Journal
Stores
Journal Stores
Need help?
+49 30 220 666 022
Men Women See All
Material
Metal Acetate Hybrid
Size
Small Medium Large Extra Large
Shape
Round Rectangular Cat Eye
Men Women See All
Material
Metal Acetate Hybrid
Size
Small Medium Large Extra Large
Shape
Round Rectangular Aviator Cat Eye
Collections
Classic Collection
FLEXARBON
Silk Collection
Mercedes-Benz Collection
Mercedes-AMG Collection
Our Story Brand Design Product

 

Privacy Policy

The protection of personal data is a matter of great importance to us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legal regulations.

You may, of course, withdraw your consent at any time with effect for the future. To do so, please contact the responsible party.

The following statement provides an overview of the types of data that are collected, how this data is used and shared, the security measures we take to protect your data, and how you can obtain information about the data we have received from you.

Legal basis for the processing of personal data

Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for the implementation of pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Article 6(1)(1)(c) GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(1)(f) GDPR serves as the legal basis for the processing.

Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by European or national legislators in EU regulations, laws, or other legal provisions to which we are subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless further storage is necessary for the conclusion or performance of a contract.

Hosting

External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via a website.

The use of the host is for the purpose of fulfilling the contract with our prospective and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

Our host will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

The Controller and the Data Protection Officer

Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions, is:

ic! berlin GmbH
Wolfener Str. 32 F
12681 Berlin
Deutschland
Tel.: +49 (0)30 220 666 000
E-Mail: [email protected]
Website: www.ic-berlin.com

Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Dieter Grohmann
Datenschutzprivacy
Welserstr. 38
7463 Dietmannsried
Deutschland
Tel.: +49 (0) 8374-5865-263
E-Mail: [email protected]
Website: www.datenschutzprivacy.de

Definitions

This privacy policy is based on the terms used by the European legislator when enacting the EU General Data Protection Regulation (hereinafter referred to as “GDPR”). The privacy policy is intended to be easy to read and understand. To ensure this, the most important terms are explained below:

  • Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
  • Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying data.
  • Profiling means any type of automated processing of personal data that consists of using personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning the person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.
  • Controller or processor responsible for the processing is the natural or legal person, authority, institution, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union law or the law of the member states, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the member states.
  • Processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.
  • Recipient is a natural or legal person, authority, institution, or other body to whom personal data is disclosed, regardless of whether they are a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the member states are not considered recipients.
  • Third party is a natural or legal person, authority, institution, or other body other than the data subject, the controller, the processor, and the persons authorized to process personal data under the direct authority of the controller or the processor.
  • Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Provision of the website and creation of log files

When using the website for informational purposes only, that is, if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the accessing device each time the website is accessed:

  • Browser type/version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer (IP address)
  • Time of the server request

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

The legal basis for the temporary storage of log files is Article 6(1)(f) GDPR.

The temporary storage of the IP address by the system is necessary in order to:

  • enable the delivery of the website to the user’s device. For this purpose, the user’s IP address must be stored for the duration of the session
  • optimize the content of our website as well as the advertising for it
  • ensure the functionality of our information technology systems and the technology of our website
  • provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack

The storage in log files is carried out to ensure the functionality of the website. Additionally, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

Our legitimate interest in data processing pursuant to Article 6(1)(1)(f) GDPR also lies in these purposes.

The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected – in this case, at the end of the usage session.

In the case of data stored in log files, this is at the latest after seven days. Further storage beyond this period is possible. In such cases, the IP addresses are deleted or anonymized so that the calling client can no longer be identified.

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website, which is why there is no option to object.

Use of cookies

This website uses so-called cookies. Below you will find a list of cookies used, along with their descriptions.

