Privacy Policy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter “data”) within our online offering and the websites, functions, and content connected to it, as well as external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terminology used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

B&P GmbH & Co. KG
Gänsemarkt 21-23
20354 Hamburg, DE

represented by B&P Verwaltungs GmbH
Managing Directors: Thomas Bergmann, Georg L. Eisenhauer
Legal Notice: https://cimplify.de/impressum/
Email: info@cimplify.de

Contact details of the Data Protection Officer

PROLIANCE GmbH
www.datenschutzexperte.de
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the Data Protection Officer, please name the company to which your request relates. Please refrain from attaching sensitive information such as a copy of your ID to your request.

Types of data processed

• Master data (e.g., personal master data, names, or addresses).
• Contact data (e.g., email, telephone numbers).
• Content data (e.g., text entries, photographs, videos).
• Usage data (e.g., websites visited, interest in content, access times).
• Meta/communication data (e.g., device information, IP addresses).

Categories of data subjects

Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as “users”).

Purpose of processing

• Provision of the online offering, its functions, and content.
• Responding to contact requests and communicating with users.
• Security measures.
• Reach measurement / marketing.

Terminology used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.

“Pseudonymization” means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Where the legal basis is not stated in this Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR; the legal basis for processing to fulfill our services and carry out contractual measures, as well as to respond to inquiries, is Art. 6(1)(b) GDPR; the legal basis for processing to fulfill our legal obligations is Art. 6(1)(c) GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis. The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Art. 6(1)(e) GDPR. The legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. The processing of data for purposes other than those for which they were collected is governed by Art. 6(4) GDPR. The processing of special categories of data (in accordance with Art. 9(1) GDPR) is governed by Art. 9(2) GDPR.

Security measures

In accordance with legal requirements, and taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as the access, input, transfer, availability, and separation relating to it. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and a response to threats to the data. We also take the protection of personal data into account as early as the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by privacy-friendly default settings.

We ask you to inform yourself regularly about the content of our Privacy Policy. We will adapt the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require any cooperation on your part (e.g., consent) or other individual notification.

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., where transmission of data to third parties, such as payment service providers, is necessary for the performance of a contract pursuant to Art. 6(1)(b) GDPR), where you have consented, where a legal obligation provides for this, or on the basis of our legitimate interests (e.g., when using agents, web hosts, etc.).

Where we disclose, transmit, or otherwise grant access to data to other companies within our corporate group, this is done in particular for administrative purposes as a legitimate interest and otherwise on a basis that complies with the legal requirements (Art. 28 GDPR).

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the course of using third-party services or the disclosure or transmission of data to third parties, this is done only to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only where the special conditions of Art. 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether the data in question are being processed and to information about these data, as well as to further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request that the data in question be deleted without delay, or alternatively, in accordance with Art. 18 GDPR, to request a restriction of the processing of the data.

You have the right to request that the data concerning you that you have provided to us be received in accordance with Art. 20 GDPR and to request its transmission to other controllers.

You also have the right, pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to withdraw consent that has been granted, pursuant to Art. 7(3) GDPR, with effect for the future.

Right to object

You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies and right to object to direct marketing

“Cookies” are small files stored on users’ computers. Various information can be stored within cookies. A cookie serves primarily to store information about a user (or the device on which the cookie is stored) during or after their visit within an online offering. Temporary cookies, also known as “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may store, for example, the contents of a shopping cart in an online shop or a login status. “Permanent” or “persistent” cookies are cookies that remain stored even after the browser is closed. For example, the login status can be stored if users visit again after several days. Likewise, such a cookie may store users’ interests, which are used for reach measurement or marketing purposes. “Third-party cookies” are cookies offered by providers other than the controller operating the online offering (otherwise, if they are only the controller’s cookies, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and clarify this within our Privacy Policy.

Where we ask users for consent to the use of cookies (e.g., as part of a cookie consent), the legal basis for this processing is Art. 6(1)(a) GDPR. Otherwise, users’ personal cookies are processed in accordance with the following explanations within this Privacy Policy on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR) or, where the use of cookies is necessary to provide our contract-related services, pursuant to Art. 6(1)(b) GDPR, or, where the use of cookies is necessary for the performance of a task in the public interest or in the exercise of official authority, pursuant to Art. 6(1)(e) GDPR.

If users do not wish cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional limitations of this online offering.

A general objection to the use of cookies employed for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site or the EU site. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case not all functions of this online offering may be usable.

Deletion of data

The data we process are deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated within this Privacy Policy, the data stored by us are deleted as soon as they are no longer required for their intended purpose and no statutory retention obligations preclude deletion. If the data are not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means the data are blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

According to legal requirements in Germany, retention takes place in particular for 6 years pursuant to Section 257(1) HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147(1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation, etc.).

