1. An overview of data protection
Data recording on this website
Who is responsible for recording data on this website (i.e. the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under the legal notice on this website.
How do we record your data?
We collect your data, for example when you share it with us. This can be, for instance, information you enter into our contact form.
Other data is recorded by our IT systems automatically or after you consent to it being recorded during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.
For what purposes do we use your data?
A portion of the information is generated to guarantee that the website is provided error-free. Other data may be used to analyse your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which will affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time under the address disclosed in the section “Information Required by Law” on this website if you have questions about this or any other data protection-related issues.
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analysed when you visit this website. Such analyses are performed primarily using cookies and with so-called analysis programmes.
This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.
The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.
Execution of a contract data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.
3. General and mandatory information
We herewith advise you that the transmission of data via the Internet (i.e. through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.
Information about the responsible party (referred to as the “controller” in the GDPR)
The data processing controller on this website is:
im Johanneum am Neumarkt
01067 Dresden Telefon +49 (351) 8644-0
Fax +49 (351) 8644-110
The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g. names, e-mail addresses, etc.).
Designation of a data protection officer as mandated by law
We have appointed a data protection officer for our company.
Institut für Datenschutz und Datensicherheit
Dresdner Str. 58a
Phone: +49 351 - 27579057
Revocation of your consent to the processing of data
A wide range of data processing transactions are only possible if you give them your express consent. You can also revoke your consent you have given at any time. To do so, all you are required to do is to send us an informal notification via e-mail. This will not affect the lawfulness of any data collection that occurred prior to your revocation.
Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)
IF YOUR PERSONAL DATA IS BEING PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to lodge a complaint with the competent supervisory agency
In the event of violations of the GDPR, data subjects are entitled to lodge a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to lodge a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.
Right to data portability
You have the right to demand that any data we automatically process based on your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If you are under an obligation to share your payment information (e.g. account number if you give us the authority to debit your bank account) with us after you have entered into a fee-based contract with us, this information is required to process payments.
Payment transactions using common modes of payment (Visa/MasterCard, debit to your bank account) are processed exclusively via encrypted SSL or TLS connections. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If communication with us is encrypted, third parties will not be able to read the payment information you share with us.
Information about, rectification and erasure of data
Within the scope of the applicable statutory provisions, you have the right to demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data at any time. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time at the address provided in the legal notice.
Right to demand processing restrictions
You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time at the address provided in the legal notice. The right to demand processing restrictions applies in the following cases:
- In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
- If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the erasure of this data.
- If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its erasure.
- If you have raised an objection pursuant to Art. 21 para. 1 GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data – with the exception of their storage – may be processed only subject to your consent or in order to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important reasons of public interest cited by the European Union or a member state of the EU.
Rejection of unsolicited e-mails
We herewith object to the use of the contact information published in conjunction with our duty to publish information in the legal notice to send us promotional and information material that we have not expressly requested. The operators of this website and its pages reserve the express right to take legal action in the event of the unsolicited sending of promotional information, for instance via SPAM messages.
4. Recording of data on this website
Our websites use so-called cookies. Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently stored on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain stored on your device until you actively delete them or they are automatically eradicated by your web browser.
In some cases, third-party cookies may be stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies have various functions. Many cookies are technically essential since certain website functions would not work without them (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be to analyze user patterns or display promotional messages.
Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g. for the shopping cart function) or those that are necessary for the optimization of the website (e.g. cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6 para. 1 lit. f GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in storing cookies to ensure that its services are provided error-free and in an optimum way. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6 para. 1 lit. a GDPR); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic erasure of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
- The type and version of browser used
- The operating system used
- The referrer’s URL
- The hostname of the accessing computer
- The time of the server inquiry
- The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 para. 1 lit. f GDPR. The operator of the website has a legitimate interest in their website being displayed without technical errors and in an optimum way. In order to achieve this, server log files must be recorded.
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The information you have entered into the contact form shall remain with us until you ask us to erase the data, revoke your consent to the storage of data or if the purpose for which the information is being stored no longer exists (e.g. after we have concluded our response to your inquiry). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your inquiry is related to the fulfilment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6 para. 1 lit. f GDPR) or on the basis of your consent (Art. 6 para. 1 lit. a GDPR) if it has been obtained.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
5. Analysis tools
This website uses the open source web analysis service Matomo. Matomo uses so-called cookies, which are text files that are stored on your computer and make it possible to analyse your use of this website. In conjunction with this, the information about your use of this website generated by the cookie will be stored on our server. Prior to storage, the IP address will first be anonymized.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s website and advertising. If consent has been requested accordingly (e.g. consent to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
The information generated by cookies concerning the use of this website shall not be shared with any third parties. You may prevent the storage of cookies at any time by making pertinent changes to your browser software settings; however, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent.
If you do not consent to the storage and use of your data, you have the option to deactivate the storage and use of such data here. In this case, an opt-out cookie will be placed in our browser, which prevents the storage of usage data by Matomo. If you delete your cookies, this will also result in the deletion of the Matomo opt-out cookie. Therefore, you will have to reactivate the opt-out cookie the next time you visit this website.
