Data privacy

PRIVACY POLICY FOR THE USE OF OUR WEBSITES

INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA

(1) In the following, we inform you about the collection of personal data when using our website. Personal data includes all data that can be related to you personally, e.g. name, address, email addresses, user behavior. With this, we aim to inform you about our processing activities and at the same time comply with our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

(2) The controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is RM Components GmbH, O'Brien-Straße 5, 91126 Schwabach, info@rm-components.de. You can reach our Data Protection Officer at dominik.gueneri@advizzr.net or via our postal address with the addition “Data Protection Officer”.

(3) When you contact us by email or via a contact form, the data you provide (your email address, and, if applicable, your name and your telephone number) will be stored by us in order to answer your questions. If the inquiry is assigned to a contract, we delete the data after the retention periods applicable to the contractual relationship. Otherwise, we delete the data once storage is no longer required, or restrict processing if statutory retention obligations exist.

(4) If we use commissioned service providers for individual functions of our offering or if we wish to use your data for advertising purposes, we will always select and monitor these service providers carefully and inform you below in detail about the respective processes. In doing so, we will also state the defined criteria for the storage period.

YOUR RIGHTS

(1) You have the following rights with regard to the personal data concerning you:

  • Right of access

  • Right to rectification or erasure

  • Right to restriction of processing

  • Right to object to processing

  • Right to data portability

(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE

(1) When you use the website purely for informational purposes, meaning when you do not otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us in order to display our website to you and to ensure stability and security (legal basis: Art. 6(1) sentence 1 lit. f GDPR):

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (specific page)

  • Access status/HTTP status code

  • Amount of data transferred in each case

  • Website from which the request originates

  • Browser

  • Operating system and its interface

  • Language and version of the browser software

(2) In addition to the data mentioned above, cookies may already now or in the future be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you use, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. They serve to make the online offering more user-friendly and effective overall (legal basis: Art. 6(1) sentence 1 lit. a GDPR). In principle, you can delete or block cookies at any time through your browser settings.

We may also already now or in the future use so-called local storage and session storage technologies (also referred to as “local data”, “local storage”, or “session storage”). With local storage, data is stored locally in your browser’s cache and may continue to exist and be accessible even after closing the browser window or ending the program, unless you actively clear the cache. Local storage enables your preferences when using our websites to be stored on your device so they can be used by you. The function of session storage is similar to that of local storage, except that the respective data is automatically deleted from your browser’s cache immediately after closing the browser (“session”). Third parties cannot access the data stored in local storage or session storage. This data is not passed on to third parties and is not used for advertising purposes. In particular, this technology is used to present our content to you in an appealing graphical format (e.g., pop-up windows, etc.) and to personalize our offering and navigation on our pages for you. You can manage local-storage content in your browser via the settings for “history” or “local data”, depending on the browser you use. If you restrict the functions described, certain features may no longer be fully available.

(3) As a rule, we use the techniques described above solely to improve the user-friendliness and functionality of our websites. We use these techniques based on our legitimate interest in offering you an attractive and fully functional online service, pursuant to Article 6(1)(f) GDPR. If, in addition, consent is required for the use of cookies, we will request your consent at the appropriate point. If cookies are used on the basis of your consent, the legal basis is Article 6(1) sentence 1 lit. a GDPR. If you do not wish the techniques described above to be used, you can adjust this individually in the settings of your browser. There you may also find a list of the cookies used, if any are actually employed.

(4) Special explanation regarding cookies:

a) This website may use the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (see b)

  • Persistent cookies (see c)

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. They store what is known as a session ID, which allows various requests from your browser to be assigned to the same session. This enables your device to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

d) You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. Please note that you may not be able to use all functions of this website.

FURTHER FUNCTIONS AND SERVICES OF OUR WEBSITE

(1) In addition to the purely informational use of our website, we may offer various services that you can use if interested. To do so, you will generally need to provide additional personal data, which we use to provide the respective service and for which the previously mentioned principles of data processing apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if participation in promotions, competitions, contract conclusions, or similar services is offered jointly with partners. You will receive more detailed information upon providing your personal data or below in the description of the respective offer.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the respective offer.

OBJECTION OR WITHDRAWAL AGAINST THE PROCESSING OF YOUR DATA

(1) If you have given your consent to the processing of your data, you may withdraw it at any time. Such a withdrawal affects the lawfulness of the processing of your personal data after you have communicated your withdrawal to us.

