Privacy

Home | Privacy

1. Data Protection at a Glance

The protection of your personal data is of the utmost importance to us. We treat your personal data confidentially and in accordance with the applicable data protection legislation as well as this privacy policy. Our use of personal data is governed by these provisions and complies with the EU General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”), the German Digital Services Act (“DDG”) and the German Telecommunications and Digital Services Data Protection Act (“TDDDG”). We have implemented technical and organisational measures to ensure that data protection regulations are observed both by us and by our external service providers.

The following information provides an overview of what happens to your personal data when you visit our website, including the application portal (“Jobs”) and our blog.

Who is responsible for data processing?

The controller responsible for the collection, processing and use of your personal data within the meaning of the GDPR and the BDSG is: Peak Ace AG, Leuschnerdamm 13, 10999 Berlin. Further contact details can be found in the legal notice on this website.

What is personal data?

Personal data is any data that can be used to identify you personally. This includes, for example, your name as provided in the application form, your postal address, your email address, as well as the IP address used by you to access the website.

How do we collect your data?

We collect your data in part when you provide it to us directly – for example, via a contact or application form. Other data is collected automatically by our IT systems when you visit the website. This relates to technical data (e.g. IP address, browser used, date and time of the page request).

For what purposes do we process your data?

We collect your data in part to ensure the error-free provision and operational security of our website. We also need to process your data in order to handle and respond to your enquiries or applications.

For the analysis and optimisation of our website, we additionally use statistical or pseudonymised data that cannot be traced back to you – for example, via cookies. You may object to the use of the tools employed for this purpose through the consent management tool we have implemented.

General information on the legal bases for data processing on this website

Where you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, insofar as special categories of data within the meaning of Art. 9(1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is additionally carried out on the basis of Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies, data processing is additionally based on Section 25(1) TDDDG. Consent may be revoked at any time – with effect for the future. Where your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, we process your data where this is necessary for compliance with a legal obligation, on the basis of Art. 6(1)(c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. The relevant legal bases applicable in each individual case are set out in the following sections of this privacy policy.

Note on data transfers to the USA and other third countries

We use, among other things, tools provided by companies based in the USA or other third countries that are not deemed to offer an adequate level of data protection. When these tools are active, your personal data may be transferred to and processed in such third countries. We wish to point out that, in these countries, a level of data protection comparable to that of the EU cannot generally be guaranteed. For example, US companies are obliged to disclose personal data to security authorities without the data subject being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, analyse and permanently store your data held on US servers for surveillance purposes. We have no influence over these processing activities.

Storage duration and routine deletion

Unless a specific storage period is stated below, we process and store your personal data only for as long as is necessary to fulfil the respective purpose. Data is stored beyond this point only where longer statutory retention periods (e.g. retention periods under tax or commercial law) apply.

Once the purpose of storage ceases to apply or the aforementioned statutory retention period expires, personal data is routinely deleted.

2. Log Files

When you visit our website, our web servers temporarily collect and store technical information (known as log files) that your browser transmits to us: the IP address, the date and time of the visit, the client’s file request (file name, size and URL), the HTTP status code, the website from which you are visiting us (referrer) and the browser type used. The data collected is used for data security purposes – in particular to defend against attempted attacks and to maintain operational stability – as well as for statistical analysis. The data is deleted or anonymised after no more than 30 days. In the case of anonymisation, IP addresses are modified in such a way that the data can no longer be attributed – or only with a disproportionate expenditure of time, cost and effort – to a specific or identifiable natural person. Log files are neither used to create individual user profiles nor disclosed to third parties.

The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR and Section 25(2)(2) TDDDG.

3. Cookies

Our website uses so-called cookies. Cookies are small text files that are stored on your device and saved by your browser. The use of cookies serves to make our website more user-friendly and secure. Cookies do not cause any damage to your device and do not contain viruses.

Most of the cookies we use are so-called “session cookies”. These enable us, for example, to store individual settings and certain actions for the duration of your visit to our website. They are automatically deleted at the end of the session during which you accessed our website. A session ends when you close the browser with which you accessed our website on your device. Other cookies remain stored on your device until you delete them (“persistent cookies”). These cookies enable us, for example, to recognise your browser or a language preference on your next visit.

Cookies may originate from us (so-called first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third-party companies within websites.

Cookies serve various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the language selection feature). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are required for carrying out the electronic communication process, for providing certain functions you have requested (e.g. for the language selection feature, for the function to consent to or object to the use of cookies) or for optimising the website (e.g. cookies for measuring web audiences) (necessary cookies) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimised provision of its services. Where consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out on the basis of that consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be revoked at any time – with effect for the future.

Consent is obtained via our consent management tool. Here, you have the option of consenting to or declining the use of cookies when visiting our website. The consent management tool also enables you to find out about the cookies in use at any time and to adjust your decision retrospectively. Cookies that are required for the provision of the web service cannot be declined.

In addition, you can configure your browser so that you are informed about the setting of cookies and can allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated entirely, the functionality of this website may be limited.

Details of which cookies and services are used on this website can be found in this privacy policy and in the consent management tool.

4. Contact Form

If you send us an enquiry via the contact form on our website, the contact details you provide (name, email address, telephone number) and the content of your enquiry are processed and stored for the purpose of handling your enquiry and any follow-up questions.

The processing of data entered via the contact form is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time – with effect for the future.

We store your data until you request its deletion, you revoke your consent to storage, or the purpose for data storage ceases to apply (e.g. after your enquiry has been fully dealt with). Mandatory statutory retention periods remain unaffected.

For any communication conducted by email, telephone and/or fax following your enquiry via our contact form, the information set out in Section 5 below applies.

5. Enquiries by Email, Telephone or Fax

If you contact us by email, telephone or fax, your enquiry – including all personal data arising from it (name, email address, telephone number, fax number, the enquiry itself and all other communication content) – is stored and processed by us for the purpose of handling your request.