Cookies are small text files that are sent from a web server to your browser when you visit a website and are stored locally on your device (PC, laptop, tablet, smartphone, etc.). They provide certain information to the user (i.e., us). Cookies are used to make the website more user-friendly and secure, in particular to collect usage-related information such as frequency of use, number of users on the site, and browsing behavior. Cookies do not cause any damage to your device and do not contain viruses. This cookie contains a unique character string (so-called cookie ID) that enables the browser to be uniquely identified when the website is accessed again.Cookies used:

  • Internet Explorer
  • Safari
  • Chrome
  • Firefox
  • Opera
  • Facebook
  • Youtube

Cookies remain stored even after the browser session is ended and can be accessed again upon revisiting the site. However, cookies are stored on your device and transmitted from there to our site. Therefore, you have full control over the use of cookies. If you do not wish data to be collected via cookies, you can configure your browser settings to notify you when cookies are set, to generally block the setting of cookies, or to delete cookies individually. Please note that disabling cookies may limit the functionality of this website. Session cookies, however, are automatically deleted after you leave the website.

Online inquiry about the availability of eyeglass models

You can inquire online through us about the availability of eyeglass models at our optician partners. In doing so, we collect the following data and information from you: name, email address, phone number, requested product, and requested optician partner. The data collection is based on your consent pursuant to Article 6(1)(1)(a) GDPR in order to process your inquiry and to inform you about the availability after the optician inquiry and to send you messages related to your request. No personal data of yours will be forwarded to our optician partners.

Newsletter

If you purchase goods or services from us and provide your email address in the process, it may subsequently be used by us to send a newsletter. In such cases, the newsletter will only contain direct advertising for our own similar goods or services. The legal basis for sending the newsletter is Article 7(3) of the German Act against Unfair Competition (UWG).

To prevent misuse or incorrect email entries, we use the so-called double opt-in procedure. This means that we send an email to the provided email address asking you to confirm that the email address is correct. If you do not confirm your information within 24 hours, your data will be blocked and automatically deleted after one month. Additionally, we store the IP addresses used and the timestamps of registration and confirmation.

The collection of the user’s email address serves to deliver the newsletter. The collection of other personal data during the confirmation process according to paragraph 2 serves to prevent misuse of the services or the email address used. The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Accordingly, the user’s email address will be stored as long as they do not revoke their consent to receive the newsletters.

You can unsubscribe from receiving our emails at any time by clicking on the “Unsubscribe from newsletter” link in our newsletter footer or by sending us a written message (email, letter, or fax) to the contact details provided in the imprint, clearly indicating that you no longer wish to receive our promotional emails.

The newsletters are sent using “MailChimp,” a newsletter distribution platform provided by the US company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

For sending the newsletters, your email address is stored on MailChimp’s servers in the USA.

MailChimp uses this information to send and analyze newsletters on our behalf. Furthermore, MailChimp may use this data to optimize or improve its own services, for example, for the technical optimization of newsletter delivery and presentation or for business purposes such as determining the countries from which recipients come. However, MailChimp does not use the data of our newsletter recipients to contact them directly or share it with third parties.

MailChimp has committed to complying with the EU-US Privacy Shield Framework regarding the collection, use, and storage of personal data from the EU. Rocket Science Group LLC (MailChimp) has certified that it adheres to the Privacy Shield principles. Additionally, we have concluded a Data Processing Agreement with MailChimp, under which MailChimp is obligated to protect our users’ data and to process the data exclusively under our instructions in accordance with data protection regulations. You can find MailChimp’s privacy policy here: https://mailchimp.com/legal/privacy

Statistical collection and analysis

The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file that is retrieved from MailChimp’s server when the newsletter is opened. During this retrieval, technical information such as details about your browser and system, as well as your IP address and the time of access, are collected. This information is used to technically improve the services based on the technical data or to analyze target groups and their reading behavior based on the locations of access (which can be determined using the IP address) or access times. The statistical collection also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. The analyses help us to understand the reading habits of our users and to tailor our content accordingly or to send different content based on the interests of our users.

Registration

We offer you the option to register on our website by providing personal data. The data is entered into an input form, transmitted to us, and stored. Generally, this data is not shared with third parties unless there is a legal obligation to do so or the disclosure serves criminal prosecution or legal enforcement.

The following data is collected during the registration process:

  • Email address
  • IP address
  • Date and time of registration

You can manage and change all information in the secure customer area. During the registration process, the user’s consent to the processing of this data is obtained.

