A General information, use of services
The following notes provide an overview of what happens to your personal data and how it is processed, forwarded or deleted, as well as for what purpose, when you use our websites, apps and services. Personal data is any data with which you can be personally identified. You are not contractually or legally obligated to provide personal data, but we may need to process it if you want to use our services.
We do not process your data beyond what is necessary for the proper provision of our services and only with your consent, unless this consent is impossible for actual reasons or the data processing is permitted by law.
For the sake of better readability, we refrain from using separate wording for female or male persons in the following; the designations apply to all genders.
1. Who is responsible for data collection?
The processing of your data is carried out by (referred to in this document as "CarVia"):
You can reach us via the aforementioned communication channels (keyword: data protection)
2. What data do we collect?
The following types of personal data may be processed in connection with our services:
- Master data: First name, last name, address, date of birth, gender, language, e-mail address, telephone number, cell phone device ID, customer number.
- Contract data: Driver's license, ID card, passport data, photos of documents or yourself taken by your smartphone, passwords you create yourself, individual rates and discounts, contract term, customer status (also of third parties, e.g., as part of an additional driver)
- Booking data: Vehicle model, pick-up and drop-off times, pick-up and drop-off locations, additional services booked, reservation number, license plate number of the rented vehicle
- Financial data: Credit card data, bank account, credit check.
- Communication data: Contents of phone calls or written inquiries, contact history, voluntary information such as additional requests
- Geodata: Data used to locate your location during registration, vehicle search, rental start, rental end, telematics data (e.g. Bluetooth token, GSM data, mileage, fuel level, location of vehicle), trip log
- Special data in special cases: this includes accidents (e.g. witness statements, health data)
3. On what legal basis do we collect your data?
Art. 6 para. 1 p. 1 lit. a of the General Data Protection Regulation (DSGVO): The processing of personal data is permissible if you have consented to the processing
Art. 6 para. 1 p. 1 lit. b DSGVO: The processing of personal data is lawful if it is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures (e.g. when booking a vehicle) in response to your request
Art. 6 para. 1 p. 1 lit. c DSGVO: The processing of personal data is lawful if it is necessary for compliance with a legal obligation to which CarVia is subject
Art. 6 para. 1 p. 1 lit. d DSGVO: The processing of personal data is lawful if vital interests of the data subject or another person make this necessary
Art. 6 para. 1 p. 1 lit. f DSGVO: The processing of personal data is lawful if it is necessary for the protection of the legitimate interests of the controller (CarVia) or a third party, unless this conflicts with the interests or fundamental rights and freedoms of the data subjects (of you)
Art. 9 para. 2 lit. f DSGVO: Special categories of personal data may be processed if the processing is necessary for the assertion, exercise or defense of legal claims. This also includes health data
4. How do we collect your data?
On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter in a contact form, when registering for CarVia services or when making a booking, in particular in the following categories:
Master data, contract data, booking data, financial data, communication data.
5. What do we use your data for?
a) Creation of a CarVia account
For the use of individual services (e.g. CarVia Share via mobile app), the creation of a CarVia account is mandatory. For this purpose, master data, contract data and financial data are requested. We process your data on the basis of Art. 6 para. 1 lit. b, f.
Photo or video recordings that you make with your cell phone are used for the verification of documents and person. In the process, biometric features are automatically as well as manually matched by CarVia and security features such as holograms are checked.
The basis for the verification is Art. 6 para. 1 lit a, c DSGVO in conjunction with § 21 para. 1 No. 2 StVG. As a vehicle owner, we are obliged to verify the driving license of our users. In addition to the photocopy of the driver's license, this also includes the photocopy of other documents to make identity theft more difficult.
b) Creation of a vehicle reservation
Reservations can be made via different channels, such as website, phone, email or app. Depending on the channel, master data, contract data, booking data, financial data, communication data and geodata are requested. We use payment service providers to process payments.
Legal bases for the above-mentioned processing are Art. 6 para. 1 lit a for consents, lit. b for the reservation including billing and customer care, lit. c for compliance with regulatory requirements.
c) General rental of vehicles
We process your master data, contract data, booking data, financial data, communication data and geodata for the conclusion of the rental contract, for general customer care, for the prevention of criminal acts and for billing.
