Data Protection Declaration

Many thanks for taking an interest in our company. Data protection is a particularly high priority for the management of Content Translated. Use of the Content Translated website is generally possible without providing any personal data. However, it may be necessary to process personal data if a data subject wishes to use our company’s special services via our website. As a rule, we ask for the consent of the data subject if the processing of personal data is required and there is no legal basis for such processing.

The processing of personal data (e.g. the name, address, email address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to Content Translated. By means of this data protection declaration, our company’s aim is to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, it is by means of this data protection declaration that data subjects are informed about their rights.

As the data controller, Content Translated has implemented numerous technical and organizational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, security breaches are theoretically possible in the case of Internet-based data transmissions, which mean that absolute protection cannot be guaranteed. For that reason, every data subject is free to transmit personal data to us by alternative means (e.g. by telephone).

1. Definitions

The Content Translated data protection declaration is based on the terminology in use by the European directors and regulators at the time of the General Data Protection Regulation’s (GDPR’s) adoption. Our data protection declaration is intended to be easy to read and understand for members of the general public, as well as for our customers and business partners. To that end, we would like to explain in advance the terms that are in use.

This data protection declaration includes the following terms:

a) Personal data
“Personal data” concerns all information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if such a person can be identified either directly or indirectly, in particular by being able to assign to that person an identifier, such as a name, an identification number, location data, an online password or one or more specific characteristics that help establish the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b) Data subject
A data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

c) Processing
Processing is any operation or series of operations carried out with or without the help of automated processes in connection with personal data, such as collection, registration, organization, collation, storage, adaptation or modification, reading, querying, use, disclosure by transmission, distribution or some other form of provision, comparison or linking, restriction, deletion or destruction.

d) Processing restriction
“Processing restriction” means the flagging of stored personal data for the purpose of restricting any future processing of such data.

e) Profiling
Profiling is any type of automated processing of personal data that involves the use of such personal data to evaluate particular personal aspects relating to a natural person, especially those aspects relating to the work performance, financial situation, health, personal preferences, interests, reliability, behavior, residence or change of residence of this natural person.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the requirement for additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Data controller or person responsible
The data controller or person responsible for processing is the natural person or legal entity, public authority, agency or other body that solely or jointly with other parties decides on the objectives and means employed in relation to the processing of personal data. If EU law or the law of member states makes provision for the objectives and means employed in relation to such personal data processing, the data controllers or the specific criteria for their appointment can be governed according to EU or a member state’s law.

h) Processor
The processor is a natural person or legal entity, public authority, agency or other body that processes personal data on behalf of the data controller/person responsible.

i) Recipient
The recipient is a natural person or legal entity, public authority, agency or other body to which personal data are disclosed, regardless of whether or not this relates to a third party. However, public authorities that might receive personal data as part of a specific investigation mandate under EU law or the law of a member state are not considered recipients.

j) Third party
A third party is a natural person or legal entity, public authority, agency or other body other than the data subject, the data controller, the processor and the persons authorized to process the personal data under the direct responsibility of the data controller or processor.

k) Consent
Consent is any expression of will that the data subject gives voluntarily, in an informed manner and unequivocally concerning a specific case, this being in the form of a declaration or other clear confirmatory act whereby the data subject indicates consent to the processing of their personal data.

2. Name and address of the data controller

Under the meaning of the General Data Protection Regulation and of other data protection legislation such as it applies member states of the European Union, as well as under the meaning of other regulations relating to personal data protection, the data controller is:

Content Translated
Landbouwstraat 60
9648GC Wildervank
The Netherlands
Tel: +31 (0)7773 959993
Email: info@content-translated.nl
Website: www.content-translated.com

Content Translated
In Neustückern 11
78351 Bodman
Germany
Tel: +49 7773 95 999 39
Email: info@content-translated.de
Website: www.content-translated.com

3. Cookies

The Content Translated website uses cookies. Cookies are text files saved to and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain what is termed a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified using the unique cookie ID.

By using cookies, Content Translated can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

A cookie can be used to optimize the information and offers on our website in the interests of the user. As already mentioned, cookies allow us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the users of a website that employs cookies do not have to enter their access data every time they visit the website, because this is taken over by the website and the cookie stored on the users’ computer systems. Another example is the cookie for a shopping cart in the online shop. It is via this cookie that the online shop is able to remember the items a customer has placed in the virtual shopping cart.

