Privacy policy

1 General information
1.1 Responsible body and data protection officer
1.2 Legal basis for the processing of your personal data
1.3 Rights of the data subject
1.4 Storage period of personal data
2 Contractual processing
3 Application data
4 Data processing in the context of the website
4.1 Log files, hosting
4.2 Making contact
4.3 Cookies
5 Information for interested parties
6 Forwarding of the data: General and contractual purpose
6.1 Use of audio – video conferencing
7 Tools in the context of the operation of the website and online services
7.1 Google
7.1.1 Google YouTube
7.1.2 Google Ads
7.1.3 Google API
7.1.4 Google DoubleClick
7.1.5 Google Fonts
7.1.6 Google Static
7.2 OpenStreetMap
7.3 Borlabs cookie banner
7.4 Font Awesome
7.5 WPML
8 Data storage outside the EU/EEA
9 Our presence on social media
9.1 Google/YouTube
9.2 Xing

1 General information

The following declaration informs you about what kind of personal data is collected by us as the responsible body and for what purpose, and to what extent this data is made accessible to third parties.

1.1 Responsible body and data protection officer

Simon Sonnenberg
Sternstraße 64, 40479 Düsseldorf
Phone: +49 211 51369108
E-mail: info@sonnenberg-lawfirm.de

Data Protection Officer
Ms. Carola Sieling
Technologiewerft GmbH
c/o Kanzlei Sieling
Gurlittstraße 24, 20099 Hamburg
Tel.: 040/24192702
info@technologiewerft.de

1.2 Legal basis for the processing of your personal data

The processing of personal data requires a legal basis, which we would like to present to you below.
Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data for which we obtain the consent of the data subject.
Article 6(1)(b) of the GDPR serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This also includes processing operations that are necessary for the performance of pre-contractual measures.
If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
If the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities as well as in the analysis, optimization and maintenance of the security of our online offer.

1.3 Rights of the data subject

You have a right to information about the personal data we have stored about you. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
In accordance with the statutory provisions, you also have the right to rectification of incorrect data, restriction of processing, data portability and erasure of your personal data. To do this, send us an e-mail with the subject “Data protection”.
You also have the right to lodge a complaint with a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the statutory provisions.

For reasons arising from your particular situation, you may object to the processing of personal data concerning you by us, which is based on Art. 6 para. 1 lit. e or f GDPR at any time; this also applies to profiling based on these provisions (Art. 21 GDPR). If the legal requirements are met, we will then no longer process your personal data.

In the case of direct marketing, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object, your personal data will no longer be processed for these purposes.

If you have given your consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

We do not currently carry out automated decision-making, including profiling.
If you exercise one of the aforementioned rights as a data subject, we will process your personal data collected in this context to respond to your request. Your personal data is processed to fulfill a legal obligation.
In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and freedoms or your personal data is used to assert, exercise or defend legal claims.

1.4 Storage period of personal data

Unless we have provided storage information on the specific points, the following applies: We store personal data for the duration of the respective statutory retention period or as long as the purpose of the collection exists. After the retention period has expired, the data is routinely deleted, unless there is a need to initiate or fulfill a contract. If the user’s data is not deleted because it is required for other and legally permissible purposes, its processing is restricted as far as possible. Accordingly, the data is blocked where possible and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

2 Contractual processing

When you enter into a contractual relationship with us or make an inquiry, we generally collect the following data: Title, first and last name, e-mail address, address, telephone/mobile phone number, information necessary for the execution and initiation of the contract.
We need this data so that we can identify you as a contractual partner, execute the contract, contact you and for invoicing purposes. The data processing takes place at your / our request or order and is necessary for the purposes mentioned for the mutual fulfillment and obligation arising from the contractual relationship.
We may also process data on the basis of a legitimate interest, e.g. in the assertion or defense of claims arising from the contractual relationship. The personal data collected will be stored until the end of the contractual relationship and then deleted, unless we are obliged to store it for longer in accordance with statutory obligations under tax and commercial law retention and documentation obligations (from HGB, StGB or AO).

