Privacy Policy

Table of Contents

1. Name and Address of the Controller
2. Contact Details of the Data Protection Officer
3. General Information on Data Processing
4. Rights of the Data Subject
5. Provision of the Website and Creation of Log Files
6. Use of Cookies
7. Newsletter
8. Inquiries by Email, Phone, or Fax
9. Contract Processing
10. Inquiries via Contact Form
11. Web Analysis with Google Analytics
12. Use of Google reCAPTCHA
13. Integration of Vimeo Videos
14. Online Application
15. Updating the Privacy Policy

1. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Munich Surgical Imaging GmbH
Türkenstr. 89
80799 Munich
Germany
Phone: +49 (0) 89 9974274 0
Email: info@munichimaging.de

2. Contact Details of the Data Protection Officer

The Data Protection Officer of the controller is:

DataCo GmbH
Dachauer Straße 65
80335 Munich
Germany
Phone: +49 (0) 89 7400 45840
Website: www.dataguard.de
Email: privacy@munichimaging.de

3. General Information on Data Processing

1. Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by legal regulations.

2. Legal Basis for Processing Personal Data

If we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.

For processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

If processing personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests or fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis.

3. Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be deleted or blocked when a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for contract conclusion or contract fulfillment.

4. Rights of the Data Subject

If personal data concerning you is processed, you are the data subject as defined by the GDPR and you have the following rights against the controller:

1. Right to Access

You can request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you can request information about:

• The purposes of processing;
• The categories of personal data being processed;
• The recipients or categories of recipients to whom the personal data have been or will be disclosed;
• The planned duration of storage of the personal data or, if specific information is not possible, criteria for determining the storage period;
• The existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
• The existence of a right to lodge a complaint with a supervisory authority;
• All available information about the origin of the data if the personal data is not collected from the data subject;
• The existence of automated decision-making, including profiling, as referred to in Art. 22 para. 1 and 4 GDPR and, at least in such cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data concerning you is transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to request the rectification and/or completion of personal data concerning you if it is incorrect or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

Under the following conditions, you can request the restriction of the processing of personal data concerning you:

• If you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims;
• If you have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure
5. a) Obligation to Erase

You can request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay where one of the following grounds applies:

• The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• You withdraw consent on which the processing is based according to Art. 6 para. 1 sentence 1 lit. a or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing.
• You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
• The personal data has been unlawfully processed.
• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data has been collected in relation to the offer of information society services referred to in Art. 8 para. 1 GDPR.

1. b) Information to Third PartiesWhere the controller has made the personal data public and is obliged pursuant to Art. 17 para. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
2. c) ExceptionsThe right to erasure does not apply to the extent that processing is necessary:

• For exercising the right of freedom of expression and information;
• For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• For reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
• For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89 para. 1 GDPR insofar as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• For the establishment, exercise, or defense of legal claims.

5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided, where:

• The processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR; and
• The processing is carried out by automated means.

In exercising this right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others must not be adversely affected by this.

The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing personal data concerning you which is based on Art. 6 para. 1 sentence 1 lit. e or f GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing personal data concerning you for such marketing, which includes pr filing to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You may exercise your right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

8. Right to Withdraw Consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

• Is necessary for entering into or the performance of a contract between you and the controller;
• Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
• Is based on your explicit consent.

However, these decisions must not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in points 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The competent supervisory authority for us is:

Bavarian State Office for Data Protection Supervision
P.O. Box 606
91511 Ansbach
Germany

5. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

For technical reasons, in particular, to ensure a secure and stable website, data is transmitted by your internet browser to us or our web hoster. The following data is collected and transmitted:

• Information about the browser type and version used
• The operating system of the user
• The internet service provider of the user
• The IP address of the user
• Date and time of access
• Websites from which the user’s system accesses our website
• Websites accessed by the user’s system via our website.

These data are temporarily stored. These data are not stored together with other personal data of the user.

2. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. Additionally, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

When using this general data and information, our company does not draw any conclusions about the data subject. This information is needed to:

• Deliver the content of our website correctly;
• Optimize the content of our website and the advertising for it;
• Ensure the long-term functionality of our information technology systems and website technology; and
• Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

Therefore, our company statistically analyzes anonymized data and information collected with the aim of increasing the data protection and data security of our enterprise and ultimately to ensure an optimal level of protection for the personal data we process. The anonymized data of the server log files are stored separately from all personal data provided by a data subject.

3. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session is ended.

In the case of storage of the data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized, so that it is no longer possible to assign the calling client.

5. Right to Object and Elimination

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no possibility for the user to object.

6. Use of Cookies

When you click “Reject All,” we only use technically necessary services to provide our site. You can grant your consent for additional purposes or services via “Cookie Settings” based on further information and revoke it at any time for the future.

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is revisited.

This website uses cookies necessary for the technical operation of the website and are always set. Other cookies that enhance the comfort of using this website are only set with your consent. Some elements of our website require that the calling browser can be identified even after a page change.

2. Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies.

The user data collected through technically necessary cookies is not used to create user profiles.

The data collected through technically non-necessary cookies is used to analyze and understand user behavior on the website to improve the user experience and enable targeted marketing measures.

3. Legal Basis for Data Processing

The legal basis for processing personal data using technically non-necessary cookies is Art. 6 para. 1 sentence 1 lit. a GDPR.

The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.

4. Storage Duration, Right to Object, and Elimination

Cookies are stored on the user’s computer and transmitted to our site. Therefore, you as a user also have full control over the use of cookies. By adjusting your settings in the cookie banner on this website or changing the settings in your internet browser, you can disable or restrict the transmission of cookies.

Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, not all functions of the website may be fully usable.

7. Newsletter

1. Description and Scope of Data Processing

There is an option to subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is transmitted to us:

• Email address
• Date and time of registration
• IP address of the calling computer

 

For the processing of the data, your consent is obtained during the registration process, and this privacy policy is referenced.

The data is not passed on to third parties in connection with data processing for sending newsletters. The data is used exclusively for sending the newsletter.

2. Purpose of Data Processing

The collection of the user’s email address serves to deliver the newsletter.

3. Legal Basis for Data Processing

The legal basis for processing the data after the user registers for the newsletter is Art. 6 para. 1 sentence 1 lit. a GDPR if the user has given consent.

The legal basis for sending the newsletter following the sale of goods or services is Art. 7 para. 3 UWG.

4. Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. The user’s email address will, therefore, be stored as long as the newsletter subscription is active.

The other personal data collected during the registration process is usually deleted after seven days.

5. Right to Object and Elimination

The subscription to the newsletter can be terminated by the affected user at any time. For this purpose, there is a corresponding link in each newsletter.

This also allows a revocation of the consent to store the personal data collected during the registration process.

8. Inquiries by Email, Phone, or Fax

1. Description and Scope of Data Processing

On our website, you will find our contact details via email, phone, and fax. In this case, the personal data of the user transmitted with the contact will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of Data Processing

In the case of contact, this also constitutes the necessary legitimate interest in processing the data.

3. Legal Basis for Data Processing

The legal basis for processing the data, if the user has given consent, is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at concluding a contract, then an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

4. Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the relevant facts have been clarified.

The additional personal data collected during the sending process will be deleted after a maximum of seven days.

5. Right to Object and Elimination

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contact will be deleted in this case.

9. Contract Processing

The data you provide to take advantage of our goods and/or services are processed by us for the purpose of contract processing and are necessary in this respect. Contract conclusion and execution are not possible without providing your data.

The legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

We delete the data upon complete contract execution, but must comply with the tax and commercial law retention periods.

As part of contract processing, we transfer your data to the transport company entrusted with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or payment purposes.

10. Inquiries via Contact Form

1. Description and Scope of Data Processing

There is a contact form on our website that can be used for electronic contact. If a user takes advantage of this opportunity, the data entered in the input mask will be transmitted to us and stored. At the time the message is sent, the following data is also stored:

• Email address
• Name
• IP address of the calling computer
• Date and time of registration

Your consent is obtained for processing the data during the sending process, and this privacy policy is referenced.

