Data Privacy Policy
We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Dr. Reuthlinger & Breig und Partner GdbR, der MTG Mittelbayerische Treuhandgesellschaft mbH and the MTG Consulting GmbH (hereinafter summarized as „MTG Wirtschaftskanzlei“).
With this privacy policy, we would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs you as the data subject of your rights. The privacy policy applies to the MTG Wirtschaftskanzlei (https://mtg-group.de/) as well as all other external online presences, e.g. on our social media presences. For websites of other providers to which reference is made, e.g. via links, the data protection notices and declarations there apply. It also shows you how we handle personal data overall.
Your personal data is always processed in accordance with the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and in accordance with the country-specific data protection regulations that apply to us.
1. Name and address of the Controller
Dr. Reuthlinger & Breig und Partner GdbR
93309 Kelheim
Ludwigstr. 4
Tel.: +49 9441 2970-0
Fax: +49 9441 2970-20
E-Mail: info@mtg-group.de
MTG Mittelbayerische Treuhandgesellschaft mbH
93309 Kelheim
Ludwigstr. 4
Tel.: +49 9441 2970-0
Fax: +49 9441 2970-20
E-Mail: info@mtg-group.de
MTG Consulting GmbH
93053 Regensburg
Franz-Mayer-Straße 16a
Tel.: +49 941 208645-0
Fax: +49 941 208645-20
E-Mail: info@mtg-group.de
2. Contact details of the data protection officer
All interested parties and visitors to our website can contact our data protection officer on data protection issues at: datenschutz@mtg-group.de
3. Definitions
- “Personal data” means any information relating to an identified or identifiable natural person. This means all data that can be related to you personally, such as your name, address, email address or telephone number.
- “Data subject” is any identified or identifiable natural person whose personal data is processed by the controller.
- “Controller” means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- “Processing” means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- “Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
4. Legal basis of the processing
The legal basis for processing is in particular:
- Art. 6 para. 1 sentence 1 lit. a GDPR serves our company as the legal basis for processing operations for which we obtain a voluntary declaration of consent from the data subject for a specific processing purpose.
- If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR. This is the case, for example, for processing operations that are necessary for the delivery of goods or the provision of another service or consideration. The same applies to such processing operations that are necessary for the performance of precontractual measures, for example in cases of inquiries about our products or services.
- If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 sentence 1 lit. c GDPR.
- In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 sentence 1 lit. d GDPR.
- The processing operations may be based on Art. 6 para. 1 sentence 1 lit. f GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Prior to processing, the existence of a legitimate interest is carefully considered in each individual case, including whether a data subject can reasonably foresee at the time of collection of the personal data and in view of the circumstances in which it is carried out that processing may be carried out for this purpose.
5. Recipients or categories of recipients of personal data
As a rule, personal data that you provide to us about yourself will only be processed by us as the controller. If, as part of our processing, we disclose data to other persons and companies such as web hosts or third parties, transfer it to them or otherwise grant them access to the data, this is done on the basis of legal permission (e.g. if the transfer of data to third parties pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR is necessary for the performance of a contract), if the data subjects have given their consent, if a legal obligation provides for this, if it is necessary for the performance of a task carried out in the public interest or on the basis of our legitimate interests. Furthermore, if we use external service providers, so called processors, for processing in accordance with Art. 28 GDPR, who have been obliged to handle your data with care.
6. Transfer to third countries
If we process data in a third Country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of thirdparty services or disclosure or transfer of data to third parties, this will only take place if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
7. Duration the storage of personal data or criteria for determining the Duration
As the controller, we process and store personal data of the data subject only for the period of time required to achieve the purpose of storage or if this is provided for in laws or regulations to which we are subject as the controller. If the storage purpose no longer applies or if a legally prescribed storage period, in particular a statutory retention obligation, expires, the personal data is routinely deleted in accordance with the statutory provisions, provided that it is no longer required to achieve the purpose, fulfill the contract or initiate a contract. The criterion for the duration of the storage of personal data is therefore the respective statutory retention period. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision. We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner).
Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded.
Before the data subject provides personal data, the data subject can contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
8. Criteria for consent/withdrawal of consent under data protection law
If you have given us as the controller your consent for the purposes you have selected, the processing of your personal data is based on Art. 6 para. 1 sentence 1 lit. a GDPR. Separate consents must be given for different purposes and processing operations. If you give your consent, you as the data subject will be informed of the purpose and scope of the processing.
