Privacy Policy

Information to be provided in accordance with Art. 13 GDPR

We appreciate your interest in our association and your visit to our website. The security and protection of your personal data are very important to us. We would therefore like to inform you in the following about which of your personal data is collected when you visit our website and when we carry out our activities, and for what purposes it is processed.
As changes of the applicable law or to our own processes may require adjustments to this privacy policy, we ask you to review this privacy policy regularly. The privacy policy can be accessed, saved, and printed at any time at DKG - Datenschutz.

1. Controller and scope of application

The controller in accordance with the EU General Data Protection Regulation (hereinafter referred to as GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

DKG – Deutsche Keramische Gesellschaft e. V. 
Sophienstraße 3    
51149 Cologne (Germany)    
Deutschland 
email: info@dkg.de
Phone: 49 (0) 2203 989 877-0

This privacy policy applies to the website of Deutschen Keramischen Gesellschaft e. V., which can be reached under the domains www.dkg.de and https://congress.dkg.de/  as well as under all subdomains (in the following referred to as “our website”). 

2. Data Protection Officer

The external Data Protection Officer of the controller is: 
Dr. Karsten Kinast, LL.M. 
KINAST Rechtsanwaltsgesellschaft mbH 
Nordstraße 17A 
50733 Cologne (Germany) 
email: team-cgn1@kinast.eu; mail@kinast.eu
Phone: +49 (0)221 - 222 183 0
Website: http://www.kinast.eu

3. Data processing principles

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior. Information that we cannot relate to you (or only with disproportionate effort), e.g. by anonymizing the information, is not meant by “personal data”. The processing of personal data (e.g. collection, retrieval, use, storage, or transmission) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of processing has been achieved and is no longer subject to any statutory retention obligations.
If we process your personal data for the provision of certain purposes, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing, and the respective storage period.

4. Processing activities

4.1. Provision and use of the website

a) Type and scope of data processing
When you access and use our website, your browser automatically transmits personal data to our server. Only data that is technically necessary to display our website to you is processed.
We store the following data in log files to display our website:

• Anonymized IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Website from which access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer

Our hosting service provider „Hetzner“ (Hetzner Online GmbH, Industriestraße 25, 91710 Gunzerhausen, Germany) provides hosting and website display services for us. All data collected during the use of our website as described below is processed on Hetzner's servers. Processing on other servers only takes place within the scope explained in this privacy policy. To ensure the security of your data during processing by Hetzner we have concluded a data processing agreement with Hetzner in accordance with Art. 28 GDPR.

b) Legal basis
The legal basis for data processing is Art. 6 (1) (f) GDPR. The processing of the listed data is necessary for the provision of the website and thus serves to safeguard our legitimate interest in ensuring the technical presentation and security of our website.

c) Storage period
As soon as the data is no longer required for displaying the website, it will be deleted. Accordingly, it will only be stored for the duration of your visit to our website. The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website.

Due to the necessity of displaying the website, the user has no option to object to the data processing described above. Further storage may take place in individual cases if this is required by law.

4.2. Newsletter

a) Type and scope of data processing
You can subscribe to a free newsletter on our website www.dkg.de/newsletter. To send it to you regularly, we require the following information from you:

• email address

We use the double opt-in procedure to send our newsletter, which means that we will only send you the newsletter once you have confirmed your registration by clicking on the link in the confirmation email sent to you for this purpose. This is to ensure that only you can register for the newsletter as the owner of the email address provided.

We use tracking pixels in our newsletter to analyze user behavior and improve the effectiveness of our newsletter. Tracking pixels are small graphics embedded in our newsletter that enable us, for example, to determine whether an email has been opened and which links within the newsletter have been clicked on. We collect the following personal data and events by using tracking pixels:

• Whether the email was opened
• Whether hyperlinks contained in the newsletter were clicked
• Time of access/events
• The associated IP address

We use the services of Mailjet (Mailjet GmbH, Alt-Moabit 2, 10557 Berlin, Germany) to provide our newsletter. Mailjet is a service provider that organizes the distribution of newsletters. We have concluded a data processing agreement with Mailjet in accordance with Art. 28 GDPR.

b) Legal basis
The processing of your email address for the purpose of sending the newsletter is based on Art. 6 (1) (a) GDPR, on the declaration of consent you voluntarily provided when registering for the newsletter on our website. The use of tracking pixels and the associated storage of information on your device is based on your consent in accordance with Section 25 (1) TDDDG. The legal basis for the further processing of your personal data is Art. 6 (1) (a) GDPR. You have the right to revoke your consent to this data processing at any time and without giving reasons with effect for the future. In this case, we will no longer process your personal data collected in connection with your newsletter registration. You can withdraw your consent via the contact details listed in section 1. Each newsletter email also contains a link to unsubscribe, which will be considered as withdrawal of your consent. 

c) Storage period 
Your data will be stored until you unsubscribe from the newsletter and will then be deleted, unless statutory retention obligations prevent deletion.