At any time the person concerned can prevent cookies being saved via our website by making appropriate adjustments to the settings of the internet browser in use, thereby permanently blocking consent to the saving such cookies. Furthermore, cookies that have already been saved can be deleted at any time using an internet browser or other software programs. This is possible in all standard internet browsers. Under certain circumstances, deactivation of the save cookies function in the internet browser concerned will impair the full functionality of certain aspects of our website.

4. Collection of general data and information

The Content Translated website collects a series of general data and information each time the website is accessed by a data subject or an automated system. This information and general data are stored in the server’s log files. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (known as the referrer), (4) the subpages that are visited using an accessing system to our website, (5) the date and time of visit to the website, (6) an internet protocol address (IP address), (7) the internet service provider for the accessing system and (8) other similar data and information used in the event of attacks on our information technology systems.

When using this general data and information, Content Translated does not thereby trace this back to the person concerned. On the contrary, this information is required in order to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. Content Translate statistically evaluates this anonymously collected data and information, with the further aim of increasing data protection and data security in our company, thereby ultimately ensuring an optimal level of protection for the personal data that we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.

5. Contact options via the website

Owing to legal regulations, the Content Translated website contains information that allows for fast electronic contact with our business and direct communication with us, which also includes a general address for ‘electronic mail’ (the email address). If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be automatically saved. Such data voluntarily transmitted from a data subject to the data controller will be stored for the purposes of processing or contacting the data subject. Such personal data will not be passed on to third parties.

6. Comment function in the website blog

Content Translated gives users the opportunity to leave individual comments in individual blog posts on a blog at the data controller’s website. A blog is a portal, usually with public access, where one or more people known as bloggers or web bloggers can post articles or write down thoughts in what are termed blog posts. Third parties can usually comment on blog posts.

If a data subject leaves a comment in the blog published on this website, not only will the comments left by the data subject be saved and published, but also information concerning the time when the comment was entered, as well as the user name (pseudonym) chosen by the data subject. Furthermore, the IP address assigned by the data subject’s Internet service provider (ISP) will also be logged. This IP address is saved for security reasons and also in the event that the data subject infringes the rights of third parties or publishes illegal content when posting a comment. Therefore, the storage of this personal data is in the data controller’s own interest, such that the data controller would not be held liable for prosecution in the event of a breach of the law. The personal data collected will not be passed on to third parties unless such transfer is required by law or is to serve as a legal defense for the data controller.

7. Subscription to the website blog by email

In theory, third parties can subscribe to the Content Translated blog and the comments contained in it. In particular, it is possible for a commentator to subscribe to the comments in response to his/her comments on a particular blog post.

If a data subject opts to subscribe to comments, the data controller will send an automatic confirmation email to verify via the double opt-in procedure whether the owner of the email address has genuinely opted for that course of action. Subscription to comments can be terminated at any time.

8. Routine deletion and blocking of personal data

The data controller will process and store the data subject’s personal data only for the period of time necessary for the purpose of storage or insofar as provision has been made for this by the architects of European directives and regulations or any other legislator’s legislation or regulations with which the data controller must comply.

If the purpose of storage should cease to apply or if a storage period stipulated by the architects of European directives and regulations or any other relevant legislator should expire, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

9. Rights of the data subject

a) Right to confirmation

Elke betrokkene heeft volgens de opsteller van de Europese richtlijnen en verordeningen het recht om van de verwerkingsverantwoordelijke een bevestiging te verlangen of de persoonsgegevens die op hem of haar betrekking hebben al dan niet worden verwerkt. Als een betrokkene gebruik wenst te maken van dit recht op bevestiging, kan hij daartoe op elk gewenst moment contact opnemen met een medewerker van de verwerkingsverantwoordelijke.

b) Recht op informatie

According to the architects of the European directives and regulations, every data subject whose personal data have been processed has the right at any time to receive information from the data controller free of charge concerning the stored personal data pertaining to the data subject and to receive a copy of that information. Moreover, the architect of the European directives and regulations has granted to the data subject the right to information about the following::

