Data protection declaration

Information concerning the processing of personal data (Articles 13 and 14 GDPR)

Dear Sir/Madam,
The personal data of each person who has a contractual, pre-contractual or other type of relationship with our company needs special protection. We aim to keep our data protection level at a high standard. For this reason, we strive to continually develop our data protection and data security concepts.
It goes without saying that we comply with the statutory regulations relating to data protection. In accordance with Articles 13 and 14 GDPR, companies are subject to special information obligations when they gather personal data. By means of this document, we are fulfilling these obligations.
The terminology of statutory regulations is complicated. Unfortunately, when drawing up this document it was not possible to avoid using legal terms. Therefore, we wish to inform you that you can contact our data protection officer, should you have any queries relating to this document, the specialist terms used or its wording.


1 Fulfilment of the information obligations in case of the gathering of personal data from the data subject (article 13 GDPR)

A Name and contact data of the controller (Article 13 Letter a) GDPR)

Burkhard Drescher
Innovation City Management GmbH
Suedring Center Promenade 3
46242 Bottrop
Germany
Telephone +49 (0) 2041 70-5000
Fax +49 (0) 2041 70-55000
Email info@icm.de
Commercial register number 11233
VAT ID number DE279403692

B Contact details of the data protection officer (Article 13 Letter b) GDPR)

Mr Stefan Scheffler, lawyer at buttler Rechtsanwaltsgesellschaft mbH
Email info@icm.de

C Purposes for which personal data is intended to be processed, as well as the legal basis for the processing (Article 13 Letter c) GDPR)

The purpose of the processing of personal data is the carrying out of all processed which concern the controller, customers, interested persons, business partners or other contractual or pre-contractual relationships between the named groups or statutory obligations of the controller. In particular, these include the provision of advice services, as well as project performance and other services.
Article 6 Paragraph 1 Letter a) GDPR serves as the legal basis for us in case of processing actions where we obtain consent for a specific processing purpose. Should the processing of personal data be necessary to fulfil a contract where the contracting party is the data subject, such as is the case for processing actions concerning the delivery of goods, the provision of other services or consideration, the processing is based on Article 6 Paragraph 1 Letter b) GDPR. The same applies to such processing actions which are necessary to carry out pre-contractual measures, such as in case of queries relating to our products or services. Should our company be subject to a legal obligation which makes the processing of personal data necessary, such as when fulfilling tax obligations, the processing is based on Article 6 I Letter c) GDPR.
In rare cases, the processing of personal data may become necessary in order to protect vital interests of the data subject or another natural person. For example, this would be the case if a visitor to our company is injured and his or her name, age, health insurance company data or other essential information needs to be passed on to a doctor, hospital or other third parties. In such a case, the processing would be based on Article 6 I Letter d) GDPR.
Finally, processing actions can be based on Article 6 I Letter f) GDPR. Processing actions which are not covered by any of the above legal bases are based on this section, should the processing be necessary to safeguard a legitimate interest of our company or of a third party, provided that the interest, basic rights and basic freedoms of the data subject do not outweigh this. In particular, we are permitted to carry out such processing actions, as these have been specially mentioned by the European legislator. To this extent, it stated its opinion that a legitimate interest can be assumed if the data subject is a customer of the controller (reason for opinion 47 paragraph 2 GDPR).

D If the processing is based on Article 6 I Letter f) GDPR, the legitimate interests which are pursued by the controller or a third party (Article 13 I Letter d) GDPR)

Should the processing of personal data be based on Article 6 I Letter f0 GDPR, our legitimate interest is the carrying out of our business activities for the benefit of all of our employees, the company and our shareholders.

