problems - data may nevertheless be transferred to the parent company of Salesforce in the USA, salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.

Legal basis and objection: The processing of customer data with Salesforce Sales Cloud is based on our legitimate interest in the most efficient customer management and customer communication possible, pursuant to Art. 6 lit. f GDPR. The storage of Salesforce's third-party cookies on the other hand requires your consent. This consent is obtained via our Consent Management Tool. Legal basis is therefore Art. 6 para. 1 lit. a GDPR and §25 para. 1 TDDDG. The consent can be revoked at any time. Please read the information about your right to object according to Art. 21 GDPR in the section about your data protection rights above.

Provision of data voluntarily or required: The provision of your data is voluntary. Without the provision of your data, however, we may not be able to enter into a contractual relationship with you.

Storage period: The customer data transmitted to Salesforce is deleted as soon as it is no longer required or you request us to delete it. If there is a contractual relationship, we are subject to the statutory retention periods and delete your data after six or ten years.

Further notes on data protection:

Salesforce privacy policy: https://www.salesforce.com/de/company/privacy/.

Data processing addendum: We have concluded Salesforces data processing agreement, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. Salesforces DPA can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf.

Transfers to third countries: In exceptional cases, processing also takes place outside the EU, namely in the USA. Guarantees exist in the form of binding corporate rules (BCR) in accordance with Article 47 of the GDPR, to which Salesforce has committed itself and which have been approved by the French data protection authority and also in the form of concluded Standard Contractual Clauses (SCC) of the European Commission, pursuant to Art. 46 para. 2 lit. c GDPR. Salesforces SCC Amendment can be found here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf.

Weglot CDN

Provider: Weglot – 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), France.

Purpose: Translation of the website.

Description of data processing: The translation tool Weglot is embedded on our website. With Weglot, text sections displayed on the website are automatically translated into other languages.

Legal basis: The use of Weglot is based on our legitimate interest in managing the content of our website as efficiently as possible in accordance with Art. 6 lit. f GDPR.

Provision of data voluntarily or required: The provision of your data is voluntary.

Storage period: The website data transmitted to Weglot is deleted as soon as it is no longer required or you request us to delete it.

Right to object / Opt-Out: Information on your right to object according to Art. 21 of the GDPR can be found in the section on data subject rights.

Further notes on data protection:

Weglot privacy policy: https://weglot.com/de/privacy/.

Data Processing Addendum: We have concluded Weglot's data processing addendum (DPA), which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

Notes on our presence on social media

Data processing resulting from our presence on social media platforms

We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Purpose: We are having profiles on various social media platforms. Details on the individual platforms we use can be found in this section.

Description of data processing: The type of data processing differs from platform to platform. Social networks such as Facebook, Instagram, X, etc. can comprehensively analyze user behavior when you visit the respective platform or a website with integrated social media content (e.g. share/ like buttons or banners). Visiting our profiles on the platforms triggers numerous processing operations relevant to data protection.

For example: If you are logged into your account and visit our profile, the operator of the platform can assign this visit to your user account. Your personal data transmitted when you visit our profile may also be collected if you are not logged in or do not have an account with the respective social media platform. This is done, for example, via cookies that are stored on your terminal device or by recording your IP address.

The data collected in this way enables the platforms to create user profiles of the visitors, in which the preferences and interests of the users are stored. This helps the operators of the platforms to show you advertising tailored to your respective interests inside and outside platforms. This is how the platforms earn money. Provided you have an account with the respective platform, this advertising can be displayed on all devices on which you are or were logged in.

The data processing that takes place on the individual platforms is very difficult for outsiders to understand:  It is therefore not possible for us to trace all the processing operations that actually take place on the individual networks. When visiting the platforms, it is therefore quite possible that further processing operations of your data are carried out by the operators. You can find more information on this in the terms of use and data protection provisions of the individual services.

Legal basis: The legal basis is our legitimate interest in a comprehensive presence on social media platforms pursuant to Art. 6 para. 1 lit. f GDPR. The data processing on the social media platforms themselves is based on other legal bases for which the operators themselves are responsible.

Storage period: Personal data that we have collected directly via the individual platforms will be deleted from our systems as soon as you request us to do so, revoke your consent to storage or the purpose for storing the data no longer applies. Cookies remain on your device until you delete them. We have no direct influence on the storage period of your data on the individual social media platforms.

We have profiles on the following platforms:

Facebook (Meta)

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irleand.