For registration, we use the so-called double opt-in procedure. This means that after you register, we send an email to the provided email address asking you to confirm that you wish to complete the registration. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted after one month. Additionally, we store the IP addresses used and the timestamps of registration and confirmation. The purpose of this procedure is to verify your registration and, if necessary, to clarify any possible misuse of your personal data.

The legal basis for processing the data, when the user has given consent, is Article 6(1)(1)(a) of the GDPR.

If the registration serves to fulfill a contract to which you are a party or to carry out pre-contractual measures, the additional legal basis for processing the data is Article 6(1)(1)(b) of the GDPR.

Registration is necessary for the fulfillment of the contract or for the execution of pre-contractual measures. (Further description of the contract; regulations according to the Introductory Act to the Civil Code (EGBGB) and the Civil Code (BGB))

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case during the registration process for the fulfillment of a contract or for the implementation of pre-contractual measures when the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations. Continuing obligations require the storage of personal data for the duration of the contractual relationship. In addition, warranty periods must be observed and data may need to be stored for tax purposes. The storage periods to be observed in this context cannot be defined in general terms but must be determined individually for each contract and contractual partner.

If the data is required for the fulfillment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion.

Otherwise, you are free to request the complete deletion of the personal data you provided during registration from the database of the data controller. Upon request, the data controller will provide you with information at any time about which personal data relating to the data subject is stored. Furthermore, the data controller will correct or delete personal data at the request or notification of the data subject, provided that there are no legal retention obligations to the contrary. You may contact the data controller or the data protection officer pursuant to § 1 at any time via email or postal mail to request the deletion or modification of your data.

Disclosure of Personal Data to Third Parties

Advertising

Google Ads Remarketing

We advertise this website via Google Ads in the Google search results as well as on third-party websites. For this purpose, the so-called Google Remarketing Cookie is set when you visit our website, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you have visited. This serves to protect our legitimate interests, which prevail within the scope of a balancing of interests, in optimal marketing of our website according to Art. 6 para. 1 sentence 1 lit. f GDPR. After the purpose has ceased and we have ended the use of Google Ads Remarketing, the data collected in this context will be deleted. Further data processing only takes place if you have consented to Google linking your web and app browsing history with your Google account and using information from your Google account to personalize ads you see on the web. In this case, if you are logged into Google during your visit to our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form audiences.

Google Ads is a service offered by Google Ireland Limited, a company registered and operating under Irish law, headquartered at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de).

To the extent that information is transmitted to and stored on servers of Google in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield.

You can deactivate the remarketing cookie via this link. Additionally, you can get information about cookie usage and make settings through the Digital Advertising Alliance.

Google Adwords Conversion Tracking

To statistically record the use of our website and to analyze it for the purpose of optimizing our website for you, we also use Google Conversion Tracking, a service of Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de).

Google AdWords places a cookie on your computer if you have reached our website via a Google advertisement. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the AdWords customer’s website and the cookie has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to that page. Each AdWords customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of different AdWords customers. The information collected using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The processing is based on Art. 6 (1) lit. f GDPR due to the legitimate interest in analyzing the impact and efficiency of our website. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information that would allow the personal identification of users. If you do not wish to participate in the tracking procedure, you can also refuse the setting of the required cookie – for example, by adjusting your browser settings to generally disable the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. Google’s privacy policy for conversion tracking can be found here (https://services.google.com/sitestats/de.html).

Google Fonts

The script code “Google Fonts” is integrated on this website. Google Fonts is a service provided by Google Ireland Limited, a company registered and operating under Irish law with its headquarters at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). This serves to safeguard our overriding legitimate interests, as part of a balancing of interests, in a uniform presentation of content on our website in accordance with Art. 6 para. 1 lit. f) GDPR. In this context, a connection is established between the browser you use and Google’s servers. This enables Google to become aware that our website has been accessed via your IP address. To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield. Further information about data processing by Google can be found in Google’s privacy policy.

Other Services

Google Maps

On our website, we use the service offered by Google Maps. Google Maps is a service of Google Ireland Limited, a company registered and operating under Irish law, located at Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de).

This allows us to display interactive maps, such as the store finder, directly on the website, providing you with convenient usage. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA. Google stores your data as usage profiles and uses it for advertising, market research, and/or to tailor its website to needs. Such analysis is carried out especially (also for users not logged into Google) to provide targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, please contact Google.