The submission of your declaration of consent is voluntary. It can be refused or revoked in whole or in part without giving reasons and without fear of any disadvantages. Consent can be withdrawn at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Legal permissions remain unaffected by the withdrawal of consent. Your data will remain stored until you inform us that you are withdrawing your consent. Your data will then be deleted immediately, unless statutory retention periods prevent this.
9. Provision of the website and creation of log data
General Information
Our website collects a series of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following can be recorded
- Browser types and versions used,
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrer URL)
- the sub-websites which are accessed via an accessing system on our website
- the date and time of access to the website
- an internet protocol address (IP address),
- the internet service provider of the accessing system and
- other similar data and information used for security purposes in the event of attacks on our information technology systems.
Purpose of processing
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required for the following purposes:
- to enable you to visit the website,
- deliver the content of our website correctly
- optimize the content of our website,
- to ensure the longterm functionality of our information technology systems and the technology of our website, and
- to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
This anonymously collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
Legal Basis
The legal basis for the collection of the abovementioned general data is Art. 6 para. 1 sentence 1 lit. f GDPR, as the processing of this data is necessary to display our website to you and to ensure the stability and security of the website.
Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored directly and only accessible to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after a maximum of four weeks.
Recipients of personal data
To provide our online services, we use the computing capacity, storage space and software of the hosting provider Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (Mittwald).
10. Data processing in the context of tax advice, auditing, legal advice and other (pre-)contractual legal relationships
General Information
We process personal data as part of our client relationship and in order to provide you with (pre)contractual services in the areas of tax advice, auditing and legal advice. We also process personal data in the context of other (pre)contractual relationships with our business and contractual partners.
Purpose of the processing
The purpose of the processing is the provision of our services within the framework of the respective data processing relationship in the context of our cooperation with you.
Legal Basis
This is done to fulfill our (pre)contractual or legal obligations, for example under professional law, on the basis of the consent of the client or business or contractual partner, or if there is a legitimate interest on our part (Art. 6 para. 1 sentence 1 lt. a, b, c, f GDPR).
Recipients of personal data
Personal data will only be passed on to third parties if this is necessary for the fulfillment of the purposes and services just mentioned. In the context of tax advice, auditing and legal advice, for example, it may be necessary to pass on data to authorities in order to fulfill contractual or legal obligations.
11. Data protection for applications and in the application process
General Information
As the controller, we process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on our website. As part of the selection process, the applications received are screened, queries are made if necessary, invitations to interviews are sent and additional personal data is collected in interviews as part of the recruitment process in order to ultimately make a decision regarding the selection of applicants. If the controller concludes an employment contract with an applicant, the data transmitted will be processed for the purpose of handling the employment relationship in compliance with the statutory provisions.
Purpose of the processing
The purpose of processing personal data is to find new employees and to organize and carry out all related activities as part of the application process.
Legal Basis
The legal basis for the processing of your data as part of the application process is the initiation of a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.
Storage period
If no employment relationship is established following the application procedure, the application documents will be deleted six months after notification of the rejection decision. The deletion period results from the application of Art. 17 para. 3 lit. b GDPR (exception to the basic deletion obligation if processing of personal data is necessary to fulfill an obligation under German law or EU law) in conjunction with § 15 para. 4 General Equal Treatment Act (AGG) and § 61b para. 1 Labor Court Act (ArbGG) (retention obligation as part of the burden of proof under the General Equal Treatment Act).
If you have consented to a longer storage of your data for the purpose of inclusion in our applicant pool, this consent constitutes the legal basis for processing the data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. In this case, we will delete your application documents after one year.
12. Cookies
General Information
We use cookies on our website. Cookies are text files that are placed and stored on the computer system via an Internet browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.
Purpose of processing
By means of a cookie, the information and offers on our website can be optimized for the benefit of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to reenter their access data or set the language each time they visit the website, as this is done by the website and the cookie stored on the user’s computer System.
Legal Basis
We use technically necessary cookies on our website. These are cookies that are required for the provision and operation of our online offering. The legal basis for the use of technically necessary cookies is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.
We also use cookies that are not technically necessary. These are cookies that are not required for the provision and operation of our online services, such as marketing, analysis or tracking cookies. The legal basis for the use of technically unnecessary cookies is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. The transmission of Flash cookies cannot be prevented via the browser settings, but by changing the Flash Player settings. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
Cookie-Banner
When you visit our website or a subwebsite for the first time and we use cookies, you will be shown a “cookie banner”. There we inform you about the individual cookies that we use. You can find out the name of each individual cookie, the provider, the purpose of processing and the storage period. Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of technically unnecessary cookies. The following are processed
- Usage data (e.g. websites visited, time of access)
- Meta and communication data (e.g. IP address)
The legal basis for the use of the cookie banner is Art. 6 para. 1 sentence 1 lit. f GDPR. We have an overriding legitimate interest in using a cookie banner in order to obtain the legally required consent for the use of technically unnecessary cookies and to comply with our duty to provide information regarding cookies. The cookie banner stores the preferences until you reset or adjust them.