We use the data of our (future) contractual partners and employees (first name, surname and, if applicable, address) to carry out comparisons against so-called sanctions lists. Sanctions lists are centrally compiled and maintained lists of persons, associations or companies against whom state economic or legal restrictions have been imposed. Various regulations oblige us to take measures to prevent support for business partners, suppliers and also our (potential) employees if they are included on the lists. We only use the data to ensure that these persons are not included on any of the sanctions lists. We need this information in order to fulfill our legal obligations and avert possible sanctions. This is also in our legitimate interest.

3 Application data

When you apply for a job with us, we receive data from you. We process the data that you have sent us in connection with your application in order to check your suitability for the position and to carry out the application process. Please note that your data will be accessible to our HR department and the relevant departments for the position to be filled. For data protection reasons, please ensure that you only provide the data required for the application. The legal basis for the processing of your personal data in application procedures is Section 26 BDSG and Art. 6 para. 1 b) GDPR. Accordingly, the processing of data required in connection with the decision on the establishment of an employment relationship is permitted. Should the data be required for legal prosecution after completion of the application process, data processing may be permitted on the basis of the requirements of Art. 6 para. 1 lit. f) GDPR, to safeguard legitimate interests. Our interest then lies in the assertion of or defense against claims.

Applicant data will be deleted after 6 months at the latest in the event of a rejection. In the event that you have consented to your personal data being stored further, we will transfer your data to our applicant pool. There the data will be deleted after two years. If you have been accepted for a position as part of the application process, the data will be stored permanently for the purpose of implementing the employment relationship. You can change or delete your application at any time and revoke any consent you may have given at any time.

4 Data processing in the context of the website

4.1 Log files, hosting

The server statistics automatically store data that the browser transmits to us as part of our legitimate interest in analysis and for security reasons (so-called “log files”).

In detail, this is the following data:
– Language and version of the browser software
– Operating system used and its interface
– Referrer URL (the previously visited page)
– Host name of the accessing computer (IP address)
– Date and time of the server request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Amount of data transferred
– Access status/ HTTP status code

As a rule, we cannot assign this data to specific persons. This data is not merged with other data sources. The data is also deleted within 7 days after a statistical evaluation. Data whose further retention is required for evidence purposes is excluded from deletion until final clarification of the respective incident.

We make use of hosting services. These serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services in order to maintain the operation of this online offering.
We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offering on the basis of our legitimate interests in the efficient and secure provision of this online offering.

4.2 Making contact

When you contact us, e.g. by e-mail, your details will be stored by us in order to answer your questions.
Your data will not be passed on to third parties unless applicable data protection regulations justify a transfer or we are legally obliged to do so. You can revoke your consent at any time with effect for the future. In the event of revocation, your data will be deleted immediately, unless there is a legal exception for further processing. Your data will otherwise be deleted once we have processed your request or the purpose of storage no longer applies and there are no other legal exceptions to the contrary.

4.3 Cookies

Cookies are small text files that are stored on your end device and through which certain information flows to the location that sets the cookie. They are used to make the website more user-friendly and effective and/or to make it easier for you to navigate our website.
We only set cookies that are not absolutely necessary with your consent. You can revoke this consent at any time for future use.
Consent is voluntary and you can also use our website without accepting cookies. You can also configure your browser settings according to your wishes and, for example, refuse to accept third party cookies or all cookies or delete cookies that have already been saved. If you do not accept cookies, please note that our website may not function properly in this case. Unless we provide other information on the individual topics mentioned in this privacy policy or in the cookie banner, the lifespan of cookies is 24 months.
You can find out which function on our website sets cookies in the individual function descriptions in our privacy policy and in the cookie banner.