4.3. Contacting us

a) Type and scope of data processing
If you contact us by telephone or email, we will process your telephone number or email address and your first and last name as standard. Furthermore, the personal data that you provide to us in person or by email will be processed.
We process your contact details and your name for the purpose of responding to you and processing your enquiry.

b) Legal basis
The data processing described above for the purpose of establishing contact is based on Art. 6 (1) (f) GDPR. If you contact us, we have a legitimate interest in responding to your inquiry and therefore also in processing your contact details.

c) Storage period
Once your request has been processed and the matter in question has been conclusively clarified, the personal data processed will be deleted. Further storage may be necessary in individual cases if this is required by law.

4.4 Submission of your application documents

a) Type and scope of data processing
If you are interested in one of our job vacancies or would like to submit an unsolicited application, you can send us your application documents by email at any time. We will process the personal data you provide solely for the purpose of the application process.

b) Legal basis
The legal basis for processing your personal data from your application documents is Art. 6 (1) (b) GDPR.

c) Storage period
We will store your data for 6 months after the end of the application process in case of a rejection).

4.5 Events

a) Type and scope of data processing
We offer a wide range of presences and online events. You can register for our events via our event portal at www.congress.dkg.de. After creating a user account, you can register for our events and register for future events without having to re-enter your details.

When you create a user account on our event portal, we collect the following personal data:

• Email address
• Password
• First name, last name
• Address
• Billing address (if different from address)

You can also provide the following optional information:

• Academic title
• Phone number
• University or company and department or institute.

When you register for a specific event in your user account, we link the personal data stored in your user account with the following data:

• Event information
• Invoice number, account number/IBAN, date of transfer, name + BIC/Swift code of your bank (we receive this information when you transfer the participation fee for events that require payment)

We use your personal data for the purpose of managing your user account, as well as to simplify registration, preparation, and implementation of the event and billing for events that require payment.

b) Legal Basis 
The data processing described above for the purpose of registering and conducting the event, as well as for billing in the case of events subject to payment, serves to implement pre-contractual measures or to fulfill a contract in accordance with Art. 6 (1) (b) GDPR. The processing of your information marked as voluntary is based on Art. 6 (1) (f) GDPR and is carried out to protect our legitimate interest in facilitating the planning and implementation of our events and adapting them to our participants. You have the option of keeping your user account after the event for which you originally created the account for simplified registration for future events without having to re-enter your data. We will ask for your consent to do so. The legal basis for the processing of your personal data for the purpose of providing your user account after the event for which you originally created the account is therefore Art. 6 (1)(a) GDPR. You have the right to withdraw your consent to this data processing at any time and without giving reasons with effect for the future. You can send your withdrawal to the contact details listed in section 1. Processing for the purpose of complying with tax and commercial law retention and documentation obligations is carried out on the basis of Art. 6  (1) (c) GDPR.

c) Storage period
Personal data processed in connection with event registration will generally be deleted after the event has taken place. Data will also be deleted if you cancel your registration for an event. If you have consented to the continued existence of your user account after the events have taken place, we will process the data linked to your user account until you delete your account. Further storage may take place in individual cases if this is required by law.

4.6 Online-Events

a) Type and scope of processing
We also hold online events. We use the MS Teams platform for this purpose. Registration for online events is also carried out as described in section 4.5 and requires the processing of the same personal data under the conditions described there. In addition, we process the following personal data when conducting the Teams meeting:

• User information: e.g., display name, email address, profile picture (optional), preferred language
• Log files/meeting metadata: e.g., date, time, meeting ID, location, IP address
• Text, audio, and video data: If you use the chat function during the online meeting, the text you enter will be processed in order to display it in the online meeting. To enable video display and audio playback, data from your device's microphone and video camera will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the MS Teams applications.

Participants are prohibited from recording online meetings. We have deactivated this function. 