The processing of this data is based on Art. 6(1)(b) GDPR, insofar as your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures; in the case of contracts or pre-contractual dealings with legal entities, Art. 6(1)(f) GDPR also applies, our legitimate interest being communication with the relevant contractual contacts. In all other cases, processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6(1)(f) GDPR).

Contact and contractual data may, where applicable, be disclosed to further service providers, business partners and public authorities, insofar as this is necessary for the performance of a contract or commission or for handling a request.

The data you send to us via contact enquiries remains with us until you request its deletion, you revoke your consent to storage, or the purpose for data storage ceases to apply (e.g. after your request has been fully dealt with). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

6. Blog (Peak Ace Latest)

If you wish to publish a comment on our blog, which is integrated into the website, you register on our blog by providing your contact details (name, email address and, where applicable, website) and publish your comment on a blog post. When the comment is published, only the name you have provided, the date and time of the comment and its content are displayed on the blog. We process your data solely for the purpose of publishing your comment.

The processing of data entered via the contact form is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time.

We store your data until you request its deletion, you revoke your consent to storage, or the purpose for data storage ceases to apply.

7. Newsletter

If you wish to be informed about current developments (e.g. career opportunities at Peak Ace and general industry developments and news) via one of our regular newsletters and to be added to the corresponding mailing list, we require an email address and a name for addressing you. In addition, log files as well as the opening and reading times of the newsletter are recorded, and – for the purpose of consent management for inclusion in our newsletter mailing lists – the times of the respective subscription and unsubscription. Where applicable, further pseudonymised identifiers such as external IDs or hashed email addresses may also be processed. No further data is collected, or only on a voluntary basis (in the “Jobs” section, for example, information about which job area you are interested in). We use this data exclusively for sending the requested information. We also review the reach and success of the newsletter through anonymous or pseudonymised analyses.

To verify your email address for the dispatch of newsletters, we use the so-called double opt-in procedure – i.e. we only send you a newsletter by email once you have expressly confirmed that we should activate the newsletter service. You will then receive a notification email asking you to confirm, by clicking on a link contained in that email, that you wish to receive our newsletter.

The processing of data provided during newsletter registration is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). By subscribing to our newsletter, you also consent to the transfer of data to our service provider. The legal basis in this regard is likewise Art. 6(1)(a) GDPR – your consent.

For the dispatch and analysis of our newsletters, we use the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin (“Brevo”) as a data processor. Brevo’s privacy policy is available at: https://www.brevo.com/de/legal/privacypolicy/.

The consent granted for the storage of data, the email address, its transfer to Brevo and its use for dispatching the newsletter may be revoked at any time with effect for the future – for example, via the “unsubscribe” link in the newsletter or by submitting a corresponding revocation. Data stored by us for the purpose of newsletter dispatch is deleted by us after you unsubscribe from the newsletter. We reserve the right to delete or block email addresses from our newsletter mailing list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Data stored by us for other purposes remains unaffected. After you unsubscribe from the newsletter mailing list, your email address may be stored by us or the newsletter service provider on a blocklist, insofar as this is necessary to prevent future mailings. The data from the blocklist is used solely for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage on the blocklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest.

You provide your email address and name yourself when subscribing to the newsletter; the additional data for analysis is automatically made available by the browser of the device used. Brevo will delete the data no later than two years after unsubscription from our newsletter.

The provision of data is required for receiving our newsletter. Without the provision of data, newsletters cannot be sent or delivered. Revocation of consent for future processing of your personal data in connection with our newsletter mailing lists is possible at any time.

8. Online Applications

If you apply to us via our online application form, we collect the following applicant data: first and last name, email address, telephone number, details of the position applied for and communication details, date and time as well as technical metadata of the communication, application documents (including CV, references) and any further personal information you provide voluntarily. You may also request that we include your application data in an applicant pool so that your application can be considered for future positions.

The processing of data provided during the online application is based on Section 26 BDSG in conjunction with Art. 6(1)(b) GDPR (an employment relationship or the decision on the establishment of an employment relationship) and Art. 88 GDPR. Where we additionally include you in our applicant pool, this is done on the basis of your consent (Art. 6(1)(a) GDPR). Processing is carried out exclusively for the purpose of handling your application and – where requested – for inclusion in our applicant pool.

Applicant data is forwarded internally to the employees entrusted with the decision. We also engage service providers on the basis of a data processing agreement as processors for the provision of services, in particular the service provider Personio SE & Co. KG, Seidlstraße 3, 80335 Munich (“Personio”).

Your application data is deleted no later than six months after the conclusion of the application process. This does not apply where statutory retention periods preclude deletion, where further storage is necessary for the purpose of providing evidence, or where you have expressly consented to longer storage. In the case of a requested inclusion in our applicant pool, your data is deleted when you withdraw your consent or after two years at the latest.

In your own interest, we would ask you not to send us your application (including speculative applications) by email, but to use our online application form exclusively. The reason for this is that your data is best protected against unauthorised access and manipulation via our encrypted online form.

The provision of personal data is essential for the assessment of the application and, where applicable, the subsequent conclusion of an employment contract. Personal data that is not required is marked as voluntary, and applications can also be submitted without providing the data marked as voluntary. Without the submission of the necessary personal data, an application cannot be considered. If you do not consent to the inclusion of your application data in our applicant pool, this will not result in any disadvantage in future application processes.

9. Cookie Consent Management and Web Analytics Tools

Borlabs Consent Management Platform

To obtain consent for the storage of certain cookies, we use the consent management tool Borlabs Cookies. This is software that enables the differentiated collection, revocation and adjustment of data protection consent from users. The provider of the consent management tool Borlabs Cookies is Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg (“Borlabs”).

Within the scope of a data processing relationship, the personal consent data used to document consents or revocations of such consents is processed by Borlabs as our data processor. Consent data comprises the following: date and time of the visit or consent/revocation of consent, device information. This information is stored by means of a technically necessary cookie on the device used to access our website.

