I. General information

We hereby inform you about the processing of personal data during the use of our website.
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union (EU) as well as other data protection regulations is legitimis GmbH, Ball 1, 51429 Bergisch Gladbach (see also our imprint). You can reach our data protection officer at infomail@legitimis.com or our postal address with the addition of “the data protection officer”.

II. Introduction

This data protection declaration is intended to provide you as a customer or interested party with a detailed overview of how and to what extent your data is collected, stored, processed, passed on and transmitted by us when you visit our pages or use our services. It is also intended to give you an overview of the data protection measures we have in place and the options available to you when you visit our site and use our services.
In order to be able to ensure the protection of your data in the future, in particular in accordance with new legal requirements and technical developments, it is essential to adapt this data protection declaration from time to time. We therefore recommend that you read our information and notes on data processing again at regular intervals.

1. Object of protection
The object of protection is your personal data. In the GDPR, this is defined in Art. 4 No.1 as information relating to an identified or identifiable person. This means all data that has a reference (whether direct or indirect) to you, e.g. first name, surname, addresses, e-mail addresses, user behaviour, etc.. Data related to online websites or services that do not belong to us or that we do not control are not part of this privacy policy.

2. When and to what extent do we process personal data?
Below is an overview of all the ways in which we process your personal data.

2.1 For the provision of contractual services/registration
We process inventory data and contractual data in order to be able to fulfil our contractual obligations and services. (Art. 6 Para. 1 lit. b GDPR)

2.2 Establishing contact
If contact is made by e-mail or by contact form, the information is processed to the extent necessary to answer your questions.

2.3 Visiting our website
When you visit our website, we or our authorised service providers may use cookies or similar technologies. The information collected in this way helps us to better adapt our services to the needs of our customers, to make them better and faster and, above all, to make them even more secure. They also serve advertising purposes. You can find more information on this in the “In-depth” section.

3 Legal basis for the processing of personal data
If your consent is obtained for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This legal basis also applies to processes that are necessary for the implementation of pre-contractual measures.
If the processing serves the fulfilment of a legal obligation, Art. 6 para. 1 lit. c GDPR is the legal basis.
If the processing serves vital interests of data subjects or other natural persons, Art. 6 (1) (d) GDPR is the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests and rights of the data subject do not outweigh the company’s interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.

4. Data deletion and storage period
The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law. According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

5. How do we protect personal data?
We implement physical, technical and administrative security measures to adequately protect your personal data from loss, misuse, unauthorised access, disclosure and alteration. These security measures include firewalls, data encryption, permission controls for access to data and we choose our server locations very carefully. We are committed to securing our systems and services.
In addition, it is your responsibility to check that the personal data we hold about you is accurate and up to date.

6.When do we share data?
Firstly, we would like to assure you that we do not sell, lend or rent your personal data. Data will only be passed on if, for example, this is indispensable for the fulfilment of our contractual obligations, we have a legitimate interest or we have your consent. Every contractual partner of ours is conscientiously and carefully selected and we oblige them to protect all data in accordance with legal regulations. For this reason, we also conclude a Data processing contract with the processor in accordance with Art. 28 of the GDPR.

7. Links
Our website may contain links to websites of other providers for whose content we are not responsible and to which this data protection declaration does not extend.

8. your rights
As soon as personal data of yours is processed, you are a data subject within the meaning of the GDPR. You therefore have the following rights vis-à-vis the data controller (i.e. us):
– Right to information,
– Right to correction or deletion,
– right to restriction of processing,
– the right to object to processing,
– right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

III. in more detail: cookies, tracking and other technologies

1. Provision of the website and creation of log files

1.1 Scope and duration of data processing
As soon as you visit our website, our system automatically collects data and information from the computer system of the calling end device, regardless of registration. The following data is collected and stored for a limited period of time for our own security purposes:
– Information about the browser type and version used
– http status code/access status
– Time zone difference to Greenwich Mean Time (GMT)
– The user’s operating system
– The user’s IP address
– Date and time of the visit
– Duration of the visit
– Websites from which the user’s system accesses our website
– Service provider of the user
– Websites accessed by the user’s system via our website Device type and device brand

As soon as you end the session, the data is deleted. If the data is stored beyond this, it is anonymised and analysed for optimisation purposes.
The collection and storage of the data is absolutely necessary for the provision of our website. Therefore, an objection option cannot be offered.

1.2 Purpose and legal basis of data processing
A short-term storage of the IP address by our system is necessary to enable a delivery of the website to the user’s terminal device. For this purpose, your IP address must remain stored for the duration of your visit to our website.
The storage in so-called log files takes place in order to ensure the functionality of our website. In addition, we need the data to optimise our website and to ensure the security of our information technology systems. These purposes are also our legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

2. Cookies

Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user’s hard drive. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transmit viruses. Our website does not use cookies.

