This privacy policy applies to the following processes:
Websites,
External sites (social media),
Applicant management
We take the protection of your personal data and the legal obligations
serving this protection very seriously. Legal requirements demand
comprehensive transparency regarding the processing of personal data.
Only if you are sufficiently informed about the purpose, type, and scope
of the processing can the processing be comprehensible to you as the
data subject.
The controller within the meaning of the General Data Protection
Regulation (GDPR) is
0x101 Cyber Security (UG Haftungsbeschränkt)
Burggasse 3c,
50171 Kerpen
Germany
Email: support@netlockrmm.com
Hereinafter referred to as “controller” or “we.”
Information on joint controllers can be found under “Information on
joint controllers.”
A data protection officer has not been appointed.
The terms used in this privacy policy (e.g., data categories, purposes
and legitimate interests, as well as terms from the GDPR) are explained
in the “Definition of terms” section.
We only process personal data to the extent permitted by law. Personal
data will only be disclosed in the cases described below. Personal data
is protected by appropriate technical and organizational measures (e.g.,
pseudonymization, encryption).
Unless we are legally obliged to store or disclose data to third parties
(in particular law enforcement authorities), the decision as to which
personal data we process, for how long, and to what extent we disclose
it, depends on the purpose for which we process your data and which of
our services you use in each individual case.
Personal data will be deleted as soon as the purpose of processing no
longer applies or another reason for deletion pursuant to Art. 17 (1)
GDPR applies (e.g., you have revoked your consent). In exceptional
cases, we may continue to process your personal data if an exception to
the obligation to erase applies, in particular in accordance with Art.
17 (3) GDPR or another law (e.g., if there is a legal obligation to
store the data).
Processing activities based on consent: We will store data processed on
the basis of your consent until you revoke your consent. After any
revocation, we will store the data for a period of three years as proof
of the consent previously given.
Personal data that we process in the context of a job application (see
below) will be stored for a period of six months after completion of the
application process.
Insofar as we are required to provide information about the storage
period for cookies and similar technologies that require consent, you
will find this information in our consent tool.
Storage period with regard to data subject requests: After processing is
complete, we will store and retain the data relating to your request in
accordance with the applicable provisions. This is done for a period of
three years to provide evidence of the implementation of the data
subject request.
Automated individual decision-making, including profiling, does not take
place.
As a data subject, you have the right to information under Art. 15 GDPR,
the right to rectification under Art. 16 GDPR, the right to erasure
under Art. 17 GDPR, the right to restriction of processing under Art. 18
GDPR, and the right to data portability under Art. 20 GDPR. You have the
right to lodge a complaint with a data protection supervisory authority
(Article 77 GDPR). The data protection supervisory authority responsible
for us is:
**State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia **
Kavalleriestr. 2, 440213 Düsseldorf, Germany
However, you are free to lodge a complaint with another data protection
supervisory authority.
We will notify all recipients to whom your personal data has been
disclosed of any rectification or erasure of your personal data or any
restriction of processing pursuant to Art. 16, Art. 17 (1) and Art. 18
GDPR, unless such notification is impossible or involves
disproportionate effort. We will inform you of the recipients if you
request this.
Unless otherwise stated in the information on the legal basis, you are
not obliged to provide personal data. If we base the processing on Art.
6 (1) sentence 1 letter b GDPR, your personal data is required for the
performance of a contract or for the conclusion of a contract. If you do
not provide the personal data, it will not be possible to fulfill the
contract or conclude the contract. If you do not provide the data in the
cases of Art. 6 (1) sentence 1 letter a, f GDPR, it will not be possible
to use the offers affected by this.
Data transfers to third countries outside the European Union (EU) and
the European Economic Area (EEA) are only permitted in compliance with
the special provisions of Art. 44 ff. GDPR. If your personal data is
processed in such a way that it is transferred to a third country, we
will indicate the third country transfer and the basis for the transfer
below.
General information on the basis for transfers:
If the transfer is based on an exception under Art. 49 GDPR, you
will find the details at the respective point.