Recipients of personal data
We use a cookie banner from the provider Borlabs GmbH, Hamburger Str. 11 22083 Hamburg (Borlabs Cookie).
13. Contact options and contact form
General Information
Our website enables you to contact us quickly by electronic means. If you, as the data subject, contact us as the controller by email or via a contact form, the personal data transmitted will be stored automatically. Such personal data transmitted voluntarily by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
Purpose of processing
The purpose of the processing is to ensure that you can contact us digitally and quickly and to prevent misuse of the contact Options.
Legal Basis
The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
Storage period
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
14. Newsletter
Newsletter dispatch to existing customers
We send our newsletter to existing customers to inform them about our products and services. In doing so, we process personal data such as your name or your e-mail address. The legal basis for this is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR). Our legitimate interest is to inform you about our current products and services. You can object to the sending of the newsletter at any time. There is a corresponding link in every newsletter for the purpose of objecting.
Recipients of personal data
We use the provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (Brevo) for the newsletter.
15. Map Services
General Information
We use map services on our website. This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently. By using map services, information about the use of this website, including your IP address and the (start) address entered during route planning, is collected. When you access a web page on our website that contains map services from a thirdparty provider, your browser establishes a direct connection with the servers of this company. The map content is transmitted directly to your browser by this provider and integrated into the website. We have no influence on the scope of the data collected by the thirdparty provider in this way. This includes the following data:
- Date and time of the visit to the website in question
- Internet address or URL of the website accessed
- IP address, (start) address entered as part of route planning
Legal Basis
The legal basis for the use of map services is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
Recipients of personal data
On our website we use the map service Google Maps from Google LLC (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; (Google)). When using Google Maps, information about the use of this website, including your IP address and the addresses entered, is collected as part of route planning. When you access a web page on our website that contains Google Maps, your browser establishes a direct connection with Google’s servers. The map content is transmitted directly from Google to your browser, which integrates it into the website. We have no influence on the scope of the data collected by Google in this way. In this context, at least the abovementioned personal data is processed.
The data is transmitted regardless of whether you have created a user account with Google or whether Google provides a user account through which you are logged in. If you are logged into Google, your data will be assigned directly to your account. You can prevent assignment to your Google user account by logging out before activating the button. Google stores your personal data as part of user profiles. These are then used for the purposes of advertising, market research and the needsbased design of the website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google directly.
When you use Google Maps, your personal data is transferred to the USA. The European Commission has adopted the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
16. Presence in social networks (social media)
General Information
We maintain publicly accessible profiles on various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles. If you click on one of these links, your IP address will always be transmitted to the providers of the various platforms. This data may also be processed outside the European Union. If you use one of these services and are also logged in with your specific account, information about your surfing behavior may also be collected by the social media providers. The transmission of your IP address to the providers of the websites accessed is technically necessary and applies to all websites. Social media also generally process data from website visitors for market research and advertising purposes.
Purpose of processing
The purpose of the processing is to present our company, to inform you about news, advertising and communication with you.
Legal Basis
The legal basis for the processing of your personal data here is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the presentation of our company in social networks.
Recipients of personal data
We currently have a presence on the following social networks:
Facebook und Instagram
We have a company profile on Facebook and Instagram, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4 Ireland (Meta). When you visit our Facebook or Instagram page, personal data is processed. We are only able to view the information stored in your public Facebook or Instagram profile (e.g. your profile picture or information that you share on a Facebook profile or on a public Instagram profile). This also assumes that you have a corresponding profile and are logged in to it when you visit our Facebook or Instagram page.
In addition, Meta provides us with anonymized statistics and insights regarding usage behavior on our profiles (Page Insights) for our Facebook or Instagram page. The page insights are created on the basis of certain information about people who have visited our site
In addition, Meta provides us with anonymized statistics and insights regarding usage behavior on our profiles (Page Insights) for our Facebook or Instagram page. The Page Insights are created on the basis of certain information about people who have visited our site.
The processing of your personal data in connection with the operation of our Facebook/Instagram company profile is based on our legitimate interest in accordance with Art. 6 para. 1, sentence 1 lit. f GDPR. This enables us to offer you a modern and up-to-date information and interaction option with us. Furthermore, the processing serves our legitimate interest in improving our company profile.