If you would like to subscribe to the newsletter offered on this website, we will need your e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided and consent to receiving the newsletter. We will collect no further data or only on a voluntary basis. Such data will be used only to send the requested information and will not be shared with third parties.
The information entered in the newsletter subscription form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You may revoke your consent to the storage of data, your e-mail address and the use of this information for sending the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This will not affect the lawfulness of any data processing transactions that have taken place to date.
The data given to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe. Data stored for other purposes with us remain unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage of your data in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.
7. Plug-ins and tools
YouTube with expanded data protection integration
Our website embeds videos from YouTube. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.
As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified of which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option of preventing this by logging out of your YouTube account.
Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device. With the assistance of these cookies, YouTube will be able to obtain information about our website's visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. These cookies will stay on your device until you delete them.
Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6 para. 1 lit. f GDPR, this is a legitimate interest. If your consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; you can revoke your consent at any time.
Monotype web fonts from fast.fonts.net
Our website design uses fonts for display purposes, which are provided among others by Monotype Imaging Holdings Inc., a Delaware corporation with principal offices at 600 Unicorn Park Drive, Woburn, Massachusetts, 01801 USA, and its subsidiaries (e.g. MyFonts, Mosaic, Olapic). The integration of these fonts means that when you access our website, data are also retrieved by a server owned by Monotype. As a result, this server and therefore also Monotype have at least knowledge of your IP address. Without your IP address, Monotype’s server could not send the font files to your browser, which is why the IP address is required to display the font. In addition, Monotype generally knows that you have accessed the font via our website as well as some technical details about your browser, as almost all web browsers automatically send this data to the server every time they are accessed. Some browsers allow you to limit or modify the data sent to the server, but whether this is possible or not depends on the manufacturer of your browser. Even if the provider, in other words Monotype, only requires # the transmitted information, in particular the IP address, to supply the accessed content, whether and to what extent Monotype evaluates or stores this information for statistical purposes is beyond our knowledge and control. In any case, our website also contains a visitor counter from Monotype, which is used to record the number of visitors to our website. We are legally required to use this visitor counter in order to use the fonts. For more information about data protection at Monotype, click on the following links: https://www.myfonts.com/info/terms-and-conditions or https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy.
It is necessary for us to use Monotype’s web fonts to guarantee a uniform typeface on our website. This constitutes a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
This website uses the mapping service Google Maps via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is stored. The operator of this website has no control over the data transfer.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6 para. 1 lit. f GDPR. If your consent has been requested, the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; you can revoke your consent at any time.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
“Voice Reader Web” text-to-speech function
We use the text-to-speech function Voice Reader Web provided by Linguatec Sprachtechnologien GmbH on our website. Voice Reader Web is a text-to-speech service for public internet content. Visitors to the website can activate this function by clicking on the “Read” icon. This prompts your browser to transfer the highlighted content of the page or the requested document along with your complete IP address to Linguatec Sprachtechnologien GmbH in order to generate the voice output. Linguatec receives the website text directly from the visitor’s browser and generates an audio file, which is sent back to the IP address of the user in streaming mode. Apart from the user’s IP address, no other personal data is recorded, according to Linguatec Sprachtechnologien GmbH. The audio file cannot be generated without transferring this data. Processing of your IP address is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
We have no control over how Linguatec Sprachtechnologien GmbH uses the data for its own purposes, to what extent it can match activities to individual users, how long Linguatec Sprachtechnologien GmbH stores these data for and whether data are passed on to third parties.
As long as the respective requirements are met, you also have the right to rectification of your data in accordance with Art. 16 GDPR, to erasure in accordance with Art. 17 GDPR, to restrict processing in accordance with Art. 18 GDPR, to object to processing in accordance with Art. 21 GDPR and to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Please note that the operator of Voice Reader Web is responsible for data processed by Linguatec Sprachtechnologien GmbH.
Name and address of responsible party:
Linguatec Sprachtechnologien GmbH
Represented by: Dr. Reinhard Busch
Phone: +49 89 896664-0
Revoking your consent to the transfer of data
8. eCommerce and payment service providers
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent necessary to establish, design the content of or change the legal relationship (data inventory). These actions are taken on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data concerning the use of this website (usage data) only to the extent that this is necessary to make it possible for users to utilize or be invoiced for the services.
The collected customer data will be erased upon completion of the order or the termination of the business relationship. This will not affect any statutory retention provisions.
Data transfer on conclusion of contracts
We share personal data with third parties only if this is necessary in conjunction with the handling of the contract; for instance, with the financial institution tasked with the processing of payments.
No further data will be processed, or only if you have given your express consent to the transfer. Your data will not be shared with third parties in the absence of your express consent, for instance for advertising purposes.
The basis for the processing of data is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for pre-contractual measures.
