This Privacy Policy informs you about the nature, scope and purpose of processing personal data (hereinafter referred to as “Data”) within our online services and the associated websites, functions and contents, as well as external online presences, e.g. our Social Media Profile. (hereinafter referred to jointly as “Online Services”). With respect to the terminology used, e.g. “personal data” or their “processing”, we refer to the definitions in Art. 4 of the EU General Data Protection Regulation (EU-GDPR).

Responsible person:

Name/company name: PrepLounge GmbH
Street No.: Hohenzollernring 26
Postal code, town, country: 50672, Köln, Deutschland
Commercial register/no.: HRB 75534
Managing Director: Ralf Fuhrmann
Telephone number: +49 221 1686 9859
E-mail address: contact@preplounge.com

Data Protection Officer:

Name Nils Riemann
E-mail address: privacy@preplounge.com

Types of processed data:

  • Master data (e.g. names, addresses).
  • Contact data (e.g. e-mail, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Contract data (e.g. contract subject matter, term, customer category).
  • Payment data (e.g. bank account details, payment history).
  • Utilization data (e.g. visited websites, interest in contents, access times).
  • Metadata/communication data (e.g. device information, IP addresses).
  • Optional Application data for the use of recruiting services (e.g. curriculum vitae, certificates, references).

Processing special categories of data (Art. 9 Subsection 1 GDPR):

  • No special categories of data are processed.

Categories of the persons affected by the processing:

  • Customers / interested parties / suppliers.
  • Visitors and users of the online services.

In the following, we will also refer to the data subjects jointly as “Users”.

Purpose of the processing:

  • Provision of the online services, their contents and functions.
  • Provision of contractual performance, service and customer maintenance.
  • Answering of contact inquiries and communication with users.
  • Marketing, advertising and market research.
  • Security measures.

As of: May 8, 2018
  1. Relevant legal foundations

    On the basis of Art. 13 GDPR, we are notifying you about the legal foundations of our data processing. Insofar as the legal foundations are not referred to in the Privacy Policy, the following applies: The legal foundation for obtaining consents is Art. 6 Subsection 1 lit. a and Art. 7 GDPR, the legal foundation for processing in fulfillment of our services and the performance of contractual measures, as well as answering inquiries, is Art. 6 Subsection 1 lit. b GDPR, the legal foundation for processing in fulfillment of our legal obligations is Art. 6 Subsection 1 lit. c GDPR, and the legal foundation for processing for the preservation of our legitimate interests is Art. 6 Subsection 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Subsection 1 lit. d GDPR serves as the legal foundation.

  2. Changes and updates to the Privacy Policy

    We request that you inform yourself about the content of our Privacy Policy on a regular basis. We adapt the Privacy Policy, as soon as the changes to the data processing performed by us make this necessary. We will inform you, as soon as a cooperation action on your part (e.g. consent) or another individual notification becomes necessary.

  3. Security measures

    1. On the basis of Art. 32 GDPR, in consideration of the state-of-the-art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the different probability of occurrence and the seriousness of the risk for the rights and freedoms of natural persons, we will arrange for appropriate technical and organizational measures, in order to guarantee a protection level, which is commensurate with the risk; these measures particularly include the assurance of confidentiality, integrity and availability of data by checking the physical access to the data, as well as the relevant access, the entry, disclosure, assurance of availability and their separation. Furthermore, we have set up procedures, which guarantee the exercising of rights by the data subjects, deletion of data and responding to endangering of the data. Furthermore, we already take the protection of personal data into consideration for the development/selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data-protection-friendly default settings (Art. 25 GDPR).
    2. The security measures particularly include the encrypted transfer of data between your browser and our server.
  4. Cooperation with processors and third parties

    1. Insofar as we disclose data to other persons and companies within the scope of our processing (processors or third parties), send data to these or otherwise grant them access to data, this only occurs on the basis of legal permission (e.g. if sending of the data to third parties, such as payment service providers is required for contract fulfillment in accordance with Art. 6 Subsection 1 lit. b GDPR), if you have consented, a legal obligation prescribes this or on the basis of our legitimate interests (e.g. for the use of authorized representatives, web hosting services etc.).
    2. Insofar as we commission third parties with the processing of data on the basis of a so-called “Data Processing Agreement”, this occurs on the basis of Art. 28 GDPR.
  5. Transmissions to third countries

    Insofar as we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)) or disclose it within the scope of using third-party services or if disclosure/transmission of data occurs to third parties, this only occurs, if it is required for fulfilling our (pre-)contractual duties, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process, or have the data processed, in a third country if the specific preconditions of Art. 44 et seqq. GDPR exist. I.e. the processing occurs, e.g. on the basis of specific guarantees, such as the officially acknowledged establishment of a data protection level corresponding to the EU (e.g. for the USA, by means of the “Privacy Shield”) or the observance of officially recognized specific contractual obligations (so-called “standard contractual clauses”).