When processing personal data in connection with the Page Insights, Meta and we are joint controllers within the meaning of the GDPR. We cannot associate the information obtained via Page Insights with individual Facebook or Instagram profiles that interact with our Facebook or Instagram page. We have entered into a joint controllership agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. You can view this here: https://de-de.facebook.com/legal/terms/page_controller_addendum. With regard to this data processing, you can also assert your rights as a data subject against Meta. Further information on this can be found in Meta’s privacy policy. Meta also offers you the opportunity to object to certain data processing; you can find corresponding information and optout options in your account here.
Please note that user data is also processed in the USA or other third countries in accordance with the meta data protection provisions. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.
We have a company profile on LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you visit our LinkedIn company profile, follow this page or engage with the page, your personal data will be processed.
In this context, LinkedIn provides us with statistics and insights in anonymized form, which we use to gain knowledge about the types of actions people take on our site (Page Insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and your employment status. LinkedIn also processes data about your interaction with our LinkedIn company profile. With the Page Insights, LinkedIn does not provide us with any personal data about you, as we only have access to the summarized Page Insights. It is not possible for us to draw conclusions about individual members from the information in the Page Insights.
The processing of your personal data in connection with the operation of our LinkedIn company profile is based on our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. This enables us to offer you a contemporary and supportive information and interaction option, to evaluate the interaction with our LinkedIn company profile and to improve our company profile based on these findings.
In connection with the Page Insights, LinkedIn and we are joint controllers within the meaning of the GDPR. We have entered into an agreement with LinkedIn on processing as joint controllers, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available here. LinkedIn and we have agreed that LinkedIn is responsible for exercising your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the privacy policy. You can also contact LinkedIn’s data protection officer via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. Furthermore, to exercise your rights in connection with the processing of personal data in the context of Page Insights, you can also contact us using the contact details provided. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have also agreed that the Irish Data Protection Commission is the lead supervisory authority responsible for overseeing data processing for Page Insights. You have the right to lodge a complaint with the Irish Data Protection Commission (www.dataprotection.ie) or any other supervisory authority.
LinkedIn also processes your personal data for the provision of services, communication, further development of services, advertising, analysis, customer support and security. In principle, LinkedIn is solely responsible for the processing of personal data when you visit our LinkedIn company profile. The categories of personal data that LinkedIn processes are described in LinkedIn’s data policy.
Please note that in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. The European Commission has adopted the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA and certified accordingly are permitted. LinkedIn is certified under the EU-U.S. Data Privacy Framework.
We have a company profile on XING, a service of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. If you visit our XING company profile, follow this page or engage with the page, your personal data will be processed.
The processing of your personal data in connection with the operation of our XING company profile is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. This enables us to offer you a modern and up-to-date information and interaction option with us.
When you visit our XING profile, XING also collects usage data. XING uses certain data that is collected from users of the XING platform (e.g. regarding usage behavior). Aggregated usage statistics are created with this data and made available to the respective operators of the XING profile. The aggregated statistics do not allow any conclusions to be drawn about individual users. In particular, we have no access to personal data processed by XING for performance measurement purposes. Only XING determines which data is processed for performance measurement and how. We have no actual or legal influence on the processing by XING. XING provides you with further information in the XING privacy policy (https://privacy.xing.com/de/datenschutzerklaerung).
In addition, XING also processes your data as a user to provide the service, to ensure security and to measure and optimize advertising. XING is solely responsible for the processing of personal data when you visit our XING profile. The categories of personal data that XING processes in this context are described in XING’s privacy policy.
17. Video platforms
General Information
We maintain publicly accessible profiles on various video platforms. Your visit to these video platforms triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data we collect, use and store when you visit our profiles.
Purpose of the processing
The purpose of the processing is the presentation of our company, information about news and advertising.
Legal Basis
The legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the presentation of our company in social networks.
Recipients of personal data
We operate a “YouTube channel”. The operator of the video platform is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (Google Ireland). Google Ireland is affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (Google)). If you contact us via our YouTube channel (e.g. if you comment on a video), we will process your data. The legal basis for the processing of the data is our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in order to offer you a contemporary and up-to-date information and interaction opportunity with us. In addition, we can draw your attention to our services and service offers.
Google Ireland collects usage data when you visit our YouTube channel. Google Ireland uses certain data collected from users of the YouTube platform to compile aggregated usage statistics. (YouTube Analytics). The information we receive from YouTube Analytics does not allow us to draw any conclusions about individual users. We ourselves do not have access to personal data that Google Ireland processes for YouTube Analytics. Google Ireland determines which data is processed for YouTube Analytics and how. Google Ireland provides information on this in its privacy policy.