5 Information for interested parties

If you, as our contractual partner, have concluded a contract for our services, we will offer you further information about our own similar services via the e-mail address sent to you when the contract was concluded (Section 7 III UWG). You can object to this mailing at any time.
These mailings are sent on the basis of our legitimate interest in advertising.

6 Forwarding of the data: General and contractual purpose

We pass on data to third parties if this is necessary for the fulfillment of the contract and / or if we are legally obliged and / or entitled to do so in individual cases. The data is typically passed on to contracted service providers, including hosting, operation, maintenance and support of IT systems, communication systems and disposal under certain circumstances. In addition, your data may also be transmitted to postal or delivery services, your bank, tax consultants/auditors and lawyers.

6.1 Use of audio – video conferencing

Among other things, we use and offer online conferencing tools for our communication and the holding of online meetings. This is done on the basis of your consent to participate in online meetings and communications.
If you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by us and the provider of the conference tool.
The scope of the data also depends on the data you provide before or during participation. The following personal data is subject to processing, depending on the information you provide:
User details: first name, surname, telephone, email address, password, profile picture, department
Meeting metadata: Topic, description (optional), participant LP addresses, device/hardware information
For recordings: Video, audio and presentation recordings, text file of the online meeting chat.
When dialing in by phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device may be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an online conference. In this respect, the text entries you make are processed in order to display them in the online conference and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time.
To take part in an online conference or enter the “meeting room”, you must at least provide information about your name. This can always be pseudonymized.
For further information on data processing by the conference tools used, please refer to the data protection declarations of the respective tools used.

Transcription of video meetings

In the context of video meetings, a transcription of the meeting may be made if necessary. The transcription is used to record and follow up on the content and is used exclusively for internal purposes.
The processing takes place exclusively on the basis of your informed consent. At the beginning of the meeting, all participants will be explicitly informed about the transcription. They will be given the opportunity to give or refuse their consent.
Participants who do not consent to transcription will not be able to use the video and audio function during the meeting, but will still be able to communicate via the chat function and listen to the meeting.
Transcripts and any recordings will only be stored for as long as is necessary for the respective purposes (e.g. follow-up, minutes) and in accordance with the statutory retention periods.
Transcription is carried out using the services of the respective meeting tool provider. It cannot be ruled out that data will be transferred to third countries (in particular the USA). The respective data protection provisions of the providers apply.

7 Tools in the context of the operation of the website and online services

In some cases, we use tools and external service providers within the scope of your consent or our legitimate interests with regard to analysis, optimization and economic operation of the online offer. If you have given your consent for tools that are not necessary for the operation of the website, you can have these settings changed again at any time. We list our service providers below.
If your data is to be used for other purposes, we will inform you in advance and only use the data if you have given your express prior consent.

7.1 Google

We use services for which Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) is responsible within the scope of your consent for the optimization and economic operation of our online offer.
Google LLC is certified under the Data Privacy Framework and EU standard contractual clauses have been concluded, so that possible measures have been taken to ensure compliance with European data protection law.

7.1.1 Google YouTube

We use the provider YouTube, a Google service, to embed videos.
These videos are stored on www.youtube.com and can be played directly from our website. YouTube uses cookies for data collection and statistical data analysis. YouTube uses cookies, among other things, to collect reliable video statistics, to prevent fraud and to improve user-friendliness. The information generated by the cookie about your use of this website (including your IP address) is also transmitted to YouTube servers in the USA and stored there. Your IP address cannot be assigned unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in. If you do not want this, you must log out of your YouTube account and your other Google accounts.
YouTube cookies provide us with statistical values for the retrieval of individual videos embedded in the website without any reference to the respective user.
The embedded videos from YouTube are used within the scope of the permitted use by YouTube, which all users must accept. If you see any copyright infringements, please report this directly to YouTube. We use embedded YouTube videos in extended data protection mode. This means that YouTube does not store cookies for a user who views a website with an embedded YouTube video player but does not click on the video to start playback. If the YouTube video player is clicked, YouTube may store cookies on the user’s computer. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by YouTube. For more information on YouTube’s official data protection policy, please visit https://www.google.de/intl/de/policies/privacy/ and https://support.google.com/youtube/answer/171780?hl=de.