3. Contact forms, cantact e-mail and quickcheck

3.1 Scope of processing
You can get in touch with us via email as well as via a contact form. If contact is made via the contact form or the Quickcheck, the data entered in the input mask will be transmitted to us and stored after submission. The following data is stored:
– E-mail address of the user
– Name of the user
– User’s contact details (e.g. address or telephone or mobile phone number)
– The IP address of the user
– Date and time of registration
– As well as optional and voluntary information

For the processing of the data, your consent is obtained before sending and reference is made to this data protection declaration.
In addition, it is possible to contact us via the e-mail address provided by us. In this case, your personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties. The data will be used exclusively for processing your request.

3.2 Purpose and legal basis of data processing
Your data will be processed solely for the purpose of dealing with your request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the processing of the data is Art. 6 (1) lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

4. Applications

4.1 Scope of processing
As soon as you send us your application documents, we will store them. In addition, notes made during telephone interviews or conversations will be added to your provided documents. In addition to your application documents (cover letter, CV, photo), data may also be obtained from other sources. This includes, for example, information you have provided in online portals such as Xing. If you apply via our application portal, the IP address of your terminal device will also be stored. If no employment relationship is established, your data will be deleted after six (6) months at the latest.

4.2 Purpose and legal basis of processing
We process personal data as part of an application process in order to carry out a selection procedure or, if an employment relationship is established, to be able to hire you. The legal basis for this is Section 26 (1) in conjunction with Section 26 (8) (2) BDSGne. Para. 8 2 BDSGneu. In addition, processing is carried out on the basis of Art. 6 para. 1 lit. B and f GDPR, insofar as this is necessary for the defence of asserted legal claims against us.
Insofar as special categories of personal data (in particular health data, e.g. a severe disability) are transmitted, the processing is carried out in accordance with Art. 9 (2) lit. b GDPR. In the context of the application process, the processing serves exclusively to fulfil the obligations incumbent upon us pursuant to § 164 SGB IX.
Should the data be required for legal prosecution after completion of the application process, data processing may take place on the basis of the requirements of Art. 6 of the GDPR, in particular to safeguard legitimate interests in accordance with Art. 6, Para. 1, lit. f, of the GDPR. Our interest then consists in the assertion or defence of claims. In order to be able to enforce these interests, we store your data for a period of six (6) months.
In the event of a successful application, the data provided by you may be further processed by us for the purposes of the employment relationship.  Access to your data will only be granted to persons who need it for the proper course of the application process.

5. Data protection information for online meetings, telephone conferences and webinars via “Microsoft Teams”

We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Teams”.
We are the data controller for data processing directly related to the conduct of “Online Meetings”. If you access the “Microsoft Teams” website, the “Microsoft Teams” provider is responsible for data processing. However, accessing the website is only necessary for the use of “Microsoft Teams” in order to download the software for the use of “Microsoft Teams”.
If you do not want to or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser. The service is then also provided via the “Microsoft Teams” website to this extent.

5.1 Scope of data processing
When using “Microsoft Teams”, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”. The following personal data are subject to processing: User details: e.g. display name, e-mail address (if applicable), profile picture (optional), preferred language.
Meeting metadata: e.g. date, time, meeting ID, phone numbers, location
Text, audio and video data: You may have the opportunity to use the chat function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting”. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the “Microsoft Teams” apps.
If we want to record “online meetings”, we will transparently inform you in advance and – if necessary – ask for consent. If it is necessary for the purposes of logging the outcomes of an online meeting, we will log the chat content. However, this will not usually be the case. Automated decision-making within the meaning of Article 22 of the GDPR is not used.

5.2 Purpose and legal basis of data processing
We use “Microsoft Teams” to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service of Microsoft Corporation.
Insofar as personal data is processed by legitimis GmbH employees, § 26 BDSG is the legal basis for data processing. If, in connection with the use of “Microsoft Teams”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Teams”, the legal basis for data processing is Article 6 (1) f) GDPR. In these cases, our interest lies in the effective implementation of “online meetings”.
Otherwise, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) (b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
Should no contractual relationship exist, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here, too, our interest is in the effective conduct of “online meetings”.

5.3 Recipients and disclosure of data
Personal data processed in connection with participation in “Online Meetings” will not be passed on to third parties as a matter of principle, unless they are specifically intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with “Microsoft Teams”.

