Data protection

6. comment function in the blog on the website

We offer users the opportunity to leave comments on individual blog posts on our blog, which is located on our website. If the user leaves a comment in the blog published on this website, in addition to the comments left by the data subject, information about the time the comment was entered and the user name chosen by the data subject is also stored and published. The IP address of the user is also logged. The IP address is stored for security reasons and in the event that the data subject violates the rights of third parties or posts illegal content by leaving a comment. The storage of this personal data is therefore in the controller's own interest so that it can exonerate itself in the event of an infringement.

In this context, the personal data collected will not be passed on to third parties unless such a transfer is required by law or serves the legal defence of the controller.

7. subscription to comments in the blog on the website

Comments posted on our blog can be subscribed to by third parties. In particular, it is possible for a commenter to subscribe to the comments that follow their comment. If the user subscribes to comments, the person responsible sends an automatic confirmation email to check in the double opt-in procedure whether the owner of the specified email address has actually opted for this option. The option to subscribe to comments can be cancelled at any time.

8 Routine erasure and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

9 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the EU General Data Protection Regulation (GDPR) and you have the following rights vis-à-vis the controller:

a) Right to confirmation

You can request confirmation from the controller as to whether personal data concerning you is being processed. If you wish to exercise this right of confirmation, you can contact an employee of the controller at any time.

b) Right to information

You can request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you can request the following information from the controller:

(1) the purposes for which the personal data are processed;

(2) the categories of personal data that are processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;

(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) the existence of a right of appeal to a supervisory authority;

(7) all available information on the origin of the data if the personal data are not collected from the data subject;

(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 c) Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

d) Right to cancellation

aa) Cancellation obligation

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

bb) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you as the data subject have requested the erasure of all links to this personal data or of copies or replications of this personal data.

cc) Exceptions

The right to erasure does not exist if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the assertion, exercise or defence of legal claims.

e) Right to restriction of processing

Under the following conditions, you may request the restriction of the processing of your personal data:

(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or

(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been established whether the legitimate reasons of the controller override your reasons.

If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

f)         Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility to exercise your right to object in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications

h) Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is necessary for the conclusion or fulfilment of a contract between you and the controller,

(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

i) Right to withdraw consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

k) Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients by the controller.

10. data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if the applicant sends us the relevant application documents by email. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

We also use the tracking measures and social media plugins listed below on our website:

16. privacy policy for Jetpack for WordPress

We have integrated Jetpack on this website. Jetpack is a WordPress plug-in.

The operating company of the Jetpack plug-in for WordPress is Automattic Inc, 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc, 201 Third Street, San Francisco, CA 94103, USA.

Jetpack places a cookie on the data subject's information technology system. What cookies are has already been explained above. Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Jetpack component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Jetpack component to transmit data to Automattic for analysis purposes. As part of this technical process, Automattic obtains knowledge of data that is subsequently used to create an overview of website visits. The data obtained in this way is used to analyse the behaviour of the data subject who has accessed the controller's website and is evaluated with the aim of optimising the website. The data collected via the Jetpack component will not be used to identify the data subject without the prior express consent of the data subject. The data is also disclosed to Quantcast. Quantcast uses the data for the same purposes as Automattic.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Automattic can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by the Jetpack cookie as well as the processing of these data by Automattic/Quantcast and the chance to preclude any such. To do this, the data subject must click the opt-out button under the link https://www.quantcast.com/opt-out/ which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies on the data subject's system are deleted after an objection, the data subject must call up the link again and set a new opt-out cookie.

However, if the opt-out cookie is set, it is possible that the data subject will no longer be able to use the controller's website to its full extent.

The applicable data protection provisions of Automattic can be found at https://automattic.com/privacy/ available. The applicable data protection provisions of Quantcast can be found at https://www.quantcast.com/privacy/ retrievable.

17. data protection provisions about LinkedIn

We have integrated LinkedIn on this website. LinkedIn is a social network.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time our website, which is equipped with a LinkedIn plug-in, is accessed, this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information about the LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins be retrieved. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the person concerned.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in to LinkedIn at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

LinkedIn offers under https://www.linkedin.com/psettings/guest-controls the option to unsubscribe from email messages, SMS messages and targeted adverts and to manage ad settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be set under https://www.linkedin.com/legal/cookie-policy be rejected. The applicable data protection provisions of LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy available. The LinkedIn cookie policy is available at https://www.linkedin.com/legal/cookie-policy retrievable.

18. data protection provisions about Twitter

We have integrated Twitter on this website. Twitter is a microblogging service.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information about the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is to enable our users to redistribute the contents of this website and to increase our visitor numbers.

