Overarching privacy statement for websites
General information on data processing
We collect and use personal data from our users strictly only to the extent necessary for providing a functional website as well as our content and products/services. The collection and use of our users’ personal data generally only takes place with the user’s consent. An exception is made in cases where it is actually impossible to obtain prior consent and the processing of the data is permitted by statutory regulations.
Legal basis for the processing of your data:
- In cases where we obtain consent from data subjects for processing operations on personal data, Art. 6(1) a of the EU General Data Protection Regulation (GDPR) serves as the basis.
- When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1) b of the GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out steps prior to entering into a contract.
- In cases where processing of personal data is necessary to comply with a legal obligation which our company is subject to, Art. 6(1) c of the GDPR serves as the legal basis.
- In cases where vital interests of the data subject or another natural person make it necessary to process personal information, Art. 6(1) d of the GDPR serves as the legal basis.
- If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and the interests, fundamental rights, and fundamental freedoms of the data subject do not override the interests of the former, Art. 6(1) f of the GDPR shall serve as the legal basis for the processing.
In particular, legitimate interests may include:
- Replying to enquiries;
- Carrying out direct marketing measures;
- Provision of services and/or information intended for you;
- The processing and transfer of personal data for internal and/or administrative purposes;
- The operation and administration of our website;
- The technical support of users;
- Avoiding and detecting cases of fraud and crimes;
- Protecting against non-payment by obtaining credit reports in the case of enquiries regarding deliveries and performance; and or
- Ensuring network and data security, provided that these interests comply with the corresponding applicable laws and the rights and freedoms of the user;
Usage data/server log files
Each time our webpages are accessed, our systems automatically collect data and information from the computer system of the accessing computer.
In this case, the following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time accessed, websites from which the user’s system is directed to our website or which the user is directed to from our website.
The legal basis for the temporary storage of the data and the log files is Art. 6(1) f of the GDPR with the aforementioned legitimate interests.
The temporary storage of the IP address by the system is necessary to make it possible for the website to be delivered to the user’s computer. For this purpose, the IP address of the user must remain saved for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. Furthermore, we use the data to optimize the website and to ensure the safety of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also justify our legitimate interests to perform data processing pursuant to Art. 6(1) f of the GDPR. The data will be deleted as soon as they are no longer necessary to fulfill the purpose of their collection. In the case of the collection of the data for the provision of the website, this is the case when the respective session is terminated. The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Furthermore, we reserve the right to review the files when concrete indications exist which point to a justified suspicion of unlawful use or a specific attack on the pages. In this case, it is within our legitimate interests to perform processing for the purposes of clarifying the issue and the criminal prosecution of such attacks and unlawful use.
Content from external providers
We use Adobe Fonts on our website, a web font hosting service. The service provider is the American company Adobe Inc. For the European region, the responsible entity is the Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. Adobe processes data from you, among others, also in the USA. We point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This can be associated with various risks for the legality and security of data processing.
As the basis for data processing for recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, particularly in the USA) or for data transfers to such countries, Adobe uses so-called Standard Contractual Clauses (= Article 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCC) are template contracts provided by the EU Commission and are intended to ensure that your data still comply with European data protection standards when transferred and stored in third countries (such as the USA). Through these clauses, Adobe commits to maintaining the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and the corresponding Standard Contractual Clauses here.
For more information about the processed data and the Standard Contractual Clauses at Adobe, please visit adobe.com.
Data collection during registration and registered use
Some of our websites require or offer registration. The data collected during this procedure are utilized for the purposes of the use of the respective websites and services, unless otherwise described during the registration and explicitly consented to. The data collected is given by the input form used as part of the registration. All other data which you can add at a later point in time in order to complete your profile is optional and voluntary. After registration, we are permitted to inform you about relevant circumstances related to our offering which you have registered for via the e-mail address specified.
Collection and use of personal data in application procedures
Ensuring the highest possible protection for your personal data is one of our top priorities. All personal data which are collected and processed by us as part of an application are protected against unauthorized access and tampering via technical and organizational measures. Your data will be collected for filling positions in the entire company group. By entering your data, you declare your consent to the use of your data in all companies with group affiliation to the company. Furthermore, you also consent to the evaluation of your data by a service provider which assists us with the evaluation of applications with the help of psychological analysis. As part of this analysis, your application may be automatically rejected due to certain criteria. If this happens, we will inform you of this and provide you with the opportunity to make a statement. By entering your data, you also consent to allowing us to store the applications for the duration of 2 years in order to consider you for positions that become available in the future as well. More information is available in the privacy statement for applicants.
Transmission of data via the internet
The transmission of data via the internet generally involves certain risks. Deliberate encryption of the data does not take place; in particular, messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you would like to communicate with us via encrypted e-mail, this can be done via S/MIME encryption. Please specifically request this encryption from us, as we generally send messages unencrypted due to the currently low market penetration of e-mail encryption procedures.
Disclosure of data
When you provide us with personal data, it is only disclosed to third parties to the extent necessary for the performance of the contractual relationship or other legal grounds legitimize this disclosure.
However, we provide certain services with the assistance of service providers. We have carefully selected these service providers and taken corresponding measures to protect your personal data.
The personal data of the data subjects are deleted or rendered unavailable as soon as the purpose of storage no longer applies. Furthermore, storage may also take place when this is provided for via European or national legislation in Union regulations, laws, or other provisions which the controller is subject to. The data is also rendered unavailable or deleted when a prescribed storage duration mandated by the specified standards expires, unless there exists a necessity for the continued storage of the data for the conclusion of a contract or the fulfillment of a contract.