5.4 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot exclude the routing of data via internet servers that are located outside the EU. This can be the case in particular if participants in “Online Meeting” are in a third country.
However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

5.5 Deletion of data
We delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

6. Data protection information for surveys via “Microsoft Forms”

We would like to inform you below about the processing of personal data in connection with the use of “Microsoft Forms”.
We are the data controller for data processing directly related to the use of legitimately created forms based on Microsoft Forms. As Microsoft Forms is browser-based, the call-up of a Microsoft web page takes place. The associated data protection information can be found at: https://privacy.microsoft.com/de-de/privacystatement.

6.1 Scope of data processing
When using “Microsoft Forms”, various types of data are processed. The scope of the data also depends on the information you provide in a form. The following personal data may be the subject of processing: Details of the person submitting the form: e.g. surname, first name, e-mail address, if applicable.
Free data: You also have the option of entering free data in a form, for example in a text field. This information is provided by the user and is used exclusively for the provision of services to our customers.
We store entries from the form for the duration of the intended purpose. Automated decision-making within the meaning of Article 22 of the GDPR is not used.

6.2 Purpose and legal basis of data processing
We use “Microsoft Forms” to offer our customers certain form-based services. “Microsoft Forms” is a service of Microsoft Corporation.
Insofar as personal data is processed by legitimis GmbH employees, § 26 of the German Federal Data Protection Act (BDSG) is the legal basis for data processing. If, in connection with the use of “Microsoft Forms”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of “Microsoft Forms”, the legal basis for data processing is Article 6 (1) f) GDPR. In these cases, our interest lies in the effective provision of form-based services for our customers.

6.3 Recipients and disclosure of data
Personal data processed in connection with the use of “Microsoft Forms” will generally not be passed on to third parties unless it is intended to be passed on. Please note that content from “Microsoft Forms”, as well as from personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of “Microsoft Forms” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft”.

6.4 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot exclude the routing of data via internet servers located outside the EU. This can be the case in particular if participants in “Online Meeting” are in a third country.
However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

6.5 Deletion of data
We delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

7. data protection information in the context of the whistleblower system legitimis

We would like to inform you below about the processing of personal data in connection with the offering of whistleblower protection systems. We are responsible for the data processing when offering tips within the framework of our whistleblower system as a customer service.

7.1 Scope of data processing
This is done via a web-based form where you decide on the scope and content of the information. The following data with a possible personal reference is collected when a tip is submitted:
– Incident data
– Contact details (voluntary)
– Documents and images (voluntary)
– free data

The transmission is encrypted. All transmitted data will be checked confidentially by the legitimis reporting team to verify the facts of the case. This may involve internal and external experts and service providers. In the context of possible criminal prosecution, personal data may have to be disclosed to law enforcement agencies within the scope of legal obligations. When using “Microsoft Forms”, various types of data are processed. The scope of the data also depends on the information you provide in a form.

7.2 Purpose and legal basis of data processing
The legal basis for processing the data after you have submitted your notice is Art. 6 para. 1 lit. f GDPR or our legitimate interest in identifying and prosecuting violations of criminal regulations and violations subject to fines for our customers. In addition, Art. 6 para. 1 lit. c GDPR in conjunction with §§ 13, 24 Whistleblower Protection Act (HinSchG) applies to the operation of reporting channels and the taking of follow-up measures. In the first place, your voluntary consent pursuant to Art. 6 para. 1

7.3 Recipients and forwarding of data
The transmission is encrypted. All transmitted data will be checked confidentially by the legitimis reporting team in order to verify the facts. This may involve internal and external experts and service providers. In the context of a possible criminal prosecution, personal data may have to be disclosed to government investigating authorities within the scope of legal obligations. Other recipients: The provider of “Microsoft Forms” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft”.

7.4 Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot exclude the routing of data via internet servers located outside the EU. However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

7.5 Deletion of data
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or ward off warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation. We store data in connection with information for at least 3 years, depending on the incident described, but in any case no longer than the statutory limitation period applicable to the incident described. Any further storage for procedural reasons, e.g. in the context of ongoing investigations or legal disputes, remains unaffected by this.

8. web analysis trough Matomo

8.1 Type and scope of data processing
We use the open source software tool Matomo (formerly PIWIK) from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, to analyse the surfing behaviour of our users. The software sets a cookie on your computer (for cookies, see above). When you access the website, the following data is stored:
– two bytes of the IP address of the user’s calling system,
– the website called up,
– the website from which the user accessed the website (referrer),
– the sub-pages called up from the called-up website
– the length of time spent on the website,
– the frequency with which the website is accessed.