Data processing is carried out for the purpose of complying with legal obligations pursuant to Art. 6(1)(c) GDPR and Section 25(2)(2) TDDDG.

Google AdSense

We use the online advertising service Google AdSense, through which advertisements tailored to your interests may be presented to you. Our aim is to display advertising that may be of interest to you, in order to make our website more engaging for you. For this purpose, statistical information about you is collected and processed by our advertising partners. These advertisements are identifiable by the notice “Google Ads” in the respective advertisement.

When you visit our website, Google receives the information that you have accessed our website. For this purpose, Google uses a web beacon to set a cookie on your device. Your data is transferred to the USA and analysed there. If you are logged into your Google account, your data can be directly associated with it. If you do not wish your data to be associated with your Google profile, you must log out. It is possible that this data may be passed on to Google’s contractual partners, third parties and public authorities. The legal basis for the processing of your data is Art. 6(1)(a) GDPR. This website has also enabled third-party Google AdSense advertisements. The aforementioned data may be transferred to these third-party providers (listed at https://support.google.com/admanager/answer/94149).

You can prevent the storage of cookies by adjusting your browser settings accordingly; however, please note that in this case you may not be able to use all the functions of this website to their full extent. You can also deactivate interest-based advertisements on Google via the following link: www.google.de/ads/preferences

Please note that this setting is deleted when you clear your cookies. You can also permanently deactivate interest-based advertising in the Firefox, Chrome and Internet Explorer browsers by downloading and installing the browser plug-in available at the following link: www.google.com/settings/ads/plugin

The provider, Google, is headquartered in the USA (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Processing of personal data may therefore also take place in a third country (a country outside the European Union or the contracting states of the Agreement on the European Economic Area). Google undertakes to enter into EU Standard Contractual Clauses within the meaning of Art. 46 GDPR. By virtue of this contractual framework, recipients in third countries are also obliged to maintain a standard of data protection that is essentially equivalent to the European standard. Please note, however, that actual compliance with the requirements arising from the EU Standard Contractual Clauses cannot be guaranteed in every case (e.g. due to governmental access to data in the recipient country).

Privacy terms for advertising: www.google.de/intl/de/policies/technologies/ads

Google Analytics 4

This website uses features of the web analytics service Google Analytics 4 for the purpose of measuring activity and improving our offering. The analysis helps us understand which features of our websites you find useful and to create a more relevant experience for you. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies (see Section 3).

With Google Analytics 4, IP address anonymisation is enabled by default. Due to IP anonymisation, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

Google uses the information generated by this process on our behalf to evaluate the use of the website, to compile reports on website activity and to provide us with further services associated with website and internet usage. This enables us to improve the quality of our website and its content. On the basis of statistical analyses, we learn how the website is used and can thus continuously optimise our offering. Google Analytics 4 uses cookies (first-party cookies) that enable an analysis of your use of the website. This does not, however, mean that we thereby obtain direct knowledge of your identity.

We use the Google Analytics 4 cross-domain tracking feature to recognise visitors across different websites and thus achieve a particularly comprehensive analysis of user behaviour. This feature enables first-party cookies to be recognised on a second domain when the domain changes. These first-party cookies are only visible from the domain currently being visited.

The following personal data is collected:

Time information (e.g. event time)
Page information (e.g. page type)
Browser information (e.g. browser version)
Device information (e.g. advertising ID)
Personal data (e.g. IP address)
Cookie data (e.g. session ID)
Advertising identifiers (e.g. gclid or fbclid)
Behavioural data (e.g. browsing behaviour)
Results (e.g. A/B test information)
Location information (e.g. city)

The legal bases are your consent pursuant to Art. 6(1)(a) and Art. 49(1)(a) GDPR (third-country transfer) or – insofar as the anonymised use of (aggregated) analytical data is concerned – our legitimate interest pursuant to Art. 6(1)(f) GDPR and Section 25(1) TDDDG. Our legitimate interests lie in particular in being able to provide you with a technically optimised, user-friendly and needs-based website and in ensuring the security of our systems.

Place of processing: United States of America and Ireland/European Union.

When collecting measurement data in Analytics 4, all IP lookups are performed on EU-based servers before traffic is forwarded to Analytics servers for processing.

Note: In principle, we have provided adequate safeguards pursuant to Art. 46 GDPR (EU Standard Contractual Clauses) for data transfers; however, personal data may be transferred to a third country that does not meet EU data protection standards. In particular, there is a risk that your data may be processed by authorities for control or surveillance purposes (potentially without effective remedies). Furthermore, it cannot be guaranteed that your data subject rights can be fully enforced and that supervisory authorities in the USA will provide appropriate redress. The information generated by the cookies used by Google Analytics about your use of our services is generally transmitted to and stored on servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Where IP anonymisation is activated on this website, your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. This anonymisation of the IP address adequately takes into account the interest of our users in the protection of their personal data. Only in exceptional cases is the full IP address transmitted to Google LLC servers in the USA and truncated there. Google LLC is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023. In addition, the EU Standard Contractual Clauses, which constitute appropriate safeguards of the data processor pursuant to Commission Decision 2021/914 of 4 June 2021, form part of our data processing agreement with Google.

Retention period: Your personal data must be deleted once it is no longer required for the stated processing purposes. This occurs after 14 months.

The terms of use for Google Analytics can be viewed at any time at http://www.google.com/analytics/terms/de.html; further information on data protection is provided by Google Analytics at http://www.google.com/intl/de/analytics/learn/privacy.html and in the privacy policy at http://www.google.de/intl/de/policies/privacy.

Click here to revoke consent across all domains of the processing company: https://safety.google/privacy/privacy-controls/

Alternatively, you can prevent Google Analytics 4 from collecting data about you on this website by clicking on this link: https://tools.google.com/dlpage/gaoptout/. By clicking on the above link, you download an “opt-out cookie”. Your browser must therefore generally allow the storage of cookies. If you regularly delete your cookies, you will need to click the link again each time you visit this website.