- The purpose(s) of data processing
- The categories of personal data that are being processed
- The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular those recipients in third countries or international organizations
- If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria employed to determine that duration
- The existence of a right to the rectification or deletion (by the data controller) of the personal data pertaining to the data subject or of a right to the restriction of data processing by the data controller or of a right to object to such data processing
- The existence of a right to lodge a complaint with a supervisory body
- If the personal data are not collected from the data subject: all available information about the origin of the data
- The existence of automated decision-making, including profiling, pursuant to Article 22, paragraphs 1 and 4, of the GDPR, and — at least in these cases — meaningful information concerning the rationale involved, as well as the scope and intended effects of such data processing in relation to the data subject

The data subject also has the right to information concerning whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, the data subject can contact an employee of the data controller at any time.

c) Right to rectification

According to the architects of the European directives and regulations, any data subject whose personal data have been processed has the right to request immediate correction of incorrect personal data pertaining to the data subject. Furthermore, taking into account the purpose of such data processing, the data subject has the right to request that incomplete personal data be supplemented, including by means of a supplementary statement.

If a data subject wishes to exercise this right of rectification, the data subject can contact an employee of the data controller at any time.

d) Right to deletion (right to be forgotten)
The architects of the European directives and regulations have granted to every data subject whose personal data have been processed the right to require of the data controller that they delete immediately the personal data pertaining to the data subject insofar as one of the following reasons should apply and insofar as the data processing is unnecessary:

- The personal data have been collected or otherwise processed for purposes that no longer necessitate this.
- The data subject withdraws their consent on which the data processing was based, pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the data processing.
- The data subject objects to the data processing, pursuant to Article 21 (1) GDPR, and there are no overriding legitimate grounds for the processing, or the data subject is lodging a notice of objection to the data processing, pursuant to Article 21 (2) GDPR.
- The personal data have been processed illegally.
- The deletion of personal data is necessary for compliance with a statutory obligation under EU law or the law of a member state to which the data controller is subject.
- The personal data have been collected in relation to information society services supplied pursuant to Article 8 (1) GDPR.

If one of the above reasons applies and a data subject wishes to have personal data stored by Content Translated deleted, the data subject can contact an employee of the data controller for that purpose at any time. The Content Translated employee will arrange for the request for deletion to be complied with immediately.

If the personal data have been made public by Content Translated and, pursuant to Art. 17 (1) GDPR, our company as the responsible party (data controller) is held responsible for the deletion of personal data, Content Translated shall adopt appropriate measures, including those of a technical nature, taking into account the available technology and the implementation costs, in order to notify other parties responsible for the processing of personal data, and who are processing the personal data that has been made public, that the data subject has requested that all other data controllers delete all links to that personal data or delete copies or duplications of such personal data insofar as the processing of such data is not required. In respective individual cases, the measures necessary will be taken by a Content Translated employee.

e) Right to restriction of processing
The architects of the European directives and regulations have granted to every data subject whose personal data have been processed the right to require the data controller to restrict data processing if one of the following conditions is met:

- The data subject disputes the accuracy of the personal data and, in so doing, affords the data controller with a period of time within which the accuracy of the personal data can be verified.
- The data processing is unlawful; the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
- The data controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
- The data subject has objected to processing pursuant to Article 21 (1) GDPR and it is not yet clear whether the legitimate reasons advanced by the data controller outweigh those of the data subject.

If one of the above conditions is met and a data subject wishes to restrict the personal data stored with Content Translated, they can contact an employee of the data controller at any time. In such an instance, a Content Translated employee will arrange for the data processing to be restricted.

f) Right to data portability

The architects of the European directives and regulations have granted to each data subject whose personal data have been processed the right to receive the personal data pertaining to the data subject, and placed by the data subject at the disposal of the data controller, in a structured, standard and machine-readable format. The data subject also has the right to transfer these data to another data controller for the purpose of processing the personal data without this posing a hindrance to the data controller to whom the personal data have been provided. A precondition for this is that the data processing be based on consent pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, or an agreement pursuant to Article 6 (1) (b) GDPR, and that the data processing be carried out using automated processes, unless the data processing is necessary for the performance of a task assigned to the data controller in the public interest or in the exercise of official authority.

Furthermore, when a data subject excises the right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transferred directly from one data controller to another, insofar as this is technically feasible and insofar as this does not infringe the rights and freedoms of other parties.

The data subject can contact an employee of Content Translated at any time to assert the right to data portability.

g) Right to object

The architects of the European directives and regulations have granted to every data subject whose personal data have been processed the right to object at any time to the processing of personal data pertaining to them, pursuant to Article 6 (1) (e) or (f) GDPR for reasons arising from their specific situation. This also applies to profiling based on these provisions.