8.2 Deletion of data
The software runs exclusively on the servers of our website. A storage of the users’ personal data only takes place there. The data is not passed on to third parties. It is not possible to draw conclusions about a specific person, as your IP address is anonymised immediately after processing and before storage.

9. Data protection information for collecting data via “Adobe Services”

We would like to inform you below about the processing of personal data in connection with the use of “Adobe Services”. “Adobe Services” include various solutions such as the ability to digitally sign documents with contractual partners or to provide web-based forms for users.

We are the data controller for data processing that is directly related to the creation of web-based forms and digital signature solutions created by legitimis on the basis of Adobe. Since web-based Adobe forms or documents for digital signing are stored in the Adobe Cloud, an Adobe website is called up. You can find the associated data protection information at: https://www.adobe.com/de/privacy/policy.html

9.1 Scope of the data processing
Various types of data are processed when “Adobe Services” are used. The scope of the data also depends on the information you provide in a form or document. The following personal data may be subject to processing:

Details of the form user or signer: e.g. surname, first name, e-mail address if applicable, company, signature

Free data: You also have the option of entering free information in a form, for example in a text field. This information is provided by the user and is used exclusively for the provision of services to our customers.

Entries from the form are stored for the duration of the intended purpose. Automated decision-making within the meaning of Art. 22 GDPR is not used.

9.2 Purpose and legal basis of data processing
We use “Adobe Services” to offer our customers certain web-based services and to conclude digital contracts with customers. “Adobe Services” is a service of Adobe Systems Software Ireland Limited.

Insofar as personal data of legitimis GmbH employees is processed, Art. 6 para. 1b GDPR is the legal basis for data processing. If, in connection with the use of “Adobe Services”, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of “Adobe Services”, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective provision of digital forms for existing and potential customers and the digital conclusion of contracts.

9.3 Recipients and transfer of data
Personal data that is processed in connection with the use of “Adobe Services” is generally not passed on to third parties unless it is intended to be passed on. Please note that content from “Adobe Services” is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

Other recipients: The provider of “Adobe Services” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in our order processing contract with “Adobe”.

9.4 Data processing outside the European Union
Data processing outside the European Union (EU) does not generally take place, as we have limited our storage location to data centres in the European Union. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU.

However, the data is encrypted during transport via the Internet and thus protected against unauthorised access by third parties.

9.5 Deletion of data
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

IV. Your rights as a data subject

In the following, we would like to inform you comprehensively about your rights. As soon as we process your personal data, we will

1. Right to information, Art 15 GDPR
You can request confirmation at any time as to whether personal data concerning you is being processed by us. This information is of course free of charge, unless it is requested more often than average. Where there is processing of personal data, you also have a right to be informed of the following:

(a) the purposes of processing;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
(d) if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
(e) the existence of a right to obtain the rectification or erasure of personal data concerning him or her, or the restriction of processing by the data controller, or a right to object to such processing;
(f) the existence of a right of appeal to a supervisory authority;
(g) if the personal data are not collected from the data subject, any available information on the origin of the data;
(h) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

2. Right to rectification, Art. 16 GDPR
If your personal data stored by us is incorrect or incomplete, you have the right to rectification and completion. The correction must be made by us without delay.

3. Right to restriction of processing, Art 18 GDPR
Under the following conditions, a restriction of the processing of personal data concerning you may be requested:

• if you dispute the accuracy of the personal data relating to you for a period of time that allows us to verify the accuracy of the personal data;
• if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
• if we no longer need the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims; or
• if you have objected to the processing pursuant to Article 21, Paragraph 1 of the GDPR and it has not yet been determined whether the legitimate grounds of us outweigh your grounds.

If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

4. Right to erasure
Unless there is a legitimate interest to the contrary, you may exercise your right to erasure at any time.

5. Revocation of consent
Any data processing based on your consent may cease as soon as you revoke your consent. The revocation can be made at any time and with effect for the future. As we are obliged by our accountability to keep a record of the consent given, the revocation must be made in writing, whereby a revocation by e-mail is sufficient.

V. Data protection information for the presences in social media

1. purposes of data processing

We have our own presence on various social media in order to present ourselves, provide information, get in touch with the respective users and communicate with them.

2. processing of personal data

2.1 Data processing by social networks
We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.
Social networks such as Facebook, Twitter etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail. If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Please also note that we are not able to track all processing procedures on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

2.2 Legal basis
Our social media presences are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

2.3 Data controller and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

2.4 Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

3. overview of our presences

XING: We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIN: We have a profile on LinkedIN. LinkedIN is provided by LinkedIN Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available at: https://www.linkedin.com/legal/privacy-policy. You can find an opt-out option for the LinkedIN advertising cookie at: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.