Google Analytics Remarketing

Our websites use the features of Google Analytics Remarketing in conjunction with the cross-device features of Google Ads. The provider of these services is Google.

This feature enables the advertising audiences created with Google Analytics Remarketing to be linked with the cross-device features of Google Ads. In this way, interest-based, personalised advertising messages that have been adapted to you based on your previous usage and browsing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have granted the appropriate consent, Google links your web and app browsing history with your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every device on which you log in with your Google account.

To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked with our Google Analytics data to define and create audiences for cross-device advertising.

We have no influence over the actual scope and further use of the data collected through the use of this technology by Google and therefore inform you accordingly based on our knowledge. According to Google, data collected within the scope of remarketing is not merged with your personal data that may be stored by Google. In particular, Google states that pseudonymisation of personal data takes place when using Google Ads remarketing technology. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered with Google or have not logged in, we cannot rule out that your IP address may be obtained and stored. You can prevent participation in this tracking procedure by deactivating cookies for conversion tracking – for example, by configuring your browser to block cookies from the domain “www.googleadservices.com” (the relevant settings can be made at https://www.google.de/settings/ads, although we note that these settings are stored in the form of cookies and are therefore deleted when you clear your cookies), or by deactivating interest-based advertisements via the link http://www.aboutads.info/choices (this setting is also deleted when you clear your cookies). Alternatively, permanent deactivation can be carried out in the Firefox, Internet Explorer or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin. Please note, however, that in this case you may not be able to use all the functions of our services to their full extent.

The aggregation of collected data in your Google account is carried out exclusively on the basis of your consent, which you can give or revoke at Google (Art. 6(1)(a) GDPR). For anonymised data collection processes that are not aggregated in your Google account (e.g. because you do not have a Google account or have objected to the aggregation), the collection of data is based on Art. 6(1)(f) GDPR and Section 25(1) TDDDG. The legitimate interest arises from the fact that the website operator has an interest in the anonymised analysis of website visitors for advertising purposes.

The data collected in this way is generally also transmitted to and stored on servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google LLC is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023. In addition, the EU Standard Contractual Clauses, which constitute appropriate safeguards of the data processor pursuant to Commission Decision 2021/914 of 4 June 2021, form part of our data processing agreement with Google.

Further information on Google’s remarketing technology is available at https://support.google.com/adwords/answer/2453998?hl=de; information on data protection at Google can also be found at https://www.google.de/intl/de/policies/privacy.

Further information and the privacy terms can be found in Google’s privacy policies at https://www.google.com/policies/technologies/ads/ and https://www.google.de/intl/de/policies/privacy.

Google Ads and Google Conversion Tracking

We use the online advertising programme “Google Ads” on our website and, within this framework, conversion tracking (visitor action analysis). Google Conversion Tracking is an analytics service offered by Google. When you click on an advertisement placed by Google, a cookie for conversion tracking is placed on your device. These cookies have a limited validity (30 days), do not contain personal data and are therefore not used for personal identification. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you clicked on the advertisement and were redirected to that page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked across the websites of Ads customers.

The information obtained with the aid of the conversion cookie is used for the purpose of compiling conversion statistics. In this context, we learn the total number of users who clicked on one of our advertisements and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that could be used to personally identify users.

Processing is carried out on the basis of Art. 6(1)(f) GDPR, based on the legitimate interest in analysing user behaviour in order to optimise the web offering and the effectiveness of advertising.

You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation. To do so, you can prevent the storage of cookies by selecting the appropriate technical settings in your browser software. Please note, however, that in this case you may not be able to use all the functions of this website to their full extent. You will then not be included in the conversion tracking statistics.

Furthermore, you can deactivate personalised advertising in the advertising settings on Google. Instructions for this can be found at https://support.google.com/ads/answer/2662922?hl=de. In addition, you can deactivate the use of cookies by third-party providers by visiting the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices/ and implementing the further opt-out information provided there.

To prevent tracking by Ads, you can alternatively set an opt-out cookie. Opt-out cookies then prevent the future collection of your data when visiting this website. You must carry out the opt-out on all systems and devices you use for this to be fully effective.

Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/.

Google Tag Manager

We use the Google Tag Manager tool on our website. Google Tag Manager is a service provided by Google that enables marketers to manage website tags via an interface.

Google Tag Manager merely implements tags. Tags are small code elements on the website that serve, among other things, to measure traffic and visitor behaviour, to capture the impact of online advertising and social channels, to deploy remarketing and audience targeting, and to test and optimise the website.

This means: no additional cookies are set; no personal data is collected. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been carried out at domain or cookie level – in particular if you have chosen the objection solution described above for Google Analytics or have made the appropriate settings in your browser – this remains in effect for all tracking tags, insofar as these are implemented with Google Tag Manager.

Further information on data protection at Google can be found at: https://policies.google.com/privacy?hl=de&gl=de. Further information on the privacy terms for advertising can be found at: https://policies.google.com/technologies/ads?hl=de.

Matomo

This website uses the open-source web analytics service Matomo.

With the aid of Matomo, we are able to collect and analyse data on the use of our website by website visitors. This enables us to determine, among other things, when page views were made and from which region they originate. In particular, we can use so-called heatmaps provided by Matomo to display those areas of our services where the greatest (or indeed the least) activity is detected, in order to analyse the use of our services so that we can further improve them and adapt them to the needs of users. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors carry out certain actions (e.g. clicks, purchases, etc.).

The use of this analytics tool without the use of cookies is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising. Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time with effect for the future.