In the event of an objection, Content Translated will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or unless processing is necessary to assert, exercise or defend legal claims.

If Content Translated processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data collected for the purpose of such advertising. This also applies to profiling insofar as it is connected to such direct marketing. If the data subject objects to the processing of personal data on the part of Content Translated for direct marketing purposes, Content Translated will no longer process the personal data for such purposes.

In addition, the data subject has the right to object to the processing of personal data pertaining to the data subject and which for scientific, historical or statistical purposes, pursuant to Article 89 (1) GDPR, are being collected by Content Translated for reasons connected to the data subject’s specific situation, unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to object, the data subject can contact any employee of Content Translated or another employee directly. Notwithstanding Directive 2002/58/EC, the data subject is also at liberty to exercise the right to object in connection with the use of information society services by means of automated procedures that use technical specifications.

h) Automated decisions in individual cases including profiling

The architects of the European directives and regulations have granted to every data subject whose personal data have been processed the right not to be subjected to a decision based solely on automated processing – including profiling – which has legal consequences for the data subject or which, similarly, has significant negative consequences for the data subject, insofar as such a decision (1) is not necessary for the conclusion or fulfillment of an agreement between the data subject and the data controller, or (2) is permissible pursuant to EU law or the law of a member state to which the data controller is subject and this legislation provides for appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, or (3) is with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or fulfillment of an agreement between the data subject and the data controller or (2) is made with the express consent of the data subject, Content Translated shall adopt appropriate measures to protect the rights and freedoms, as well as the legitimate interests, of the data subject. In that regard, the right is reserved at the least to have a party intervene on the part of the data controller, the right to have their own position clearly stated and to contest the decision.

If the data subject wishes to assert rights with regard to automated decisions, the data subject can contact an employee of the data controller at any time.

i) Right to withdraw consent under data protection law

The architects of the European directives and regulations have granted every data subject whose personal data have been processed the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they can contact an employee of the data controller at any time.

10. Data protection provisions on the application and use of Google Analytics (with anonymization function)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analytics service. Web analytics is the collection and evaluation of data relating to the behaviour of visitors to websites. A web analytics service includes the collection of data concerning the website from which a data subject came to reach a website (known as ‘referrers’), which of the website’s subpages have been accessed, or how frequently and for how long a subpage has been viewed. Web analytics are used principally to optimize a website and a cost-effectiveness analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the filename extension “_gat._anonymizeIp” for the web analytics via Google Analytics. By means of this extension, the IP address of the data subject’s internet connection is shortened and anonymized by Google if visitors to our website are from a member state of the European Union or from another state that is a signatory to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us that show activity on our website, and to provide other services relating to the use of our website.

Google Analytics installs a cookie in the data subject’s information technology system. An explanation about cookies can be found earlier in the text. Installing this cookie enables Google to analyze the use of our website. Whenever a visitor reaches one of the individual pages that forms part of the website operated by the data controller and on which a Google Analytics component has been integrated, the internet browser in the data subject’s information technology system is automatically triggered by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google will be aware of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks, which subsequently enables the billing of fees.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Every time you visit our website, this personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the USA. This personal data is stored by Google in the USA. Google may share the personal data collected through this technical process with third parties.

At any time, and as described previously, the data subject can prevent our website from installing cookies by means of making corresponding configurations to the settings of the internet browser in use and, therefore, is able to register a permanent objection to the installation of cookies. Configuring the internet browser in this way would also prevent Google from installing a cookie in the data subject’s information technology system. Moreover, a cookie already installed by Google Analytics can be deleted at any time via the internet browser or other software programs.

In addition, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. Google treats the installation of the browser add-on as an objection. If the data subject’s information technology system is subsequently deleted, formatted or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is deleted or deactivated by the data subject or another person acting under the data subject’s authority, it is possible to reinstall or reactivate the browser add-on.

The applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail via this link https://www.google.com/intl/de_de/analytics/.

11. Privacy policy for the use of Google+

The data controller has integrated the Google+ button as a component of this website. Google+ is what is referred to as a social network. A social network is an internet-based social meeting place: an online community that generally allows users to communicate with one another and to respond interactively in virtual space. A social network can serve as a platform for exchanging views and experiences or makes it possible for the internet community to furnish personal or business-related information. Use of Google+ enables social network users, for example, to create private profiles, to upload photos and to network by means of making friend requests.