Ticketcounter online ticket service
To ensure that you can buy tickets online, we use the services of Ticketcounter B.V. and its subsidiaries (e.g. Ticketcounter OS GmbH, Düsseldorf) on our website, grouped under “Ticketcounter” in the following.
When you visit the subpage https://www.verkehrsmuseum-dresden.de/en/your-visit/tickets/online-tickets, your complete IP address will be transferred to Ticketcounter. Processing of your IP address is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Revoking your consent to the transfer of data
Without your consent, resulting in the transfer of your data, we cannot offer you any online ticket services.
Concluding the contract with Ticketcounter
When you buy entrance tickets via our website (online booking), you enter into a contract directly with Ticketcounter. The handling of contract data between you and Ticketcounter is based on Art. 6 para. 1 lit. b GDPR (processing of data for the fulfilment of a contract or for pre-contractual measures) and is beyond our control.
As long as the respective requirements are met, you also have the right to rectification of your data in accordance with Art. 16 GDPR, to erasure in accordance with Art. 17 GDPR, to restrict processing in accordance with Art. 18 GDPR, to object to processing in accordance with Art. 21 GDPR and to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. Please note that the operator of the ticketing services is responsible for data processed by Ticketcounter.
Name and address of responsible party:
Ticketcounter OS GmbH
Phone: +49 (0)211 – 93670280
Among other options, we offer payment via PayPal on this website. The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
If you choose payment via PayPal, we will share the payment information you enter with PayPal.
The legal basis for the sharing of your data with PayPal is Art. 6 para. 1 lit. a GDPR (consent) as well as Art. 6 para. 1 lit. b GDPR (processing for the fulfilment of a contract). You have the option to revoke your consent to the processing of your data at any time. Such revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
Instant Transfer Sofort
Among other options, we offer the payment service “instant transfer Sofort” on this website. The provider of this payment option is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as “Sofort GmbH”).
With the help of the “instant transfer Sofort” tool, we receive a payment confirmation from Sofort GmbH in real time, which allows us to instantly start fulfilling our obligations to you.
When you choose the “instant transfer Sofort” payment option, you must send a PIN and a valid TAN to Sofort GmbH, which allows the company to log into your online banking account. Upon logging in, Sofort GmbH will verify your account balance and execute the bank transfer to us using TAN provided by you. Subsequently, the company sends us an immediate transaction confirmation. After Sofort GmbH has logged in, the system will also automatically verify your revenues and check the credit limit of your pre-approved overdraft credit line and the existence of other accounts along with their balances.
Along with the PIN and TAN numbers, the system also transfers the payment information you entered along with personal data to Sofort GmbH. Your personal data comprises your first and last name, address, phone number(s), e-mail address, IP address as well as any other data required for the processing of the payment transaction. This data must be transferred in order to determine your identity with absolute certainty and to prevent attempts to commit fraud.
The legal basis for the sharing of your information with Sofort GmbH is Art. 6 para. 1 lit. a GDPR (consent) as well as Art. 6 para. 1 lit. b GDPR (processing for fulfilment of a contract). You have the option to revoke your consent to the processing of your data at any time. Such revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
For details on payments made with the instant transfer option, please follow these links: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.
Mastercard / VISA
It is also possible to pay with Mastercard of Visa on our website. These payment services are provided by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium, and Visa Europe Services Inc., London branch, 1 Sheldon Square, London W2 6TT, United Kingdom.
If you choose to pay by Mastercard or Visa, the payment data you enter will be passed on to Mastercard or Visa.
Your data is transferred to Mastercard or Visa based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for fulfilment of a contract). You have the option to revoke your consent to the processing of your data at any time. Such revocation shall not have any impact on the effectiveness of data processing transactions that occurred in the past.
9. Custom services
We offer website visitors the opportunity to submit job applications to us (e.g. via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential.
Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g. contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment of an employment relationship. The legal grounds for this are § 26 New GDPR according to German Law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract negotiations) and – provided you have given us your consent – Art. 6 para. 1 lit. a GDPR. You may revoke your consent at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application.
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 New GDPR and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing system.
Storage period for data
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to six months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the six-month period has expired (e.g. due to an impending or pending legal dispute), it will only be deleted when the purpose for further storage no longer applies.
The data may be stored for a longer period if you have given your consent (Article 6 para. 1 lit. a GDPR) or if statutory data retention requirements preclude the deletion.
10. Our social media presence
Data processing by social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. They are described in detail in the following:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, the data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. This means that interest-based advertising may be shown to you within and outside of the respective social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are or have logged into.
We want our social media sites to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, rectification, erasure, restricting processing, data portability and lodging a complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite sharing responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Duration of storage
The data collected directly from us via our social media presence will be deleted from our systems as soon as the purpose for their storage expires, if you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
Individual social networks
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We use the short message service Twitter. The provider is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. Twitter is certified under the EU-US Privacy Shield.
You can customise your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.
You can customise your YouTube privacy settings in your user account. Click on the following link and log in: https://adssettings.google.com/authenticated.