Joint controllership: When you visit our Facebook page, Meta and we are jointly responsible for the processing of your data under data protection law. Metas agreement of joint controllership has been concluded. It can be viewed here: https://www.Meta.com/legal/terms/page_controller_addendum.

Data transfers to the US: When visiting our Meta profile, personal data is transferred to Meta's server in the USA. The transfer of personal data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.Meta.com/legal/EU_data_transfer_addendum.

Information on Meta and privacy: Advertising settings in your Meta profile: https://www.Meta.com/settings?tab=ads.

Meta's privacy policy: https://www.Meta.com/settings?tab=ads.

Information on the Standard Contractual Clauses: https://de-de.Meta.com/help/566994660333381.

Instagram

Provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfers to the US: Whilst visiting our Instagram profile, personal data is transferred to servers of Meta, as Instagram's parent company, in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://www.Meta.com/legal/EU_data_transfer_addendum.

Information on Instagram and privacy:

Instagram’s privacy policy: https://help.instagram.com/519522125107875.

Information on the Standard Contractual Clauses: https://de-de.Meta.com/help/566994660333381.

X

Provider: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

Data transfers to the US: Whilst visiting our X profile, data is transmitted to X's server in the USA. The data transfer to the USA is based on the concluded standard contractual clauses of the EU Commission. These can be viewed here: https://gdpr.X.com/en/controller-to-controller-transfers.html.

Information on X and privacy:

Xs Privacy Policy: https://X.com/de/privacy.

LinkedIN

Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Data Processing Addendum: We have concluded LinkedIns' Data Processing Addendum: which ensures that the personal data of our website visitors are processed only according to our instructions and in compliance with the GDPR. LinkedIn's Data Processing Addendum: can be found here: https://www.LinkedIn.com/legal/l/dpa.

Data transfers to the US: Whilst visiting our LinkedIn profile, data is transferred to LinkedIn servers in the USA. The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. These can be viewed here: https://www.linkedin.com/legal/l/eu-sccs.

Information on LinkedIn and privacy:

LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

Opt-out cookie to disable LinkedIN retargeting: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Audio- and Videoconferences

Data processing during audio and video conferences

Communication with our customers, partners and interested parties may take place via online audio and video conferences. Details on the data processing that takes place in this context and the third-party tools used can be found in this section.

Purpose: Efficient online communication.

Description of data processing: When we have an online conference with you, your personal data is processed by us and the provider of the tool that is used. In the process, the third-party providers collect all data that you provide in order to use the tool (e.g. e-mail address, phone number, username).

In addition, the providers process data that is technically necessary to carry out the conference (IP and MAC address, device ID, device type, operating system and version, client version, camera type, microphone or loudspeaker, and the type of connection).

If chat messages, voicemails, or other files are exchanged within the conference, these also end up on the servers of the providers. For more information, please refer to the respective privacy notices of the tools used below.

Legal basis: If audio and video conferences are used in the context of existing contractual relationships or in the course of the initiation of such, the legal basis is accordingly Art. 6 para. 1 lit. b GDPR. The use of third-party tools in this context is based on our legitimate interest in a practicable and user-friendly handling of our communication, according to Art. 6 para. 1 lit. f GDPR.

Provision of data voluntarily or required: The provision of your data is voluntary. However, we can only hold the conferences if we carry out the associated data processing.

Storage period: We only collect data in the context of the respective conference. There is usually no recording of the conference, and if there is, we will obtain separate consent from the participants in advance. Your registration data will be deleted once the purpose has been fulfilled.

Right to object / Opt-Out: Information on your right to object according to Art. 21 of the GDPR can be found in the section on data subject rights.

We use the following audio and video conferencing tools:

Zoom (EU Hosting)

Provider: Zoom - ZOOM (ZVC Germany GmbH), Rintheimer Strasse 23, 76131 Karlsruhe, Germany.

Further notes on data protection:

Privacy Policy: https://explore.zoom.us/de/privacy/

Data Processing Addendum: We have concluded a data processing addendum (DPA), which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR. The DPA can be found here: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.

Data transfers to third countries: Zoom has guaranteed that the servers hosting our account are located in Zoom's so-called "EU cluster". This means that the servers are located in data centres in the EU. However, the use may still result in the transmission of so-called "telemetric data" to the US. In this case, there are guarantees in the form of concluded standard contractual clauses (SCCs), according to Art. 46 (2) lit. c GDPR, as well as the certification of Zoom under the EU-US data protection agreement, the so-called Data Privacy Framework (DPF).