The operating company for the Google+ component is: Google Inc., 1600 Amphitheatre Pkwy., Mountain View, CA 94043-1351, USA.

On each visit to one of this website’s individual pages operated by the data controller and on which a Google+ button has been integrated, the relevant Google+ concerned will automatically request the browser in the data subject’s information technology system to download a display of Google’s relevant Google+ button. As part of this technical process, Google will be notified about the specific subpage on our website that the data subject is visiting. You can find further information about Google+ at https://developers.google.com/+/.

If the data subject is simultaneously logged into Google+, Google will be able to see the specific subpage on our website that the data subject has visited at the time of each visit by the data subject to our website and throughout the entire duration of the visit concerned. This data is collected via the Google+ button and assigned by Google to the data subject’s relevant Google+ account.

If the data subject activates one of the Google+ buttons integrated on our website and makes a Google+1 recommendation as a result, Google will assign this data to the data subject’s personal Google+ account and this will store the personal data. Google will save the data subject’s Google+1 recommendation and will make this publicly available in line with the terms and conditions accepted by the data subject. A Google+1 recommendation made by the data subject on this website will then be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo saved in this in other Google services, e.g. the search engine results from the Google search engine, the data subject’s Google account or in other locations, e.g. on websites or within the context of advertisements. Moreover, Google can link the visit to this website with other personal data that have been stored on Google. Google also registers these personal data in order to improve or optimize Google’s various services.

Google will always receive data from Google+ when the data subject has visited our website or when the data subject has logged into Google+ at the time of visiting our website; this occurs even if the data subject does not click the Google+ button.

If the data subject does not wish to transfer any personal data to Google, the data subject can prevent such transfer by logging out of his/her Google+ account before visiting our website.

You can find further information and Google’s current privacy policy at https://www.google.de/intl/de/policies/privacy/. Additional instructions from Google about the Google+1 button can be found at https://developers.google.com/+/web/buttons-policy.

12. Privacy policy for the use of LinkedIn

The data controller has integrated LinkedIn Corporation components in this website. LinkedIn is an internet-based social network that makes it possible to stay in touch with existing business contacts and to get in touch with new business contacts. LinkedIn has more than 400 million registered users in more than 200 countries. At present, this makes LinkedIn the world’s largest platform for business contacts and one of the world’s most frequently visited websites.

The operating company for LinkedIn is: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
In relation to privacy policy matters outside of the USA, the responsible party is: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time that you visit our website using a LinkedIn component (LinkedIn plug-in), this component will ensure that the browser used by the data subject downloads a corresponding display of the LinkedIn component. You can find further information about the LinkedIn plug-ins at https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn will be notified about the specific subpage on our website that the data subject is visiting.

If that person is simultaneously logged into LinkedIn, LinkedIn will be able to see the specific subpage on our website that the data subject has visited at the time of each visit by the data subject to our website and throughout the entire duration of the visit concerned. This data is collected by the LinkedIn component and assigned by LinkedIn to the data subject’s relevant LinkedIn account. If the data subject activates the LinkedIn button integrated in our website, LinkedIn will assign this data to the data subject’s personal LinkedIn account and this will store the personal data.

The LinkedIn component will always notify LinkedIn when the data subject has visited our website or when the data subject is logged into LinkedIn at the time of visiting our website; this occurs even if the data subject does not click the LinkedIn component. If the data subject does not wish to transfer any personal data to LinkedIn, the data subject can prevent such transfer by logging out of his/her LinkedIn account before visiting our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn provides options for cancelling email messages, text messages and targeted ads, and for managing the settings for advertisements. LinkedIn also enlists partners, such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which can install cookies. These cookies can be blocked at https://www.linkedin.com/legal/cookie-policy. The current LinkedIn privacy policy can be found at https://www.linkedin.com/legal/privacy-policy. The LinkedIn cookie policy can be found at https://www.linkedin.com/legal/cookie-policy.

13. Privacy policy for the use of Xing

The data controller has integrated Xing components in this website. Xing is an internet-based social network that makes it possible to stay in touch with existing business contacts and to get in touch with new business contacts. Individual users can use Xing to create a personal profile. Businesses can, for example, create business profiles or publicize job vacancies.

