Data Privacy Statement

We inform you, pursuant to Art. 13 GDPR and Art. 14 GDPR, about the type, scope and purpose of processing the data collected in the context of using our website.  

I. JOINT CONTROLLERS PURSUANT TO ART. 4(7), ART. 26 GDPR
  • August-Wilhelm Scheer Holding GmbH, Saarbrücken, Germany 
  • imc information multimedia communication AG, Saarbrücken, Germany 
  • imc information multimedia communication AG, Kloten, Switzerland 
  • imc (UK) Learning Ltd., London, UK 
  • imc information multimedia communication GmbH, Graz, Austria 
  • imc information multimedia communication SRL, Sibiu, Romania 
  • imc information multimedia communication Corp., New York, USA 
  • imc information multimedia communication PTE. LTD., Singapore 
  • imc information multimedia communication PTY. LTD., Melbourne, Australia 
  • imc information multimedia communication B.V., ’s-Hertogenbosch, Netherlands 
  • p-didakt GmbH, Hamburg, Germany 
  • Scheer GmbH, Saarbrücken, Germany 
  • Scheer Schweiz AG, Zürich, Switzerland 
  • Scheer Austria GmbH, Vienna, Austria 
  • Scheer Nederland B.V., Vianen, Netherlands 
  • Scheer Adriatic d.o.o., Zagreb, Croatia 
  • Scheer Adriatic d.o.o., Mostar, Bosnia and Herzegovina 
  • Scheer Americas LLC, West Chester, Pennsylvania, USA 
  • Scheer PAS Schweiz AG, Basel, Switzerland 
  • Scheer PAS Deutschland GmbH, Saarbrücken, Germany 

  

E-Mail: info@scheer-group.com

A detailed provider identification is available in the legal notice. 

II. DATA PROTECTION OFFICER

If you have questions about data protection, please contact our data protection officer: 

Scheer Business Services GmbH
Attn.: Data Protection Officer
Scheer Tower, Uni-Campus Nord
D-66123 Saarbrücken
E-mail: datenschutz@scheer-group.com 

III. COLLECTION AND PROCESSING OF DATA

When you visit our website, various data about you are processed. The type and scope of processing depend on whether you use the website for purely informational purposes or whether you register in our careers portal and submit an application.  

 

a) Collection of (personal) data for purely informational use of the website 

 

We point out that, if you use our website for purely informational purposes where no login, registration or other transmission of information is required, no personal data are collected. Exceptions are data automatically transmitted by your browser to enable the visit to the website. Our web server temporarily stores each access locally in a log file. 

The following data are recorded: 

  • Identification data of the browser and operating system used 
  • Meta/communication data (e.g., device information, IP addresses) 
  • Usage data (e.g., visited web pages (URL), interest in content, date and time of access) 
  • Location data (information about the geographic location of a device or person) 

These data are processed for the purpose of enabling the use of the website (establishing a connection) and for system security, problem diagnosis and technical administration of the network infrastructure. The IP address is evaluated only in the event of attacks on the network infrastructure or for other reasons of data and information security. 

 

b) Collection of personal data when using special functions of our websites 

 

In addition to purely informational use of the website, we provide special services such as our careers portal. For efficient handling of our application process we use the applicant management system of Softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de).

Softgarden e-Recruiting GmbH acts as a processor within the meaning of Art. 4(8) GDPR. A contract for order processing pursuant to Art. 28 GDPR has been concluded with the provider to ensure compliance with data protection requirements. We remain your primary contact for exercising your rights as a data subject and for questions concerning the handling of the application process. You may contact us directly or — where provided — confidentially the data protection officer. Please also refer to Softgarden’s privacy information at: https://softgarden.com/en/data-protection-software-as-a-service/

 

aa. Subject, purpose and legal basis of processing 

 

The processing of personal data takes place in the context of applicant management. According to Art. 4(1) GDPR, personal data include all information relating to an identified or identifiable natural person (hereinafter “data subject”) and are necessary for conducting the application process and for initiating an employment relationship. We process the data you submit with your application to assess your suitability for the position (or, where applicable, other open positions within our companies) and to carry out the application procedure. 