The legal basis for the above-mentioned processing is Art. 6 (1) lit. b for the conclusion and fulfillment of rental agreements including billing and customer support, lit. c for the detection, prevention and investigation of criminal acts, compliance with regulatory requirements and commercial and tax retention obligations, lit. f for billing third parties and for fraud prevention and risk prevention.
We have a legitimate interest in offering our services with the best possible customer orientation and in avoiding economic disadvantages such as the loss of vehicles or payment defaults.
d) Renting a vehicle via CarVia app.
The CarVia app allows you to rent a vehicle via your smartphone without having to be stationary. For a localization of you as well as the available vehicles, your location is determined via GPS technology. In addition, the location is only determined in the event of further requests from you, in particular when the vehicle is opened, during intermediate parking and at the end of the journey.
For the purpose of fraud prevention, we reserve the right to compare the locations of the vehicle with the driving profile and the device location.
During the journey, an anonymized and encrypted comparison of the data of your smartphone and the vehicle takes place. Telematics data is used, for example, to prevent the termination of the rental (e.g., with open windows) or to prevent parking outside the business area (by determining the location).
The legal basis for the above-mentioned data processing is Art. 6 Para. 1 lit. a, b, f.
e) Customer support
You can contact us via communication channels such as e-mail, website form, chat, telephone or letter post. Based on your request, we process personal data resulting from the scope and nature of the request.
We process your data on the basis of Art. 6 (1) lit. b DSGVO in order to provide you with our contractual services and to respond quickly and effectively to your customer inquiries.
A transfer of the data does not take place except in cases of a legal obligation according to Art. 6 para. 1 lit c and the StVG.
We process the data of our customers according to Art. 6 para. 1 lit. b. DSGVO in order to invoice our services after service provision. We process the data required for this purpose and point out the necessity of providing them, unless this is evident to the contractual partners.
The processed data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract content, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims pursuant to Art. 6 para. 1 lit. f. DSGVO or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c. DSGVO. We expressly reserve the right to use the services of legal service providers (debt collection, lawyers, etc.) to enforce claims and to transmit data of contractual partners and customers to them to the extent necessary.
The deletion of the data takes place when the data is no longer required for the fulfillment of contractual or legal duties of care as well as for dealing with any warranty and comparable obligations. Statutory retention obligations remain unaffected.
It is necessary to pass on data to a payment service provider so that it can carry out the transaction. The payment service provider receives name and address, the deposited payment method and, if applicable, bank data, a pseudonymized ID and the invoice data. CarVia will be informed by the payment service provider of any payment made or missed. The payment service provider is:
An order processing agreement was concluded with Stripe. In addition, it was checked whether the requirements according to Art. 44-49 DSGVO for the transfer of personal data are given.
g) Fleet management through vehicle data
CarVia vehicles can transmit information such as mileage, speed, tank volume, location and triggering of vehicle sensors via networking functions. This is done by the manufacturers or CarVia itself and, in addition to fleet maintenance and organization, may also serve to avert risks from misuse.
Our legitimate interest is to provide our users with regularly maintained, functional and safe vehicles. The legal basis for the data processing necessary for this is Art. 6 para. 1 lit. f DSGVO.
h) Credit check
CarVia uses credit checks to protect itself against non-payment or misuse by users.
As part of the credit check, your personal data will be transmitted to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, ("SCHUFA").
We reserve the right to temporarily deactivate your user account based on the results of the credit check. If you do not comply with your contractual obligations to pay claims of CarVia, we reserve the right to send a report to SCHUFA.
For more information on profiling (scoring), the disclosure of your data by SCHUFA and the general activities and data protection provisions, please visit: www.schufa.de/datenschutz.
The legal basis for the credit assessment is Art. 6 para. 1 f. DSGVO. We have a legitimate interest in protecting ourselves against payment defaults.
i) Damage settlement
In the event of damage to one of our vehicles, either directly or indirectly (e.g. as the party responsible for the damage without causing damage to the vehicle itself), we collect personal data in order to support the user, clarify the circumstances of the damage, settle the damage and enforce our own claims.