The operating company for Xing is: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

On each visit to one of this website’s individual pages operated by the data controller and on which a Xing component has been integrated, the relevant Xing component will automatically request the browser in the data subject’s information technology system to download a display of Xing’s relevant Xing component. You can find further information about the Xing plug-ins at https://dev.xing.com/plugins. As part of this technical process, Xing will be notified about the specific subpage on our website that the data subject is visiting.

If that person is simultaneously logged into Xing, Xing will be able to see the specific subpage on our website that the data subject has visited at the time of each visit by the data subject to our website and throughout the entire duration of the visit concerned. The data is collected via the Xing components and assigned by Xing to the data subject’s relevant Xing account. If the data subject activates Xing buttons integrated in our website, e.g. the “Share???” button, Xing will assign this data to the data subject’s personal Xing account and this will store the personal data.

The Xing component always notifies Xing when the data subject has visited our website or when the data subject is logged into Xing at the time of visiting our website; this occurs even if the data subject does not click the Xing component. If the data subject does not wish to transfer any personal data, the data subject can prevent such transfer by logging out of his/her Xing account before visiting our website.

Xing’s published privacy policy can be found at https://www.xing.com/privacy and this provides information about Xing’s collection, processing and use of personal data. Moreover, Xing has published information on the privacy policy relating to the XING-Share button at https://www.xing.com/app/share?op=data_protection.

14. Legal basis for data processing

With regard to our business, Article 6 (I) (a) GDPR provides the legal basis for data processing operations in which we request consent for a specific processing purpose. If the processing of personal data is necessary for the performance of an agreement to which the data subject is a party, e.g. such as is the case in processing operations required for the delivery of goods or the provision of another service or quid pro quo, processing will then be performed on the basis of Article 6 (I) (b) GDPR. The same applies to data processing operations required in order to take pre-contractual measures, e.g. in the event of queries about our products or services. If our company is bound by a statutory obligation that requires the processing of personal data, such as discharging tax liabilities, processing will then be based on Article 6 (I) (c) GDPR. In exceptional cases the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. For example, this would be the case if a visitor to our company suffered an injury and his/her name, age, health insurance data or other essential information had to be supplied to a doctor, hospital or other third parties. In such an instance, processing would also be based on Article 6 (I) (d) GDPR.

Lastly, processing may be based on Article 6 (I) (f) GDPR. This legal basis requires data processing operations not coming under one of the abovementioned types of legal basis if processing is necessary to protect the legitimate interests of our company or of a third party, insofar as the data subject’s interests, fundamental rights and fundamental freedoms do not give grounds for consideration. Such data processing operations are permitted in particular because the European legislator makes specific reference to them. In that connection, the European legislator was of the view that a legitimate interest can be assumed if the data subject is a customer of the data controller (ground no. 47, sentence 2, GDPR).

15. Legitimate interests in the case of data processing as pursued by the data controller or a third party

When the processing of personal data has been based on Article 6 (I) (f) GDPR, our legitimate interest is then the performance of business activities for the good of all our employees.

16. The retention period of personal data

The criterion for the retention period of personal data is the relevant statutory retention period. On the conclusion of this period, the data concerned will be routinely deleted if they are no longer necessary for performance of the agreement or for the purpose of entering into an agreement.

17. Statutory or contractual provisions for the provision of personal data; necessity for the conclusion of the agreement; obligation on the part of the data subject to provide personal data; possible consequences of non-provision

We hereby notify you that the provision of personal data is in part a statutory obligation (e.g. taxation rules) or can arise as the result of contractual regulations (e.g. data from the contracting party).
In order to conclude an agreement, it may sometimes be necessary for a data subject to provide us with personal data, which we must then proceed to process. For example, the data subject is obliged to provide personal data when our business concludes an agreement with the data subject. Failure to provide personal data would result in an inability to conclude any agreement with the data subject.

The data subject must refer to Content Translated to provide his/her personal data. The data controller will notify the person in each case about whether the provision of personal data has been prescribed or is necessary either by statute or contractually for the purpose of concluding the agreement, or about whether an obligation exists to provide personal data, and about the consequences of failing to provide the personal data.

18. Existence of automated decision-making

As a business conscious of its responsibilities, we refrain from automated decision-making or profiling.

This privacy statement has been prepared by the Privacy Statement Generator of the Deutsche Gesellschaft für Datenschutz in collaboration with the media lawyers of WILDE BEUGER SOLMECKE | Rechtsanwälte.