  6. Rights of the data subjects

    1. You have the right to request a confirmation about whether relevant data are processed and to receive information about these data, as well as additional information and a copy of the data in accordance with Art. 15 GDPR.
    2. In accordance with Art. 16 GDPR, you have the right to request the completion of the data relating to you or correction of the inaccurate data relating to you.
    3. On the basis of Art. 17 GDPR, you have the right to request that relevant data are deleted immediately, or alternatively, on the basis of Art. 18 GDPR, to request a restriction to the processing of the data.
    4. You have the right to request the receipt of the data relating to you, which you provided to us on the basis of Art. 20 GDPR and request that it be sent to other responsible parties.
    5. Furthermore, in accordance with Art. 77 GDPR, you have the right to file a complaint with the responsible supervisory authority.
  7. Cancellation right

    You have the right to revoke granted consents in accordance with Art. 7 Subsection 3 GDPR with effect for the future.

  8. Right to object

    You may object to the future processing of the data relating to you on the basis of Art. 21 GDPR at any time. The objection may specifically be made against processing for the purpose of direct marketing.

  9. Cookies and the right to object to direct marketing

    We set temporary and permanent cookies, i.e. small files, which are stored on the devices of the users (for an explanation of the definition and the function, please refer to the last section of this Privacy Policy). In part, the cookies have the purpose of security or are required for operating our online services (e.g. for the display of the website) or to store the user decision for the confirmation of the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which the users are informed during the course of the Privacy Policy.

    A general objection to the use of cookies for online marketing purposes may be declared with many of the services, particularly in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies may be reached by switching them off in the browser settings. Please note that in this case, all functions of the online services may no longer be usable.

  10. Deletion of data

    1. The data processed by us are deleted on the basis of Art. 17 and 18 GDPR or their processing can be restricted. Unless expressly stated otherwise within the scope of this Privacy Policy, the data stored with us are deleted as soon as they are no longer required for their designated purpose and the deletion is not opposed by any statutory retention duties. Insofar as the data are not deleted, because they are required for other and legally admissible purposes, their processing is restricted. I.e. the data are stored and not processed for other purposes. This applies e.g. to data, which must be retained for commercial-law or tax-law purposes.
    2. According to legal provisions, the retention specifically occurs for 6 years in accordance with Section 257 Subsection 1 HGB [German Commercial Code] (trading books, annual financial statement, commercial letters, booking vouchers, etc.), as well as for 10 years in accordance with Section 147 Subsection 1 AO [German Fiscal Act] (accounts, records, management reports, booking vouchers, commercial and business letters, documentation relevant to taxation, etc.).
  11. Provision

    1. We process master data (e.g. names and addresses, as well as contact details of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 Subsection 1 lit. b. GDPR. The entries marked as being mandatory in online forms are required for the conclusion of the contract.
    2. The registration as a member requires the storage and processing of various biographical and personal data, e.g. first name, educational status, gender, main course of studies, industry interests, degree studies and higher education institution. Optionally, additional biographical data can be entered, which relate to e.g. the curriculum vitae, interests etc. Within the scope of the registration, the required mandatory details are notified to the users. In the future, this list may be extended with reference to the legal foundations referred to in Point 1. After registration, other users of PrepLounge may view their user profile with the details provided by you and interact with you. Furthermore, curriculum vitae and application data may be sent to PrepLounge GmbH. These may be made available to recruiting companies, only after the user’s consent has been obtained. Other users of PrepLounge cannot view this application data. If users have canceled their user account, their data will be deleted in respect of the user account, unless their retention is necessary for commercial-law or tax-law reasons in accordance with Art. 6 Subsection 1 lit. c GDPR. In the case of a cancelation, the users are responsible for securing their data prior to the end of the contract. We are authorized to irretrievably delete all of the user’s data stored during the term of the contract.
    3. Within the scope of the registration and new logins, as well as the use of these online services, we store the IP address and the time of the respective user action. The storage occurs on the basis of our legitimate interests, as well as those of the users, in respect of protection from misuse and other unauthorized use. Disclosure of these data to third parties does not occur, as a general rule, except if it is required for pursuing our claims or if a legal obligation exists to do so in accordance with Art. 6 Subsection 1 lit. c GDPR.
    4. We process utilization data (e.g. the visited websites of our online services, interest in our products) and content data (e.g., entries in the contact form or user profile) for marketing purposes in a user profile, in order to e.g. display product information for the users, based on their services used so far.
    5. Deletion occurs after the expiration of statutory warranty and comparable duties, the necessity to retain the data is checked every three years; in the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-code (6 years) and tax-law (10 years) retention duty); details in the customer account remain until their deletion.
  12. Making contact