E Categories of recipients of the personal data (Article 13 I Letter e) GDPR)

Public bodies
External bodies
Internal processing
Processing inside the company
Other bodies

F Recipients in a third country and suitable or reasonable guarantees and how to receive a copy of these or where they are available (Article 13 I Letter f) GDPR, Article 46, I and II Letter c) GDPR)

All companies and subsidiaries which belong to us or our group (hereinafter group companies) and whose place of business is located in a third country can come under the category of recipients of personal data.
In accordance with Article 46 I GDPR, the controller or an order processor may only transfer personal data to a third country if the controller or order processor has given suitable guarantees and the data subject has enforceable rights and effective legal remedies available to him or her. Suitable guarantees can be formed by means of standard data protection clauses, without separate approval of a supervisory authority being necessary in this respect, Article 46 II Letter c) GDPR.
Prior to the first transfer of personal data, the EU standard data protection clauses are agreed with all recipients in third countries. As a result, it is ensured that for all processing of personal data, suitable guarantees, enforceable rights and effective legal remedies are ensured, which are stated in the EU standard data protection clauses. Each data subject can obtain a copy of the standard data protection clauses from our data protection officer. In addition, the standard data protection clauses are available in the official journal of the European Union (ABI 2010 / L 39, pages 5-18).

G Duration for which the personal data is saved or, should this not be possible, the criteria for the determination of this period (Article 13 II Letter a) GDPR)

The criteria for the duration of the saving of personal data is the respective statutory retention period. Following the expiry of this period, the relevant data is routinely deleted, unless it remains necessary in order to fulfil or initiate a contract.

H Existence of the rights of information, transfer, rectification, deletion, restriction of the processing and the right to raise an objection to the processing, as well as the right of data portability (Article 13 II Letter b) GDPR)

All data subjects have the following rights:
a) Right of information
Each data subject has a right of information in relation to the personal data concerning him or her. The right of information extends to all data processed by us. The right can be claimed informally, free-of-charge and at reasonable intervals, so that all data subjects are always aware of the processing of their personal data and can check the lawfulness of this (reason for opinion 63 GDPR). This right originates from Article 15 GDPR. In order to exercise the right of information, the data subject can contact ourselves or our data protection officer informally. We will not charge you any costs for this.
b) Right of rectification
In accordance with Article 16 Sentence 1 GDPR, all data subjects have the right to request the immediate correction of the incorrect personal data relating to them, which takes place informally and free-of-charge. In addition, by means of Article 16 Paragraph 2 GDPR, it is ensured that the data subject has the right to request the completion of incomplete personal data, also by means of a supplementary declaration, taking the purposes of the processing into account. In order to exercise the right of rectification, a data subject can contact our data protection officer. We will not charge you any costs for this.
c) Right of deletion (right to be forgotten)
Otherwise, all data subjects have the right of deletion and to be forgotten in accordance with Article 17 GDPR. This right can be claimed by getting in touch with us informally. We will not charge you any costs in this respect. This right can also be claimed by getting in touch with our data protection officer directly. However, we wish to point out here that this right does not apply should the processing be necessary in order to fulfil a legal obligation to which our company is subject, Article 17 III Letter b) GDPR. This means that we cannot approve a deletion request until after the expiry of the statutory retention period.
d) Restriction of processing
In accordance with Article 18 GDPR, all data subjects have the right to have the processing restricted. Restriction of processing can be requested if one of the requirements set out in Article 18 I Letters a) to d) GDPR are met. The right to have the processing restricted can be claimed by getting in touch with us informally or making direct contact with our data protection officer. We will not charge you any costs for this.
e) Right of objection
In addition, Article 21 GDPR guarantees the right of objection. The right of objection can be claimed by getting in touch with us informally or by contacting our data protection officer directly. We will not charge you any costs for this.
f) Right of data portability
Article 20 GDPR grants the data subject the right of data portability. According to this regulation, providing that the requirements under Article 20 I Letter a) and Letter b) GDPR are met, the data subject has the right to receive the personal data relating to him or her which he or she has provided to the controller in a structured, up-to-date and machine readable format and to transfer this data to another controller without hindrance on the part of the controller to whom the data was provided. The data subject can exercise the right of data portability by getting in touch with us informally or by contacting our data protection officer directly. We will not charge you any costs for this.
i) Existence of the right to revoke the consent at any time without the lawfulness of the processing which took place with the consent of the data subject prior to the revocation being affected, should the processing be based on Article 6 I Letter a) GDPR or Article 9 II Letter a) GDPR (Article 13 II Letter c) GDPR)
Should processing of personal data be based on Article 6 I Letter a) GDPR, which is the case if the data subject has issued his or her consent to the processing of personal data relating to him or her for one or more specific purposes or should the processing be based on Article 9 II Letter a) GDPR which regulates the express consent to the processing of special categories of personal data, then in accordance with Article 7 III Sentence 1 GDPR, the data subject has the right to revoke his or her consent at any time.
By means of the revocation of the consent, the lawfulness of the processing which took place with the consent of the data subject prior to this time will not be affected, Article 7 III Sentence 2 GDPR. The revocation of the consent must be as easy as the issuing of the consent, Article 7 III Sentence 4 GDPR. Therefore, the revocation of the consent can always take place via the same channel as the issuing of the consent or in another manner which is considered easier by the data subject. In the information society of today, the easiest channel for the revocation of consent is a simple email. Should the data subject wish to revoke the consent which he or she has issued to us, a simple email to us or also directly to our data protection officer is sufficient here. Alternatively, a data subject can choose another means of communication to notify us of the revocation of the consent.
j) Right to complain to a supervisory authority (Article 13 II Letter d), 77 I GDPR)
As a controller, we are obliged to notify the data subject of his or her right to complain to a supervisory authority, Article 13 II Letter d) GDPR. The right to complain is regulated in Article 77 I GDPR. According to this regulation, each data subject has the right to complain to a supervisory authority in the member state of his or her place of residence, place of employment or the location of the alleged breach and regardless of other remedies under administrative laws or before a court, should the data subject be of the opinion that the processing of the personal data relating to him or her breaches the General Data Protection Regulation. A limit was then placed on the right to complain by the European legislator, stating that this can only be claimed in relation to one supervisory authority (reason for opinion 141 Sentence 1 GDPR).
This regulation is intended to prevent multiple prevents by the same data subject in the same matter. Should a data subject wish to complain about us, we would therefore kindly request that only one supervisory authority in the Federal Republic of Germany be contacted. For the German State of North Rhine Westphalia as an example, this is:

Landesbeauftragte fuer Datenschutz und Informationsfreiheit (State Data Protection and Freedom of Information Officer)
Nordrhein-Westfalen
Postfach 20 04 44
Duesseldorf
Telephone +49 (0) 211 38424-0
k) Statutory or contractual regulations concerning the provision of personal data; necessity for conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide the personal data (Article 13 II Letter e) GDPR)
We wish to point out to you that in certain cases, the provision of personal data is required by law (for example tax regulations) or under contractual terms (for example information relating to the contracting partner).
For example, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data which we then need to process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract cannot be concluded with the data subject.
Prior to the provision of personal data, the data subject can contact our data protection officer. Our data protection officer will provide the data subject with clarification in the individual case as to whether the provision of personal data is required by law or under the contract or is necessary in order to conclude the contract, whether an obligation to provide the personal data exists and the consequences of failure to provide the personal data.
l) Existence of automated decision making including profiling in accordance with Article 22 I IV GDPR and at least in these cases, detailed information concerning the involved logic and the breadth and intended effects of such processing for the data subject (Article 13 Ii Letter f) GDPR)
As a responsible company, we do not carry out automated decision making or profiling.


 

2 Fulfilment of the information obligations in cases where the personal data was not gathered from the data subject (Article 14 I Letter a) GDPR)

A Name and contact data of the controller (Article 13 Letter a) GDPR)

Burkhard Drescher
Innovation City Management GmbH
Suedring Center Promenade
46242 Bottrop
Germany
Telephone +49 (0) 2041 70-5000
Fax +49 (0) 2041 70-55000
Email info@icm.de
Commercial register number 11233
VAT ID number DE279403692

B Contact details of the data protection officer (Article 13 Letter b) GDPR)

Mr Stefan Scheffler, lawyer at buttler Rechtsanwaltsgesellschaft mbH
Email info@icm.de

C Purposes for which personal data is intended to be processed, as well as the legal basis for the processing (Article 14 I Letter c) GDPR)