Cookies have a maximum storage duration of 13 months. Where Matomo is also used without cookies, the recognition of returning users is based on a so-called “digital fingerprint”, which is stored in anonymised form and changed every 24 hours. According to the information provided to us, it is not possible to draw conclusions about the identity of individual users. When analysing with Matomo, we also use IP anonymisation. In this process, your IP address is truncated before analysis so that it can no longer be clearly attributed to you.

Further information on data protection at Matomo is available at: https://matomo.org/privacy/.

Microsoft Advertising

We use Microsoft Advertising on this website. Microsoft Advertising is an online advertising programme of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider for users in the European Economic Area is Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) (“Microsoft”).

Microsoft Advertising enables us to display advertisements in the Bing search engine or on third-party websites when the user enters certain search terms on Bing (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data held by Microsoft (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively – for example, by analysing which search terms led to the display of our advertisements and how many advertisements resulted in corresponding clicks.

We use Universal Event Tracking (UET) from Microsoft Advertising on this website. Pseudonymised data is collected to track the actions you carry out on our websites after clicking on an advertisement on Microsoft Advertising. UET collects your IP address (anonymised), device identifiers, information about device and browser settings, Microsoft Click ID (stored in a cookie), time spent on the website, page sections accessed, the advertisement through which you reached the website, and keywords clicked.

The use of this service is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Consent may be revoked at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found at https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

We have concluded a data processing agreement with Microsoft pursuant to Art. 28 GDPR for the use of the above-mentioned service. Furthermore, Microsoft is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023.

Further information on how Microsoft collects and uses your data can be found in the Microsoft privacy statement at https://www.microsoft.com/de-de/privacy/privacystatement.

Microsoft Clarity

We use the analytics tool “Microsoft Clarity” from Microsoft on this website.

Data processing serves the purpose of the needs-based design, optimisation and analysis of our website. The tool records the movements of website visitors on the website on a sample basis. This produces a log of mouse movements, scrolling behaviour, time spent and clicks on the website (so-called heatmap).

For this purpose, cookies or comparable technologies are used. The following information may be collected, among other things: IP address, time of access, click path, information about the device you are using (device type, screen size and resolution, unique device identifier, operating system), information about the browser you are using (browser type and version), location data, preferred language for displaying the website, sub-pages visited, time spent, content viewed, requested website or file.

Pseudonymised user profiles are created from this data. The data is not used to personally identify the website visitor and is not merged with personal data of the pseudonym holder. Microsoft is contractually prohibited from selling the collected data to other third parties.

The use of cookies or comparable technologies is based on your consent pursuant to Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is based on your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to the revocation.

Your data may be transferred to the USA. Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found at https://learn.microsoft.com/de-de/compliance/regulatory/offering-eu-model-clauses.

Detailed information on the cookies used and their function can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-cookies. Information on the retention period of the collected data can be found at https://learn.microsoft.com/en-us/clarity/setup-and-installation/data-retention.

Further information on data protection when using Microsoft Clarity can be found at https://learn.microsoft.com/en-us/clarity/faq#privacy, https://learn.microsoft.com/en-us/clarity/setup-and-installation/clarity-data and https://clarity.microsoft.com/terms.

Further information on how Microsoft collects and uses your data can be found in the Microsoft privacy statement at https://www.microsoft.com/de-de/privacy/privacystatement.

10. Tools and Plug-ins

Facebook Plug-ins (Like Button) and Pixel

Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” button whilst logged into your Facebook account, you can link the content of this website to your Facebook profile.

This enables Facebook to associate the visit to this website with your user account. We wish to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook. Further information can be found in Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.

Where you have granted Facebook the appropriate consent, we also use the Facebook Pixel on our websites to optimise our advertising offering.

If you have a Facebook user account, the Facebook Pixel on our website can recognise this by means of the cookie set by Facebook. Via the cookie, the collected usage data is transmitted to Facebook for analysis and marketing purposes. You can review and/or deactivate this data collection and further processing and use by Facebook directly with Facebook. The Facebook Pixel is a JavaScript code that transmits the following data to Facebook:

HTTP header information (including IP address, information about the web browser, page storage location, document, website URL and user agent of the web browser, referrer URL, and date and time of use)
Pixel-specific data, including the Pixel ID and Facebook cookie data, including your Facebook ID (this data is used to link events to a specific Facebook advertising account and to attribute them to a Facebook user)
Information about the visit to the website, e.g. access to certain information

If you wish to object to the use of the Facebook Pixel, you can set an opt-out cookie on Facebook or deactivate JavaScript in your browser. Further information and the settings options for the protection of your privacy for advertising purposes can be found in Facebook’s privacy policies, which are available at https://www.facebook.com/privacy/policy/?locale=de_DE, among other locations.

Where consent has been obtained, the use of the above-mentioned services is based on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be revoked at any time. Where no consent has been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility on social media.

Insofar as personal data is collected on our website with the aid of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after the transfer does not form part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data-protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g. requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php.

If you do not wish Facebook to be able to associate the visit to our pages with your Facebook user account, please log out of your Facebook user account.

Instagram

Features of the Instagram service are integrated on this website. These features are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram thereby receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to associate the visit to this website with your user account. We wish to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.

Where consent has been obtained, the use of the above-mentioned service is based on Art. 6(1)(a) GDPR and Section 25 TDDDG. Consent may be revoked at any time. Where no consent has been obtained, the use of the service is based on our legitimate interest in achieving the widest possible visibility on social media.

Insofar as personal data is collected on our website with the aid of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook or Instagram. The processing carried out by Facebook or Instagram after the transfer does not form part of the joint responsibility.

The obligations incumbent upon us jointly have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the data-protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook and Instagram products. Data subject rights (e.g. requests for information) regarding data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram’s privacy policy: https://instagram.com/about/legal/privacy/.

X (formerly Twitter)

Features of the X (formerly Twitter) service are integrated on this website. These features are provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”).

