Note on the responsible party
The responsible party for data processing on this website is:
The responsible party is the natural or legal person who decides alone or jointly with others about the purposes and means of processing personal data (such as names, email addresses, etc.).
Types of processed data:
Inventory data (e.g. names, addresses).
Contact data (e.g. email, telephone numbers)
Content data (e.g. text inputs, photographs, videos)
Usage data (e.g. visited web pages, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)
Categories of affected persons:
Visitors and users of the online offer (hereinafter referred to collectively as "users").
Purpose of processing:
Provision of the online offer, its functions and content
Answering of contact inquiries and communication with users
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Pseudonymization" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
The "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The "processor" is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Relevant legal bases:
In accordance with Article 32 of the GDPR, we implement suitable technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the likelihood and severity of the risks to the rights and freedoms of natural persons.
These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data, and response to data breaches. Additionally, we take into account the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).
Coorperation with processors or third parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this only happens on the basis of a legal permission (e.g. if transmission of the data to third parties, such as payment service providers, pursuant to Art. 6 para. 1 lit. b GDPR is necessary for the performance of the contract), you have given your consent, a legal obligation provides for this, or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
Please note that our website may use Google Fonts provided by Google. When you visit our website, your browser may establish a connection to Google's servers to download the required fonts. Through this connection, personal data such as your IP address may also be transmitted to Google. However, we have no control over the use of this data by Google. If you decide to continue using our website, you agree that Google may store cookies on your device and may use this data for analysis purposes.
If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
Transmission to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in connection with the use of third-party services or the disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we will only process or allow the data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognized special contractual obligations (so-called "standard contractual clauses").
Rights of data subjects
You have the right to request confirmation as to whether personal data concerning you are being processed, and on access to the personal data and further information and a copy of the data according to Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to demand the completion of the data concerning you or the correction of incorrect data concerning you.
According to Art. 17 GDPR, you have the right to demand that the data concerning you be deleted immediately, or alternatively, according to Art. 18 GDPR, to demand a restriction on the processing of the data.
You have the right to receive the personal data concerning you, which you have provided to us, in accordance with Art. 20 GDPR and to request their transfer to other responsible parties.
Furthermore, according to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke any consent given in accordance with Art. 7 para. 3 GDPR with effect for the future.
Right to object
You can object to the future processing of data concerning you in accordance with Art. 21 GDPR at any time. The objection can be made in particular against processing for the purposes of direct marketing.
Cookies and right to object to direct advertising
"Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Cookies that are deleted after a user leaves an online service and closes their browser are referred to as "temporary cookies," "session cookies," or "transient cookies." For example, the contents of a shopping cart in an online store or a login status can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent." For example, the login status can be stored when users revisit the service after several days. The interests of users can also be stored in such a cookie and used for audience measurement or marketing purposes. Cookies offered by providers other than the person responsible for operating the online service are referred to as "third-party cookies" (otherwise, if they are only the person's own cookies, they are referred to as "first-party cookies").
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional restrictions of this online service.
Deletion of Data
In accordance with legal requirements in Germany, storage is particularly carried out for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, booking vouchers, commercial books, documents relevant to taxation, etc.) and for 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).
In accordance with legal requirements in Austria, storage is particularly carried out for 7 years in accordance with § 132 para. 1 BAO (accounting documents, receipts/invoices, accounts, receipts, business documents, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years for documents in connection with electronically provided services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU member states for which the Mini-One-Stop-Shop (MOSS) is used.
Administration, accounting, office organization, contact management
Accounting and compliance with legal obligations, such as archiving. Here, we process the same data that we process as part of our contractual services. The legal bases for processing are Art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f. GDPR. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose and our interest in processing lie in the administration, accounting, office organization, archiving of data, i.e. tasks that serve to maintain our business activities, perform our duties and provide our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities.
We disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information about suppliers, organizers and other business partners based on our business interests, for example, for later contact. We generally store these mostly company-related data permanently.
We process applicant data only for the purpose and within the scope of the application process in accordance with the legal requirements. The processing of applicant data is carried out to fulfill our (pre)contractual obligations within the framework of the application process in accordance with Art. 6 (1) lit. b. GDPR and Art. 6 (1) lit. f. GDPR, insofar as the data processing becomes necessary for us, e.g. within the framework of legal proceedings (in Germany, § 26 BDSG also applies).
The application process requires that applicants provide us with their applicant data. The necessary applicant data are marked, if we offer an online form, otherwise they result from the job descriptions, and in principle include the information on the person, postal and contact addresses, and the application documents, such as cover letter, CV.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily disclosed as part of the application process, their processing is additionally carried out in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application process, their processing is additionally carried out in accordance with Art. 9 (2) lit. a GDPR (e.g. health data, if they are necessary for the exercise of the profession).
If provided, applicants can submit their applications to us using an online form on our website. The data is transmitted to us encrypted in accordance with the state of the art.
Applicants can also send us their applications via email. However, please note that emails are generally not sent in encrypted form and applicants themselves must provide encryption. We can therefore take no responsibility for the transmission of the application between the sender and reception on our server and recommend using an online form or sending by post instead. Instead of applying via the online form and email, applicants still have the option of sending us the application by post.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.