    1. When making contact with us (via contact form, e-mail or telephone), the user’s details are processed to handle the contact request and for its processing in accordance with Art. 6 Subsection 1 lit. b) GDPR.
    2. The user’s details can be stored in our Customer Relationship Management System (“CRM System”) or comparable request organization.
    3. We delete the requests, if they are no longer required. We check the necessity every two years; we permanently store requests from customers, who have a customer account and refer to the details about the customer account with regard to deletion. In the case of statutory archiving duties, the deletion occurs after their expiration (end of commercial-law (6 years) and tax-law (10 years) retention duty).
  13. Comments and contributions

    1. If users leave comments or other contributions, their IP addresses are stored for 14 days on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR.
    2. This occurs for our security, in the event that someone leaves unlawful content in comments and contributions (insults, banned political propaganda, etc.). In this case, we can be claimed upon ourselves for the comment or contribution and are therefore interested in the identity of the author.
    3. Publicly viewable contributions of this type (e.g. within our Consulting Q&As) also remain in place after the termination of a membership/deletion of the user account with PrepLounge. The authorship of such contributions is anonymized by us. Furthermore, we ensure that they no longer contain any personal data.
  14. Akismet anti-spam check

    Our online services use the “Akismet” service, which is offered by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. The use occurs on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f) GDPR. With the assistance of this service, comments from real people are distinguished from spam comments. For this, all comment details are sent to a server in the USA, where they are analyzed and stored for four days, for comparison purposes. If a comment has been classified as spam, the data about this is stored beyond this period of time. These details include the entered name, the e-mail address, the IP address, the comment content, the referrer, details about the browser used and the computer system and the time of the entry.

    Automattic is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).

    More detailed information about the collection and use of data by Akismet can be found in the data protection notices of Automattic: https://automattic.com/privacy/.

    Users may use pseudonyms or omit the entry of their name or e-mail address. You may prevent the transfer of the data entirely by not using our comment system. That would be a pity, but unfortunately, we see no other alternatives, which operate just as effectively. Alternatively, we can be contacted by e-mail at any time.

  15. Collection of access data and logfiles

    1. We collect data on the basis of our legitimate interests within the meaning of Art. 6 Subsection 1 lit. f. GDPR about any access to the server, on which this service is situated (so-called server logfiles). The access data include the name of the accessed website, file, date and time of the access, transferred data volume, message about successful retrieval, browser type and version, the User’s operating system, referrer URL (the previously visited website), IP address and the requesting Provider.
    2. Logfile information is stored for a maximum term of 14 days for security reasons (e.g. to clarify acts of misuse or fraud) and are deleted thereafter. Data, which needs to continue being retained for evidence purposes, are exempted from deletion until final clarification of the respective incident.
  16. Online presences in social media

    1. We maintain online presences within social networks and platforms, in order to communicate with the customers, interested parties and users, who are active there, and inform them about our services. For accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.
    2. Unless specified otherwise within the scope of our Privacy Policy, the data of the users are processed, insofar as they are communicated to us within the social networks and platforms, e.g. writing contributions on our online services or sending us messages.
  17. Cookies & reach measurement

    1. Cookies are items of information, which are transferred from our webserver or third-party webservers to the users’ web browsers and are stored there for retrieval later on. Cookies may be small files or other types of stored information.
    2. We use “session cookies”, which are only filed for the duration of the actual visit to our online presence (e.g. to store your login status or the shopping basket configuration and therefore make the use of our online services possible at all). In a session cookie, a randomly generated unique identification number is filed, a so-called session ID. Furthermore, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted, if they are no longer required.
    3. The users are informed about the use of cookies within the scope of pseudonymous reach measurement, within the scope of this Privacy Policy.
    4. If the users do not want cookies to be stored on their computer, they are requested to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies can lead to functional restrictions of these online services.
    5. You can object to the use of cookies, which have the purpose of reach measurement and marketing, using the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  18. Google Analytics