To the extent that information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Based on this agreement between the USA and the European Commission, the latter has determined an adequate level of data protection for companies certified under the Privacy Shield. Further information about data processing by Google can be found in Google’s privacy policy.

Social Media

Our online presence on Facebook, Youtube, Instagram, Xing, LinkedIn

Our presence on social networks and platforms serves to facilitate better, active communication with our customers and interested parties. There, we provide information about our products and ongoing special promotions. When you visit our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. From this data, so-called usage profiles are created using pseudonyms. These can be used, for example, to display advertisements within and outside the platforms that are presumably tailored to your interests. For this purpose, cookies are generally used on your device. These cookies store visitor behavior and user interests. This serves, in accordance with Art. 6 (1) lit. f GDPR, to safeguard our overriding legitimate interests within the framework of a balancing of interests for optimized presentation of our offerings and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (agreement) to data processing, e.g., by means of a checkbox, the legal basis for data processing is Art. 6 (1) lit. a GDPR.

If the aforementioned social media platforms have their headquarters in the USA, the following applies: For the USA, there is an adequacy decision by the European Commission. This is based on the EU-US Privacy Shield. A current certificate for the respective company can be viewed here.

Detailed information about the processing and use of data by the providers on their sites, as well as contact options and your related rights and settings to protect your privacy, especially options to object (opt-out), can be found in the privacy policies of the providers linked below. If you still need assistance in this regard, you can contact us.

Facebook: https://www.facebook.com/about/privacy/

The data processing is based on an agreement between joint controllers pursuant to Art. 26 GDPR, which you can view here.

Further information about data processing in the context of visiting a Facebook fan page (information about insights data) can be found here.

Google/ YouTube: https://policies.google.com/privacy?hl=en-GB

Instagram: https://help.instagram.com/519522125107875

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Xing: https://privacy.xing.com/en/privacy-policy

Right to object (Opt-Out):

Facebook: https://www.facebook.com/settings?tab=ads

Google/ YouTube: https://adssettings.google.com/authenticated

Instagram: https://help.instagram.com/519522125107875

LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing: https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/widerspruchsrecht

Web analysis using Google Analytics (with pseudonymization)

We use the service provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on our website to analyze the browsing behavior of our users. The software places a cookie on your computer.

When individual pages of our website are accessed, the following data is stored:

  • Two bytes of the IP address of the user’s accessing system
  • The accessed website
  • Entry and exit pages
  • Time spent on the website and bounce rate
  • Frequency of website visits
  • Country of origin and regional location, language, browser, operating system, screen resolution, use of Flash or Java
  • Search engines used and search terms used

The information generated by the cookie about the use of this website by users is generally transmitted to a Google server in the USA and stored there. The legal basis for the processing of personal data is Art. 6 (1) sentence 1 lit. a) GDPR.

On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. By analyzing the collected data, we are able to gather information about the use of individual components of our website. This helps us to continuously improve our website and its user-friendliness.

The data will be deleted as soon as it is no longer needed for our recording purposes. In our case, this is after 18 months. The cookies used are stored on your computer and transmitted from there to our site. If you do not agree with the collection and evaluation of usage data, you can prevent this by adjusting your browser settings to disable or restrict the use of cookies. Already stored cookies can be deleted at any time. However, in this case, you may not be able to use all the functions of this website fully. Additionally, you can prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plugin available at the following link. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de.

You have the right to revoke your consent to the processing of personal data at any time. If you contact us via email, you can object to the storage of your personal data at any time. Regarding the revocation of consent/objection to storage, we ask you to contact the controller pursuant to § 1 via email or by mail. The controller is Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin, Ireland, fax: +353 (1) 436 1001. Further information can be found in the terms of service at http://www.google.com/analytics/terms/de.html, In the overview of the privacy policy at http://www.google.com/intl/de/analytics/learn/privacy.html as well as in the privacy policy at http://www.google.de/intl/de/policies/privacy.