If the transfer is based on an adequacy decision within the
meaning of Art. 45 GDPR, you will find an overview of the adequacy
decisions here: Overview of adequacy decisions
If the transfer is based on the EU Commission’s standard data
protection clauses within the meaning of Art. 46 (2) © GDPR, you
will find the EU Commission’s Implementing Decision 2021/914, which
contains the contractual clauses, here: EU Commission’s standard
data protection clauses
If the transfer is based on binding corporate rules (BCR) within
the meaning of Art. 46 (2) (b) GDPR, you can find an overview of the
published BCR here: Overview of binding corporate rules
Pursuant to Art. 21 (1) GDPR, you have the right to object at any time
to the processing of personal data concerning you on grounds relating to
your particular situation, if the processing is based on Art. 6 (1)
sentence 1 letter e or f GDPR. This also applies to profiling based on
these provisions. If personal data is processed for direct marketing
purposes, you have the right, pursuant to Art. 21 (2) GDPR, to object at
any time to the processing of your personal data for such purposes; this
also applies to profiling insofar as it is related to such direct
marketing. The objection can be made informally and should be addressed
to the contact details above.
In accordance with Art. 7 (3) sentence 1 GDPR, you have the right to
revoke your consent(s) at any time with effect for the future in an
informal manner (e.g. by post or email). The lawfulness of the
processing carried out on the basis of the consent(s) until revocation
remains unaffected by this. Upon your revocation, we will delete the
personal data processed on the basis of the consent(s) if there is no
other legal basis for their processing. The revocation can be made
informally and should be addressed to the contact details above.
The privacy policy provides you with information about data processing
based on the provisions of the GDPR and, where applicable, the BDSG. If
the provisions of the TDDDG are relevant to individual circumstances,
you will find the relevant information in the usercentrics consent
tool and in the cookie policy. This also applies to information on the
storage or reading of data on your device.
The use of the website(s) and its functions regularly requires the
processing of personal data. Unless otherwise indicated, the following
statements apply to all websites that we operate and that refer to this
data protection information.
Please note that links on our website may take you to other websites
that are not operated by us but by third parties. Such links are either
clearly marked by us or can be recognized by a change in the address
line of your browser. We are not responsible for compliance with data
protection regulations and the secure handling of your personal data on
these websites operated by third parties.
Provision of the website
Purpose of processing: Information security and advertising and
personalized marketing measures
Legal basis: Art. 6 (1) sentence 1 letter f GDPR (balancing of
interests)
Legitimate interests: Operation, integrity, and security of digital
products, promotion of sales activities, design, operation, and
availability of digital products, customer acquisition, customer
retention, customer recovery
Data categories: Usage data and connection data
Recipients of the data: (IT) service providers
Intended transfer to third countries: No transfer to third countries
is intended.
Establishing contact
Purpose of processing: User, prospect, and/or customer support
Legal basis: Art. 6 (1) sentence 1 letter b GDPR (pre-contractual
measures/performance of a contract) and Art. 6 (1) sentence 1 letter f
GDPR (balancing of interests)
Legitimate interests: Integration of desired or necessary
functionalities, promotion of sales activities, promotion of economic
interests and customer acquisition, customer loyalty, customer recovery
Data categories: Content data, contact data, usage data, and master
data
Recipients of the data: (IT) service providers
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s))
Newsletter
Purpose of processing: User, prospect, and/or customer support,
advertising, and personalized marketing measures
Legal basis: Art. 6(1)(a) GDPR (consent) and Art. 6(1)(f) GDPR
(balancing of interests)
Legitimate interests: Promotion of sales activities, promotion of
economic interests, customer acquisition, customer retention, customer
recovery, advertising, image improvement, market and opinion research.
Data categories: Contact details, master data, and connection data.
Recipients of the data: (IT) service providers.
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s) and standard data
protection clauses of the EU Commission)
Online shop
Purpose of processing: Order fulfillment and contract management,
advertising, and personalized marketing measures
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures/performance
of a contract) and Art. 6(1)(f) GDPR (balancing of interests)
Legitimate interests: Operation, integrity, and security of digital
products, promotion of sales activities, promotion of economic
interests, design, operation, and availability of digital products,
customer acquisition, customer retention, customer recovery
Data categories: Content data, contact data, usage data, master
data, connection data, and, if applicable, payment data.
Recipients of the data: (IT) service providers.
Intended transfer to third countries: No transfer to third countries
is intended.