As a rule, we process your personal data in the application procedure at your request pursuant to Art. 6(1)(b) GDPR and Art. 88(1) GDPR in conjunction with Section 26(1) BDSG for the purpose of handling application procedures. Under these provisions, processing of data that is necessary in connection with the decision to establish an employment relationship is permitted. If special categories of personal data pursuant to Art. 9 GDPR are processed (e.g. health data), the legal basis is Section 26(3) BDSG or Art. 9(2)(b) GDPR in conjunction with Art. 6(1)(b) GDPR. 

  • Collection of usage data

In addition to applicant data, so-called usage data are recorded when using the applicant management system. These data are necessary to operate our websites and include information about the beginning, end and extent of the use of our website as well as login data. These processing operations are carried out in accordance with applicable data protection and telemedia provisions.

  • Further processing activities

In connection with the application procedure and/or the use of the system, other processing activities may occur on the following legal bases:

  • Legitimate interest pursuant to Art. 6(1)(f) GDPR. 
  • Consent pursuant to Art. 6(1)(a) GDPR. 
  • Legal obligation or public interest pursuant to Art. 6(1)(c) and (e) GDPR (e.g., for the purpose of criminal prosecution or investigations by authorities). 

You can determine and control the scope of processing through individual settings in your web browser, configuration of cookie settings and your user behaviour. 

 

bb. Collection and use of your data 

 

Provision of the careers portal: For operational and maintenance purposes and in accordance with telemedia law provisions, interactions are recorded (“system logs”) that are required for the operation of the website or are processed for system security purposes, e.g. to analyse attack patterns or unlawful usage behaviour (“evidentiary function”). Your browser automatically transmits the following data when accessing the website: 

  • Date and time of access
  • Browser type and version
  • Operating system used
  • Volume of data transmitted
  • IP address of the access
  • Username
  • Login attempts
  • Geographical allocation

These data are not used for direct assignment in applicant management. They are deleted in accordance with legitimate retention periods unless longer storage is required for legal reasons, for example for evidentiary purposes. In individual cases, longer retention for these purposes may be considered. The legal basis for processing is Art. 6(1)(f) GDPR and applicable telemedia law. 

 

Use of Cloudflare by Softgarden: Softgarden uses the services of the ISO 27001 certified provider Cloudflare Inc., 101 Townsend St, San Francisco, USA, and its subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany to enhance platform security—particularly to protect against DDoS attacks—and to improve delivery performance. Cloudflare operates a network of servers capable of optimised content delivery to end users and of intercepting malicious traffic. The Cloudflare services used include the “Data Localisation Suite” with the components “Regional Services” and “Metadata Boundary for Customers.” These components ensure that the transfer of personal data when using our platform takes place exclusively within the EU. The “Regional Services” guarantee that customer content traffic (i.e. end-user traffic) is routed securely to Cloudflare Points of Presence (PoPs) within the region selected by Softgarden and processed within a PoP in that defined region. Softgarden has selected Germany as the region; therefore all traffic is inspected exclusively on servers in Germany. The “Metadata Boundary” ensures that Cloudflare does not transfer customer logs originating from the services used outside the European Union. The personal data processed by Cloudflare include all content submitted by customers and applicants — i.e. beyond the IP address, all files (application documents) and multimedia data such as images, graphics, audio or video as well as any interaction of your browser with the Softgarden system. Cloudflare is a recipient of your personal data and acts as a processor for Softgarden. This processing is based on legitimate interest pursuant to Art. 6(1)(f) GDPR to ensure the security and usability of the platform. Your personal data will be stored by Cloudflare for as long as necessary for the described purposes, typically up to 124 calendar days. Further information on Cloudflare can be found in Cloudflare’s DPA: Cloudflare DPA.

 

Session cookies: We use so-called “cookies” to provide comprehensive functionality and a more comfortable visit to our website. Cookies are small files stored by your browser on your device. If you do not want cookies to be stored on your device, you can prevent this by configuring your browser accordingly. Please note that this may restrict the functionality and scope of our offering. On our careers page we use the cookie JSESSIONID as a technically necessary session cookie. This stores a session ID that allows requests from your browser to be associated with a common session. This enables your device to be recognised when you return to our website. This session cookie is deleted when you log out or close your browser. 