Microsoft Teams is provided by Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Carmanhall and Leopardstown, Dublin, D18 P521, Ireland). We have entered into a data processing agreement with Microsoft Ireland Operations Limited in accordance with Art. 28 GDPR to ensure that your data remains secure even when processed by Microsoft Corporation. Access to your data by Microsoft's parent company, Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399), cannot be ruled out. Microsoft Corporation is certified under the EU-US Data Privacy Framework, so the legal basis for data transfers to the US is Art. 45 GDPR. Microsoft Ireland Operations and Microsoft Corporation have also entered into standard contractual clauses in accordance with Art. 46(2)(c) GDPR.

b) Legal basis
The data processing described above is necessary for the execution of your binding registration in accordance with Art. 6 (1)(b) GDPR. Without the processing of this data, we cannot enable your participation in the online event. If we record the sessions, this will only be done on the basis of your prior consent in accordance with Art. 6 (1) (a) GDPR. You have the right to withdraw your consent to this data processing at any time and without giving reasons with effect for the future. You can send your withdrawal to the contact details listed in section 1.

c) Storage period
Participation in online meetings and chat content are logged when using MS Teams. This information is stored and automatically deleted after 14 days. Recordings of online meetings are generally deleted when the purpose for which they were made no longer applies or when you revoke your consent to the use of the recordings.

4.7 Membership

a) Type and scope of data processing
If you submit a membership application, we will process your personal data for the purpose of membership and contribution management.
In doing so, we process the following personal data:

• Your profession
• First and last name
• Date of birth (optional)
• Your address
• Business address (optional)
• For students: university, department, degree program/training, current semester, copy of your student ID or proof of apprenticeship/ other education
• For retired members: copy of proof of retirement
• For companies, universities, and institutions: title, first name, last name, email address, and phone number of the contact person
• Membership number
• Date of joining the association
• If paying the membership fee by bank transfer: name, address, invoice number, account number/IBAN, date of transfer, name + BIC/Swift code of your bank 
• If paying the membership fee by SEPA direct debit mandate: name, address, mandate reference, account number/IBAN, BIC/Swift code of your bank, date of direct debit

The processing serves to establish, implement, and terminate the association relationship, which is described in more detail in our statutes, as well as to administer and carry out the association's activities.
We use the services of Netxp GmbH (Öttinger Str. 11, 84307 Eggenfelden, Germany) to manage member data. Netxp GmbH is a service provider for association management. We have concluded a data processing agreement with Netxp in accordance with Art. 28 GDPR to ensure that your data is secure even when processed by Netxp.

b) Legal basis
The data processing described above for the purpose of member and contribution management is based on Art. 6 (1)(b) GDPR. Beyond the actual establishment, implementation, and termination of the association relationship, we process personal data in accordance with Art. 6. (1)(f) GDPR. This is permissible insofar as the processing is necessary to safeguard our legitimate interests, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail. On this legal basis, we process your personal data, for example, to ensure the IT security and IT operations of the association, as well as to send Christmas cards in order to pursue our interest in close member relations and to provide information about events. We also process personal data on the basis of your consent in accordance with Art. 6 (1)(a) GDPR. This applies in particular to sending birthday greetings. In addition, we process personal data in accordance with Art. 6 (1)(c) GDPR to the extent necessary to fulfill legal obligations to which we as an association are subject. The processing purposes include, among other things, the processing of data to comply with tax obligations.

If you have given us a SEPA direct debit mandate, we will also process the personal data collected in the SEPA direct debit mandate form for the purpose of executing the SEPA direct debit procedure for membership fees on the basis of your consent in accordance with Art. 6 (1)(a) GDPR.  As soon as we have received the SEPA direct debit mandate signed by you, the data you have provided therein will be stored for the purpose of debiting the membership fees. The data will be transferred to the participating banks (the DKG's bank is: Deutsche Kreditbank Aktiengesellschaft, Taubenstraße 7-9, 10117 Berlin, Germany) and your bank.

You have the right to withdraw your consent to the data processing described above at any time and without giving reasons with effect for the future. You can send your withdrawal to the contact details listed in section 1.

c) Storage period
The data you transfer to us for processing when submitting a membership fee will be stored for as long as you are a member of our association. Your data will be deleted when you leave the association or terminate your membership. Personal data that we process on the basis of your consent will be deleted at the latest after valid revocation of consent. Further storage may occur if immediate deletion is contrary to statutory retention periods (such as tax or commercial law retention periods). In this case, the data will be deleted after the relevant data retention periods have expired.

