Data protection

Data protection information for visitors to the website www.pts-prueftechnik.de

The responsible handling of personal data is a key concern for us. We attach great importance to the protection of your privacy and transparency in the processing of your data. This data protection information therefore informs you about how we collect, process and protect personal data when you use our website.

The provision of this information is not only an expression of our sense of responsibility, but is also required by law. The General Data Protection Regulation (GDPR) requires companies to inform data subjects clearly and comprehensibly about the collection and use of their data.

Our data protection information is intended to give you a comprehensive overview of how we ensure the protection of your data and what measures we take to treat your information confidentially and securely.name and contact details of the responsible body pursuant to Art. 4 para. 7 GDPR:PTS-Prüftechnik GmbHBettringer Str. 4273550 Waldstetten

Tel.: +49 7171 / 9080 071Fax: 07171 / 9080 072Fax-PC: 07171 / 9080 073E-Mail:info@pts-prueftechnik.deKontaktdaten of the data protection officer of the responsible body:You can reach our company data protection officer by post at:

Schmid Datenschutz und Compliance GmbH for the attention of the data protection officerMr. Torsten SchmidBopfinger Str. 273466 Lauchheim

Phone: +49 7366 / 818 959 00Fax: +49 7366 / 818 959 99E-mail: t.schmid@schmid-datenschutz.de

Information on data securityThissite uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your address line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is therefore not possible.

Purposes of the processing of personal data

Use of our website

Purposes of processing

When using our website for purely informational purposes, information of a general nature is automatically collected and stored in so-called server log files. This includes, among other things, the IP address, date and time of access, the amount of data transferred, the browser type and version, the operating system of the end device and the previously visited page (referrer URL). This data is processed to ensure technical operation, system security and error analysis. This data is not merged with other data sources or analyzed for marketing purposes.

Legal basis for processing

The legal basis for the collection and processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The processing is necessary to provide you with the website and to ensure the fast execution, stability and security of the services or to enable communication. The data collected in this context may also be used in individual cases to identify and rectify faults and to investigate, defend against and prosecute attempted attacks.

Affected groups of persons

Website visitors

Processed data

IP address of the requesting computer, date and time of the page request, content of the request, access status / HTTP status code, amount of data transferred, website from which the request comes (referrer URL), web browser used with version number and set language, operating system used and, if applicable, interface used. This data does not allow us to draw any conclusions about specific persons. This data is not merged with other data sources.

Duration of storage

When our website is accessed The server log files are only stored for as long as is necessary for the stated purposes and are then regularly deleted. Data may be stored for longer in individual cases if this is necessary to clarify security-related incidents.

Use of a content delivery network (Cloudflare CDN)

Purposes of the processing

Our website uses functions of CloudFlare. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed via the CloudFlare network. CloudFlare is therefore able to analyze the data traffic between users and our websites in order to detect and ward off attacks on our services, for example. CloudFlare may also store cookies on your computer for optimization and analysis purposes. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Legal basis for processing

If you have consented to the use of Cloudflare, the legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR. We also have a legitimate interest in using Cloudflare to optimize our online offering and make it more secure. The corresponding legal basis for this is Art. 6 para. 1 lit. f GDPR. Cloudflare is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures. You can find more information about CloudFlare at: https://www.cloudflare.com/privacypolicy/

Affected groups of persons

Website visitors

Processed data

Cloudflare collects statistical data about visits to this website. The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of the offer.

Duration of storage

The personal data is stored for as long as it is required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose. The deletion periods vary between 4 hours and a maximum of 180 days, depending on the log category and configured services.

Contact us by e-mail or via our contact forms

Purposes of processing

If you send us a message by e-mail or via a contact form, the data you provide will be stored by us and used to process your message and to contact you. We will not pass on your data to third parties without your express consent.

Legal basis for processing

The legal basis for the collection and processing of your data is Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures) and, if applicable, Art. 6 para. 1 lit. a GDPR (consent), insofar as we have requested this.

Affected groups of persons

Website visitors

Processed data

Name, title, address data, contact data (telephone number and email address), company name, message texts

Duration of storage

The personal data collected in the course of responding to your inquiry will be deleted as soon as storage is no longer required or processing will be restricted if there are statutory retention obligations. If you revoke the consent you have given us to process your data, your data will be deleted immediately after your revocation.