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information created by the cookie concerning the use of the online services by the user is generally transmitted to a Google server in the USA, where it is stored.
    2. Google is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id= a2zt000000001L5AAI&status =Active).
    3. Google will use this information on our behalf, to evaluate the use of our online services by the users, to produce reports concerning the activities within the online services and to produce additional services associated with the use of these online services and the Internet for us. Pseudonymous utilization profiles of the users can be created from the processed data.
    4. We use Google Analytics in order to display the advertisements placed by Google and its partners within marketing services only to those users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Google (so-called “Remarketing”, or “Google Analytics Audiences”). With the assistance of the Remarketing Audiences, we also intend to ensure that our advertisements match the potential interest of the users and are not annoying for them.
    5. We only use Google Analytics with activated IP anonymization. However, in the case of activation of IP anonymization on this website, your IP address will be previously abbreviated by Google within Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases.
    6. The IP address sent by the user’s browser within the context of Google Analytics will not be combined with other data of Google. The users can prevent the storage of the cookies with an appropriate setting in their browser software; furthermore, the users can prevent the recording of the data generated by the cookie and their use of the online services to Google, as well as the processing of these data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
    7. Additional information about use of data by Google, setting and objection options is available on the Google website: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners' sites or apps”), https://policies.google.com/technologies/ads (“Use of data for marketing purposes”), https://adssettings.google.com/authenticated (“Managing information that Google uses for displaying advertising to you”).
  19. Google Re/Marketing Services

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use the Marketing and Remarketing Services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
    2. Google is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
    3. The Google Marketing Services allow us to display advertising for and on our website in a more targeted manner, in order to present users only with advertisements, which potentially match their interests. If advertisements are e.g. displayed for products, for which the user has shown an interest on other websites, this is referred to as “Remarketing”. For this purpose, when accessing our website and others, on which Google Marketing Services are active, a Google code is directly executed by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With the aid of these, an individual cookie is stored on the users’ device, i.e. a small file (comparable technologies may also be used, instead of cookies). The cookies may be set by various domains, among others, by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file, it is noted which websites the user visits, which contents he has shown an interest in and which offers he has clicked on, furthermore, technical information about the browser and operating system, linking websites, visit time and other details about the use of the online services. The IP address of the user is also recorded, whereby, within the scope of Google Analytics, we inform you that the IP is abbreviated within the Member States of the European Union or in other Member States, which are parties to the Agreement on the European Economic Area and are only transferred in full to a server of Google in the USA and abbreviated there in exceptional cases. The IP address is not combined with data of the user within other Google services. The information referred to above may also be linked by Google with such information from other sources. If the user subsequently visits other websites, customized advertisements, which match his interests, may be displayed to him.
    4. The users’ data are processed within the scope of the Google Marketing Services pseudonym. I.e. Google does not store and process e.g. the name of e-mail address of the user, but processes the relevant data on the basis of cookies within pseudonymous user profiles. I.e. from Google’s point of view, the advertisements are not managed and displayed for a concretely identified person, but for the cookie-holder, regardless of who this cookie-holder is. This does not apply, if a Google user has expressly allowed the data to be processed without this pseudonymization. The information collected by Google Marketing Services about the users are sent to Google and store on Google’s servers in the USA.
    5. The Google Marketing Services, which we use, include, inter alia, the “Google AdWords” online marketing program. In the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the cookie have the purpose of creating conversion statistics for AdWords customers, who have chosen conversion tracking. The AdWords customers find out the total number of users, who have clicked on their advertisement and have been forwarded to a website with a conversion tracking tag. However, they do not receive any information, with which users can be personally identified.
    6. On the basis of the Google Marketing Services, we can integrate third-party “DoubleClick” advertisements. DoubleClick uses cookies, with which Google and its partner websites are enabled to place advertisements on the basis of visits by users to this website/other websites on the Internet.
    7. On the basis of the Google Marketing Services, we can integrate third-party “AdSense” advertisements. AdSense uses cookies, with which Google and its partner websites are enabled to place advertisements on the basis of visits by users to this website/other websites on the Internet.
    8. We can also use the “Google Optimizer” service. Within the scope of so-called ”A/B Testing”, Google Optimizer allows us to trace what effect various changes to a website have (e.g. changes to the input fields, the design, etc.). For these test purposes, cookies are filed on the users’ devices. Only pseudonymized user data are processed for this.
    9. Furthermore, we can use the “Google Tag Manager” in order to integrate the Google Analysis and Marketing Services into our website and manage them.
    10. Further information about data use for marketing purposes by Google is available on the overview page: https://policies.google.com/technologies/ads, the Privacy Policy of Google is accessible at https://policies.google.com/privacy.
    11. If you would like to object to interest-related advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
  20. Facebook, Custom Audiences and Facebook Marketing Services