4.8 Internet presence

a) Type and scope of data processing
On our website, we present our association and our functionaries and regularly publish new publications, presentations, and other content on topics related to the ceramics industry. For this purpose, we collect and publish the following personal data:

• First name, last name, job title, business address, business telephone number, business email address, and portrait photo of our functionary
• First name, last name, place of work, business email address of authors, speakers, etc. whose works we publish

b) Legal basis
The publication of personal data, including portrait images, of our functionaries for the purpose of presenting our association is based on consent in accordance with Art. 6 (1)(a) GDPR. The publication of personal data of authors, speakers, or other data subjects whose works we publish on our website is also based on consent in accordance with Art. 6 (1)(a) GDPR. You have the right to withdraw your consent to this data processing at any time with future effect without giving reasons. You can send your revocation to the contact details listed in section 1.

In addition, we publish the first names, last names, and job titles of our functionaries in our activity reports on the basis of our legitimate interest in providing transparent and accessible information about our work in accordance with Art. 6 (1)(f) GDPR.

c) Storage period
We store the published personal data until consent to publication is withdrawn and then delete it. Further storage may occur if statutory retention periods apply.

4.9 DKG-Cloud

a) Type and scope of data processing
On our website, our members have the option of registering for our online storage (the DKG Cloud). The aim of the Cloud is to enable all DKG technical committees (“Fachausschüsse”, FA), specialist groups (“Fachgebiete”, FG), expert groups, etc. to store and manage their work files centrally. When you upload documents to the DKG Cloud, you can assign access rights to the documents yourself. When you register and use the DKG Cloud, we process the following personal data:

• Email address
• Password
• The documents you upload

We process the data for the purpose of creating a user account for the DKG Cloud, enabling the upload of documents, viewing documents that have already been uploaded, and assigning access rights.

b) Legal basis
The legal basis for the data processing described above is Art. 6 (1)(f) GDPR, our legitimate interest in providing a central storage location for managing work files for members who wish to use this functionality.

c) Storage period
We process your login data for the DKG Cloud and the documents you upload until you delete your account. Further storage may occur in individual cases if required by law.

5. Transfer of data

We will only transfer your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 (1)(a) GDPR,
• this is legally permissible and necessary in accordance with Art. 6 (1)(b) GDPR for the fulfillment of a contractual relationship with you,
• if there is a legal obligation to disclose the data in accordance with Art. 6 (1)(c) GDPR,
• the disclosure is necessary pursuant to Art. 6 (1)(f) GDPR to safeguard legitimate business interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data. These may be, for example, hosting service providers or IT service providers who help us with the maintenance and servicing of our systems, or postal or payment service providers.

In this context, personal data may also be transferred to countries outside the EU/EEA where the provisions of the GDPR do not apply. However, we take the precautions required by the GDPR to ensure that your data is transferred in compliance with data protection regulations.

For this reason, we work in particular with companies in countries for which the EU Commission has issued a so-called adequacy decision. This includes, in particular, the USA. Data transfers to the USA have been legitimized since July 10, 2023, by a so-called EU adequacy decision (EU-US Data Privacy Framework) if the respective US company has committed itself to the relevant data protection standards with the US Department of Commerce. US companies that have not done so are treated in the same way as other global companies outside the European Union, unless there is an EU adequacy decision for the country in question. At DKG, we only work with companies that have taken the legally required measures to ensure that your data is transferred to these countries in a lawful manner. If no adequacy decision has been made for a third country, compliance with the required level of data protection is generally ensured by concluding standard contractual clauses and implementing additional measures.

Within the DKG, those departments that need your data to fulfill the statutory and legal obligations of the DKG have access to it.

We will inform you separately in the relevant sections of this privacy policy about the transfer of personal data to third parties.

6. Use of cookies, tracking and analysis tools

6.1 General
We use cookies on our website. Cookies are small files that are sent to your device's browser when you visit our website and are stored there. This website uses cookies to improve your experience and to provide you with personalized content and features. In this notice, we would like to inform you about the different types of cookies we use. We use cookies to provide and optimize our website, to recognize returning visitors, and to obtain information about their usage behavior and presumed interests.

6.2 Categories of cookies and legal basis
We use the following categories of cookies on our website:

6.2.1 Strictly necessary cookies
These cookies are required for technical reasons so that you can visit our website and use the functions we offer. They are necessary for us to display our website at all. They are also necessary for you to navigate our website in a user-friendly manner and use its functions, e.g. to set your privacy preferences, log in, or fill out forms. This category of cookies does not require consent under applicable law. The legal basis for the storage and subsequent retrieval of information on your device is Section 25 (2) no. 2 TDDDG. The legal basis for the processing of the personal data collected is our legitimate interest in the correct presentation of our website in accordance with Art. 6 (1)(f) GDPR. If you block essential cookies, we may not be able to display our website in its entirety.