Due to legal or contractual obligations, we may be required to record, process or pass on further data, in particular to public authorities or claims adjusters. This may also include health-related data, in particular in relation to injuries or alcohol and narcotics consumption. The legal basis in this case is Art. 9 (2) lit. f DSGVO.
The basis for data processing in the other cases is Art. 6 para. 1 lit. b, c, f DSGVO.
j) Prevention of misuse
We reserve the right to take the following measures to prevent misuse:
- Geo-fences: when leaving the area defined by us, an automatic warning message of the vehicle is issued. Based on the telematics as well as vehicle data, we can then make an assignment to your person in order to contact you.
- Tank emptying, wheel change, misuse of fuel and charging cards: Sensors in the vehicles can transmit warning messages as soon as a tank is emptied or a wheel change is carried out. Furthermore, warning messages are transmitted in the event of unusual refueling or loading operations with the cards provided. Upon detection of an unauthorized act, we may perform an assignment to your person in order to contact you.
In the event of criminal conduct, we reserve the right to disclose personal data to public authorities.
In the case of violations, especially against the StVG, we may receive reports from other road users or the police. The information provided will be recorded by us and examined on a case-by-case basis. In order to comply with our obligation to keep the vehicle in accordance with Article 21 of the German Road Traffic Act (StVO) and to protect third parties, we reserve the right to block user accounts in the event of suspected driver misconduct. A further review of the allegations will only take place in the event of an objection by the user concerned or in the event of inquiries by public authorities. In addition to the data transmitted by the app during use, data from a black box installed in every vehicle can be analyzed. This data is collected in a person-related, but not personal, manner.
We have a legitimate interest in protecting ourselves against fraud attempts and violations of our T&Cs. We check and process data in this context on the basis of Art. 6 (1) lit. f DSGVO and assume that such checks are in principle also in the interest of users and do not represent an encroachment on the rights and freedoms of users.
k) Referral Program
Registered users can voluntarily recommend CarVia via a code or link in order to secure a bonus (e.g. free minutes) for the person recommended or themselves. When participating, parts of your master data as well as communication data will be processed by you as the recommender. This also serves to prevent fraud.
If you receive a link or code as a recommender, you will have the opportunity to register for our services. If you do not actively do this, no personal data will be transmitted to us. The matching of the recommender on the basis of the above-mentioned transmitted data serves, in case of a registration of the recommender with his master data, the assignment of both parties as well as the crediting of the bonus.
The legal basis for the data processing is Art. 6 para. 1 lit. b DSGVO.
6. Data sharing
In order to fulfill our contractual and legal obligations as well as to enforce our legitimate interests, we partly cooperate with external companies or persons (processors, joint controllers). This is only done on the basis of a legal provision (e.g. transfer of data to payment service providers for contract fulfillment, Art. 6 (1) lit. b DSGVO) and with your consent.
Cooperation on the basis of a contract processing agreement is governed by Art. 28 DSGVO.
If we or an authorized third party process data in a third country outside the EU (European Union) or the EEA (European Economic Area) or transfer data there, your consent, the fulfillment of (pre)contractual obligations, legal provisions or our legitimate interest must justify this. Irrespective of this, data processing will only take place if the requirements of Art. 44 et seq. DSGVO (special guarantees, standard contractual clauses, officially recognized data protection level).
7. time limits for the storage of your data
The period for which we store your personal data depends on factors such as the purpose of the data agreement or also statutory provisions.
In the case of legally prescribed periods, we comply with the provisions on the duration of storage. The duration can be between three and thirty years. In particular, according to commercial law or tax law, periods of six to ten years may arise. The legal basis for this storage is the respective legal regulations as well as Art. 6 para. 1 p. 1 lit. c DSGVO.
Data that we process for the purpose of fulfilling a contract is generally stored for the duration of the contractual relationship.
We may store data of blocked users permanently in order to prevent re-registration. This is a legitimate interest according to Art. 6 para. 1 lit. f DSGVO.