Please note that in accordance with the YouTube Privacy Policy, personal data is also processed by Google Ireland in the USA or other third countries. The European Commission has adopted the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA and certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.
18. Analysis and marketing
General Information
We carry out analysis and marketing measures as part of our online presence. This enables us to process your interests, your surfing behavior or demographic data. This enables us to analyze how you use our website and its content and functions. User profiles can also be created as part of the web analysis.
Legal Basis
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Recipients if personal data
We use the following thirdparty provider(s) for analysis and marketing purposes:
Google Analytics
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (Google). Google Analytics uses so-called “cookies” or comparable technologies that enable your use of the website to be analyzed. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there. The European Commission has adopted the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA and certified accordingly are permitted. The above provider is certified under the EU-U.S. Data Privacy Framework.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. When Google Analytics is used, your IP address is anonymized (so-called IP masking). The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
The data sent by us and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 2 months.
If cookies are used, you can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
Matomo
We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user’s computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored: Two bytes of the IP address of the user’s accessing system, the website accessed, the website from which the user accessed the accessed website (referrer), the subpages accessed from the accessed website, the time spent on the website and the frequency with which the website is accessed. The software runs exclusively on the servers of our website. The user’s personal data is only stored there. The data is not passed on to third parties. The software is set so that the IP addresses are not stored in full, but two bytes of the IP address are marked. In this way, it is no longer possible to assign the shortened IP address to the calling computer.
The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, as soon as you have given this via our cookie banner. The processing of user data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its userfriendliness. By anonymizing the IP address, the interest of users in the protection of their personal data is adequately taken into account.
The data is deleted as soon as it is no longer required for our recording purposes. We offer our users the option of opting out of the analysis process on our website. To do this, you must follow the corresponding link. In this way, another cookie is set on your system, which signals our system not to store the user’s data. If the user deletes the corresponding cookie from their own system in the meantime, they must set the optout cookie again. You can find more information on the privacy settings of the Matomo software at the following link: https://matomo.org/docs/privacy/
19. Video conferencing and messenger
General information
We use video conferencing and messenger services to communicate with you. Depending on the specific circumstances, we process the following personal data from you:
- Name (first and last name, username)
- Image and sound recordings
- Content in the context of screen sharing
- Input in the chat
- Metadata (IP address, device type, time, device and location data, connection data)
The legal basis for the processing of your personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
Purpose of the data processing
The data provided is processed for the purpose of simple and digital communication with you.
Legal base
The data provided is processed for the purpose of communication and is based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to provide you with a simple and digital communication option. If the use is necessary in the context of a contract or precontractual measures, Art. 6 para. 1 sentence 1 lit. b GDPR is our legal basis. We obtain your consent before recording. In this case, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
Recipients of personal data
We use Microsoft Teams from the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 (Microsoft) for video conferencing and messenger services. This involves the transfer of personal data to the USA. The European Commission has adopted the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA and certified accordingly are permitted. The above provider is certified under the EU-U.S. Data Privacy Framework.
20. Your Rights
If your personal data is processed by us, you are a “data subject” within the meaning of the GDPR and you have the following rights. If you would like to exercise one of these rights as a data subject, you can contact our data protection officer or another employee of the controller at any time.
Right to Information
You can request information about your personal data that we process in accordance with Art. 15 GDPR. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions (in particular Section 34 BDSG).
Right to rectification
If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure (“right to be forgotten”)
You can request the erasure of your personal data in accordance with Art. 17 GDPR. This right may be restricted under certain conditions. In addition, your right to erasure depends, among other things, on whether the data concerning you is still required by us to fulfill our legal tasks.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us as the controller, in a structured, commonly used and machinereadable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
- the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR and
- the processing is carried out by automated means.
In exercising this right, you also have the right to obtain that the personal data concerning you be transferred directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.
Right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on a legitimate interest of the controller pursuant to Art. 6 para. 1 sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option to inform us of your objection informally by telephone, e-mail, fax or to our postal address listed at the beginning of this privacy policy.
Right of appeal to the supervisory authority
If our data protection officer cannot answer your request to your satisfaction or if you are of the opinion that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation.
The Bavarian State Office for Data Protection Supervision is the data protection supervisory authority responsible for our company based in Bavaria and can be contacted at
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Telefon: +49 (0) 981 180093-0
Telefax: +49 (0) 981 180093-800
E-Mail: poststelle@lda.bayern.de
21. Changes to this privacy Policy
We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.
August 2024