6.2.2 Performance cookies
These cookies enable us to analyze website usage and improve the performance and functionality of our website. For example, information is collected about how visitors use our website, which pages are most frequently accessed, or whether error messages are displayed on certain pages. Performance cookies also serve to enable requested functions, such as playing videos. The legal basis for the storage and subsequent reading of information on your device is your consent in accordance with Section 25 (1) TDDDG. The legal basis for the personal data processed with the help of performance cookies is your consent in accordance with Art. 6 (1)(a) GDPR. You can revoke this consent at any time for the future by deactivating cookies in your browser settings or using the cookie consent manager in the “COOKIE SETTINGS.” For more information on browser settings and managing your consent, see section 4 below.

6.3 Cookies used

6.3.1 Strictly necessary cookies

6.3.1.1 Consent cookie (technical name: “consent”)

a) Type and scope of data processing
This cookie is used to permanently save all currently selected consent settings, so the dialog box does not need to be displayed again. The consent settings only apply to the respective domain or subdomain.

b) Legal basis
Legal basis for storing and subsequently reading information on your device is Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TDDG). The legal basis for processing the collected personal data is our legitimate interest in providing the necessary storage of given/rejected consent according to Art. 6 (1) (f) DSGVO. 

c) Storage period
The cookie is stored for one year and then deleted.

6.3.1.2 Session cookies (technical name: “PHPSESSID” or “JSESSIONID”)

a) Type and scope of data processing
These cookies are used to store temporary session data, for example, for multi-page online processes such as registrations or participant sign-ups, or to identify the currently logged-in user. Session cookies are specially marked in the browser because their use is an essential technology without which our web services would not function correctly.

b) Legal basis
Legal basis for storing and subsequently reading information on your device is Section 25 Paragraph 2 No. 2 of the German Telemedia Act (TDDG). The legal basis for processing the collected personal data is our legitimate interest in providing basic functionalities of our online services according to Art. 6 (1) (f) DSGVO. 

c) Storage period
The cookie is deleted when the browser is closed or when the user session has expired (i.e. after 15 minutes of inactivity)

6.3.2 Performance cookies

6.3.2.1 Google Analytics 4 (technical name: “_ga…”)

a) Type and scope of data processing
This website uses Google Analytics 4, a web analytics service provided by Google LLC. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”). Google Analytics is based on the use of cookies.

The cookies set by Google Analytics enable an analysis of your visit to our website. The information generated by the cookies is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, IP anonymization is enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to our website, your user behavior is recorded in the form of “events.” Events can include:

• Page views
• First visit to the website
• Start of the session
• Web pages visited
• Your “click path,” interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Ads viewed/clicked
• Language settings

The following is also recorded:

• Your approximate location (region)
• Date and time of your visit
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
• Your internet service provider
• The referrer URL (the website/advertisement that referred you to this website)

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.

b) Legal basis
The legal basis for this data processing is your consent in accordance with Art. 6 (1)(a) GDPR and Section 25 (1) sentence 1 TDDDG.

You can revoke your consent at any time with future effect by accessing our cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until withdrawal remains unaffected.
You can also prevent the storage of cookies from the outset by adjusting your browser software settings accordingly. However, if you configure your browser to reject all cookies, this may result in restrictions on the functionality of this and other websites.

c) International data transfer
When using Google Analytics, data transfer to Google's parent company, Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, cannot be ruled out. Google LLC is certified under the EU/U.S. Data Privacy Framework (DPF). The DPF is an adequacy decision by the EU that guarantees certified service providers in the USA an adequate level of protection for personal data comparable to that in the EU. Accordingly, data transfer is based on Art. 45 (1) GDPR.

d) Storage period
The maximum lifetime of Google Analytics cookies is 2 years. Data whose retention period has expired is automatically deleted once a month.

7. Hyperlinks

Our website contains hyperlinks to websites of other providers. In particular, our website provides access to events organized by our cooperation partners. When you activate these hyperlinks, you will be redirected from our website directly to our cooperation partners. You can recognize this by the change in the URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence over these companies' compliance with data protection regulations. You can find out how these providers handle your personal data directly on their websites.

8. Social media

8.1 General
As part of our public relations work, we maintain profiles on various social networks:

• Facebook der Meta Platforms Ireland Limited, (Irland)
• Instagram der Meta Platforms Ireland Limited, (Irland)
• LinkedIn der LinkedIn Ireland Unlimited Company, (Irland)
• X der X. Corp (USA)

Below, we provide information about how your personal data is processed when you visit our social media profiles. We would like to expressly point out that we have no influence on the basic functions of our social media sites. The operation of the respective platforms and the way in which your personal data is subsequently processed is therefore the responsibility of the respective operators.