Data transfer upon conclusion of contract for services and digital content

We only transfer personal data to third parties if this is necessary for the processing of the contract, for example to the credit institution responsible for payment processing. No further transfer of data takes place, or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your explicit consent, for example for advertising purposes. The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence on the content of external links and are therefore not responsible for them; in particular, we do not endorse their content. If you are redirected to an external site, the privacy policy provided there applies. If you notice any illegal activities or content on this site, please feel free to inform us. In such cases, we will review the content and take appropriate action (notice and take down procedure).

Contact Form and Email Contact

On our website, there is a contact form that can be used for electronic communication. If you use this option, the data entered in the input fields will be transmitted to us and stored.

These data are:

  • Salutation
  • First name, Last name
  • Company
  • Telephone number
  • Message
  • E-mail
  • Country

At the time the message is sent, the following data is also stored:

  • IP address of the user
  • Date and time of registration

Your consent to the processing of the data is obtained during the submission process, and reference is made to this privacy policy. Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email will be stored. If these include information about communication channels (such as email address, phone number), you also consent to us possibly contacting you via this communication channel to respond to your inquiry. No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation. The legal basis for processing the data, when the user has given consent, is Article 6(1)(a) GDPR. The legal basis for processing data transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, an additional legal basis for processing is Article 6(1)(b) GDPR.

The processing of the personal data from the input form is solely for the purpose of handling the contact request. The data from your email inquiries will, of course, be used exclusively for the purpose for which you provide them to us when contacting us. In the case of contact via email, the necessary legitimate interest in processing the data also exists for responding to it. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The data will be deleted as soon as they are no longer necessary for achieving the purpose for which they were collected. For the personal data from the input fields of the contact form and those sent via email, this is the case once the respective conversation with the user has ended. The conversation is considered ended when the circumstances indicate that the matter concerned has been conclusively resolved. The additional personal data collected during the submission process will be deleted no later than seven days afterward.

You have the right to revoke your consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Regarding the revocation of consent/objection to storage, we kindly ask you to contact the responsible party or the data protection officer pursuant to § 1 via email or postal mail. All personal data stored in connection with the contact will be deleted in this case.

Request by email, telephone, or fax

If you contact us by email, telephone, or fax, your inquiry including all personal data arising from it (name, inquiry) will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent. The processing of this data is based on Article 6(1)(b) GDPR, provided that your inquiry is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, the processing is based on your consent (Article 6(1)(a) GDPR) and/or on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective handling of inquiries addressed to us.

The data you send to us via contact inquiries will remain with us until you request their deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been fully processed). Mandatory legal provisions—especially statutory retention periods—remain unaffected.

Processing of Data (Customer and Contract Data)

We collect, process, and use personal data only to the extent that it is necessary for the establishment, content design, or modification of the legal relationship (basic data). This is carried out based on Art. 6 (1) lit. b) GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process, and use personal data about the use of our websites (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The collected customer data will be deleted after the completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

Customer Service – Right to Object

For quality assurance and training purposes, conversations with Customer Service are recorded. If you do not agree to the recording, please hang up now. By staying on the line, you consent to the recording in accordance with Art. 6 (1) lit. a GDPR.

Applications

We offer you the opportunity to apply to us (e.g., by email, postal mail, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected during the application process. We assure you that the collection, processing, and use of your data is carried out in accordance with applicable data protection laws and all other legal regulations, and that your data will be treated with strict confidentiality.

If you submit an application to us, we process your associated personal data (e.g., contact and communication data, application documents, notes from interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the new Federal Data Protection Act (BDSG-neu) under German law (initiation of an employment relationship), Article 6 (1) (b) GDPR (general contract initiation), and—if you have given consent—Article 6 (1) (a) GDPR. Consent can be revoked at any time. Your personal data will only be shared within our company with persons involved in processing your application.

If the application is successful, the data you have submitted will be stored in our data processing systems based on § 26 BDSG-neu and Art. 6 (1) lit. b) GDPR for the purpose of carrying out the employment relationship.

If we are unable to make you a job offer, you decline a job offer, withdraw your application, revoke your consent to data processing, or request us to delete your data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after the conclusion of the application process (retention period) in order to be able to trace the details of the application process in case of discrepancies (Art. 6 (1) lit. f) GDPR).