Payment services
Purpose of processing: Order fulfillment and contract management
Legal basis: Art. 6 (1) sentence 1 letter b GDPR (pre-contractual
measures/fulfillment of a contract) and Art. 6 (1) sentence 1 letter f
GDPR (balancing of interests)
Legitimate interests: Integration of desired or necessary
functionalities and prevention of criminal offenses, administrative
offenses, and other harmful actions
Data categories: Content data, contact data, master data, connection
data, and payment data
Recipients of the data: Banks and other financial service providers
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s) and standard data
protection clauses of the EU Commission)
Consent management
Purpose of processing: Information security, legal matters, and
compliance measures
Legal basis: Art. 6(1)© GDPR (legal obligation) and Art. 6(1)(f)
GDPR (balancing of interests)
Legitimate interests: Prevention of criminal offenses,
administrative offenses, and other harmful acts
Data categories: Content data, usage data, and connection data
Recipients of the data: (IT) service providers
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s) and standard data
protection clauses of the EU Commission)
Customer account
Purpose of processing: Order fulfillment and contract management,
user, prospect, and/or customer support, advertising, and personalized
marketing measures
Legal basis: Art. 6 (1) sentence 1 letter a GDPR (consent)
Data categories: Content data, contact data, master data, connection
data, and payment data
Recipients of the data: (IT) service providers
Intended transfer to third countries: No transfer to third countries
is intended.
Request for advertising material
Purpose of processing: User, prospect, and/or customer support and
advertising and personalized marketing measures
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures/performance
of a contract) and Art. 6(1)(f) GDPR (balancing of interests)
Legitimate interests: Promotion of sales activities, promotion of
economic interests, customer acquisition, customer retention, customer
recovery, advertising, image improvement, market and opinion research.
Data categories: Content data, contact data, and master data.
Recipients of the data: (IT) service providers.
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s))
Analysis and performance measurement
Purpose of processing: Analysis and performance measurement as well
as optimization of products and/or services and advertising and
personalized marketing measures
Legal basis: Art. 6 (1) sentence 1 letter f GDPR (balancing of
interests)
Legitimate interests: Analysis and optimization of our own offers,
services, and advertising measures, promotion of sales activities,
promotion of economic interests and advertising and image improvement,
market and opinion research.
Data categories: Content data, usage data, and connection data.
Recipients of the data: (IT) service providers.
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Standard data protection clauses of the
EU Commission and adequacy decision(s))
Applicant management
Purpose of processing: Applicant management
Legal basis: Art. 6 para. 1 sentence 1 letter b GDPR
(pre-contractual measures/performance of a contract)
Data categories: Applicant and employee data and contact details
Recipients of the data: (IT) service providers
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Adequacy decision(s))
LinkedIn (profile)
Purpose of processing: Advertising and personalized marketing
measures, analysis and performance measurement, and optimization of
products and/or services
Legal basis: Art. 6 (1) sentence 1 letter f GDPR
Legitimate interests: Design, operation, and availability of digital
products, advertising and image enhancement, market and opinion
research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage
data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (LinkedIn
Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”))
Intended transfer to third countries: In individual cases, data is
transferred to third countries. (Standard data protection clauses and
adequacy decisions)
YouTube Channel
Purpose of processing: Advertising and personalized marketing
measures, analysis and performance measurement, and optimization of
products and/or services.
Legal basis: Art. 6 (1) sentence 1 letter f GDPR.
Legitimate interests: Design, operation, and availability of
digital products, advertising and image enhancement, market and opinion
research, customer acquisition, customer retention, customer recovery.
Data categories: Master data, contact data, content data, usage
data, connection data, and, if applicable, location data.
Recipients of the data: Platform operators and media (Google
Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland
(“Google”)).
Intended transfer to third countries: In individual cases, data is
transferred to third countries.
(Standard data protection clauses and adequacy decisions)
Docker Hub profile page
Purpose of processing: Advertising and personalized marketing
measures, analysis and performance measurement, user, prospect, and/or
customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital
products, advertising and image enhancement, market and opinion
research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage
data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (Docker, Inc.,
3790 El Camino Real # 1052, Palo Alto, CA 94306 (“Docker Hub”))
Intended transfer to third countries: In individual cases, data is
transferred to third countries.