8. What rights do you have regarding your data?
a) Right to information
In accordance with Art. 15 DSGVO, you have the right to receive information free of charge at reasonable intervals about the origin, recipient and purpose of your stored personal data.
b) Right to rectification
In accordance with Art. 16 DSGVO, you have the right to have incorrectly recorded data corrected by us as well as to have incomplete data completed.
c) Right to deletion
According to Art. 17 DSGVO, you have the right to request the deletion of your personal data. Irrespective of this, we will delete your personal data if the purposes for which the data were collected are no longer applicable or if data have been processed unlawfully.
d) Right to restriction of processing
According to Article 18 of the GDPR, you have the right to restrict the processing of personal data if you dispute its accuracy. We must check this circumstance and will not process your data further until the issue of the objection has been resolved.
e) Right to data portability
In accordance with Art. 20 DSGVO, you have the right to demand that we hand over your data in machine-readable form to you or a third party of your choice.
f) Right to information
If you have your data corrected, deleted or the processing of it restricted, we are obliged to inform all recipients to whom we have transmitted this data. This does not apply if this proves impossible or can only be done with a disproportionate effort.
g) Right of objection
According to Art. 21 DSGVO, you have the right to object to the processing of personal data. In this case, we will interrupt the processing and check whether there are compelling interests worthy of protection that take precedence over your interest.
You have the right to object to the processing of personal data for the purpose of direct marketing at any time. We will then no longer use your data for advertising purposes.
h) Right of revocation
You have the right to revoke your declaration of consent to the data agreement at any time. The legality of the data processing carried out on the basis of the consent until the revocation remains unaffected.
i) Right of complaint
Pursuant to Art. 77 DSGVO, you have the right to lodge a complaint with a supervisory authority if you have the impression that we are violating data protection law. For this purpose, you can contact the data protection authority at your place of residence, place of stay or place of work.
The competent authority for CarVia is:
Bayerisches Landesamt für Datenschutzaufsicht
B Data collection on our website and social media accounts
In order to provide and advertise information about CarVia and our services, to display communication channels, to conduct analyses and market research, and to ensure the security of our websites, we process data from you as a user.
The data collected during use may include demographic characteristics, preferences, websites visited, meta-data, for example, on end devices used, approximate locations and IP addresses.
The details of data processing and integrated service providers can be found in the following points.
Our Internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
2. Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
3. SSL or TSL encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. This is how we meet the requirements of Art. 32 DSGVO.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4. Contact forms
If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is therefore based exclusively on your consent, if this was requested (Art. 6 para. 1 lit. a DSGVO). In other cases, the data is processed on the basis of Art. 6 (1) (b) DSGVO, if this is necessary to carry out (pre)contractual measures or on the basis of Art. 6 (1) (f) DSGVO (legitimate interest in processing your request). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
5. Data transmission upon conclusion of contract for shipment of goods
We transmit personal data to third parties only if this is necessary in the context of the contract, such as to the companies entrusted with the delivery of the goods or the credit institution entrusted with the payment processing. A further transmission of the data does not take place or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
6. Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies" and similar technologies. Cookies are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Your IP address is usually shortened when Google Analytics is used in order to make identification more difficult.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. a DSGVO, in accordance with the corresponding consent of the user. An opt-out cookie is set, which prevents the collection of your data during future visits to this website: Google Analytics deactivate.
Our goal in using Google Analytics is to further optimize our service and offer more to potential users. Google Analytics statistics help us better understand our customers and assist us in achieving this goal.
Google Analytics sets the following cookies:
Name: _ga (Google Analytics js).
Purpose: Google uses this cookie to store user ID and distinguish users. Expiration date: after 2 years
Purpose: expiration date: after 24 hours
Purpose: When Google Analytics is deployed via Google Tag Manager, this cookie is given this name. Expiration date: after 1 minute
Storage period: we have limited the storage period to 14 months in order to comply with the principle of storage limitation from Art. 5 DSGVO. This retention period applies to data associated with cookies, user recognition and advertising IDs. Results of reports are based on aggregated data and are stored independently from user data.
6.1 Browser plugin
6.2 Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set that prevents the collection of your data during future visits to this website: Google Analytics opt-out.