YOU CAN OBJECT TO THIS STORAGE, PROVIDED THAT YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS. After the retention period expires, the data will be deleted unless there is a legal obligation to retain it or another legal reason for continued storage. If it is apparent that the retention of your data will be necessary after the retention period (e.g., due to an imminent or ongoing legal dispute), deletion will only take place once the data is no longer relevant. Other statutory retention obligations remain unaffected.

SSL-Encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection by the address line in your browser changing from “http://” to “https://” and by the padlock symbol in your browser bar. When SSL encryption is enabled, the data you transmit to us cannot be read by third parties.

Rights of the Data Subject

If personal data about you is processed, you are considered a data subject under the GDPR and have the following rights vis-à-vis the data controller:

Right of access

You have the right to request from the controller a confirmation as to whether personal data concerning you is being processed by us. If such processing takes place, you may at any time request from the controller a free-of-charge access to the personal data stored about you, as well as the following information:

  • The purposes for which the personal data are processed;
  • The categories of personal data being processed;
  • The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • The intended duration of storage of the personal data concerning you or, if specific details are not possible, the criteria used to determine the storage period;
  • The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
  • The existence of a right to lodge a complaint with a supervisory authority;
  • All available information about the source of the data, if the personal data were not collected from the data subject;
  • The existence of automated decision-making including profiling according to Art. 22 (1) and (4) GDPR and—at least in these cases—meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

Right to Rectification

You have the right to immediate correction and/or completion from the controller if the processed personal data concerning you are incorrect or incomplete.

Right to Restriction of Processing

Under the following conditions, you may request the immediate restriction of the processing of your personal data from the controller:

  • if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims, or
  • if you have objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, such data – apart from being stored – may only be processed with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been imposed under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

Right to erasure

You can request the controller to delete the personal data concerning you without delay if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You withdraw your consent on which the processing was based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  • The personal data concerning you have been unlawfully processed.
  • The deletion of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the controller has made the personal data concerning you public and is obligated to delete them pursuant to Art. 17 para. 1 GDPR, they shall take appropriate measures, considering the available technology and implementation costs, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the deletion of all links to those personal data or copies or replications of those personal data.

The right to erasure does not apply insofar as the processing is necessary

  • for the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation that requires the processing under Union law or the law of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h) and i) as well as Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right mentioned under section a) is likely to render the achievement of the objectives of this processing impossible or seriously impaired, or
  • for the assertion, exercise, or defense of legal claims.

Right to Information

If you have exercised the right to rectification, deletion, or restriction of processing against the controller, the controller is obligated to inform all recipients to whom your personal data have been disclosed about this rectification/deletion/restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed by the controller about these recipients.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit these data to another controller without hindrance from the controller to whom the personal data were provided, provided that

  • the processing is based on consent according to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, or on a contract according to Art. 6 para. 1 lit. b) GDPR, and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired thereby. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

To assert the right to data portability, the data subject may at any time contact the controller responsible for the processing.

Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data that is based on Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions.

The controller no longer processes your personal data unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option to exercise your right to object in connection with the use of information society services—regardless of Directive 2002/58/EC—by automated means using technical specifications. To exercise the right to object, the data subject may directly contact the controller responsible for the processing.

Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent up until the revocation. You can contact the responsible party to do so.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for the conclusion or performance of a contract between you and the controller,
  • is permitted based on Union or Member State laws to which the controller is subject, and these laws include appropriate measures to safeguard your rights and freedoms as well as your legitimate interests;
  • is carried out with your explicit consent.

However, these decisions must not be based on special categories of personal data according to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a) or g) GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. In the cases mentioned in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms as well as your legitimate interests. These measures shall include at least the right to obtain intervention by a person on the part of the controller, to express your own point of view, and to challenge the decision. If the data subject wishes to assert rights related to automated decisions, they may contact the controller responsible for processing at any time.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, place of work, or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR. The supervisory authority where the complaint was filed shall inform the complainant about the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

Changes to the Privacy Policy

We reserve the right to modify our data protection practices and this policy as necessary to adapt them to changes in relevant laws or regulations or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please refer to the current version date of the privacy policy.