In light of the case law of the European Court of Justice, there is generally joint controllership between the operator of a company profile on a social network (DKG) and the provider of the social network (e.g. Meta) for the collection and further processing of personal user data when visiting the social network. Where available, we have therefore entered into a joint controllership agreement with the relevant providers in accordance with Art. 26 GDPR.

This joint responsibility means, in particular, that you can submit requests for information and assert further rights of data subjects to the respective provider and to us. However, it oftentimes makes sense to assert these directly with the providers. This is because the social network providers are the only ones with direct access to the necessary information and can also take any necessary measures and provide information immediately. However, if you require our assistance, you can contact us at any time.

If you wish to contact us, we would also recommend that you use the contact options provided in section 1. This will prevent the provider of the relevant social media platform from processing the data you submit in your enquiry.

8.2 Instagram and Facebook

When you visit our Facebook or Instagram profile, we are joint controllers with Meta Platforms Technologies Ireland Limited, 4 Grand Canal Square Dublin 2, Ireland (hereinafter: Meta) for the data processing activities triggered during this visit, in particular the collection and further processing of so-called “Insights data.” A corresponding agreement on joint controllership pursuant to Art. 26 GDPR for the processing of “Insights Data” has been concluded with Meta. You can access the agreement here: Facebook. 

You can find Facebook's privacy policy at: https://www.facebook.com/privacy/policy
You can find Instagram's privacy policy at: https://privacycenter.instagram.com/policy/

a) Type and scope of data processing
When you visit our Facebook or Instagram profile, we process your personal data when you interact with us (e.g., by following our page, liking, sharing, or commenting on one of our posts, or by sending us a direct message). In doing so, we process the data you publish on your profile as well as the information you provide to us in the course of individual communication. This data processing is carried out for the purpose of providing and maintaining our profile as well as for communication and interaction with profile visitors.

Meta also stores information in the form of small text files in your browser's memory (cookies) and can access this information when you visit the platform or a website that uses Meta technologies. Meta uses the data collected by cookies to provide you with personalized advertising and to enable Meta's advertising partners to do the same. For more information about the purpose of the cookies used, how these cookies are integrated by other websites, and your options for controlling them, please refer to Meta's Cookie Policy. Meta is solely responsible for the further processing of this data for advertising purposes. Meta also compiles page statistics (known as “Insights”). This data is only made available to us in anonymized form. You can find out which data is used to compile the page statistics we use in the information on page insights data. The exact content of the page statistics and the available views can be found in the explanations on page statistics. We process the page statistics to gain insights into the visitors to our Facebook and Instagram pages and their interactions with our pages.

b) Legal basis
The processing of your personal data, with the exception of tracking, is based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR in effective communication and interaction with visitors to our profile and in the public presentation of our offers.

The use of technically necessary cookies by Meta and the associated storage of information on your device and its subsequent retrieval is based on Section 25 (1)(2) TDDDG. The subsequent processing of the collected data is based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR in enabling the operation of our Instagram and Facebook pages.
Your consent is required for technically unnecessary cookies from Meta. If you have given your consent to the use of a technically unnecessary cookie on the basis of a notice (“cookie banner”) provided by Meta, the legality of the associated storage of information on your device and its subsequent retrieval is governed by Section 25 (1) sentence 1 TDDDG. You can revoke this consent at any time with future effect by deactivating the cookies in your browser settings or in the cookie consent manager. The subsequent processing of your personal data is based on your express consent in accordance with Art. 6 (1) (a) GDPR. You can also withdraw this consent at any time with future effect by deactivating cookies in your browser settings or in the cookie consent manager.

c) International data transfer
When using Facebook and Instagram, personal data may be transferred to countries outside the EU/EEA, in particular through data transfer to the parent company, Meta Platforms, Inc. (1601 Willow Road 94025 Menlo Park). Currently, data is transferred on the basis of Art. 45 (1) GDPR. Meta Platforms, Inc. is certified under the EU/U.S. Data Privacy Framework (DPF). The DPF is an adequacy decision by the EU that guarantees certified service providers in the US an adequate level of protection for personal data comparable to that in the EU. If no adequacy decision has been made for a third country, compliance with the required level of data protection is generally ensured by concluding standard contractual clauses and implementing additional measures.

d) Storage period
We only store messages sent to us via Facebook and Instagram for as long as they are necessary for the respective processing purpose and then delete them, unless there are legal retention periods that prevent this. However, messages addressed to us publicly are subject to the platform's retention periods. Interactions are generally stored on the platforms without any time limit. You can find the storage period for your personal data, in particular for individual cookies, on Facebook and Instagram in the privacy policies linked above and in the linked cookie policy.