 

cc. Data entered by the user 

 

Application process: As part of the application process, after creating a username and password you may create and manage an account in our careers portal. Providing data is voluntary. In addition to single applications, you can use further functions of the Softgarden applicant management system and configure personal settings, for example to be added to a talent pool. Due to our corporate structure and centralised handling of G&A matters (central functions such as Human Resources, Marketing, Legal, Finance, etc.), data processing during the application process may be carried out across companies within the Scheer Group. For an efficient and successful application, please provide the following information as part of your application: 

  • Name 
  • E-mail address 
  • Contact details (address, telephone number) 
  • CV data, e.g.: 
    • Education
    • Vocational training
    • Work experience
    • Language skills
  • Social network profiles (e.g., XING, LinkedIn, Facebook) 
  • Documents relating to the application (application photos, cover letter, certificates, references, work samples, etc.) 

The legal basis for processing your data in the application process and for initiating an employment relationship is Art. 6(1)(b) GDPR. In addition, use of the applicant management system by the controller is based on legitimate interest pursuant to Art. 6(1)(f) GDPR. If consent pursuant to Art. 6(1)(a) GDPR is required for a specific processing operation, it will be obtained separately and transparently, unless consent is given by a clear and voluntary act such as voluntary participation in a video interview. 

 

dd. Disclosure of data 

 

Your data will be treated confidentially within applicant management and not disclosed to unauthorised third parties. Processing of your data is carried out exclusively for the purposes described in this privacy notice. Internal departments and authorised personnel of the controller have access to your application data where this is necessary and permissible for candidate selection or internal administrative purposes. Your data may be forwarded by e-mail or within the management system to the relevant persons in the corporate group. Legal bases for such processing may include Art. 6(1)(f) and (a) GDPR. Disclosure of your data to third parties may also occur within the framework of order processing pursuant to Art. 28 GDPR. This concerns processing activities outsourced by the controller to efficiently perform tasks that would otherwise be carried out by the controller. The controller ensures that all necessary data protection measures are taken to comply with data protection requirements. Disclosure to external third parties may also take place to defend legal claims or in investigations and disclosures to public authorities where required by law or necessary to fulfil a disclosure obligation. Information obligations pursuant to Art. 13 and 14 GDPR will be fulfilled prior to any such disclosure where separately required. As part of the application process, disclosure of your personal data within the corporate group and to affiliated companies pursuant to §15 AktG may occur. Your application data will be reviewed by the central HR department upon receipt. Suitable applications will then be forwarded internally to the department heads responsible for the respective position and the further procedure will be coordinated. Only those persons who require access to your data for the proper conduct of our application process generally have access within the company. If the application results in an employment relationship, the processed data will be retained until the termination of the employment relationship. For this purpose, the data from the applicant system will be transferred to our personnel information system. If no employment relationship is entered into, we retain your data for six months due to the General Equal Treatment Act (AGG) and delete it thereafter. 

 

ee. Feedback module 

 

As part of your application, we may ask you for feedback after an interview and up to three months after your hiring. For this purpose, we will send you an invitation link to our feedback system where you can provide your feedback. The purpose of this processing is to develop and optimise our recruiting and application processes and to improve our company image. The following data are processed automatically for these purposes: 

  • Contact data (name, e-mail) 
  • Position title applied for 
  • Location of the position 
  • Job category 
  • Applicant identifier 

Your feedback will be stored anonymously in our database without any personal reference. In addition to a star rating for individual questions, you may leave comments. We expressly ask you not to provide personal data in the comments. The collected information may be displayed on our review pages together with your feedback. Participation in this feedback process is voluntary and requires your explicit consent. Without your consent, feedback submission is not possible. The legal basis for processing your data is Art. 6(1)(a) GDPR. 

 

ff. Subscription to jobs alerts (‘‘Job subscription”)  

 

To be informed about new vacancies, you may subscribe to our job newsletter or receive relevant vacancies via our careers board (RSS feed). When subscribing to the newsletter, you may specify your preferences regarding desired roles and locations. Providing your e-mail address is required to subscribe to the newsletter. The legal basis for this is your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time via the unsubscribe link in the newsletter (opt-out). The RSS feed for displaying new vacancies does not process personal data. 