Data processing as part of the application process

Purposes of the processing

Within our website, you can send us unsolicited applications or applications for specific vacancies via our career portal using an online form or by e-mail. Your data transmitted to us in this context will only be processed within the scope of the respective job advertisement or within the scope of your consent for consideration for further job offers. If you have given us your consent for longer-term storage for the purpose of consideration for further job vacancies, you can revoke this at any time with effect for the future.

Note on sensitive data

We expressly draw your attention to the fact that applications, in particular CVs, references and other data you send to us by e-mail, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party or about your sex life. Please note that if you send us such data by e-mail, it will be transmitted unencrypted.

Legal basis for processing

The legal basis for the collection and processing of your personal data is Art. 6 para. 1 lit. b GDPR, Art. 88 GDPR in conjunction with § Section 26 BDSG (fulfillment of contracts or pre-contractual measures at the request of the data subject or establishment of employment relationships), and, if applicable, Art. 6 para. 1 lit. a DSGVO, provided that you have given us your consent to the longer-term storage of your applicant data for the purpose of consideration for further job offers.

For the uniform collection and processing of applicant data on our website, we use a software system from the manufacturer B-ITE GmbH, Resi-Weglein-Gasse 9, 89077 Ulm, Germany, which has been commissioned by us to provide this service. Your data entered in the application forms will be transmitted to the service provider B-ITE GmbH and stored on their servers after you have given your consent to processing. Your data will be used by us exclusively for the aforementioned purpose in compliance with the data protection provisions of the GDPR. Our contracted service provider B-ITE GmbH does not pass on your personal data to third parties. In order to ensure data protection-compliant processing, we have concluded a contract with B-ITE GmbH for order processing within the meaning of Art. 28 GDPR.

Affected groups of persons

Applicants

Processed data

Names, addresses, contact details, email address, submitted or uploaded application documents

Duration of storage

The deletion of the transmitted data takes place in the event of rejection or negative decision on your application due to § 15 para. 4 AGG (General Equal Treatment Act) at the earliest 3 months after completion of the application procedure, but at the latest after 6 months. This does not apply if statutory provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage. If you have given your consent to longer-term storage, we will process your data for the purpose of selecting applicants for further job advertisements for a maximum period of 2 years. After this period has expired or if you withdraw your consent, your data will be deleted.

Consent management on our website

Purposes of the processing

This website uses the cookie consent manager of the provider Usercentrics to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies, among other things, and to document these in compliance with data protection regulations. The provider of this service is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, website: usercentrics.com/en/

Legal basis for processing

The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 para. 1, Art. 6 para. 1 sentence 1 lit. c GDPR). Usercentrics is the recipient of your personal data and acts as a processor for us. Detailed information on the use of Usercentrics can be found at: usercentrics.com/privacy-policy/.

Groups of persons affected

Website visitors

Processed data

Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data: Browser information, date and time of access, device information, the URL of the page visited, geographic location, the website page path, and the end user's consent status, which serves as proof of consent. The consent status is also stored in the end user's browser so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months.

Duration of storage

The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately or forwarded to the person responsible on request in the form of a data export.

Google Tag Manager

Purposes of the processing

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager enables us to manage website tags via a central interface and integrate them on our website. The service itself does not process any personal data of website visitors, but is used to manage other tools and services (e.g. Google Analytics or marketing tags). Google Tag Manager is used to efficiently integrate and manage analytics, statistics and marketing services. This enables us to better manage our website technically, control the use of tracking tools and optimize user-friendliness.

Legal basis for processing

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest) in the technically error-free, secure and efficient management of the website tags used.

If tools that process personal data (e.g. Google Analytics, Google Ads conversion tracking or other third-party tags) are integrated via the Google Tag Manager, they are activated exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This consent is obtained and managed via the Usercentrics Consent Management Tool used by us.

Affected groups of persons

Website visitors

Processed data

The Google Tag Manager itself does not store any personal data. However, a connection to Google servers may be established when the service is loaded. Technical information required for the provision and stability of the service is transmitted (e.g. IP address, browser type, operating system, date and time of access).

In this context, Google may also process data on servers in the USA. For these cases, Google is certified under the EU-U.S. Data Privacy Framework (DPF), so that an adequate level of data protection is guaranteed in accordance with Art. 45 GDPR. Further information can be found at: www.dataprivacyframework.gov.

Duration of storage

The Google Tag Manager itself does not store any personal data. Any data processing and storage periods result exclusively from the respective integrated services, which are controlled via the Tag Manager. You can find more information on this in the relevant sections of this privacy policy.