(Standard data protection clauses)
GitHub Channel
Purpose of processing: Advertising and personalized marketing
measures, analysis and performance measurement, user, prospect, and/or
customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital
products, advertising and image enhancement, market and opinion
research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage
data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (GitHub B.V
Prins Bernhardplein 200, Amsterdam 1097JB, Netherlands or GitHub, Inc.
88 Colin P. Kelly Jr. St. San Francisco, CA 94107 United States
(“GitHub”))
Intended transfer to third countries: In individual cases, data is
transferred to third countries.
(Standard data protection clauses and adequacy decisions)
Discord Server
Purpose of processing: Advertising and personalized marketing
measures, analysis and performance measurement, user, prospect, and/or
customer support, and optimization of products and/or services
Legal basis: Art. 6(1)(f) GDPR
Legitimate interests: Design, operation, and availability of digital
products, advertising and image enhancement, market and opinion
research, customer acquisition, customer retention, customer recovery
Data categories: Master data, contact data, content data, usage
data, connection data, and, if applicable, location data
Recipients of the data: Platform operators and media (Discord
Netherlands BV, Schiphol Boulevard 195, 1118 BG Schiphol, Netherlands,
or Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA
(“Discord”))
Intended transfer to third countries: In individual cases, data is
transferred to third countries.
(Standard data protection clauses and adequacy decisions
In the cases listed below, we are joint controllers within the meaning
of Articles 4(7) and 26 GDPR. You are free to contact any of the joint
controllers directly with your request. Depending on the specific
agreement on data subject rights with the other controller, we will
forward your request to the other controller.
Operation of the LinkedIn page(s):
In the context of operating our LinkedIn page, we are jointly
responsible with LinkedIn Ireland Unlimited Company, Wilton Place,
Dublin 2, Ireland.
The essence of the agreement can be found here:
https://legal.linkedin.com/pages-joint-controller-addendum
LinkedIn is responsible for implementing your rights as a data
subject. LinkedIn will inform you about your rights as a data subject
at: https://www.linkedin.com/legal/privacy-policy
The terms used in this privacy policy (e.g., data categories, purposes
and legitimate interests, as well as terms from the GDPR) are explained
in the “Definitions” section.
From the GDPR
This privacy policy uses the terms from the text of the GDPR. The
definitions (Art. 4 GDPR) can be found, for example, at
eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679. The
definition of health data can be found in Art. 4 No. 15 GDPR. If
other special categories of personal data are processed, you will find
explanations in Articles 4 and 9(1) GDPR. If the data processed is
personal data relating to criminal convictions and offenses, you
will find information on this in Article 10 GDPR.
Additional definitions
Data categories
When we specify the categories of data processed, this refers in
particular to the following data:
Master data (e.g., names, addresses, dates of birth)
Contact details (e.g., email addresses, telephone numbers,
messenger services)
Content data (e.g., text entries, photographs, videos, contents
of documents/files)
Contract data (e.g., subject matter of the contract, terms,
customer category)
Payment data (e.g., bank details, payment history, use of other
payment service providers)
Usage data (e.g., history on our website, use of certain
content, access times, contact or order history)
Connection data (e.g., device information, IP addresses, URL
referrers)
Location data (e.g., GPS data, IP geolocation, access points)
Diagnostic data (e.g., crash logs, website/app performance data,
other technical data for analyzing malfunctions and errors)
Applicant and employee data (e.g., employment history, working
hours, vacation time, periods of incapacity to work, appraisals,
training and further education, social data, bank details, social
security number, health insurance/ health insurance number, salary
expectations and salary data, tax identification number,
certificates and documents, working hours, public offices held,
social security data, data on occupational integration management)
The data categories listed above may constitute social data within
the meaning of Section 67 (2) SGB X.
Purposes of data processing
In the following sections, we list the purposes pursued as categories of
purposes for the sake of clarity and readability.
In some cases, there may be overlaps with our “legitimate interests”
(see definitions below). This is in the nature of things.