According to legal requirements in Austria, retention takes place in particular for 7 years pursuant to Section 132(1) BAO (accounting documents, vouchers/invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate, and for 10 years for documents related to electronically supplied services, telecommunications, broadcasting, and television services provided to non-business customers in EU member states and for which the Mini One Stop Shop (MOSS) is used.

Hosting

The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this online offering.

In doing so, we, or our hosting provider, process master data, contact data, content data, contract data, usage data, and meta and communication data of customers, prospects, and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Collection of access data and log files

We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR. The access data include the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g., to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data whose further retention is required for evidentiary purposes are exempt from deletion until the respective incident is finally resolved.

Agency services

We process the data of our customers within the scope of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In doing so, we process master data (e.g., customer master data such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), and usage and metadata (e.g., in the context of evaluating and measuring the success of marketing measures). As a rule, we do not process special categories of personal data unless these are components of a commissioned processing. The data subjects include our customers, prospects, and their customers, users, website visitors, or employees, as well as third parties. The purpose of the processing is the provision of contractual services, billing, and our customer service. The legal bases for the processing arise from Art. 6(1)(b) GDPR (contractual services) and Art. 6(1)(f) GDPR (analysis, statistics, optimization, security measures). We process data that are necessary for the establishment and fulfillment of the contractual services and point out the necessity of providing them. Disclosure to external parties takes place only if it is necessary in the context of an order. When processing the data entrusted to us in the context of an order, we act in accordance with the instructions of the clients as well as the legal requirements of commissioned processing pursuant to Art. 28 GDPR, and process the data for no purposes other than those of the order.

We delete the data after expiry of statutory warranty and comparable obligations. The necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (6 years pursuant to Section 257(1) HGB, 10 years pursuant to Section 147(1) AO). In the case of data disclosed to us by the client in the context of an order, we delete the data in accordance with the requirements of the order, generally after the end of the order.

Brokerage services

We process the data of our customers, clients, and prospects (uniformly referred to as “customers”) in accordance with Art. 6(1)(b) GDPR in order to provide them with our contractual or pre-contractual services. The data processed, the nature, scope, and purpose, and the necessity of their processing are determined by the underlying order. These generally include master and base data of the customers (name, address, etc.), as well as contact data (email address, telephone, etc.), contract data (content of the engagement, fees, terms, information on the brokered companies/insurers/services), and payment data (commissions, payment history, etc.). We may also process information on the characteristics and circumstances of persons or items belonging to them, where this is part of our order. This may include, for example, information on personal living circumstances, movable or immovable property.

In the course of our engagement, it may also be necessary for us to process special categories of data pursuant to Art. 9(1) GDPR, here in particular information on a person’s health. For this purpose, where necessary, we obtain the express consent of customers pursuant to Art. 6(1)(a), Art. 7, Art. 9(2)(a) GDPR.

Where necessary for the performance of the contract or required by law, we disclose or transmit customer data in the context of coverage inquiries, conclusions, and processing of contracts to providers of the brokered services/objects, insurers, reinsurers, broker pools, technical service providers, and other service providers such as cooperating associations, as well as financial service providers, credit institutions and investment companies, as well as social insurance carriers, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen, and the Federal Financial Supervisory Authority (BaFin). Furthermore, we may engage subcontractors, such as sub-brokers. We obtain the consent of customers where this is required for the disclosure/transmission (which may be the case, for example, with special categories of data pursuant to Art. 9 GDPR).

Deletion of the data takes place after expiry of statutory warranty and comparable obligations, with the necessity of retaining the data reviewed every three years; otherwise the statutory retention obligations apply. In the case of statutory archiving obligations, deletion takes place after their expiry. Subject to retention obligations under German law in the insurance and financial sector are, in particular, consultation records for 5 years, broker closing notes for 7 years, and brokerage contracts for 5 years, as well as generally 6 years for documents relevant under commercial law and 10 years for documents relevant under tax law.

Provision of contractual services

We process master data (e.g., names and addresses as well as contact data of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6(1)(b) GDPR. Entries marked as mandatory in online forms are necessary for the conclusion of the contract.

In the course of using our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as those of the users in protection against misuse and other unauthorized use. As a rule, this data is not passed on to third parties, unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR.

As a rule, we do not process special categories of personal data unless these are components of a commissioned or contractual processing.

We process usage data (e.g., the websites of our online offering visited, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile, in order to show the user, for example, product information based on the services they have previously used.

In the course of using our online services, we may store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests, as well as the interests of the users in protection against misuse and other unauthorized use. As a rule, this data is not passed on to third parties, unless it is necessary to pursue our claims pursuant to Art. 6(1)(f) GDPR or there is a legal obligation to do so pursuant to Art. 6(1)(c) GDPR.