(2) If we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case in particular when the processing is not required for fulfilling a contract with you, which we explain in the respective description of the functions below. If you lodge such an objection, we ask you to explain the reasons why we should not process your personal data as carried out by us. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing, or demonstrate our compelling legitimate grounds on the basis of which we will continue the processing.

(3) You may, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: RM Components GmbH, O'Brien-Straße 5, 91126 Schwabach, info@rm-components.de.

DURATION OF STORAGE OF PERSONAL DATA

We store personal data in accordance with the statutory retention periods (e.g., under commercial and tax law regulations). After these periods expire, the data is deleted unless it continues to be required for the performance of a contract or there is a legitimate interest in its continued storage.

For the processing operations we carry out, we indicate below how long the data is stored with us and when it is deleted or blocked. If no explicit storage period is indicated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Your data is generally stored only on our servers in the EU, subject to any transfer in accordance with the rules set out in the following sections.

However, storage may continue beyond the indicated time in the event of a (threatened) legal dispute with you or other legal proceedings, or if storage is required by statutory provisions to which we, as the controller, are subject (e.g., § 257 HGB, § 147 AO). When the statutory retention period expires, the personal data will be blocked or deleted, unless further storage is required by us and a legal basis exists for doing so.

SPECIAL FEATURES OF OUR WEBSITES

NEWSLETTER

(1) With your consent, you can subscribe to our newsletter, in which we inform you about our current and interesting offers. The goods and services being advertised are specified in the consent declaration.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you register, we will send an email to the address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. We also store the IP addresses you used and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, clarify any possible misuse of your personal data.

(3) The only mandatory information required for sending the newsletter is your email address. The provision of any additional data, which is marked separately, is voluntary and is used to address you personally. After your confirmation, we store your email address for the purpose of sending the newsletter. The legal basis is Art. 6(1) sentence 1 lit. a GDPR.

(4) You may withdraw your consent to receive the newsletter at any time and unsubscribe. You can declare your withdrawal by clicking the link provided in every newsletter email, by emailing info@rm-components.de, or by sending a message to the contact details provided in the legal notice (Impressum).

SOCIAL MEDIA AND THIRD-PARTY PROVIDERS

SOCIAL MEDIA

(1) We currently use the following social media plug-ins and/or link to the following social media platform providers: Facebook, Xing, LinkedIn. For plug-ins, we use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box via its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In this case, the data listed under the section COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE (paragraph 1) is also transmitted. For pure links to social media platform providers, the data listed under the section COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE (paragraph 1) is only transmitted to the provider after clicking the link. Since the plug-in provider collects data particularly via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.

(2) We have neither influence on the data collected nor on the data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing, or the storage periods. We also have no information regarding the deletion of the collected data by the respective provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses these for purposes of advertising, market research, and/or designing its website to meet user needs. Such evaluation is carried out in particular (also for non-logged-in users) for the purpose of displaying tailored advertising and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but you must contact the respective plug-in provider to exercise this right. Through the plug-ins, we offer you the opportunity to interact with social networks and other users, which allows us to improve our offering and make it more interesting for you as a user. The legal basis for the use of plug-ins and the use of social media platforms, including linking to them, is Art. 6(1) sentence 1 lit. f GDPR. If, in addition, consent for the use of cookies is required, we will ask for your consent at the appropriate point. If cookies are used on the basis of your consent, the legal basis is Art. 6(1) sentence 1 lit. a GDPR.

(4) The transfer of data when using social media plug-ins occurs regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data collected by us is directly assigned to your existing account with the plug-in provider. If you activate the button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out of a social network after use, and especially before activating the button, as this allows you to avoid assignment to your profile with the plug-in provider.

(5) Further information on the purpose and scope of data collection and its processing by the provider can be found in the privacy policies of these providers listed below. There you will also find further information about your rights in this regard and configuration options for protecting your privacy.

(6) Further information about the respective plug-in providers and URLs with their privacy policies:

According to Facebook, IP addresses in Germany are anonymized immediately after collection. We cannot rule out that personal data about you may be transmitted to the respective provider and stored there (in the case of U.S. providers, in the USA). Further information on the purpose and scope of data collection and its processing by the provider can be found here: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, https://www.facebook.com/terms?ref=pfand http://www.facebook.com/policy.php. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/list. In addition, the META CONTRACTUAL SUPPLEMENT FOR THE TRANSFER OF EUROPEAN DATA (https://www.facebook.com/legal/EU_data_transfer_addenDum) is concluded with the provider as standard.