Unless otherwise specified, the purposes are to be understood as
follows:
Advertising and personalized marketing measures: This includes,
for example, the launch of public and, where applicable,
restricted-access websites, apps, and/or external pages for general
information about our products/services (e.g., general website about
our company, press pages, social media pages), personalized
communication with users, interested parties, and/or customers
(e.g., newsletters), display of (personalized) recommendations and
advertising measures (e.g., personalized newsletters, display of
advertising on other websites, search engines, social media pages,
and/or apps, as well as in advertising networks in general), Merging
and linking data (possibly involving other parties such as
publishers in advertising networks) to ensure commission claims for
advertising material.
Security and emergency management: all processes that serve to
ensure compliance with the relevant safety requirements and the
prevention and/or handling of accidents and emergencies in the
respective context are recorded, such as access controls, video
surveillance, logging, evacuation, rescue of persons, and damage
limitation.
Analysis and performance measurement as well as optimization of
products and/or services: Includes, for example, opinion polls and
voting, comparative tests (so-called A/B testing), analysis and
(usually aggregated) evaluation of user, prospect, and/or customer
behavior in the online and/or offline area (e.g., through click
paths, mouse movements, and heat maps), analysis and evaluation of
the success of general and, where applicable, personalized marketing
measures, and the needs-based design of our (digital) products and
services based on the analyzed demand and/or usage behavior.
Order fulfillment and contract management: This includes all
processing operations necessary to fulfill the relevant
orders/contracts, such as the processing of master and contact data
to fulfill customer orders, payment processing, including any
necessary transfer of data to payment service providers, the
processing of returns, and license verification.
Operation and further development of internal IT systems: This
includes, among other things, user management, authentication, and
technical logging, as well as IT support and the further development
and adaptation of systems and the associated processing of personal
data. This applies regardless of whether the IT systems are operated
by the controller itself or by a service provider (processor).
Applicant management: This includes personnel marketing and
processes related to the initiation of employment, such as
processing applications (digital and analog), communicating with
applicants, conducting interviews, assessment center procedures and
trial work, setting up talent pools, and documenting the outcome of
applications.
Business partner management: This covers all processes that
serve to analyze and select suitable business partners and to
maintain existing business relationships.
Warranty, guarantee, goodwill, and general service: This
includes, in particular, the handling of warranty, guarantee, and
goodwill cases, as well as any information on updates, improvements,
and recalls.
Identity and/or credit checks: The purpose of processing is to
verify the identity of the data subject, if this is necessary for
the respective transaction, and/or to check the creditworthiness
and/or solvency of a prospective customer or contractual partner.
Information security: This covers processing operations that
serve to protect against threats and secure IT systems, as well as
to achieve the protection goals of confidentiality, availability,
and integrity of data, systems, and processes (e.g., distinguishing
between human and bot access, detecting and defending against
unauthorized access, security-related analysis of the use of digital
products and services).
Logistics and fleet management: Includes, among other things,
the planning, management, and control of our logistics, including
external logistics service providers, and the administration of our
vehicle fleet, including the fulfillment of legal obligations
User, prospect, and/or customer support: Includes, for example,
contact forms, chat systems including chat bots and callback
options, and generally the processing of various inquiries (e.g.,
advice, service, complaints).
Human resources and personnel management: This includes all
processes related to employment or processes that are closely
related to employment, such as onboarding, personnel administration,
fulfillment of employer obligations, personnel development including
training and further education, voluntary employer benefits,
personnel planning and controlling, occupational health management,
occupational social counseling, occupational co-determination,
measures for termination of employment, investigative and
disciplinary measures, and offboarding.
Project management, including collaboration on projects:
Coordination and implementation of projects, project planning,
project schedule management, exchange of information within the
scope of projects, collaboration within the scope of projects
Legal matters and compliance measures: Includes, for example,
the assertion, exercise, and enforcement of legal claims and
procedures for compliance with legal requirements (e.g., in the
context of data protection consent management) and for the
prevention and/or investigation and prosecution of legal violations.
Event management: All processes necessary for the implementation
of offline and online events are recorded (e.g., registration,
participant management, implementation of the event, processing of
personal preferences and needs, data processing in the context of
video conferences and/or instant messaging services), photo, audio,
and/or video documentation of events, issuance of participation
certificates.
Administration: This covers processes that primarily involve
basic functions of business operations, such as communication,
accounting, invoicing and reporting, documentation and archiving,
knowledge and contact management.