8.3 LinkedIn

When you visit our LinkedIn profile, we are joint controllers with LinkedIn Ireland Unlimited Company (hereinafter: LinkedIn) for the data processing activities triggered during this visit, in particular the collection and further processing of so-called “Insights data.” A corresponding agreement on joint controllership pursuant to Art. 26 GDPR for the processing of so-called “Insights data” has been concluded with LinkedIn. This can be accessed here.

LinkedIn's privacy policy can be found at: https://de.linkedin.com/legal/privacy-policy

a) Type and scope of data processing
When you visit our LinkedIn profile, we process your personal data if you interact with us (e.g., by following our page, liking, sharing, or commenting on one of our posts, or by sending us a direct message). We then process the data you have published on your profile as well as the information you provide to us in the context of individual communication. This data processing is carried out for the purpose of providing and maintaining our LinkedIn profile and for communicating and interacting with visitors.

In addition, LinkedIn collects information via cookies and similar technologies (e.g., pixels, ad tags, etc.) that enable LinkedIn to recognize users and analyze user behavior in detail. LinkedIn provides us with corresponding information in anonymized form for the purpose of analyzing user behavior on our online presence. This enables us to statistically evaluate the use of our LinkedIn page and thus to control our activities in a targeted manner. LinkedIn may also create user profiles based on the data collected in this way. This enables LinkedIn to display interest-based advertising to users both within and outside the respective social media presence. If you are logged into your social media account when you visit our LinkedIn page, LinkedIn can also associate this visit with your account. Further processing of this data for its own purposes, e.g. for advertising purposes, is the sole responsibility of LinkedIn.

b) Legal basis 
The processing of your personal data, with the exception of tracking, is based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR in effective communication and interaction with visitors to our profile and in the public presentation of our offers.

The use of technically necessary cookies by LinkedIn and the associated storage of information on your device and its subsequent retrieval is based on Section 25 (1) No. 2 TDDDG. The subsequent processing of the data collected is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in enabling the operation of our LinkedIn page.

Your consent is required for technically non-necessary cookies from LinkedIn. If you have given your consent to the use of a non-technically necessary cookie based on a notice (“cookie banner”) provided by LinkedIn, the legality of the associated storage of information on your end device and its subsequent retrieval is governed by Section 25 (1) sentence 1 TDDDG. You can revoke this consent at any time with future effect by deactivating the cookies in your browser settings or in the cookie consent manager. The subsequent processing of your personal data is based on your express consent in accordance with Art. 6 (1) (a) GDPR. You can also revoke this consent at any time with future effect by deactivating cookies in your browser settings or in the cookie consent manager.

c) International data transfer
When using LinkedIn, personal data may be transferred to countries outside the EU/EEA, through data transfer to the parent company, LinkedIn Corporation (1000 W. Maude Ave, Sunnyvale, CA 94085). Data transfer currently takes place based on Art. 45 (1) GDPR. LinkedIn Corporation is certified under the EU/U.S. Data Privacy Framework (DPF). The DPF is an adequacy decision by the EU that guarantees certified service providers in the US an adequate level of protection for personal data comparable to that in the EU. If no adequacy decision has been made for a third country, compliance with the required level of data protection is generally ensured by concluding standard contractual clauses and implementing additional measures.

d) Storage period
We only store messages sent to us via Facebook and Instagram for as long as they are necessary for the respective processing purpose and then delete them, unless statutory retention periods prevent this. However, messages addressed to us publicly are subject to the platform's retention periods. Interactions are generally stored on the platform without any time limit. The storage period for your personal data, in particular individual cookies, on LinkedIn can be found in the privacy policies linked above and in the linked cookie policy.

8. 4 X
In connection with the operation of our X account, personal data of visitors is processed. In view of the relevant case law of the European Court of Justice, the collection of insights data is carried out under joint responsibility with X Corp. (hereinafter: X). However, X does not currently offer a joint responsibility agreement in accordance with Art. 26 GDPR. We will conclude such an agreement as soon as X provides one.

X's privacy policy can be found at: X Privacy Policy

a) Type and scope of data processing
When you visit our X profile, we process your personal data when you interact with us (e.g., by following our page, liking, sharing, or commenting on one of our posts, or by sending us a direct message). We then process the data you publish on your profile and the information you provide to us during individual communication. This data processing is carried out for the purpose of providing and maintaining our X profile and for communicating and interacting with visitors.