According to Instagram, IP addresses in Germany are anonymized immediately after collection. We cannot rule out that personal data about you may be transmitted to the respective provider and stored there (in the case of U.S. providers, in the USA). Further information on the purpose and scope of data collection and its processing by the provider can be found here: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, https://help.instagram.com/155833707900388, https://www.facebook.com/terms?ref=pf and http://www.facebook.com/policy.php. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/list. In addition, the META CONTRACTUAL SUPPLEMENT FOR THE TRANSFER OF EUROPEAN DATA (https://www.facebook.com/legal/EU_data_transfer_addendum) is concluded with the provider as standard.

Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/list.

REVIEW PLATFORMS

(1) We use plug-ins from the following provider and link to our profile with the provider:

- kununu

For plug-ins, we use the so-called two-click solution. This means that when you visit our site, no personal data is initially transmitted to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box via its initial letter or the logo. We give you the option to communicate directly with the plug-in provider via the button. Only when you click on the marked field and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding page of our online offering. In this case, the data listed in the section COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE (paragraph 1) is also transmitted. For pure links to social media platform providers, the data listed in the section COLLECTION OF PERSONAL DATA WHEN VISITING OUR WEBSITE (paragraph 1) is only transmitted after clicking the link. Since the plug-in provider collects data especially via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the greyed-out box.

(2) We have neither influence over the data collected nor the data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing, or the storage periods. We also have no information regarding deletion of the collected data by the respective provider.

(3) The plug-in provider stores the data collected about you as usage profiles and uses them for advertising, market research, and/or needs-based design of its website. Such evaluation is carried out in particular (also for non-logged-in users) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, but must contact the respective plug-in provider to exercise this right. Via the plug-ins, we offer you the opportunity to obtain independent information about our company or our offering, allowing us to improve our services and make them more interesting for you as a user. The legal basis for the use of plug-ins and for using review platforms, including linking to them, is Art. 6(1) sentence 1 lit. f GDPR. If, in addition, consent is required for the use of cookies, we will ask you for your consent at the appropriate point. If cookies are used on the basis of your consent, the legal basis is Art. 6(1) sentence 1 lit. a GDPR.

(4) The transfer of data when using plug-ins occurs regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data collected by us is directly assigned to your existing account with the plug-in provider. We recommend that you regularly log out of a review platform after use.

(5) Further information on the purpose and scope of data collection and its processing by the provider can be found in the privacy policies of these providers listed below. There you will also find further information about your rights and configuration options to protect your privacy.

(6) Additional information about the respective plug-in providers and URLs with their privacy policies:

Provider of kununu: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, Tel.: +49 40 419 131-0, Fax: +49 40 419 131-11, Email: info@xing.com. The provider’s privacy policy can be found at https://privacy.xing.com/de/datenschutzerklaerung. Further information about the provider can be found at https://www.kununu.com/de/info/impressum.

DATA PROTECTION NOTICE FOR THE PROCESSING OF PERSONAL DATA OUTSIDE OUR WEBSITES

Personal data is collected directly from the data subject. The further collection and storage as well as the processing and use of this and other personal data within the meaning of the General Data Protection Regulation (GDPR) is necessary for fulfilling legal duties and obligations, as well as for safeguarding legitimate interests, particularly with regard to maintaining a long-term customer relationship and direct advertising. The legal bases for the data processing activities described above are Article 6(1)(b) and Article 6(1)(f) GDPR. The legal basis for processing based on consent is Article 6(1)(a) GDPR. There is no obligation to provide any required consent, and any consent given can be revoked at any time—individually or in full—with effect for the future. Any revocation must be addressed to RM Components GmbH, O'Brien-Straße 5, 91126 Schwabach, email: info@rm-components.de. In this case, the data collected and stored based on consent will be deleted. You may request information about the processing of your personal data, request correction in case of inaccuracies, and demand deletion in the event of unlawful storage, as well as lodge a complaint with the supervisory authority. You also have the right to object to the processing of your personal data at any time if special reasons exist. Furthermore, the right to data portability under Art. 20 GDPR applies.

You can reach our Data Protection Officer at dominik.gueneri@advizzr.net or via our postal address with the addition “Data Protection Officer”. Your data will generally be deleted as soon as the purpose of its processing no longer applies. This does not apply if statutory retention obligations beyond this exist. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. Third parties in this sense may include: tax advisors, accounting offices, databases within our CRM system (customer management system), operators of our website and email servers/administrators, IT service providers (including remote maintenance if applicable), as well as financial service providers (banks). Any potential transfer of your data occurs exclusively due to legal obligations to public bodies that require your data for the fulfilment of their statutory tasks, or to natural or legal persons under private law who demonstrate a legitimate interest in using your data, or if explicit consent exists, or for safeguarding legitimate interests within the meaning of Art. 6(1)(f) GDPR.