If the data subject is logged in to Twitter at the same time, Twitter recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Twitter component and assigned by Twitter to the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, the data and information transmitted with it is assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.

Twitter always receives information via the Twitter component that the data subject has visited our website if the data subject is logged in to Twitter at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If such a transmission of this information to Twitter is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter can be found at https://twitter.com/privacy?lang=de retrievable.

19. data protection provisions about Xing

We have integrated Xing on this website. Xing is a social network.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of the individual pages of this website is accessed, which is operated by the controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins be retrieved. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the person concerned.

If the data subject is logged in to Xing at the same time, Xing recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject clicks on one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged in to Xing at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If such a transmission of this information to Xing is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their Xing account before a call-up to our website is made.

The data protection provisions published by Xing, which are available at https://www.xing.com/privacy provide information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published https://www.xing.com/app/share?op=data_protection Data protection information for the XING share button published.

20. data protection provisions about DIGG

We have integrated DIGG on this website. DIGG is a social bookmarking provider.

The operating company of DIGG is Digg Inc,50 Eldridge Street, 2nd Floor
New York NY 10002, USA.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which the DIGG plug-in has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective DIGG component to download a representation of the corresponding DIGG component from DIGG. As part of this technical process, DIGG receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to DIGG at the same time, DIGG recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the DIGG component and assigned by DIGG to the respective DIGG account of the data subject. If the data subject clicks on one of the DIGG buttons integrated on our website, DIGG assigns this information to the personal DIGG user account of the data subject and stores this personal data.

DIGG always receives information via the DIGG component that the data subject has visited our website if the data subject is logged in to DIGG at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the DIGG component or not. If the data subject does not want this information to be transmitted to DIGG in this way, they can prevent the transmission by logging out of their DIGG account before accessing our website.

The data protection provisions published by DIGG, which are available at http://digg.com/privacy provide information about the collection, processing and use of personal data by DIGG.

20. data protection provisions about Reddit

We have integrated Reddit on this website. Reddit is a social news aggregator.

The operating company of Reddit is reddit, Inc. 548 Market St., #16093
San Francisco, CA 94104-5401, USA.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which the Reddit plug-in was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Reddit component of Reddit. As part of this technical process, Reddit receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Reddit at the same time, Reddit recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Reddit component and assigned by Reddit to the respective Reddit account of the data subject. If the data subject clicks on one of the Reddit buttons integrated on our website, Reddit assigns this information to the personal Reddit user account of the data subject and stores this personal data.

Reddit always receives information via the Reddit component that the data subject has visited our website if the data subject is logged in to Reddit at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Reddit component or not. If the data subject does not want this information to be transmitted to Reddit in this way, they can prevent the transmission by logging out of their Reddit account before accessing our website.

The privacy policy published by Reddit, which is available at https://www.redditinc.com/policies/privacy-policy provide information about the collection, processing and use of personal data by Reddit.

21. data protection provisions about Yandex Metrica

We have integrated Yandex Metrica on this website. Yandex Metrica is a web analytics service.

The operating company of Yandex Metrica is Yandex LLC, 16 Lva Tolstogo str. Moscow, 119021 Moscow, Russia

The purpose of Yandex Metrica is to analyse the flow of visitors to our website. Among other things, Yandex Metrica uses the data and information obtained to analyse the use of our website, to compile online reports for us which show the activities on our website, and to provide other services in connection with the use of our website.

Yandex Metrica places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Yandex Metrica is able to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the controller and on which Yandex Metrica has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by Yandex Metrica to transmit data to Yandex Metrica for the purpose of online analysis. During the course of this technical procedure, Yandex Metrica gains knowledge of personal information, such as the IP address of the data subject, which serves Yandex Metrica, inter alia, to understand the origin of visitors and clicks.

Cookies are used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. It also records mouse movements, mouse clicks, scrolling movements and keystrokes on the page. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Yandex Metrica in the Russian Federation. This personal data is stored by Yandex Metrica. Yandex Metrica may pass on this personal data collected via the technical process to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Yandex Metrica from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Yandex Metrica can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the possibility of objecting to a collection of data relating to a use of this Internet site that are generated by Yandex Metrica as well as the processing of these data by Yandex Metrica and the chance to preclude any such. To do this, the data subject must install a browser add-on under the link https://yandex.com/support/metrica/general/opt-out.xml download and install.

Further information and the applicable data protection provisions of Yandex may be retrieved under https://yandex.com/legal/privacy/