7.1.2 Google Ads

Based on your consent, this website uses Google AdSense or Ads, a service designed to facilitate or enable the placement of advertisements and the evaluation of the success of ads placed. The service uses so-called “cookies”, text files which are stored on your computer and which enable your use of the website to be analyzed. It also uses so-called web beacons (invisible graphics). These web beacons can be used to analyze information such as visitor traffic on these pages. The information generated by cookies and web beacons about the use of this website (including your IP address) and the delivery of advertising formats is transmitted to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google and authorities. However, Google will not merge your IP address with other data stored by you.
For more information on the purpose and scope of data collection and processing by Google, as well as your rights in this regard and setting options to protect your privacy, please refer to the general data protection information https://www.google.com/policies/privacy/, specifically at: https://business.safety.google/privacy/

7.1.3 Google API

We use the Google APIs service on our website, an interface software to link different applications with each other and to transfer personal data securely from one application to another. Business processes are cheaper, faster and more error-free when they are automated with the help of software via interfaces. In this way, they can be efficiently integrated into
business processes via the company’s own website or social networks. Processing only takes place if you consent to this data processing.
Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy.

7.1.4 Google DoubleClick

We use the online marketing process Google “Doubleclick” to integrate ads in the Google advertising network. Double Click is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This means that ads within our online offering are displayed in a more targeted manner and users are only shown ads that potentially appeal to their interests and in which they have already shown an interest on other websites in the network, for example. (“remarketing”). For these purposes, when our and other websites on which the Google advertising network is active are accessed, Google executes a Google code directly and so-called (re)marketing tags are integrated into the website. This places an individual cookie on the user’s device (comparable technologies can also be used instead of cookies). This cookie records which websites the user has visited, what content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visit time and other information about the use of the online offer.
The IP address of the user is also recorded, whereby this is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. Google may also combine the aforementioned information with such information from other sources.
User data is processed pseudonymously within the Google advertising network. This means that, from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
For more information about Google’s use of data, setting and objection options, please refer to Google’s privacy policy (https://policies.google.com/technologies/ads)

7.1.5 Google Fonts

Google web fonts are used to visually improve the presentation of various information on this website. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. When the page is accessed, no cookies are set for the website visitor. Data that is transmitted in connection with the page view is stored locally by us. Data is not forwarded to Google.
You can find information on the data protection conditions of Google Web Fonts at: https://developers.google.com/fonts/faq#Privacy General information on data protection can be found in the Google Privacy Center at: https://policies.google.com/privacy?hl=de-DE

7.1.6 Google Static

We use the Google Static service on our website as a necessary content delivery network (CDN) in order to optimize the performance and availability of our website. For this purpose, Google, which provides this network, processes your IP address and the information about when you visited our website.
Further information can be found in the provider’s data protection information at the following URL: https://business.safety.google/privacy

7.2 OpenStreetMap

On the basis of your consent, we integrate the maps of the “OpenStreetMap” service (https://www.openstreetmap.de), which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, United Kingdom, (OSMF).
To the best of our knowledge, OpenStreetMap uses user data exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. During interactions, a connection to the servers of the OpenStreetMap Foundation is established and data is transferred to the OpenStreetMap Foundation in order to display embedded maps. Further information on data protection in connection with OpenStreet Map can be found in the data protection information of the OpenStreetMap Foundation: https://wiki.osmfoundation.org/wiki/Privacy_Policy
When a connection is established to display the maps, the following data is transmitted to OpenStreetMap servers: IP address, browser and device used, operating system, website from which you were redirected to the OpenStreetMap Foundation page (referring web page) and the date and time of your visit to the website.
If you have a user account with OpenStreetMap and are logged in there when you visit our website, the following data is also transmitted to the OpenStreetMap servers: user ID, e-mail address associated with your account and content blocked by the user and associated messages.