 

gg. Salary statistics model (“Salary statistics”) 

 

During the application process you may provide feedback on your salary expectations and offered salaries. The information submitted is processed anonymously and without reference to your name or contact details. Softgarden uses these anonymised data for its own purposes such as statistics, analysis and studies and is responsible for this processing pursuant to Art. 4(7) GDPR. Participation in this feedback option is voluntary and requires your consent. The legal basis for this processing is Art. 6(1)(a) GDPR. 

 

hh. Social share buttons 

 

You have the option to share our job postings via various social networks using buttons that redirect you to the respective network and its login page. These buttons are not plug-ins and do not transmit personal data directly to the operators of the social networks. Currently, job postings can be shared via the following social networks: Facebook (https://www.facebook.com/privacy/policy/), X (https://x.com/en/privacy), LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy), Xing (https://privacy.xing.com/en/privacy-policy/what-rights-can-you-assert/right-of-access).
The legal basis for processing is Art. 6(1)(f) GDPR, enabling statistical analysis and reach measurement of job postings. Please consult the provided links for information on how these social networks process your personal data. We have no influence on the data processing performed by these social networks.

 

ii. Online surveys (“Easyfeedback”) 

 

At the end of the application process you may be invited via a link from Softgarden to a survey conducted by easyfeedback GmbH to capture your application experience. Softgarden conducts this survey as the controller within the meaning of Art. 4(7) GDPR and processes the collected data in anonymised form for its own purposes such as statistics, analysis, studies and product development. Survey data are collected using SSL encryption by default, and Softgarden does not establish personal reference in its evaluation. You may terminate the survey at any time; however, data processed up to the point of termination may still be used for the stated purposes. Participation is voluntary; by participating you give your consent, which is required for participation. The legal basis for processing your data is Art. 6(1)(a) GDPR. Data are evaluated anonymously by Softgarden. Further information about data protection at easyfeedback is available at: https://easy-feedback.com/privacy-policy/. 

 

jj. Talent pool 

 

As part of your application or via the “Get in touch” button you may opt into our talent pool. This processing is necessary to automatically consider you for future job postings, including similar or otherwise suitable positions. If you register for the talent pool via the “Get in touch” button, the following information will be requested: 

  • Salutation, academic title (optional) 
  • First and last name, e-mail address 
  • Job fields of interest 
  • Current career level 
  • Preferred location(s) 
  • XING profile or CV 

Inclusion in the talent pool is voluntary and requires your consent and use of an opt-in link. The legal basis is Art. 6(1)(a) GDPR. After six months we will contact you to ask whether you wish to remain in the talent pool. 

 

kk. Disclosure of application status information 

 

If you apply via a job board (e.g. Hellowork, Stepstone), the data you submit will be transferred automatically to our recruiting system. For some of these job boards you may be able to track the status of your application in your account with the respective job board. In this context our service provider Softgarden e-Recruiting GmbH transmits the status of your application (receipt, processing, rejection) to the job board on our behalf. Display of the application status in your account may be delayed by up to four weeks because we wish to inform you of your application status personally first. The legal basis for this data transfer is Art. 6(1)(b) GDPR (initiation of an employment relationship). Further information on data processing can be found in the privacy notices of the respective job board you used to apply.

 

ll. Deletion

 

Your data are stored for the duration of the application process and retained after the conclusion of the procedure in accordance with applicable retention periods. In the event of a rejection, data are retained for six months. In the case of a successful hire, data are retained for three months after employment begins. After these retention periods expire, data are fully anonymised. Anonymised datasets are no longer subject to data protection regulations and may be used for statistical and analytical purposes, market studies or product development.

 

IV. PROCESSING OF DATA WITHIN THE CORPORATE GROUP

Only those departments will have access to your data that need them to protect our legitimate interests or to fulfil our (pre-)contractual and legal obligations. Your request may require transmission of your data within the corporate group and to affiliated companies pursuant to §15 AktG. 

V. SECURITY MEASURES

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account legal requirements, the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing and the varying likelihood and severity of risks to the rights and freedoms of natural persons. 

 

Measures include in particular safeguarding confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access, entry, transmission, ensuring availability and separation of the data. We have also established procedures to enable the exercise of data subject rights, deletion of data and responses to data breaches. Furthermore, we take data protection into account when developing or selecting hardware, software and procedures in accordance with the principles of privacy by design and privacy-friendly default settings.  

 

SSL encryption (https): To protect the data you transmit via our online offering, we use SSL encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser. 