The purpose of the processing of personal data is the carrying out of all processed which concern the controller, customers, interested persons, business partners or other contractual or pre-contractual relationships between the named groups or statutory obligations of the controller.
Should the processing of personal data be necessary to fulfil a contract where the contracting party is the data subject, such as is the case for processing actions concerning the delivery of goods, the provision of other services or consideration, the processing is based on Article 6 Paragraph 1 Letter b) GDPR. The same applies to such processing actions which are necessary to carry out pre-contractual measures, such as in case of queries relating to our products or services. Should our company be subject to a legal obligation which makes the processing of personal data necessary, such as when fulfilling tax obligations, the processing is based on Article 6 I Letter c) GDPR
In rare cases, the processing of personal data may become necessary in order to protect vital interests of the data subject or another natural person. For example, this would be the case if a visitor to our company is injured and his or her name, age, health insurance company data or other essential information needs to be passed on to a doctor, hospital or other third parties. In such a case, the processing would be based on Article 6 I Letter d) GDPR.
Finally, processing actions can be based on Article 6 I Letter f) GDPR. Processing actions which are not covered by any of the above legal bases are based on this section, should the processing be necessary to safeguard a legitimate interest of our company or of a third party, provided that the interest, basic rights and basic freedoms of the data subject do not outweigh this. In particular, we are permitted to carry out such processing actions, as these have been specially mentioned by the European legislator. To this extent, it stated its opinion that a legitimate interest can be assumed if the data subject is a customer of the controller (reason for opinion 47 paragraph 2 GDPR).

D Categories of personal data which is processed (Article 14 I Letter d) GDPR)

Customer data
Data of interested persons
Employee data
Supplier data

E Categories of recipients of the personal data (Article 13 I Letter e) GDPR)

Public bodies
External bodies
Other external bodies
Internal processing
Processing inside the company
Processing
Other bodies

F Recipients in a third country and suitable or reasonable guarantees and how to receive a copy of these or where they are available (Article 13 I Letter f) GDPR, Article 46, I and II Letter c) GDPR)

In accordance with Article 46 I GDPR, the controller or an order processor may only transfer personal data to a third country if the controller or order processor has given suitable guarantees and the data subject has enforceable rights and effective legal remedies available to him or her. Suitable guarantees can be formed by means of standard data protection clauses, without separate approval of a supervisory authority being necessary in this respect, Article 46 II Letter c) GDPR.
Prior to the first transfer of personal data, the EU standard data protection clauses are agreed with all recipients in third countries. As a result, it is ensured that for all processing of personal data, suitable guarantees, enforceable rights and effective legal remedies are ensured, which are stated in the EU standard data protection clauses. Each data subject can obtain a copy of the standard data protection clauses from our data protection officer. In addition, the standard data protection clauses are available in the official journal of the European Union (ABI 2010 / L 39, pages 5-18).

G Duration for which the personal data is saved or, should this not be possible, the criteria for the determination of this period (Article 13 II Letter a) GDPR)

The criteria for the duration of the saving of personal data is the respective statutory retention period. Following the expiry of this period, the relevant data is routinely deleted, unless it remains necessary in order to fulfil or initiate a contract.

H Notification of the legitimate interests which are being pursued by the controller or a third party if the processing is based on Article 6 I Letter f) GDPR (Article 14 II Letter b) GDPR)

In accordance with Article 6 I Letter f) GDPR, processing is only lawful if this is necessary in order to safeguard the legitimate interests of the controller or a third party, unless the interests, basic rights and basic freedoms of the data subject which require the protection of personal data outweigh this. In accordance with reason for opinion 47 Sentence 2 GDPR, a legitimate reason can be present if a significant and reasonable relationship exists between the data subject and the controller, for example if the data subject is a customer of the controller. In all cases in which our company bases the processing of personal data on Article 6 I Letter f) GDPR, our legitimate interest is represented by the performance of our commercial activities in the interests of all of our employees, company and shareholders.