    1. Within our online services, on the basis of our legitimate interests in analysis, optimization and commercial operation of our online services and for these purposes, the so-called “Facebook Pixel” of the Facebook social network is used, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are domiciled in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
    2. Facebook is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    3. Using the Facebook Pixel, it is possible for Facebook to determine the visitors to our online services as a target group for the display of advertisements (so-called “Facebook Ads”. Accordingly, we use the Facebook Pixel display Facebook Ads, which we have placed, only to those Facebook users, who also have shown an interest in our online services or show specific characteristics (e.g. interests in specific topics or products, which are determined on the basis of the visited websites), which we send to Facebook (so-called “Custom Audiences”). With the assistance of the Facebook Pixel, we also intend to ensure that our Facebook Ads match the potential interest of the users and are not annoying for them. With the assistance of the Facebook Pixel, we can also trace the effectiveness of the Facebook advertisements for statistical and marketing purposes, by seeing whether users are forwarded to our website after clicking on a Facebook advertisement (so-called “conversion”).
    4. Furthermore, for the use of the Facebook Pixel, we use the additional “extended comparison” function (data, such as telephone numbers, e-mail addresses or Facebook IDS of the users) are used to form target groups (“custom audiences” or “look-alike audiences”), which are sent to Facebook (encrypted)). Additional information about the “extended comparison”: https://www.facebook.com/business/help/611774685654668).
    5. We also use the “Custom Audiences from File” procedure of the social network Facebook, Inc. In this case, the e-mail addresses of the newsletter recipients are uploaded at Facebook. The upload procedure occurs in an encrypted form. The upload is exclusively for the purpose of determining recipients of our Facebook advertisements. With this, we intend to ensure that the advertisements are only displayed to users, who have an interest in our information and services.
    6. The processing of data by Facebook occurs within the scope of Facebook’s Data Utilization Policy. Accordingly, general information about the display of Facebook Ads, in the Data Utilization Policy of Facebook: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and its functionality are available in the help section of Facebook: https://www.facebook.com/business/help/651294705016616.
    7. You can object to the recording by the Facebook Pixel and the use of your data for displaying Facebook Ads. In order to set which types of advertisements are displayed to you within Facebook, you can access the site set up by Facebook and follow the instructions there for use-based advertising: https://www.facebook.com/settings?tab=ads. The settings occur platform-independently, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
    8. In order to prevent the recording of your data using the Facebook Pixel on our website, please click on the following link: Facebook-Opt-Out Note: If you click on the link, an “opt-out” cookie will be stored on your device. If you delete the cookies in this browser, you need to click on the link again. Furthermore, the opt-out only applies within the browser used by you and only within our web domain, on which the link was clicked on.
    9. You can also object to the use of cookies, which have the purpose of reach measurement and marketing using the deactivation site of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
  21. Facebook social plugins