DATA PROTECTION INFORMATION FOR SPECIAL CATEGORIES OF PERSONAL DATA

PROCESSING OF DATA VIA CLOUD OFFICE PLATFORMS

If we process personal data within the framework of a cloud office platform, the legal basis for this is Art. 6(1)(f) GDPR.

USE OF MICROSOFT 365 (EXCHANGE/OUTLOOK, ONEDRIVE/SHAREPOINT, TEAMS, OFFICE APPS AND OTHERS)

(1) We use Microsoft 365 for email hosting and communication, file storage/sharing, collaborative document editing, calendars, video conferences, and collaboration. Provider (EU): Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The data processed includes, among others, communication and master data (e.g., email content, sender/recipient, timestamps), calendar/meeting data (including any meeting metadata), file/document content, and associated log/usage data. Product information: microsoft.com/de-de/microsoft-365.

(2) Purposes: contract performance/initiation, internal/external communication, collaboration, scheduling/project organisation, documentation, IT operations and security. Legal bases: Art. 6(1)(b) GDPR (contract/performance) and Art. 6(1)(f) GDPR (legitimate interest in efficient and secure collaboration); where required, additionally Art. 6(1)(a) GDPR (consent). General privacy information: Privacy Statement, Privacy Information, Terms of Use.

(3) Processing on behalf & recipients: Microsoft acts as a processor (Art. 28 GDPR) and may use sub-processors (e.g., data centre/support providers). Data is generally processed in EU data centres; in individual cases, transfers to third countries (especially the USA) may occur. The basis includes, among others, the EU-U.S. adequacy decision (Data Privacy Framework, Art. 45 GDPR) and additionally the EU Standard Contractual Clauses (Art. 46 GDPR). Further information on Microsoft’s privacy, security, and compliance can be found in the provider’s documentation (see above). Legal notice: Legal Notice/Imprint.

(4) Security & settings: We implement measures pursuant to Art. 32 GDPR (including role/rights concepts, multi-factor authentication, audit logs, encryption). Administratively, we configure sharing policies (SharePoint/OneDrive), external sharing, policies for third-party app access/Teams apps, retention/archiving and DLP where available. AI/“Copilot” features — if enabled — are configured in a GDPR-compliant manner (e.g., limits for data access, permissions, logging) or deactivated.

(5) Storage period: determined by statutory/contractual requirements (e.g., commercial/tax retention). Where retention/archiving functions are activated, the rules stored there apply; otherwise, we delete or anonymise personal data once the purpose has ceased to apply.

CREDITWORTHINESS CHECK

(1) A creditworthiness check is an assessment of the credit standing of an individual or a company, obtained to evaluate the risk of payment default. It contains information about the payment behaviour and the financial situation of the data subject, such as existing loans, payment defaults, and any court collection proceedings.

(2) The obtaining and processing of creditworthiness information is carried out in accordance with the provisions of the GDPR. The legal basis for this processing is Art. 6(1)(b) GDPR if the processing is necessary for the performance of a contract or for pre-contractual measures. Furthermore, Art. 6(1)(f) GDPR applies when the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party. The legitimate interest lies in avoiding payment defaults by business partners.

(3) The storage of creditworthiness data is carried out only for as long as necessary for the purpose for which it was collected. This purpose generally ceases to apply once all claims from existing contractual relationships have been fulfilled and no further contractual relationships follow within three years after conclusion of the contract. To carry out creditworthiness checks, we use the following providers.

CREDIT CHECK WITH SCHUFA HOLDING AG

Our company regularly checks your creditworthiness when contracts are concluded and — in certain cases where a legitimate interest exists — also for existing customers. For this purpose, we work with SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, from whom we receive the necessary data. To this end, we transmit your name and contact details to SCHUFA Holding AG. The legal basis is Art. 6(1) sentence 1 lit. b and lit. f GDPR. Information pursuant to Art. 14 of the EU General Data Protection Regulation regarding the data processing carried out by SCHUFA Holding AG can be found here: https://www.schufa.de/global/datenschutz-DS-GVO/.

.