Deletion of the data takes place after expiry of statutory warranty and comparable obligations; the necessity of retaining the data is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry. Information in any customer account remains until its deletion.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks and the organization of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the course of providing our contractual services. The bases for processing are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Customers, prospects, business partners, and website visitors are affected by the processing. The purpose and our interest in the processing lie in administration, financial accounting, office organization, and archiving of data, i.e., tasks that serve to maintain our business activities, perform our duties, and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information stated for these processing activities.

In doing so, we disclose or transmit data to the financial administration, advisors such as tax advisors or auditors, as well as other billing offices and payment service providers.

Furthermore, on the basis of our business interests, we store information on suppliers, organizers, and other business partners, e.g., for the purpose of later contact. This predominantly company-related data is generally stored permanently.

Business analyses and market research

In order to operate our business economically and to be able to identify market trends and the wishes of customers and users, we analyze the data available to us on business transactions, contracts, inquiries, etc. In doing so, we process master data, communication data, contract data, payment data, usage data, and metadata on the basis of Art. 6(1)(f) GDPR, whereby the data subjects include customers, prospects, business partners, and visitors and users of the online offering.

The analyses are carried out for the purpose of business evaluations, marketing, and market research. In doing so, we may take into account the profiles of registered users with information, for example, on their purchase transactions. The analyses serve to increase user-friendliness, optimize our offering, and improve business efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values.

Where these analyses or profiles are personal, they are deleted or anonymized upon termination by the users, otherwise after two years from the conclusion of the contract. Otherwise, the overall business analyses and general trend determinations are, where possible, prepared anonymously.

Microsoft cloud services

We use the cloud offered by Microsoft and the cloud software services (so-called Software as a Service, e.g., Microsoft Office) for the following purposes: document storage and management, calendar management, email dispatch, spreadsheets and presentations, exchange of documents, content, and information with specific recipients or publication of websites, forms, or other content and information, as well as chats and participation in audio and video conferences.

In doing so, users’ personal data are processed insofar as they become part of the documents and content processed within the described services or are part of communication processes. This may include, for example, master data and contact data of users, data on transactions, contracts, other processes, and their content. Microsoft also processes usage data and metadata, which are used by Microsoft for security purposes and service optimization.

In the context of using publicly accessible documents, websites, or other content, Microsoft may store cookies on users’ computers for purposes of web analysis or to remember users’ settings.

We use the Microsoft cloud services on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR in efficient and secure administration and collaboration processes. Furthermore, the processing takes place on the basis of a data processing agreement with Microsoft.

You can find further information in Microsoft’s privacy policy and the security notices for Microsoft cloud services. You may object to the processing of your data in the Microsoft cloud vis-à-vis us in accordance with the legal requirements. Otherwise, the deletion of data within Microsoft’s cloud services is determined by the other processing operations in the context of which the data are processed (e.g., deletion of data no longer required for contract purposes or storage of data required for tax purposes).

The Microsoft cloud services are offered by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Insofar as data are processed in the USA, we refer to Microsoft’s certification under the Privacy Shield.

Data protection notes in the application process

We process applicant data only for the purpose and within the scope of the application process in accordance with legal requirements. The processing of applicant data takes place to fulfill our (pre-)contractual obligations in the context of the application process within the meaning of Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR, where the data processing becomes necessary for us, e.g., in the context of legal proceedings (in Germany, Section 26 BDSG additionally applies).

The application process requires applicants to provide us with applicant data. The necessary applicant data are marked where we offer an online form, otherwise they arise from the job descriptions and generally include information on the person, postal and contact addresses, and the documents belonging to the application, such as cover letter, CV, and references. In addition, applicants may voluntarily provide us with additional information.

By submitting the application to us, applicants agree to the processing of their data for the purposes of the application process in accordance with the nature and scope set out in this Privacy Policy.

Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily provided in the context of the application process, their processing additionally takes place pursuant to Art. 9(2)(b) GDPR (e.g., health data such as severe disability status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants in the context of the application process, their processing additionally takes place pursuant to Art. 9(2)(a) GDPR (e.g., health data, where these are necessary for the exercise of the profession).

Where made available, applicants can submit their applications to us by means of an online form on our website. The data are transmitted to us encrypted in accordance with the state of the art.

Furthermore, applicants can submit their applications to us via email. Here, however, we ask you to note that emails are generally not sent encrypted and that applicants themselves must ensure encryption. We can therefore accept no responsibility for the transmission path of the application between the sender and receipt on our server and therefore recommend rather using an online form or postal dispatch. Instead of applying via the online form and email, applicants still have the option of sending us the application by post.