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use social plugins (“plugins”) of the facebook.com social network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can represent interaction elements or content (e.g. videos, graphics or text contributions) and are identifiable by one of the Facebook logos (white “f” on a blue tile, the terms “like” or a “thumb-up” symbol) or are marked with the endorsement “Facebook Social Plugin”. The list and the appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
    2. Facebook is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
    3. If a user opens a function of these online services, which contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is sent directly by Facebook to the device of the user and is integrated by it into the online services. Utilization profiles of the users can be created from the processed data. Therefore, we have no influence on the scope of the data, which Facebook collects using this plugin and therefore informs the user in accordance with our state of knowledge.
    4. Through the integration of the plugins, Facebook receives the information that a user has accessed the relevant page of the online services. If the user is logged into Facebook, Facebook can associate the visit with his Facebook account. If users interact with the plugins, for example, use the Like button or submit a comment, the corresponding information is sent by your device directly to Facebook, where it is stored. If a user is not a member of Facebook, the opportunity nevertheless exists for Facebook to find out and store his IP access. According to Facebook, only an anonymized IP address is stored in Germany.
    5. The purpose and scope of data collection and the further processing and used of the data by Facebook, as well as the relevant rights and setting options for the protection of the users’ privacy, can refer to the Privacy Policy of Facebook: https://www.facebook.com/about/privacy/.
    6. If a user is a member of Facebook and would not like Facebook to collect data about him through these online services and link it with his stored Facebook membership data, prior to using our online services, he must log out of Facebook and delete his cookies. Additional settings and objections to the use of data for marketing purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or using the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. The settings occur independently of the platform, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
  22. Amazon partner program

    1. On the basis of our legitimate interests (i.e. interests in the commercial operation of our online services within the meaning of Art. 6 Subsection lit. f. GDPR), we are participants in the partner program of Amazon EU, which has been designed in order to provide a medium by which advertising cost refunds can be earned with the placement of advertisements and links to Amazon.de. Amazon uses cookies, in order to trace the origin of the orders. Among other things, Amazon can identify that you have clicked the partner link on this website.
    2. You can obtain additional information about the use of data by Amazon in the Privacy Policy of the company: https://www.amazon.de/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&language=en_GB&nodeId=3312401.
  23. Newsletter

    1. With the following details, we are informing you about the contents of our newsletter, as well as the registration, delivery and statistical evaluation procedure and your objection rights. By subscribing to our newsletter, you are declaring your consent to the receipt and the described procedures.
    2. Content of the newsletter: We only send newsletters, e-mails and additional electronic messages with marketing information (hereinafter referred to as “newsletter”) with the consent of the recipient or legal permission. Our newsletters contain for example information about new cases, exciting jobs, relevant events and selected employers. Insofar as its contents are concretely described within the scope of registration, they are decisive for the consent of the users. Furthermore, our newsletters contain information about our products, offers, campaigns and our company.
    3. Verification and logging: Successful registration for our newsletter only takes place if the e-mail address of the recipient has been verified beforehand. I.e. after the registration, you receive an e-mail, in which you are requested to confirm your registration. This confirmation is necessary, so that no one can login with third-party e-mail addresses. The registrations for the newsletter are logged, in order to verify the registration process in accordance with the legal requirements. This includes storing the time of registration and the time of confirmation, as well as the abbreviated IP address. The changes to your data stored with the E-mail Service Provider are also logged.
    4. E-mail Service Provider: The delivery of the newsletter occurs using Mailjet GmbH, Rankestr. 21, 10789 Berlin, hereinafter referred to as “E-mail Service Provider”. The Privacy Policy of the E-mail Service Provider can be viewed here: https://www.mailjet.com/privacy-policy/.
    5. Furthermore, according to its own information, the E-mail Service Provider may use these data in a pseudonymized form, i.e. without allocation to a user, for optimization or improvement of its own services, e.g. for technical optimization of the delivery and the display of the newsletter or for statistical purposes, in order to determine which countries the recipients come from. However, the E-mail Service Provider does not use the data of our newsletter recipients, in order to write to them itself or disclose the data to third parties.
    6. Success measurement – the newsletters contain a so-called “web beacon”, i.e. a pixel-sized file, which is retrieved by the E-mail Service Provider’s server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval, is collected. This information is used for the technical improvement of the service on the basis of the technical data or the target groups and their reading behavior on the basis of their retrieval locations (which can be determined using the IP address) or the access times. For the statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it is neither our aim or that of the E-mail Service Provider, to monitor individual users. In fact, the purpose of the evaluations is for us to identify the reading habits of our users and to adapt our contents to them or send different contents in accordance with the interests of our users.
    7. The delivery of the newsletter and the success measurement occur on the basis of a consent from the recipient in accordance with Art. 6 Subsection 1 lit. a, Art. 7 GDPR in conjunction with Section 7 Subsection 2 No. 3 UWG [German Fair Trade Practices Act] or on the basis of legal permission in accordance with Section 7 Subsection 3 UWG.
    8. The logging of the registration procedure occurs on the basis of our legitimate interests in accordance with Art. 6 Subsection 1 lit. f GDPR and serves to verify the consent in the receipt of the newsletter.
    9. Cancellation/revocation – You may cancel the receipt of our newsletter at any time, i.e. revoke your consents. You can find a link to cancel the newsletter at the end of every newsletter.
  24. Integration of services and third-party contents