I Existence of the rights of information, transfer, rectification, deletion, restriction of the processing and the right to raise an objection to the processing, as well as the right of data portability (Article 13 II Letter b) GDPR)

All data subjects have the following rights:
a) Right of information
Each data subject has a right of information in relation to the personal data concerning him or her. The right of information extends to all data processed by us. The right can be claimed informally, free-of-charge and at reasonable intervals, so that all data subjects are always aware of the processing of their personal data and can check the lawfulness of this (reason for opinion 63 GDPR). This right originates from Article 15 GDPR. In order to exercise the right of information, the data subject can contact ourselves or our data protection officer informally. We will not charge you any costs for this.
b) Right of rectification
In accordance with Article 16 Sentence 1 GDPR, all data subjects have the right to request the immediate correction of the incorrect personal data relating to them, which takes place informally and free-of-charge. In addition, by means of Article 16 Paragraph 2 GDPR, it is ensured that the data subject has the right to request the completion of incomplete personal data, also by means of a supplementary declaration, taking the purposes of the processing into account. In order to exercise the right of rectification, a data subject can contact our data protection officer. We will not charge you any costs for this.
c) Right of deletion (right to be forgotten)
Otherwise, all data subjects have the right of deletion and to be forgotten in accordance with Article 17 GDPR. This right can be claimed by getting in touch with us informally. We will not charge you any costs in this respect. This right can also be claimed by getting in touch with our data protection officer directly. However, we wish to point out here that this right does not apply should the processing be necessary in order to fulfil a legal obligation to which our company is subject, Article 17 III Letter b) GDPR. This means that we cannot approve a deletion request until after the expiry of the statutory retention period.
d) Restriction of processing
In accordance with Article 18 GDPR, all data subjects have the right to have the processing restricted. Restriction of processing can be requested if one of the requirements set out in Article 18 I Letters a) to d) GDPR are met. The right to have the processing restricted can be claimed by getting in touch with us informally or making direct contact with our data protection officer. We will not charge you any costs for this.
e) Right of objection
In addition, Article 21 GDPR guarantees the right of objection. The right of objection can be claimed by getting in touch with us informally or by contacting our data protection officer directly. We will not charge you any costs for this.
f) Right of data portability
Article 20 GDPR grants the data subject the right of data portability. According to this regulation, providing that the requirements under Article 20 I Letter a) and Letter b) GDPR are met, the data subject has the right to receive the personal data relating to him or her which he or she has provided to the controller in a structured, up-to-date and machine readable format and to transfer this data to another controller without hindrance on the part of the controller to whom the data was provided. The data subject can exercise the right of data portability by getting in touch with us informally or by contacting our data protection officer directly. We will not charge you any costs for this.
j) Existence of the right to revoke the consent at any time without the lawfulness of the processing which took place with the consent of the data subject prior to the revocation being affected, should the processing be based on Article 6 I Letter a) GDPR or Article 9 II Letter a) GDPR (Article 13 II Letter c) GDPR)
Should processing of personal data be based on Article 6 I Letter a) GDPR, which is the case if the data subject has issued his or her consent to the processing of personal data relating to him or her for one or more specific purposes or should the processing be based on Article 9 II Letter a) GDPR which regulates the express consent to the processing of special categories of personal data, then in accordance with Article 7 III Sentence 1 GDPR, the data subject has the right to revoke his or her consent at any time.
By means of the revocation of the consent, the lawfulness of the processing which took place with the consent of the data subject prior to this time will not be affected, Article 7 III Sentence 2 GDPR. The revocation of the consent must be as easy as the issuing of the consent, Article 7 III Sentence 4 GDPR. Therefore, the revocation of the consent can always take place via the same channel as the issuing of the consent or in another manner which is considered easier by the data subject. In the information society of today, the easiest channel for the revocation of consent is a simple email. Should the data subject wish to revoke the consent which he or she has issued to us, a simple email to us or also directly to our data protection officer is sufficient here. Alternatively, a data subject can choose another means of communication to notify us of the revocation of the consent.
k) Right to complain to a supervisory authority (Article 13 II Letter d), 77 I GDPR)
As a controller, we are obliged to notify the data subject of his or her right to complain to a supervisory authority, Article 13 II Letter d) GDPR. The right to complain is regulated in Article 77 I GDPR. According to this regulation, each data subject has the right to complain to a supervisory authority in the member state of his or her place of residence, place of employment or the location of the alleged breach and regardless of other remedies under administrative laws or before a court, should the data subject be of the opinion that the processing of the personal data relating to him or her breaches the General Data Protection Regulation. A limit was then placed on the right to complain by the European legislator, stating that this can only be claimed in relation to one supervisory authority (reason for opinion 141 Sentence 1 GDPR).
This regulation is intended to prevent multiple prevents by the same data subject in the same matter. Should a data subject wish to complain about us, we would therefore kindly request that only one supervisory authority in the Federal Republic of Germany be contacted. For the German State of North Rhine Westphalia as an example, this is:
Landesbeauftragte fuer Datenschutz und Informationsfreiheit (State Data Protection and Freedom of Information Officer)
Nordrhein-Westfalen
Postfach 20 04 44
Duesseldorf
Telephone +49 (0) 211 38424-0
l) Source from which the personal data originates and whether this comes from publicly accessible sources (Article 14 II Letter f) GDPR)
As a rule, personal data is gathered from the data subject directly or in the course of co-operation with an authority (for example reading data from an official register). Other data relating to data subjects comes from transfers from group companies. Within the framework of this general information, notification of the exact sources from which the personal data originates is either impossible or gives rise to disproportionate expense in accordance with Article 14 V Letter b) GDPR. As a rule, we do not gather personal data from publicly accessible sources.
Each data subject can contact us informally or also get in touch with our data protection officer directly in order to receive more detailed information concerning the exact sources of the personal data relating to him or her. Should it not be possible to provide the data subject with precise information as to from where the personal data originates as various sources were used, the individual notification will be kept general (reason for opinion 46 Sentence 4 GDPR).
m) Existence of automated decision making including profiling in accordance with Article 22 I IV GDPR and at least in these cases, detailed information concerning the involved logic and the breadth and intended effects of such processing for the data subject (Article 13 Ii Letter f) GDPR)
As a responsible company, we do not carry out automated decision making or profiling.