Alternatively, it is possible to contact us via the provided email address. In this case, the personal data transmitted with the email will be stored.

The data is used exclusively for processing the conversation.

2. Purpose of Data Processing

The processing of personal data from the input mask serves us solely for processing the contact. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The additional personal data processed during the sending process serve to prevent misuse of the contact form and ensure the security of our information technology systems.

3. Legal Basis for Data Processing

The legal basis for processing the data, if the user has given consent, is Art. 6 para. 1 sentence 1 lit. a GDPR.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 sentence 1 lit. f GDPR. If the email contact aims at concluding a contract, then an additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Storage Duration

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the relevant facts have been clarified.

The additional personal data collected during the sending process will be deleted after a maximum of seven days.

5. Right to Object and Elimination

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contact will be deleted in this case.

11. Web Analysis with Google Analytics

If you have given your consent via the cookie banner, this website uses Google Analytics UA and Google Analytics 4. These are web analysis services provided by Google LLC. The responsible entity for users in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

1. Scope of Processing

Google Analytics UA and Google Analytics 4 use cookies that allow an analysis of your use of our websites. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there in an anonymized form.

Regarding the analysis tool Google Analytics UA, we use the ‘anonymizeIP’ function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

With Google Analytics 4, IP anonymization is activated by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics, according to Google, is not merged with other data from Google.

During your website visit, data collected through Google Analytics UA and Google Analytics 4 include:

• The pages you visit, your “click path”
• Achievement of “website goals” (conversions, e.g., newsletter sign-ups, downloads, purchases)
• Your user behavior (e.g., clicks, time spent on the site, bounce rates)
• Your approximate location (region)
• Your IP address (in truncated form)
• Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
• Your internet service provider
• The referrer URL (from which website/advertising medium you came to this website).

2. Purpose of Processing

The reports provided by Google Analytics UA and Google Analytics 4 serve to analyze the performance of our website and the success of our marketing campaigns.

3. Recipients

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

According to the contract, your data is used on servers located within the EU. However, it cannot be ruled out that data may also be transferred to the USA. In this case, the data transfer is based on Google’s certification under the “EU-U.S. Data Privacy Framework,” which ensures that the level of data protection is adequate even when data is processed on servers in the USA (Art. 46 GDPR). Furthermore, by activating the tool, you expressly consent to the data transfer.

4. Storage Duration

The data we send and link to cookies are automatically deleted after a maximum of 2 months. Data whose retention period has been reached is automatically deleted once a month. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by a) not giving your consent to the cookie setting or b) downloading and installing the browser add-on to disable Google Analytics.

5. Legal Basis and Revocation Option

The legal basis for this data processing is your consent, § 25 para. 1 TTDSG, Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by accessing the cookie settings and changing your selection.

More information on Google Analytics terms of use and data protection at Google can be found here.

12. Use of Google reCAPTCHA

Insofar as you have given your corresponding consent in the context of the cookie banner or when submitting the contact form, Google reCAPTCHA is used on this website. This is a service provided by Google LLC. The responsible entity for users in the EU and Switzerland is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

1. Scope of Processing

Google reCAPTCHA is used to prevent the misuse of our website by automated programs (bots). The service analyzes various information (e.g., IP address, duration of stay on the website, or user’s mouse movements) to determine whether an input is made by a human or an automated program. The information collected through the analysis is usually transmitted to a Google server in the USA and anonymized there.

The version of Google reCAPTCHA integrated on this website uses various techniques to detect automated access. The following data, among others, are collected:

• Referrer URL
• IP address of the user
• Duration of the user’s visit on the website
• Mouse movements and other interactions on the website
• Cookies set by Google

2. Purpose and Legal Basis of Processing

The analyses and detections provided by Google reCAPTCHA serve to protect our website from misuse and unauthorized access by automated programs (bots). This ensures the security and functionality of our website. The legal basis for this data processing is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR.