When the social media element is active, a direct connection is established between your device and the X server. X thereby receives information about your visit to this website. By using X and the “Re-Tweet” function, the websites you visit are linked to your X account and made known to other users. We wish to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by X. Further information can be found in X’s privacy policy at: https://x.com/de/privacy.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

Your privacy settings on X can be changed in the account settings at https://twitter.com/account/settings.

Features of the LinkedIn network are used on this website, provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag enables the collection of data about your website visit – i.e. URL, referrer URL, IP address, device and browser properties, timestamp and page views. This data is encrypted and anonymised within seven days. The anonymised data is deleted within 90 days.

LinkedIn does not share personal data with us but only provides us, as the website provider, with aggregated reports on the audience and the advertising performance of the website.

LinkedIn also enables retargeting for website visitors, so that the website provider can display targeted advertising outside its website without the website visitor being identified.

Data processing serves the purpose of analysing website visits and campaign results in order to improve our offering and provide you with interesting information.

The legal basis for the processing of personal data – insofar as this is carried out in an (aggregated) anonymised manner – is Art. 6(1)(f) GDPR. Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time with effect for the future.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. Further information on data protection at LinkedIn can be found in LinkedIn’s privacy policy: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Mouseflow

This website uses Mouseflow, a web analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark (“Mouseflow”). Data processing serves the purpose of analysing this website and its visitors. For this purpose, data is collected and stored for marketing and optimisation purposes. Pseudonymised usage profiles can be created from this data. Cookies may be used for this purpose. With the Mouseflow web analytics tool, randomly selected individual visits (with anonymised IP address only) are recorded. This produces a log of mouse movements and clicks with the intention of playing back individual website visits on a sample basis and deriving potential improvements for the website. The data collected with Mouseflow is not used to personally identify the visitor to this website without the separately granted consent of the data subject, and is not merged with personal data about the pseudonym holder.

Processing is carried out on the basis of Art. 6(1)(f) GDPR, based on the legitimate interest in direct customer communication and in the needs-based design of the website. You have the right to object at any time, on grounds relating to your particular situation, to this processing of your personal data based on Art. 6(1)(f) GDPR. To do so, you can deactivate recording on all websites that use Mouseflow globally for your current browser via the following link: https://mouseflow.de/opt-out/.

Further information on Mouseflow’s privacy policy can be found here: https://mouseflow.com/privacy/ and on Mouseflow and the GDPR here: https://mouseflow.com/gdpr/.

Vimeo

We embed videos from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011, on our website.

When you visit the website, Vimeo receives the information that you have accessed the corresponding sub-page of our website. Log files are also transmitted. This occurs regardless of whether Vimeo provides a user account through which you are logged in or whether no user account exists. If you are logged into Vimeo, your data is directly associated with your account. You can prevent this association by logging out of your Vimeo user account before using our website and deleting the corresponding Vimeo cookies. Vimeo stores your data as usage profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. Such analysis is carried out in particular (even for users who are not logged in) for the purpose of providing needs-based advertising and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right, you must contact Vimeo directly.

The legal basis for data processing is our legitimate interest in the analysis, optimisation and economical operation of our online offering (Art. 6(1)(f) GDPR).

Further information on the purpose and scope of data collection and its processing by Vimeo can be found in the privacy policy. There you will also find further information on your rights and settings options for the protection of your privacy: https://vimeo.com/privacy. Vimeo also processes your personal data in the USA.

YouTube

Our website uses plug-ins from the YouTube video portal operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (e.g. iframes in the “Blog” section of our website). When you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers is established. The YouTube server is thereby informed which of our pages you have visited.

We use the “enhanced privacy mode” option provided by Google. According to Google, in “enhanced privacy mode” your data – in particular which of our web pages you have visited and device-specific information including the IP address – is only transmitted to the YouTube server in the USA when you watch the video. By clicking on the video, you consent to this transmission.

In some cases, information is transmitted to the parent company Google Inc. based in the USA, to other Google companies and to external Google partners, which may each be located outside the European Union. Google uses EU Standard Contractual Clauses approved by the European Commission for this purpose and relies on adequacy decisions adopted by the European Commission regarding certain countries.

If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

Google Cloud

We use Google Cloud, an online storage service for files, photos and videos, for our website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google”).

Google also processes your data in the USA. In principle, we have provided adequate safeguards pursuant to Art. 46 GDPR (EU Standard Contractual Clauses) for data transfers. Google maintains a data processing agreement pursuant to Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Google. This refers in substance to the EU Standard Contractual Clauses. The data processing terms can be found here: https://business.safety.google/intl/de/adsprocessorterms/

We wish to point out, however, that according to the European Court of Justice there is currently no adequate level of protection for data transfers to the USA. In particular, there is a risk that your data may be processed by authorities for control or surveillance purposes (potentially without effective remedies). Furthermore, it cannot be guaranteed that your data subject rights can be fully enforced and that supervisory authorities in the USA will provide appropriate redress.

Further information on the data processed through the use of Google Cloud can be found in the privacy policy at https://policies.google.com/privacy?h|=de.

Amazon CloudFront

We use the Content Delivery Network service Amazon CloudFront CDN provided by Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “Amazon CloudFront CDN”).

Amazon CloudFront CDN provides a so-called Content Delivery Network (CDN). This means that website operators can make certain page content available not only on their own servers but also on the servers of CDN providers. Where the CDN servers are located closer to the user than the website operator’s servers, the use of a CDN generally results in faster loading times for the user. When users access the page of such a website operator, they therefore establish a connection not only to the website operator but also to the CDN operator.

Amazon CloudFront CDN also provides website operators with security features that can be used in particular to defend against automated attacks on the website. The availability of our website and the offerings contained therein can be ensured through the use of these features.

Amazon CloudFront CDN uses cookies for the purposes described above and may process the following data categories in particular:

IP address
User’s device
Data on traffic between the user and the website operator, e.g. pages accessed, date and time of access

You can completely prevent the processing of your personal data by Amazon by deactivating the execution of script code in your browser settings or by integrating a script blocker into your browser.