3 Data recording on our website

A. Cookies

Internet sites (including ours) sometimes use so-called cookies. These do not cause any damage to your computer and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective and more secure. Cookies are small text files which are deposited on your computer and saved by your browser.
Most cookies used by us are so-called “session cookies”. These are automatically deleted after the end of your visit. Other cookies remain saved on your end device until you delete them. These cookies enable us to recognise your browser next time you visit.
You can set your browser in such a way that you are informed of the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the deletion of cookies when closing the browser. If cookies are de-activated, the functionality of this website may be restricted.
Cookies which are necessary for carrying out the electronic communication process or to provide certain functions requested by you (for example shopping basket function) are saved on the basis of Article 6 Paragraph 1 Letter f) GDPR. The website operator has a legitimate interest in the saving of cookies in order to provide its services in a technical manner which is error free and optimised. Should other cookies be saved (for example cookies which analyse your surfing behaviour), these are dealt with separately in this data protection declaration.

B. Server logfiles
The provider of the Internet sites automatically gathers and saves information in so-called server logfiles, which your browser automatically transmits to us. These are:
Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
This data is not combined with other data sources.
The basis for the data processing is Article 6 Paragraph 1 Letter f) GDPR, which permits the processing of data in order to fulfil a contract or carry out pre-contractual measures.

C. Contact formShould you send us enquiries via the contact form, we will save your information in the contact form, including the contact information provided therein for the purpose of processing your matter and in case of follow up queries. We do not pass this data on without your consent.
The processing of the data entered into the contact form therefore takes place exclusively on the basis of your consent (Article 6 Paragraph 1 Letter a) GDPR). You can revoke this consent at any time. In order to do so, an informal notification to us by email suffices. The lawfulness of data processing carried out prior to the issuing of the revocation remains unaffected.
The data entered by you in the contact form remains with us until you request its deletion, you revoke your consent to the saving or the purpose for the saving of the data no longer applies (for example completion of the processing of your enquiry). Once the above-mentioned purpose no longer applies, the data will be deleted by us. Mandatory statutory provisions, in particular retention periods, remain unaffected.