Legitimate interests
In the following sections, we list our legitimate interests within the
meaning of Art. 6 (1) sentence 1 letter f GDPR as categories for the
sake of clarity and readability. In some cases, there may be overlaps
with our “purposes” (see definitions above). This is in the nature of
things.
Unless otherwise stated, the legitimate interests listed below are to be
understood as follows:
Promotion of sales activities: e.g., promoting our sales by
evaluating customer demand, analyzing the interests and purchasing
and demand behavior of our prospects, users, and/or customers.
Promotion of economic interests: e.g., measures to reduce costs
and save money, avoid/reduce significant additional costs, increase
overall earnings (in particular through outsourcing to service
providers), and avoid competitive disadvantages.
Advertising and image enhancement, market and opinion research:
e.g., opinion polls, voting, product and/or service evaluations, and
other reviews, as well as the integration of these results.
Analysis and optimization of our own offerings, services, and
advertising measures: e.g., analysis of user, prospect, and/or
customer behavior to optimize processes, services, and products,
tailor our products, services, and marketing measures to meet needs,
and address customers directly.
Design, operation, and availability of digital products:
includes, for example, the integration of general functions of
websites, apps, and other digital products.
Operation, integrity, and security of digital products: in
particular, defense against requests that overload the service
(denial of service attacks) or excessive use of bots to destabilize
a platform, IT security measures such as storing log files and, in
particular, IP addresses for a longer period of time in order to
detect and prevent misuse, even beyond the level required by law.
Direct advertising (personalized marketing): in particular,
direct communication with prospects and customers that is not based
on consent, such as product recommendations based on previous demand
behavior, including the processing of data for the preparation of
direct advertising (e.g., customer segmentation, affinity ratings).
Integration of desired or necessary functionalities: Integration
of functionalities that are in the customer’s interest, are played
out at the customer’s request, and/or are necessary for the
provision of the service (e.g., the integration of contact options
on websites or in apps, or the option for users to save
configurations (e.g., language selection)).
Assertion, exercise, or defense of legal claims: e.g.,
preservation of evidence to clarify the facts in the event of a
foreseeable legal dispute.
Customer acquisition, customer retention, customer recovery:
e.g., operation of a customer relationship management (CRM) system
for prospect and customer care.
Freedom of expression, press, and broadcasting: in particular,
processing that was previously covered by the so-called media
privilege.
Protection of the physical integrity and health of data subjects
Promotion of legitimate interests within a group of companies:
performance of organizational, procedural, or business tasks arising
from the cooperation of several affiliated companies (see the
explanations in Recital 48 GDPR).
Prevention of criminal offenses, administrative offenses, and
other detrimental actions: in particular, fraud prevention,
preventive measures within the framework of an internal control
system, measures to investigate risks following corresponding
suspicious cases or other indications of possible actions to the
detriment of the responsible party or other persons
Reduction of default risks: identification of economic,
technical, procedural, or organizational risks for the company that
could lead to the complete or partial failure of the company, parts
of the company, or the company’s products or services
Employee support: Integration or implementation of services and
activities that benefit employees, such as satisfaction surveys,
voluntary events and activities, birthday lists, sending greeting
cards, etc.
Employee retention: Integration or implementation of services
and activities to achieve long-term employee loyalty to the
employer, such as promoting personal development, birthday lists,
sending birthday gifts
Other legitimate interests: Where relevant, these interests are
explained separately in the respective sections.
Categories of recipients
In the following section, we list the categories of recipients that we
use in our privacy policy:
Banks and other financial service providers
Authorities and other public bodies
Professional secretaries and their companies/institutions
(IT) service providers (this may also include providers of AI
(artificial intelligence) systems)
Opponents in legal disputes
Group companies and other affiliated companies
Customers and interested parties
Suppliers
Personnel service providers
Platform operators and media
Associations, organizations, and interest groups
Landlords
Insurance companies
Contractual partners (excluding customers)
Cookie Policy
Matomo
Purpose of processing: Analysis and performance measurement as well
as optimization of products and/or services, advertising, and
personalized marketing measures
Legal basis: Section 25 (1) TDDDG
Data categories: Connection data, usage data, content data if
applicable
Recipients of the data: IT service providers
Intended transfer to third countries: None
Information about cookies and similar technologies: [PLACEHOLDER:
Cookies (storage period)]