The use of Amazon CloudFront CDN is based on our legitimate interest in an error-free and secure provision of our web offering (Art. 6(1)(f) GDPR).

We have concluded a data processing agreement pursuant to Art. 28 GDPR with the provider of Amazon CloudFront CDN, Amazon Web Services. In addition, data processing is safeguarded by the EU Standard Contractual Clauses. Furthermore, Amazon Web Services is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023.

Further information on the “EU-U.S. Data Privacy Framework” and on the safeguards for data transfers can be found at https://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=202135380 and https://d1.awsstatic.com/Controller_to_Processor_SCCs.pdf.

Elastic APM

We use the Elastic APM service on our website to monitor application performance and diagnose technical issues. The provider is Elasticsearch B.V. (“Elasticsearch”), 88 Kearny Street, Floor 19, San Francisco, California.

The data processed by Elastic APM includes your IP address, device and browser information, performance metrics, error logs and details of your interactions with the website or application.

The purpose of data processing is the monitoring and analysis of application performance and errors in order to improve the stability and user experience of the service.

The legal basis for the use of Elastic APM is our legitimate interest pursuant to Art. 6(1)(f) GDPR in monitoring and improving the performance, stability and security of our website and services.

It cannot be ruled out that personal data may be transferred to third countries deemed not to offer an adequate level of data protection (USA). We have concluded a data processing agreement with Elasticsearch pursuant to Art. 28 GDPR. In addition, data processing is safeguarded by the EU Standard Contractual Clauses. Furthermore, Elasticsearch is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023.

Further information on the data protection provisions of Elastic APM can be found at https://www.elastic.co/de/legal/privacy-statement.

Google Fonts

This website uses so-called Google Fonts, provided by Google, for the uniform display of typefaces. When a page is accessed, your browser loads the required web fonts into its browser cache in order to display texts and typefaces correctly.

For this purpose, the browser you are using must establish a connection to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.

The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

If your browser does not support web fonts, a standard font from your computer is used.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

unpkg

We use the “unpkg” service on our website to provide JavaScript libraries and other static resources. unpkg is an open-source project operated by Cloudflare (101 Townsend St., San Francisco, CA 94107, USA) and Heroku/Salesforce (One Market Street, Suite 300, San Francisco, CA 94105, USA).

The data processed by unpkg includes your IP address, request details and browser information; unpkg does not set cookies.

The purpose of data processing is the provision of JavaScript libraries and other static content via a Content Delivery Network to improve website performance.

The legal basis for the use of unpkg is your consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with effect for the future.

It cannot be ruled out that personal data may be transferred to third countries deemed not to offer an adequate level of data protection (USA). We have concluded a data processing agreement with Cloudflare and Salesforce pursuant to Art. 28 GDPR. In addition, data processing is safeguarded by the EU Standard Contractual Clauses. Furthermore, Cloudflare and Salesforce are certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023.

Further information on the data protection provisions of unpkg can be found at https://app.unpkg.com/[email protected]/files/privacy-policy.md.

WordPress Static Files

We use the “WordPress Static Files” plug-in on our website, provided by Automattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland (“Automattic”).

These files contain static content such as images, CSS and JavaScript files that are required for the display of the website. The static files are stored on our own servers or, where necessary, on an external Content Delivery Network (CDN). A CDN can optimise the delivery of static files by storing them on servers at various locations worldwide.

When using static WordPress files, no personal data is collected or processed unless you actively provide it via forms or other interactions on the website. In such cases, the data protection provisions set out in this privacy policy apply. The legal basis for processing is our legitimate interest in the display of our website (Art. 6(1)(f) GDPR).

Further information can be found in Automattic’s privacy policy at https://automattic.com/privacy/.

Google Maps

This website uses the Google Maps mapping service via an API, provided by Google. To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to and stored on a Google server in the USA. The provider of this website has no influence over this data transfer. When Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of typefaces. When Google Maps is accessed, your browser loads the required web fonts into its browser cache in order to display texts and typefaces correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and to make the locations indicated on the website easy to find. Where you have granted the appropriate consent, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time with effect for the future.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses.

Further information on the handling of user data can be found in Google’s privacy policy at: https://www.google.de/intl/de/policies/privacy/.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google.

reCAPTCHA is used to check whether data entry on this website (e.g. in a contact form) is made by a human or by an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings against abusive automated spying and spam. Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time.

Further information on Google reCAPTCHA can be found in the Google privacy terms and the Google terms of use at https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Zapier

We use the automation software Zapier on our website, provided by Zapier Inc., 548 Market Street 6241, San Francisco, CA 94104, USA (“Zapier”). We use Zapier to automate actions between various apps and applications and thereby improve our website.

The purpose of data collection is to improve and automate the offering of our website.

The legal basis for the processing of personal data is Art. 6(1)(f) GDPR; our legitimate interest corresponds to the purpose of using Zapier. Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time with effect for the future.

When using Zapier, it cannot be ruled out that data may be transferred to Zapier’s servers in the USA. We have concluded a data processing agreement with Zapier. In addition, data processing is safeguarded by the EU Standard Contractual Clauses.

As the basis for data processing by recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway – in particular in the USA) or for data transfers thereto, Zapier uses so-called Standard Contractual Clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses are template provisions provided by the EU Commission and are intended to ensure that your data also meets European data protection standards when transferred to and stored in third countries (such as the USA). Through these clauses, Zapier undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. The decision and the corresponding Standard Contractual Clauses can be found at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

The data processing terms (Data Processing Agreements), which correspond to the Standard Contractual Clauses, can be found at https://zapier.com/help/account/data-management/standard-contractual-clauses-at-zapier. Furthermore, Zapier is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023. Further information on the data processed through the use of Zapier can be found in the privacy policy at https://zapier.com/privacy.