LinkedIn plugin

Purposes of the processing

We use services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn") on our website. In particular, this may involve the LinkedIn Insight Tag for analyzing the reach and measuring the success of our advertising campaigns or social plugins for displaying and linking to our LinkedIn profile.

The Insight Tag makes it possible to track the behavior of visitors to our website who have seen or clicked on a LinkedIn ad. This allows us to evaluate the effectiveness of LinkedIn advertising and optimize future advertising measures.

Legal basis for processing

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, which we obtain via the Usercentrics Consent Management Tool. You can revoke your consent at any time with effect for the future via the settings in the consent banner. Insofar as processing is carried out for purely technical or security-related purposes (e.g. provision of content), this may be based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in an appealing presentation and interaction via social media.

LinkedIn may also transfer data to servers in the USA and process it there. For these cases, LinkedIn is certified under the EU-U.S. Data Privacy Framework (DPF), so that an adequate level of data protection exists in accordance with Art. 45 GDPR. You can find further information on this at: www.dataprivacyframework.gov

Affected groups of persons

Website visitors

Processed data

When using LinkedIn services, the following data in particular may be processed

IP address, device and browser information,
Referrer URL and pages accessed,
timestamps,
demographic information, if this has been stored by the user on LinkedIn
Interactions with LinkedIn ads and content (e.g. clicks, views, conversions).

This data is linked by LinkedIn with information from your LinkedIn account if you are logged in there. LinkedIn may also process the data for its own purposes (e.g. improving LinkedIn services, market research, advertising). We have no influence on this processing.

Duration of storage

The data collected via the LinkedIn Insight Tag is deleted, aggregated or anonymized after 90 days. Depending on the settings, stored cookies have a duration of up to 2 years, unless you revoke your consent beforehand. LinkedIn stores the data as long as this is necessary to fulfill its own purposes. Details can be found in LinkedIn's privacy policy.

Embedding YouTube videos

Purposes of the processing

We use the provider YouTube to embed videos. The operator of the provider pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We always use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

A connection to the YouTube servers is established as soon as you access the subpages in which a YouTube video is embedded. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. When loading the video player in your browser, YouTube records your IP address, which can also be transmitted to YouTube or Google servers in the USA and stored there. As the provider of these pages, we have no influence on this data transfer.

If the YouTube video player is activated, YouTube may use Google Fonts for the purpose of uniform display of fonts. When you call up the YouTube video player, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

Legal basis of the processing

The integration of YouTube videos is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, which we obtain via the Usercentrics Consent Management Tool. You can revoke your consent at any time with effect for the future via the settings in the consent banner.

YouTube may transmit data to servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with Art. 45 GDPR. You can find further information on this at: www.dataprivacyframework.gov

Affected groups of persons

Website visitors

Processed data

When a page with an embedded YouTube video is accessed or when playback is started, the following data in particular is processed IP address, device information (e.g. browser type, operating system, screen resolution), referrer URL (previously visited page), timestamp, possibly Google account information if you are logged in to YouTube or another Google service, information about the video viewed and interactions (e.g. playback time, clicks). If you are logged into your Google account, YouTube can assign your surfing behavior directly to your personal profile. You can prevent this by logging out of Google before accessing the videos.

Duration of storage

The cookies and similar technologies set by YouTube may remain stored for up to 24 months unless you withdraw your consent beforehand. Google stores personal data for as long as this is necessary to fulfill its own purposes.

Analysis of user behavior through Google Analytics

Purposes of the processing

This website uses functions of the web analysis service Google Analytics. This is a service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"), which is provided within the European Economic Area (EEA) and Switzerland by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Legal basis of the processing

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time via our cookie banner.

Google may transfer data to the USA. For these cases, Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection in accordance with Art. 45 GDPR.

You can find further information on this at

www.dataprivacyframework.gov and at policies.google.com/privacy/frameworks

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout You can find more information on how Google Analytics handles user data at support.google.com/analytics/answer/6004245

Further information on data protection can be found in Google's privacy policy: policies.google.com

You can revoke your consent at any time with effect for the future via the settings in the consent banner.

Insofar as Google processes personal data under its own responsibility, this processing is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, or by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google may also process certain data collected in the context of the use of Google services (e.g. Google Analytics, Google Ads, YouTube, Google Tag Manager) for its own purposes. These include in particular

the improvement and further development of own products and services, security and abuse prevention, market research and advertising purposes, creation of aggregated statistics on the use of Google services.