CREDIT CHECK WITH CREDITREFORM BONIVERSUM GMBH

Our company regularly checks your creditworthiness when contracts are concluded and — in certain cases where a legitimate interest exists — also for existing customers. For this purpose, we work with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, from whom we receive the necessary data. To this end, we transmit your name and your contact details to Creditreform Boniversum GmbH. The legal basis is Art. 6(1) sentence 1 lit. b and lit. f GDPR. The information pursuant to Art. 14 of the EU General Data Protection Regulation regarding the data processing carried out by Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/eu-DS-GVO/informationen-nach-euDS-GVO-fuer-verbraucher/.

CREDIT CHECK WITH CRIF GMBH

Our company regularly checks your creditworthiness when contracts are concluded and — in certain cases where a legitimate interest exists — also for existing customers. For this purpose, we work with CRIF GmbH, Leopoldstr. 244, 80807 Munich, from whom we receive the necessary data. To this end, we transmit your name and your contact details to CRIF GmbH. The legal basis is Art. 6(1) sentence 1 lit. b and lit. f GDPR. The information pursuant to Art. 14 of the EU General Data Protection Regulation regarding the data processing carried out by CRIF GmbH can be found here: https://crif.de/datenschutz/.

.

CONFERENCE TOOLS

(1) When using conference tools such as Microsoft Teams or Zoom, personal data is processed in order to enable the execution of online meetings, webinars, and video conferences. Such tools are often used in companies and organisations to facilitate communication and collaboration, particularly in times of remote work.

(2) The collection and processing of personal data in the context of using conference tools is carried out in accordance with the GDPR. The legal basis for this processing is Art. 6(1)(b) GDPR when the processing is necessary for the performance of a contract or for pre-contractual measures, such as participation in an online meeting. Furthermore, Art. 6(1)(f) GDPR may apply when the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided these are not overridden by the interests or fundamental rights and freedoms of the data subject. This is the case, for example, when companies use these tools for internal communication and collaboration.

(3) When using conference tools, various types of personal data are processed, including name, email address, profile picture, IP address, device/hardware information, as well as communication content such as video, audio, and text data. These data are generally processed by the respective providers of the conference tools and may be stored on servers outside the European Union. In such cases, appropriate safeguards such as Standard Contractual Clauses or other legally required mechanisms are ensured to protect the data.

(4) The storage of personal data is carried out only for as long as necessary for the purpose for which it was collected. After this purpose has been fulfilled, the data must be deleted unless legal retention obligations exist. As a rule, the aforementioned data is not stored by us, as it is not required beyond the use of the tool. We use the following conference tools.

USE OF MICROSOFT TEAMS

(1) We use the conference tool Microsoft Teams for the following purposes: video conferences, online meetings, webinars, and screen sharing.

(2) Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA. Further information on the provider’s offering can be found at https://www.microsoft.com/de-de/microsoft-teams/group-chat-software. Further information on the purpose and scope of data collection and its processing by the provider can be found in the provider’s privacy statements. There you will also find further information about your rights and configuration options to protect your privacy: https://privacy.microsoft.com/de-de/privacystatement. We cannot rule out that Microsoft Teams may also process your personal data in the USA and other third countries. Therefore, we have concluded the Standard Contractual Clauses for customers, which Microsoft Teams provides by default: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

(3) The legal basis for using the provider is Art. 6(1)(f) GDPR. Our legitimate interest lies in efficient and secure communication. Should consent for data processing be required, we or the provider will obtain it from you in due time. The legal basis is then Art. 6(1)(a) GDPR. There is no obligation to provide any required consent, and any consent given may be revoked at any time—individually or in full—with effect for the future. In this case, the data collected and stored based on consent will be deleted.

DATA PROTECTION INFORMATION FOR APPLICANTS

(1) We process personal data of applicants exclusively for the purpose of conducting the application process. The collection, storage, and use of personal application data is necessary for carrying out pre-contractual measures as well as for safeguarding our legitimate interests (in particular for the efficient handling of application procedures). The legal basis is Art. 6(1)(b) and Art. 6(1)(f) GDPR. Where applicants have given their consent, Art. 6(1)(a) GDPR additionally serves as the legal basis; consent may be withdrawn at any time with effect for the future.

(2) Applicant data is generally deleted as soon as the purpose of processing no longer applies — at the latest six months after completion of the application process. Longer storage occurs only if statutory retention obligations exist or if consent has been given for inclusion in an applicant pool.

VIDEO SURVEILLANCE OF OUR COMPANY PREMISES

The surveillance of our company premises as well as our storage areas is necessary for safeguarding our legitimate interests, in particular for exercising property rights, for the protection of the life, health, or freedom of persons present on the premises (cf. § 4 BDSG), and for protection against burglary and theft. The legal basis is Art. 6(1) sentence 1 lit. f GDPR.