    1. Within our online services, on the basis of our legitimate interests (i.e. interest in the analysis, optimization and commercial operation of our online services within the meaning of Art. 6 Subsection 1 lit. f. GDPR), we use content or services of third-party providers, in order to integrate their content and services, e.g. videos or fonts (hereinafter uniformly referred to as “contents”). This always presupposes that the third-party providers of these contents perceive the IT address of the users, as they could not send the contents to their browser without the IP address. Therefore, the IP address is required for the presentation of these contents. We endeavor to only use such contents, whose respective providers only use the IP address for delivering the contents. Furthermore, third-party providers can also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. With the “pixel tags”, information can be evaluated, such as the visitor traffic on the pages of these websites. The pseudonymized information can furthermore be stored in cookies on the device of the user and, among other things, contain technical information about websites linking to the browser and operating system, visit time and other details about the use of our online services, as well as being associated with such information from other sources.
    2. The following description provides an overview of third-party providers and their contents, in addition to links to their data protection policies, which contain additional information about processing data and, partly objection opportunities already referred to here (so-called opt-out):
      • If our customers use the payment services of third parties (e.g. PayPal or Sofort), the terms and conditions and data protection policies of the respective third-party providers apply, which are retrievable within the respective websites or transaction applications.
      • External fonts of Google, LLC., https://www.google.com/fonts (“Google Fonts”). The integration of Google Fonts occurs by accessing a server at Google (as a rule, in the USA). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
      • Maps of the “Google Maps” services of the third-party provider, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
      • Videos of the “YouTube” services of the third-party provider, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
      • Functions of the Google+ service are integrated within our online services. These functions are offered by the third-party provider, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link to the contents of our website with your Google+ profile by clicking the Google+ button. This way, Google can allocate your visit to our website to your user account. We point out that as a vendor of the website, we receive no knowledge about the content of the data sent or their use by Google+. Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
      • Functions of the Instagram service are integrated within our online services. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link to the contents of our website with your Instagram profile by clicking the Instagram button. This way, Instagram can allocate your visit to our website to your user account. We point out that as a vendor of the website, we receive no knowledge about the content of the data sent or their use by Instagram. Privacy Policy: http://instagram.com/about/legal/privacy/.
      • Within our online services, we use the marketing functions (so-called “LinkedIn Insight Tag”) of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our web pages is accessed, which contains LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. With the assistance of the LinkedIn Insight Tag, we can specifically analyze the success of our campaign within LinkedIn or determine target groups for this on the basis of the interaction of the users with our online services. If you are registered with LinkedIn, it is possible for LinkedIn to allocate your interaction with our online services to your user account. Also, if you click on the “Recommend Button” of LinkedIn and are logged into your account with LinkedIn, it is possible for LinkedIn to allocate your visit to our website to you and your user account. LinkedIn is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
      • Within our online services, functions of the service or the Twitter platform can be integrated (hereinafter referred to as “Twitter”). Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions are comprised of the display of our contributions within Twitter, within our online services, linking to our profile with Twitter and the option to interact with the contributions and functions of Twitter, as well as measuring whether users reach our online services through the advertisements, which we have placed with Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with the European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization.
      • We use functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our web pages is accessed, which contains Xing functions, a connection is established to Xing servers. Storage of personal data does not occur during the course of this, as far as we are aware. In particular, IP addresses are not stored and user behavior is not evaluated. Privacy Policy: https://www.xing.com/app/share?op=data_protection.
      • Web analysis and optimization with the assistance of the Hotjar service, the third-party provider, Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. With Hotjar, movements on the websites can be traced, on which Hotjar is used (so-called heatmaps). For example, it is identifiable, how far users scroll and which buttons the users click on and how frequently. Furthermore, technical data, such as the selected language, system, monitor resolution and browser type, are recorded. At least temporarily during the visit, user profiles of the users can be created during the course of this. Furthermore, using Hotjar, it is also possible to obtain feedback directly from the users of the website. In this way, we obtain valuable information, in order to make our website even faster and more customer-friendly. Privacy Policy: https://www.hotjar.com/privacy. Opt-out: https://www.hotjar.com/opt-out.