In connection with the operation of the X account, X offers an analysis function that we use to obtain anonymized statistical data about the users and interactions of our X account. For this purpose, X stores a cookie on the device of the user who visits our account. The cookie contains a unique user code. The user code can be linked to the data of users who are registered with X. The information stored in the cookies is received, recorded, and further processed by X, to display personalized advertising to users. This is done by displaying ads from Twitter's advertising partners on our X profile that correspond to websites the user has previously visited. Other entities, such as X partners, may also use cookies to provide services to companies advertising on X. You can find more information about X's use and application of cookies here: https://help.twitter.com/de/rules-and-policies/twitter-cookies

Based on the data collected by the cookies, X compiles visitor statistics for our profile. These contain anonymous information about the reach and engagement data of our profile, e.g., how many users have visited our profile. We process this data to optimize our offering and publish relevant posts. 

a) Legal basis
The processing of your personal data, except for tracking, is based on our legitimate interest pursuant to Art. 6 (1)(f) GDPR in effective communication and interaction with visitors to our profile and in the public presentation of our offers.

The use of technically necessary cookies by X and the associated storage of information on your end device and its subsequent reading is based on Section 25 (1) (2) TDDDG. The subsequent processing of the data collected is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in enabling the operation of our X page.

Your consent is required for technically non-essential cookies from X. If you have given your consent to the use of a non-technically necessary cookie based on a notice (“cookie banner”) provided by X, the legality of the associated storage of information on your end device and its subsequent retrieval is governed by Section 25 (1) sentence 1 TTDSG. You can withdraw this consent at any time with future effect by deactivating the cookies in your browser settings or in the cookie consent manager of X. The subsequent processing of your personal data is based on your consent in accordance with Art. 6 (1)(a) GDPR. You can also revoke this consent at any time with future effect by deactivating cookies in your browser settings or in the cookie consent manager.

b)     Third country transfers
When using X, personal data will be transferred to countries outside the EU/EEA, to the USA. Data transfers are currently carried out based on Art. 45 (1) GDPR. X Corp. is certified under the EU/U.S. Data Privacy Framework (DPF). The DPF is an adequacy decision by the EU that guarantees certified service providers in the USA an adequate level of protection for personal data comparable to that in the EU. If no adequacy decision has been made for a third country, compliance with the required level of data protection is generally ensured by concluding standard contractual clauses and implementing additional measures.

c)      Storage period
We only store the messages transmitted to us by X for as long as they are necessary for the respective processing purpose and then delete them, unless statutory retention periods prevent this. However, messages addressed to us publicly are subject to the retention periods of the platform. Interactions are generally stored on the platform without any time limit. The storage period of your personal data, of individual cookies, at X can be found in the privacy policies linked above and in the linked cookie policy.

9. Rights of data subjects

As a data subject whose personal data is processed, you have the following rights under the GDPR, which we hereby inform you of in accordance with Art. 13 GDPR:

• In accordance with Art. 15 GDPR, you have the right to access your personal data and can request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it has not been collected by us, about a transfer to third countries or to international organizations, as well as about the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.
• Pursuant to Art. 16 GDPR, you may immediately request the rectification of inaccurate or the completion of your personal data stored by us.
• In accordance with Art. 17 GDPR, you may request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims.
• In accordance with Art. 18 GDPR, you may request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse to have it deleted because you need it to assert, exercise or defend legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing pursuant to Art. 21 GDPR.
• Pursuant to Art. 20 GDPR, you may request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or request that it be transferred to another controller (right to data portability).
• In accordance with Art. 7 (3) GDPR, you can withdraw your consent to data processing provided to us at any time. As a result, we will no longer be allowed to continue processing the data based on this consent in the future.
• Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace, or our company headquarters.

10. Right to object

When processing your personal data based on legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, if there are reasons for this arising from your particular situation or if the objection is directed against direct marketing. In the case of direct marketing, you can exercise your right to object without stating reasons.

11. Data security and security measures

We are committed to protecting your privacy and treating your personal data as confidential. To prevent manipulation, loss, or misuse of your data stored with us, we take extensive technical and organizational security measures that are regularly reviewed and adapted to technological progress. This includes, among other things, the use of recognized encryption methods. However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. Unencrypted data disclosed – e.g., by email – may be read by third parties. We have no technical influence over this. It is the responsibility of the user to protect the data they provide against misuse by means of encryption or other measures.