Make.com

We use the automation application Make.com, provided by Celonis Inc., One World Trade Center, 87th Floor, New York, NY 10007, USA (“Make”). We use Make to automate actions between various apps and applications and thereby improve our website.

The purpose of data collection is to improve and automate the offering of our website.

The legal basis for the processing of personal data is Art. 6(1)(f) GDPR; our legitimate interest corresponds to the purpose of using Make. Where appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent encompasses the storage of cookies or access to information on the user’s device within the meaning of the TDDDG. Consent may be revoked at any time with effect for the future.

We have concluded a data processing agreement with Make pursuant to Art. 28 GDPR. In addition, data processing is safeguarded by the EU Standard Contractual Clauses. Furthermore, Celonis Inc. is certified under the “EU-U.S. Data Privacy Framework”, for which the European Commission adopted the adequacy decision on 10 July 2023.

Further information on the data processed through the use of Make can be found in the privacy policy at https://www.make.com/en/terms-and-conditions and https://www.make.com/en/privacy-notice; the data processing agreement is available at https://www.make.com/data-processing-agreement.pdf and the EU Standard Contractual Clauses at https://www.make.com/standard-contractual-clauses.pdf.

11. Social Media Pages

We operate pages on so-called social media platforms (“social media pages”). The social media pages are operated by third-party service providers that process data for the provision of such pages.

The data processed comprises content and usage data on the social media pages, in particular data relating to the interaction of users with our social media pages and data that users of our social media pages share with us.

The purpose of data processing on our social media pages is to offer users interesting content and to interact with them on the social media platforms. Depending on the social media platform, usage data may also be analysed in order to improve our own presence on the respective social media platform.

The legal basis for the processing of data by us is Art. 6(1)(f) GDPR; our legitimate interest is the analysis of usage data to improve our respective social media page.

Information and data displayed or shared on our social media pages may be accessible to the respective social media platform provider, its users and us or other service providers engaged by us. Further details and supplementary information on data processing on the respective social media pages can be found below and in the linked privacy policies of the respective social media platforms:

We and LinkedIn – for users in the EU or the European Economic Area, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) – are jointly responsible for the processing of personal data via our social media page on the LinkedIn social media platform. The joint controllership agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. According to this agreement, LinkedIn is responsible for informing data subjects about the processing activities. LinkedIn’s privacy policy is available at: https://de.linkedin.com/legal/privacy-policy.

Xing

We operate a social media page on the Xing platform, a service provided by New Work SE, Am Sandtorkai 1, 20457 Hamburg (“Xing”). Xing is responsible for the collection and processing of data via the social media page we operate on Xing. The details of the processing of personal data within Xing’s data control are not known to us. We have no influence over the data processing by or through Xing. We receive from Xing the data intended for us, in particular user names and the content published under the respective user’s account – this data is processed by us insofar as we respond to messages addressed to us by users via Xing or compose messages to Xing users on our own initiative, e.g. when we actively contact individuals regarding a vacant position. Data freely published and distributed by users on Xing may, where applicable, be incorporated into our messages to users of the Xing platform. Information on the processing of personal data by Xing can be found in Xing’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.

Facebook, Instagram and Threads (Meta)

We and Facebook – for users in the EU or the European Economic Area, Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”) – are jointly responsible for the processing of data via our social media pages on the Facebook and Instagram social media platforms. The joint controllership agreement is available at: https://www.facebook.com/legal/terms/page_controller_addendum. According to this agreement, Meta is responsible for informing data subjects about the processing activities. The privacy policy for social media pages on the Facebook platform is available at: https://www.facebook.com/privacy/explanation; the privacy policy for social media pages on the Instagram platform is available at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

X (formerly Twitter)

We operate a social media page on the X (formerly Twitter) social media platform operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”). X is solely responsible for the collection and processing of this data. For users in the EU or the European Economic Area, the data protection addendum between X and us applies, available at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. X’s privacy policy is available at: https://x.com/en/privacy.

TikTok

We operate a social media page on the social media platform of TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, EC1A 9HP, UK (collectively “TikTok”). The collection and processing of data is carried out under TikTok’s responsibility. TikTok’s privacy policy is available at: https://www.tiktok.com/de/privacy-policy.

12. Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You may revoke consent already given at any time. The lawfulness of the data processing carried out prior to the revocation remains unaffected by the revocation.

Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)

WHERE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).

13. Your Further Rights

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this is only carried out insofar as it is technically feasible.

Access, deletion and rectification

Within the framework of the applicable statutory provisions, you have the right at any time to free-of-charge access to your stored personal data, its origin and recipients and the purpose of data processing, and, where applicable, a right to rectification or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you may contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was/is carried out unlawfully, you may request the restriction of data processing instead of deletion.
If we no longer need your personal data, but you require it for the exercise, defence or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
Where you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

14. Data Security

We make every effort to protect your data against unauthorised access, loss, misuse or destruction. To protect your data, we use SSL/TLS encryption for our website. This means that your personal data – for example, data you submit via an online application or our contact form – is protected. The encrypted connection is indicated by “https://” and a small padlock icon in the browser’s address bar. Furthermore, we secure our website and our systems through technical and organisational measures against loss, destruction, access, modification or dissemination of your data by unauthorised persons.

Your personal data is accessible only to those employees who necessarily require access to your data in order to carry out their duties properly and to offer you our services to the best possible standard. In addition, we implement procedural and electronic safeguards to protect your personal data.

15. Changes to This Privacy Policy

We reserve the right to amend our privacy policies where this becomes necessary due to new technologies or for legal reasons. Where fundamental changes are made to this privacy policy, we will draw attention to this in an appropriate manner.

16. Contact and Data Protection Officer

For data protection enquiries, please contact us at [email protected] or contact our statutorily appointed data protection officer at [email protected], or write to us at the following postal address:

Peak Ace AG FAO Data Protection Officer Leuschnerdamm 13 10999 Berlin