This processing is carried out under Google's own responsibility under data protection law. We have no influence on this data processing. Information on Google's responsibilities and data processing under its own responsibility can be found in Google's privacy policy at

policies.google.com/privacy and privacy.google.com/businesses/controllerterms/mccs/

Affected groups of persons

Website visitors

Processed data

When using Google Analytics, the following data in particular is processed IP address (in abbreviated form, if IP anonymization is activated), usage data (e.g. pages visited, length of stay, click behaviour), technical information (e.g. browser type, operating system, device type), referrer URL (previously visited page), location data (approximate, based on IP address), timestamp, language settings and interactions.

Duration of storage

The cookies set by Google Analytics are stored for up to 2 years, unless you withdraw your consent beforehand. The data stored by Google and linked to cookies, user IDs or advertising IDs are automatically deleted or anonymized after 14 months.

Data processing by social networks

Purposes of the processing

We maintain publicly accessible profiles in social networks. The individual social networks we use are listed below.

Social networks such as Facebook etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis of the processing

Our social media presences are intended to ensure that our company has the widest possible presence on the internet. This is our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the respective social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to object, the right to data portability and the right to lodge a complaint with the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Meta). Within the USA and Canada, the responsible service provider is Meta Platforms Inc, 1 Hacker Way, Menlo Park, California 94025, USA. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Meta on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: www.facebook.com/settings

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: www.facebook.com/legal/EU_data_transfer_addendum and www.facebook.com/help/566994660333381

For general information on data protection on Facebook, please refer to Facebook's privacy policy: www.facebook.com/privacy/policy/

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Parent company: Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.

Details on how they handle your personal data can be found in Instagram's privacy policy: privacycenter.instagram.com/policy/

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Details on how they handle your personal data can be found in LinkedIn's privacy policy at www.linkedin.com/legal/privacy-policy

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Outside the European Economic Area (EEA) and Switzerland, the provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Details on how they handle your personal data can be found in YouTube's privacy policy: policies.google.com/privacy

Recipients of personal data

Within PTS-Prüftechnik GmbH, your personal data is received by those business units that require it to fulfill our contractual and legal obligations. In some cases, we use external service providers (e.g. IT service providers, web hosts, etc.) to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored by us. Furthermore, public bodies have the right to transfer data if there is a legal or official obligation to do so. Other recipients will only receive your personal data if you have actively consented to the transfer.

Data transfer to third countries

If you have consented to the collection of personal data for marketing purposes or the integration of digital content (e.g. to display video content, interactive maps, etc.), the respective service providers may store and process personal data in the USA or other jurisdictions - either themselves or through affiliated companies and service providers. The USA in particular is considered a so-called "third country", which does not offer an adequate level of data protection. When data is transferred to the USA, there is therefore a fundamental risk that your data may be processed by US authorities for control and monitoring purposes without you having any legal recourse.

Your rights

Right to information, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing at any time in accordance with Art. 15 GDPR and, if applicable, a right to rectification in accordance with Art. 16 GDPR or erasure of this data in accordance with Art. 17 GDPR. The restrictions under Sections 34 and 35 BDSG apply to the right to information and the right to erasure. To exercise your rights, you can contact the controller or the data protection officer using the contact details provided above.

Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data. The right to restriction of processing exists in the following cases

If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is carried out unlawfully, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Right to data portability

In accordance with Art. 20 GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to object to the collection of data in special cases and to direct advertising

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

The competent supervisory authority for data protection issues is the data protection officer of the federal state in which our company has its registered office. A list of data protection officers and their contact details can be found at the following link:https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html Supervisory authorities in the European Union can be found at ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

The supervisory authority responsible for our company can be contacted using the following contact details: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg House address Lautenschlagerstraße 20, 70173 Stuttgart, postal address: Postfach 10 29 32, 70025 Stuttgart Telephone: +49 711 615541-0, fax: +49 711 615541-15, poststelle@lfdi.bwl.de

Obligation to provide data

In the context of a business relationship, but also during the initiation and processing, you must provide the personal data that is required for this purpose and/or that we are legally obliged to collect. Without this provision, we will have to refuse to conclude a contract. (legal risk).

As part of your application, the provision of personal data is necessary for the application process. This means that if you do not provide us with personal data when applying, we will not be able to carry out the application process and will therefore not be able to consider you in the selection process.

Automated decision-making including profiling

Automated decision-making within the meaning of Art. 22 GDPR, which has a legal effect on you, and profiling do not take place.

We reserve the right to update this data protection information if necessary.

Status: October 28, 2025