VI. DATA SECURITY

We use various measures adapted to the state of the art to ensure data security. These measures in particular serve to protect your (personal) data. However, please note that data transmission over the Internet (e.g., by e-mail) may have security vulnerabilities and cannot be completely protected from third-party access. For particularly sensitive information, especially for the application process, we therefore recommend using our careers portal.

VII. USE OF COOKIES
We use cookies to personalise content and ads, to provide social media features and to analyse traffic to our website. We also share information about your use of our site with our social media, advertising and analytics partners. These partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the services.  Cookies are small text files used by websites to make the user experience more efficient. Under the law we may store cookies on your device where they are strictly necessary for the operation of this site. For all other cookie types we require your consent. This site uses different types of cookies. Some cookies are placed by third parties whose content appears on our pages. You can change or withdraw your consent at any time via the cookie statement on our website. Please provide your consent ID and date when contacting us regarding your consent.
VIII. PROVISION OF THE ONLINE OFFERING AND WEB HOSTING

To provide our online offering securely and efficiently, we use the services of one or more web hosting providers whose servers (or servers managed by them) can be used to call up the online offering. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

 

The types of data processed within the scope of hosting may include all information relating to the users of our online offering that arise in the course of use and communication. These typically include the IP address required to deliver content of online offerings to browsers and all entries made within our online offering or on websites. 

 

Collection of access data and log files: We or our web hosting provider collect data about each access to the server (so-called server log files). Server log files may include the address and name of the requested web pages and files, date and time of the request, amount of data transferred, a message indicating successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page) and usually IP addresses and the requesting provider.

Server log files can be used for security purposes (e.g., to prevent server overload, particularly in cases of abusive attacks such as DDoS attacks) and to ensure server load and stability.

 

Content delivery network: We use a content delivery network (CDN). A CDN is a service that helps deliver content of an online offering — especially large media files such as graphics or program scripts — faster and more securely using geographically distributed servers connected over the Internet.

  • Processed categories of data: Content data (e.g., entries in online forms), usage data (e.g., visited web pages, interest in content, access times), meta/communication data (e.g., device information, IP addresses). 
  • Data subjects: Users (e.g., website visitors, users of online services). 
  • Purpose of processing: Content delivery network (CDN). 
  • Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). 

Services and providers used: 

IX. WEB ANALYSIS, MONITORING AND OPTIMISATION

Web analysis (also referred to as “reach measurement”) is used to evaluate visitor flows to our online offering and may include behaviour, interests or demographic information about visitors (e.g., age or gender) as pseudonymous values. With reach analysis we can determine, for example, at what times our online offering, functions or content are used most frequently, or which areas invite re-use. We can also identify which areas need optimisation. 

 

In addition to web analysis, we may use testing procedures (A/B tests) to test and optimise different versions of our online offering or its components. 

 

For these purposes, user profiles may be created and stored in a file (a “cookie”) or similar procedures with the same purpose may be used. These data may include viewed content, visited pages and elements used there, and technical information such as the browser used, the computer system used and usage times. Where users have consented to collection of their location data, these may also be processed depending on the provider. 

 

IP addresses of users are also stored; however, we use an IP-masking procedure (i.e., pseudonymisation by truncation of the IP address) to protect users. In general, web analysis, A/B testing and optimisation do not store any clear personal data of users (e.g., e-mail addresses or names) but pseudonyms. That is, neither we nor the providers of the software used know the actual identity of users, but only the information stored in the profiles for the purposes of the respective procedures. 

 

Notes on legal bases: If we ask users for consent for the use of third-party providers, the legal basis for data processing is consent. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., an interest in efficient, economical and user-friendly services). Please also refer to the cookie information in this privacy notice. 

  • Processed data categories: Usage data (e.g., visited web pages, interest in content, access times), meta/communication data (e.g., device information, IP addresses). 
  • Data subjects: Users (e.g., website visitors, users of online services). 
  • Purposes of processing: Reach measurement (e.g., access statistics, recognising returning visitors), tracking (e.g., interest/behavioural profiling, use of cookies), conversion measurement (measuring effectiveness of marketing measures), profiling (creating user profiles). 
  • Security measures: IP masking (pseudonymisation of the IP address). 
  • Legal bases: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and providers used:

 

X. PLUG-INS AND EMBEDDED FEATURES AS WELL AS CONTENT

We embed functional and content elements in our online offering that are provided by the servers of their respective providers ("third parties"). These may include graphics, videos, social media buttons or posts (collectively “content”). 