6.3 Order data processing
We have concluded an order data processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
6.4 Demographic characteristics in Google Analytics
This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
7. Google Tag Manager
We use the service called Google Tag Manager from Google. "Google" is a group of companies and consists of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland as well as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.
We have concluded an order processing agreement with Google. The Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which in turn may collect data. The Google Tag Manager does not access this data. The service helps us to carry out evaluations of the websites via a central interface and, in doing so, to organize other data, e.g. from Google Analytics, Facebook or Instagram.
We use the Google Tag Manager on the basis of Art. 6 para 1 lit. f DSGVO and our legitimate interest in optimally designing the content on our websites for users.
Please note that American authorities, such as intelligence agencies, could possibly gain access to personal data due to American laws such as the Cloud Act, which are inevitably exchanged with Google due to the Internet Protocol (TCP) when integrating this service.
8. Google Analytics Remarketing
Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history with your Google account for this purpose. In this way, the same personalized advertising messages can be displayed on every end device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad targeting.
You can permanently opt out of cross-device remarketing/targeting by disabling personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google (Art. 6 para. 1 lit. a DSGVO). In the case of data collection processes that are not merged in your Google account (e.g. because you do not have a Google account or have objected to the merging), the collection of the data is based on Art. 6 (1) lit. f DSGVO. The legitimate interest arises from the fact that the website operator has an interest in the anonymized analysis of website visitors for advertising purposes.
9. Google AdWords and Google conversion tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Within the scope of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
The storage of "conversion cookies" is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.
10. Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. The provider is Google Ireland Ltd. (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The purpose of reCAPTCHA is to verify whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and from SPAM.
11. Facebook Pixel
Our website uses the visitor action pixel from Facebook, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook") for conversion measurement.
This makes it possible to track the behavior of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.
The collected data is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy. This allows Facebook to enable the placement of advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the page operator.
With the help of the "Custom Audiences" function, it is possible to display Facebook ads only to users who have shown interest in our online offering or have certain characteristics that we transmit to Facebook (e.g. websites visited).
You can find further information on protecting your privacy in Facebook's data protection information: https://www.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
13. Plugins and tools
Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
13.2 Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used by your computer.
13.3 Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.
The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
We use HubSpot, a digital marketing tool, on our website. The service provider is the American company HubSpot, Inc., 25 First St 2nd Floor Cambridge, MA, USA (European headquarters: 1 Sir John Rogerson's Quay, Dublin 2, Ireland).
HubSpot also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA.
This may be associated with various risks to the legality and security of data processing.
As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or a data transfer there, HubSpot uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO). Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, HubSpot undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the relevant standard contractual clauses here, among other places: https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en
The Data Processing Agreement, which corresponds to the Standard Contractual Clauses, can be found at https://legal.hubspot.com/dpa
16. Job applications
On our websites and external job portals, we offer you the opportunity to apply for job vacancies by providing personal data. The personal data you provide in this context will be stored by us. Which data is processed can be seen from the respective input forms. In the forms, only those fields are indicated as mandatory fields that are absolutely necessary for the use of the respective offer.
To the extent permitted by law, we pass on your personal data to our service provider, Personio GmbH, Rundfunkplatz 4, 80335 Munich (https://www.personio.de/), which assists us in selecting applicants. This company, in turn, is obligated to comply with the applicable data protection regulations; in particular, the company may process the data exclusively for the performance of its tasks on our behalf and only in accordance with our instructions.
In order for you to participate in the application process, it is necessary for you to provide us with personal data derived from the documents you provide to us, such as your cover letter, curriculum vitae, application photo, certificates or other evidence of professional qualifications. This data may include, among other things, personal master data such as first name, last name, address, date of birth, contact data such as telephone number or e-mail address, as well as data relating to your educational and/or professional background such as school and work certificates, data on training, internships or previous employers.
The processing of personal data is based on Art. 88 (1) DS-GVO in conjunction with. § SECTION 26 BDSG.
In the event that the application results in an employment relationship, your personal data will be transferred to the personnel file.
In the event that an application is rejected, the data will be anonymized by us 90 days after the rejection of an application.