7.3 Borlabs cookie banner

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. Borlabs Cookie does not process any personal data.
The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

7.4 Font Awesome

This website uses so-called web fonts provided by Fonticons, Inc, 6 Porter Road, Apartment 3R, Cambridge, MA 02140, United States, for the uniform display of fonts. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.
Further information about Font Awesome can be found at https://fontawesome.com/help and in the Fonticons, Inc. privacy policy: https://fontawesome.com/privacy.

7.5 WPML

We use the WPML service of the provider OnTheGoSystems Ltd, 22/F 3 Lockhart Road, Wanchai, Hong Kong, China on our website. As this service is hosted locally on the web server, no data is transferred to third parties.
This application is required to ensure the unrestricted functionality of the website. This is a language tool which is considered essential.

8 Data storage outside the EU/EEA

Where indicated in the individual tool descriptions, we use tools from US third-party providers. Insofar as this is necessary for the purposes communicated, your IP address may be processed outside the European Economic Area, where a level of data protection corresponding to the European standard is not always consistently guaranteed and confirmed (e.g. by a suitable guarantee within the meaning of Art. 46 GDPR or an adequacy decision of the European Commission). In particular, it cannot therefore be ruled out that security authorities in a third country may gain access to your IP address without you being able to take effective legal action against this.
The IP address is transmitted to these third-party providers in accordance with Art. 49 para. 1 lit. a GDPR on the basis of your consent expressly given in the consent banner. This consent is voluntary. You can revoke it at any time with effect for the future. You will not suffer any disadvantages as a result.
In the opinion of some US third-party providers, a level of protection corresponding to the European standard is already guaranteed due to the conclusion of so-called standard contractual clauses and additional measures taken in accordance with the Schrems II case law. However, as the suitability of such measures to guarantee an adequate level of data protection is disputed, we have decided to transmit your IP address exclusively with your consent.

The certification of some companies under the Data Privacy Framework (DPF) serves to ensure the level of protection and can be requested here for the companies: https://www.dataprivacyframework.gov/s/ . This certification is sufficient as a measure to ensure an adequate level of data protection.

9 Our presence on social media

You can find us on online presences within social networks and platforms. We would like to use these presences to communicate with our customers, interested parties and users active there and to inform them about our services and our company in this way.
The processing of the personal data of the users active there is based on our legitimate interests in communication and the provision of information to and with the users. If users have given their consent to data processing on the respective social platform, the processing takes place on the basis of this consent.
If you visit one of our social media sites, we are jointly responsible with the operator of the social platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint, see section “Rights of the data subject”) both against us and against the operator of the respective social platform.
We would like to point out that, despite the joint responsibility, we do not have full influence on the data processing operations of the social platform and may forward the rights request to the respective operator in order to better process the rights of the data subject. Our options are generally based on the company policy of the respective provider.
You can find our information on storage below. We have no influence on the storage period of your data that is stored by the operator of the social platform for its own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Depending on the social platform named below, user data processing may also take place outside the European Union. EU standard contractual clauses have been agreed with the US companies or they are certified under the Data Privacy Framework (DPF), so that we have taken possible measures to ensure compliance with European data protection law.

As a rule, user data is processed by the platforms for market research and advertising purposes. For example, usage profiles can be created from the usage behavior and the resulting interests of the users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies are usually stored on the user’s computer, in which the user’s usage behavior and interests are stored. Data can also be stored in the user profiles independently of the devices used by the users. This occurs in particular if the users are members of the respective platforms and are logged in to them.
For a detailed description of the respective processing and the possibilities of objection, we refer to the following linked information from the providers.

9.1 Google/YouTube

(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated

9.2 Xing

(New Work SE, Am Strandkai 1, 20457 Hamburg)
Privacy policy/ opt-out: https://privacy.xing.com/de/datenschutzerklaerung

This privacy policy was provided by Technologiewerft GmbH.