The data provided by applicants may, in the case of a successful application, be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants’ data are deleted. Applicants’ data are also deleted if an application is withdrawn, which applicants are entitled to do at any time.

Deletion takes place, subject to a legitimate withdrawal by the applicant, after the expiry of a period of six months, so that we can answer any follow-up questions about the application and meet our evidentiary obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Talent pool

In the context of the application, we offer applicants the opportunity to be included in our “talent pool” for a period of two years on the basis of consent within the meaning of Art. 6(1)(b) and Art. 7 GDPR.

The application documents in the talent pool are processed solely in the context of future job postings and the search for employees and are destroyed at the latest after expiry of the period. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process, and that they can withdraw this consent at any time for the future as well as declare an objection within the meaning of Art. 21 GDPR.

Contact

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s information is processed to handle the contact request and its processing pursuant to Art. 6(1)(b) GDPR. The users’ information may be stored in a Customer Relationship Management system (“CRM system”) or comparable inquiry organization.

We delete the inquiries where they are no longer required. We review the necessity every two years; furthermore, the statutory archiving obligations apply.

Analysis services

On this website, we use the software “PiwikPro” (www.piwik.pro), a service of the provider Piwik PRO GmbH, Knesebeckstraße 62/63, 10719 Berlin, Germany. The software sets a cookie (a text file) on your computer with which your browser can be recognized. When subpages of our website are accessed, the following data are stored:

• the user’s IP address, shortened by the last two bytes (anonymized)
• the subpage accessed and the time of access
• the page from which the user reached our website (referrer)
• which browser with which plugins, which operating system, and which screen resolution is used
• the time spent on the website
• the pages accessed from the subpage that was visited

Legal basis

The legal basis on which we process personal data by means of PiwikPro is Art. 6(1)(f) GDPR.

Purpose of data processing

We need the data to analyze users’ browsing behavior and to obtain information about the use of the individual components of the website. This enables us to continuously optimize the website and its user-friendliness. Our legitimate interest pursuant to Art. 6(1)(f) GDPR lies in these purposes. By anonymizing the IP address, we take into account the users’ interest in the protection of personal data. The data are never used to personally identify the user of the website and are not merged with other data.

Duration of storage

The data are deleted when they are no longer needed for our purposes.

Right to object

(no content provided in the original)

Online presences in social media

We maintain online presences within social networks and platforms in order to communicate with the customers, prospects, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

We point out that user data may be processed outside the area of the European Union. This may give rise to risks for users, as it could, for example, make it more difficult to enforce users’ rights. With regard to US providers certified under the Privacy Shield, we point out that they thereby commit to complying with the EU data protection standards.

Unless otherwise stated within our Privacy Policy, we process users’ data where they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.

Furthermore, users’ data are generally processed for market research and advertising purposes. For example, usage profiles can be created from usage behavior and the resulting interests of users. The usage profiles can in turn be used, for example, to display advertisements within and outside the platforms that presumably correspond to the users’ interests. For these purposes, cookies are generally stored on users’ computers, in which the usage behavior and interests of users are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

The processing of users’ personal data takes place on the basis of our legitimate interests in effectively informing users and communicating with users pursuant to Art. 6(1)(f) GDPR. If users are asked by the respective providers of the platforms for consent to the data processing described above, the legal basis for the processing is Art. 6(1)(a), Art. 7 GDPR.

For a detailed presentation of the respective processing operations and the options to object (opt-out), we refer to the providers’ information linked below.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers each have access to the users’ data and can directly take appropriate measures and provide information. Should you nevertheless need help, you can contact us.

• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – You can find further information here: Privacy Policy, Opt-Out, Privacy Shield.

Integration of third-party services and content

Within our online offering, on the basis of our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR), we use content or service offerings from third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).

This always requires that the third-party providers of this content perceive the users’ IP address, since without the IP address they could not send the content to their browser. The IP address is thus necessary for the display of this content. We endeavor to use only such content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit, and other information on the use of our online offering, as well as be linked with such information from other sources.

Google Maps

We integrate the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include in particular IP addresses and location data of users, which, however, are not collected without their consent (usually carried out within the settings of their mobile devices). The data may be processed in the USA. Further information can be found here: Privacy Policy, Opt-Out.

LinkedIn

Within our online offering, functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, may be integrated. This may include, for example, content such as images, videos, or texts and buttons with which users can express their liking of the content, subscribe to the authors of the content, or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can attribute the access to the above-mentioned content and functions to the users’ profiles there. LinkedIn’s Privacy Policy. LinkedIn is certified under the Privacy Shield agreement and thereby offers a guarantee of complying with European data protection law. Further information can be found here: Privacy Policy, Opt-Out.