3. Recipients

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google is certified under the “EU-U.S. Data Privacy Framework.” Contractually, your data is used on servers located within the EU. However, it cannot be ruled out that data may also be transferred to the USA. In this case, the data transfer is based on Google’s certification under the “EU-U.S. Data Privacy Framework,” which ensures that the level of data protection is adequate even when processing data on servers in the USA (Art. 46 GDPR). Furthermore, by activating the tool, you expressly consent to the data transfer.

4. Storage Duration

The data we send and link with cookies will be automatically deleted after a maximum of 2 months. Data whose retention period has been reached is automatically deleted once a month. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of this data by Google, by either a) not giving your consent to the setting of the cookie or b) accessing the cookie settings and changing your selection there.

5. Legal Basis and Revocation Option

The legal basis for this data processing is your consent, § 25 para. 1 TTDSG, Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time by accessing the cookie settings and changing your selection there.

Submitting the contact form is only possible with consent to reCAPTCHA. Alternatively, you can contact the company via email or phone.

Further information about Google reCAPTCHA and data protection at Google can be found here.

13. Integration of Vimeo Videos

1. Scope of Processing

We embed videos from the “Vimeo” platform on our website. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). When you visit a page of our website that embeds a Vimeo video, a privacy banner is displayed by default. Only after your explicit consent, by clicking the banner, the video is loaded and played. In this process, data such as your IP address and information about your use of the video are transmitted to Vimeo.

2. Purpose of Processing

The integration of Vimeo videos serves to provide multimedia content to make our web offerings appealing and informative. By using videos, we can present complex content clearly and improve the user experience.

3. Recipients

The data collected during the integration of Vimeo videos is transmitted to Vimeo. Vimeo processes this information in the USA. More information on data protection at Vimeo can be found in Vimeo’s privacy policy.

4. Storage Duration

The data stored by Vimeo is stored for the period necessary to fulfill the purpose of the collection. Deletion of the data occurs as soon as it is no longer necessary to achieve the purpose for which it was collected.

5. Legal Basis and Revocation Options

The legal basis for processing the data by Vimeo is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by adjusting your browser settings or changing the privacy settings on our website. Please note that after a revocation, it may no longer be possible to use all functions of the website fully. If you have any questions or concerns about data processing, you can contact us at any time.

14. Online Application

1. Description, Scope, and Purpose of Data Processing

We offer you the opportunity to apply to us (e.g., by email, post, or online application form). In the following, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.

2. Purpose of Data Processing and Legal Bases

If you send us an application, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) to the extent necessary to decide on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation), and, if you have given your consent, Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with persons involved in processing your application.

If the application is successful, the data you submitted will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

3. Storage Duration

If we cannot offer you a position, you reject a job offer, or withdraw your application, we reserve the right to retain the data you provided on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted, and the physical application documents destroyed. The retention serves, in particular, as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g., due to a pending or impending legal dispute), deletion will only take place when the purpose for further retention no longer applies.

A longer retention period may also occur if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal retention obligations oppose deletion.

4. Inclusion in the Applicant Pool

If we do not offer you a job, there may be an opportunity to include you in our applicant pool. In the event of inclusion, all documents and information from the application will be transferred to the applicant pool to contact you in case of suitable vacancies.

Inclusion in the applicant pool is based solely on your explicit consent (Art. 6 para. 1 lit. a GDPR). The submission of consent is voluntary and is not related to the ongoing application process. The affected person can revoke their consent at any time. In this case, the data from the applicant pool will be irretrievably deleted unless there are legal reasons for retention.

The data from the applicant pool will be irretrievably deleted no later than two years after consent is given.

15. Updating the Privacy Policy

We review and update our privacy policy regularly to ensure it meets current legal requirements and accurately reflects our data protection practices. Changes to this privacy policy will be published on our website.

Therefore, it is advisable to read the privacy policy regularly to stay informed about possible changes. If significant changes are made that affect your rights or the way we process your personal data, we will inform you directly if necessary.

Last updated: July 2024