D. job application

Should you send us an application via the application form, you information from the application form, including the contact information provided by you and the attachments will be saved by us in order to process the application and in case of any follow up queries. We will not pass this data on without your consent.
The processing of the data entered in the application form (including the attachments) therefore takes place exclusively on the basis of your consent (Article 6 Paragraph 1 Letter a) GDPR). You can revoke this consent at any time. In order to do so, an informal notification to us by email suffices. The lawfulness of the data processing carried out prior to the issuing of the revocation remains unaffected.
The data entered in the application form (including the attachments) remains with us until you request its deletion, revoke your consent to the saving or the purpose of the saving of the data ceases to apply (for example once the processing of your application is complete). Once the purpose referred to above no longer applies, the data will be automatically deleted by us. Mandatory statutory provisions, in particular retention periods, remain unaffected.

4.) Analysis tools and advertising

A. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043 USA.
Google Analytics uses so-called “cookies”. These are text files which are saved on your computer and which enable an analysis of the use of the website by you. The information concerning your use of this website generated by the cookie is generally transferred to a server of Google in the USA and saved there.
The saving of Google Analytics cookies takes place on the basis of Article 6 Paragraph 1 Letter f) GDPR. The website operator has a legitimate interest in the analysis of the user behaviour, in order to optimise both its web service and its advertising.

B. IP anonymization
We have activated the IP anonymization function on this website. By means of this, your IP address is shortened by Google in Member States of the European Union or European Economic Area prior to being transferred to the USA. Only in exceptional cases is the full IP address transferred to the USA by Google and shortened there. On behalf of the operator of this website, Google will use this information in order to evaluate your use of the website, to compile reports concerning the website and to provide additional services for the website operator connected to the use of the website and the use of the Internet. The IP address transferred by your browser within the course of Google Analytics will not be combined with other data by Google.

C. Browser plugin
You can prevent the saving of the cookies by setting your browser software accordingly. However, we wish to point out that in such a case, you may not be able to fully use all functions of this website. You can also prevent the recording of the data generated by the cookie which relates to your use of the website (including your IP address) by downloading and installing the browser plugin which is available via the following link: https://tools/google.com/dlpage/gaoptout?hl=de

D. Objection to the recording of dataYou can prevent the recording of your data by Google Analytics by clicking on the following link. An opt out cookie will be set which prevents the recording of your data when you visit this website in the future.
More information concerning the handling of user data by Google Analytics can be found in the data protection declaration of Google: https://support.google.com/analytics/answer/6004245?hl=de

E. Google reCAPTCHAWe use “Google reCAPTCHA” (hereinafter referred to as reCAPTCHA) on our websites. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043 USA. The purpose of reCAPTCHA is to check whether the data entry on our websites (for example in a contact form) is carried out by a machine or by a person. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically, once the website visitor accesses the website. For the purpose of the analysis, reCAPTCHA evaluates various information (for example IP address, duration of the website visit or mouse movements carried out by the user). The data gathered during the analysis is passed on to Google.
The reCAPTCHA analysis takes place fully in the background. Website visitors are not informed that an analysis is taking place.
The data processing takes place on the basis of Article 6 Paragraph 1 Letter f) GDPR. The website operator has a legitimate interest in protecting its web services against abusive automated attacks and against spam.
Further information concerning Google reCAPTCHA and the data protection declaration of Google can be found via the following links: https://google.com/intl/de/policies/privacy and https://google.co,/recaptcha/intro/android.html

5. Newsletter/newsletter data

Should you wish to subscribe to the newsletter which is offered on the website, we require an email address from you, as well as information which enables us to check that you are the owner of the email address which has been provided and agree to the receipt of the newsletter. No additional data will be gathered or will only be obtained on a voluntary basis. We only use this data to send the requested information and we do not pass this on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively with your consent (Article 6 Paragraph 1 Letter a) GDPR). The consent to the saving of the data, the email address and the use of this to send the newsletter can be revoked by you at any time, for example via the “cancel subscription” link in the newsletter. The lawfulness of the data processing which took place prior to the revocation of the consent is not affected.
The data provided to us for the purpose of the newsletter subscription will be saved by us until you cancel the subscription and will then be deleted. Data which was saved by us for other purposes (for example email addresses for the members’ area) are not affected by this process.