 

Embedding always requires that third parties process the users’ IP addresses, because without the IP address the content cannot be delivered to their browser. The IP address is therefore required to display this content or functionality. We endeavour to use content where providers use the IP address only to deliver content. Third parties may also use pixel tags (invisible graphics, “web beacons”) for statistical or marketing purposes. Pixel tags can be used to evaluate visitor traffic on the pages of this website. Pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visit time and further data on the use of our online offering, and can be combined with information from other sources. 

 

Notes on legal bases: If we ask users for consent to use third-party providers, the legal basis for processing is consent. Otherwise, data are processed on the basis of our legitimate interests (i.e., an interest in efficient, economical and user-friendly services). Please also refer to the cookie information in this privacy notice. 

  • Processed data categories: Usage data, meta/communication data, location data, contact data, inventory data (e.g., names, addresses). 
  • Data subjects: Users. 
  • Purposes of processing: Provision of the online offering and user friendliness, provision of contractual services and customer service, tracking, feedback (e.g., collecting feedback via online forms), security measures, handling and response to enquiries. 
  • Legal bases: Legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR), contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR).

Services and providers used: 

XI. MANAGEMENT, ORGANISATION AND SUPPORT TOOLS

We use services, platforms and software of other providers (“third parties”) for organisation, administration, planning and delivery of our services. When selecting third parties and their services we take legal requirements into account. 

Personal data may be processed and stored on the servers of these third parties. This may include master and contact data of users, data concerning transactions, contracts, other processes and their contents. Where users are referred to third parties or their software/platforms in the course of communication, business or other relationships with us, those third parties may process usage data and metadata for security purposes, service optimisation or marketing. Please note the privacy notices of the respective third parties.
 

Notes on legal bases: If we ask users for consent for the use of third parties, the legal basis is consent. In addition, the use of third parties may form part of our (pre-)contractual services if agreed in that context. Otherwise, processing is based on our legitimate interests (i.e., an interest in efficient, economical and user-friendly services). Please also see the cookie information in this privacy notice.  

  • Processed data categories: Inventory data, contact data, content data, usage data, meta/communication data. 
  • Data subjects: Communication partners, users, customers. 
  • Purposes of processing: Reach measurement, tracking, profiling, contact enquiries and communication, conversion measurement, target group formation, handling and response to enquiries, feedback collection. 
  • Legal bases: Consent (Art. 6(1)(a) GDPR), contract performance and pre-contractual enquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and providers used:

XII. DELETION AND BLOCKING OF PERSONAL DATA

The data we process will be deleted in accordance with legal requirements as soon as the consent given for processing is withdrawn or other permissions cease to apply (e.g., where the purpose for processing the data no longer exists or the data are no longer required for that purpose). 

 

If deletion is not possible because the data are required for other legally permissible purposes, processing will be restricted to those purposes. In such cases, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose retention is necessary to establish, exercise or defend legal claims or to protect the rights of another natural or legal person. 

XIII. DATA SUBJECT RIGHTS

Under the applicable provisions (in particular Art. 15–21 GDPR), you have the following rights with regard to the processing of your personal data:

with regard to the processing of your personal data: 

  • Right of access 
  • Right to rectification 
  • Right to erasure 
  • Right to restriction of processing 
  • Right to data portability 
  • Right not to be subject to a decision based solely on automated processing in an individual case 
  • Right to lodge a complaint with a supervisory authority

The right of access and the right to erasure are subject to statutory restrictions (e.g., Sections 34, 35 BDSG). You also have the right to object to processing of your personal data for direct marketing purposes. If we process your data to protect legitimate interests, you can object to such processing if there are reasons arising from your particular situation that speak against processing. 

If you have given your consent to the processing of personal data for specific purposes you may withdraw that consent at any time with future effect. 

If you wish to exercise any of these rights, you may contact the entities named under I. or II. at any time.  

XIV. CHANGES AND UPDATES

These privacy notices must be adapted from time to time to reflect actual conditions and legal developments. Please check this privacy notice before using our services to stay informed of any changes or updates.

Last updated: September 2025