6. Plugins and tools

A. Google Web Fonts

In order to display fonts in a standardised manner, this site uses so-called Web Fonts which are provided by Google. When accessing a site, you browser loads the required web fonts into the browser cache, in order to correctly display text and fonts.

For this purpose, the browser used by you needs to establish a connection to the servers of Google. By means of this, Google is informed that you accessed our website from your IP address. The use of Google Web Fonts takes place in the interest of a standardised and attractive display of our online services. This represents a legitimate interest under Article 6 Paragraph 1 Letter f) GDPR.

Should your browser not support Web Fonts, your computer will use a standard font.

Further information concerning Web Fonts can be found at https://developers.google.com/fonts/faq and in the data protection declaration of Google: https://google.com/policies/privacy

B. Google Maps

This website uses an API of the map service Google Maps. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043 USA. In order to use the functions of Google Maps, it is necessary to save your IP address. This information is generally transferred to a server of Google in the USA and saved there. The provider of this site has no influence over this data transfer.
The use of Google Maps takes place in the interest of an attractive display of our online services and in order to make the locations described on the website easily accessible. This represents a legitimate interest under Article 6 Paragraph 1 Letter f) GDPR.
Further information concerning the handling of user data can be found in the data protection declaration of Google: https://google.com/policies/privacy

7.)

A. Definitions

This data protection declaration is based on the definitions which were used by the European issuer of directives and regulations when drawing up the GDPR. It is intended that our data protection declaration be easily readable and understandable both for the public and for our customers and business partners. In order to ensure this, we first wish to explain the terms which are used.
We use the following terms amongst others on our website:

B. Personal data

Personal data is all information which relates to an identified or identifiable natural person (hereinafter data subject). A natural person is considered to be identifiable if he or she can be identified directly or indirectly, in particular by means of allocation to a label such as a name, number, location data, online profile or one or more special characteristics which express the physical, physiological, genetic, psychiatric, economic, cultural or social identity of this natural person.

C. Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the body which is responsible for the processing.t

D. Processing

Processing is any procedure or group of procedures carried out with or without the assistance of automated processes in connection with personal data, such as gathering, recording, organisation, filing, saving, adjustment or alteration, reading, retrieval, use, disclosure by transfer, distribution or other form of provision, comparison or connection, restriction, deletion or destruction.

E. Restriction of processing

Restriction of processing is the marking of saved personal data with the intention of restricting its processing in the future.

F. Profiling

Profiling is any type of automated processing of personal data where the data is used in order to evaluate certain personal aspects which relate to a natural person, in particular in order to analyse or forecast aspects in relation to work performance, economic position, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.

G. Pseudomymisation

Pseudomymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without consulting additional information, should this additional information be stored separately and subject to technical and organisational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

H. Body responsible for the processing

A controller or body responsible for the processing is the natural or legal person, authority, institution or other body which takes decisions alone or with other concerning the purposes and means of the processing of personal data. Should the purposes and means of this processing under EU law or the laws of the Member States, the controller and the specified criteria of its appointment can be determined under EU law or the laws of the Member States.

I. Order processor

An order processor is a natural or legal person, authority, institution or other body which processes personal data on behalf of the controller.

J. Recipient

A recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether this is a third party or not. Authorities which may receive personal data in the course of a specific investigation order under EU law or the laws of the Member States are not however considered to be recipients.

K. Third Party

A third party is a natural or legal person, authority, institution or other body apart from the data subject, the controller, the order processor and the persons who are authorised under the direct responsibility of the controller or order processor to process the personal data.

L. Consent

Consent is any declaration of intent issued by the data subject voluntarily and in an informed manner without any misunderstanding for the concrete case in the form of a statement or other clear action of a confirming nature where the data subject states that he or she agrees to the processing of the personal data relating to him or her.

M. Cookies

The Internet sites of the Deutsche Gesellschaft fuer Datenschutz use cookies. Cookies are text files which are deposited on a computer system via an Internet browser and saved.