II. Contact information for the Information Privacy Representative.
III. Definitions.
IV. General information on information processing.
I. Scope of the processing of personal information.
II. Legal basis for the processing of personal information.
III. Deletion of information and duration of storage.
V. Provision of the website and creation of log files.
I. Description and scope of the processing of information.
II. Legal basis for the processing of information.
III. Purpose of the processing of information.
IV. Duration of storage.
V. Opportunity for objection and removal
VI. Use of cookies.
I. Description and scope of the processing of information.
II. Legal basis for the processing of information.
III. Purpose of the processing of information.
IV. Duration of storage, opportunity for objection and removal
VII. Contact form and email contact
I. Description and scope of the processing of information.
II. Legal basis for the processing of information.
III. Purpose of the processing of information.
IV. Duration of storage.
V. Opportunity for objection and removal
- VIII. Information privacy in applications and application procedures.
I. Description and scope of the processing of information.
II. Registration.
III. Terms of use.
IX. Customer satisfaction survey
I. Description and scope of the processing of information.
II. Legal basis for the processing of information.
III. Purpose of the processing of information.
IV. Duration of storage.
V. Opportunity for objection and removal
XI. Social plug-ins.
III. Purpose of the processing of information.
IV. Duration of storage.
II. Legal basis for the processing of information.
V. Opportunity for objection and removal
XIII. Use of additional tools and add-ons at our website.
I. Google ReCAPTCHA..
II. Facebook
III. Instagram
V. LinkedIn
VI. Pinterest
IX. Twitter
X. XING
XI. YouTube
XIV. Hosting and subcontracting.
XV. Rights of the data subject
II. Right to rectification.
III. Right to restrict processing.
IV. Right to deletion.
V. Right to be informed.
VI. Right to data portability.
VII. Right of objection.
VIII. Right to revoke the information privacy legal declaration of consent
IX. Automated decision on a case-by-case basis including profiling.
X. Right to appeal to a supervisory authority.
XVI. Miscellaneous.
I. Name and address of the data controller and scope of application
The data controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other legal data protection provisions is:
SuMth Ug (haftungsbeschränkt) (hereinafter SuMth)
Rosenstraße 8
65189 Wiesbaden
Germany
Phone: 0611 44557539
Email: info@sumth.ai
Website: www.sumth.ai
This Information Privacy Declaration applies to SuMth’s Internet offerings, which may be accessed on the web at the domain www.sumth.de as well as the various sub-domains and related domains (hereinafter “SuMth web pages” or “this website”).
II. Contact information for the Information Privacy Representative
SuMth Unternehmergesellschaft (haftungsbeschränkt)
Data Protection Officer
Rosenstraße 8
65189 Wiesbaden
Germany
Email: datenschutz@sumth.ai
III. Definitions
The SuMth Information Privacy Declaration is based on the terminology that was used by the European issuers of directives and regulations in adopting the General Data Protection Regulation (in German: Datenschutzgrundverordnung — DSGVO). Our Information Privacy Declaration must be easily readable and understandable both for the public as well as for our customers and business partners. To ensure this, we would like to begin by defining the terminology we use.
In this Information Privacy Declaration, we use the following terms amongst others:
- a) Personal information: All information that concerns an identified or identifiable natural person (hereinafter “data subject”). A natural person is identifiable if the person can be directly or indirectly identified, especially through the assignment of an identifier such as a name, identification number, location information, on-line identifier, or one or more specific characteristics that express the physical, physiological, genetic, economic, cultural, or social identity of this natural person.
- b) Data subject: An identified or identifiable natural person whose personal information is processed by the processing controller responsible for the information.
- c) Processing: Any procedure or series of procedures, whether automated or not, associated with personal information, such as collecting, recording, organising, arranging, storing, adapting or changing, separating, retrieving, using, disclosing by transferring, disseminating or any other form of making available the comparison or link, restricting, deleting or erasing.
- d) Restriction of processing: The tagging of stored personal information for the purpose of restricting future processing.
- e) Profiling: Any form of automated processing of personal information that causes this personal information to be used to assess specific individual characteristics concerning a natural person, especially to analyse or predict this natural person’s characteristics regarding work performance, economic situation, health, personal preferences, interests, reliability, behaviour, residence or change of location.
- f) Pseudonymisation: The processing of personal information in a manner in which the personal information can no longer be associated with a specific data subject without consultation of additional information, to the extent that this additional information is separately maintained and subject to technical and organisational measures that ensure that the personal information cannot be associated with an identified or identifiable natural person.
- g) Controller or processing controller: A natural person or legal entity, authority, establishment or other place that makes decisions either solely or together with others regarding the purposes and means of processing personal information.
- h) Processor: A natural person or legal entity, authority, establishment or other place that processes the personal information on behalf of the controller.
- i) Recipient: A natural person or legal entity, authority, establishment or other place to which personal information is disclosed, regardless of whether this is a third party. Authorities who receive information that may be personal under specific mandates for investigation are not considered to be recipients.
- j) Third party: A natural person or legal entity, authority, establishment or other place other than the data subject, controller, processor, and persons directly authorised by the controller or processor to process personal information.
- k) Consent: Any expression of willingness provided for the specific case in an informed and unmistakeable way in the form of a statement or other clearly confirming action through which the data subject lets it be known that they agree with the processing of the respective personal information.
IV. General information on information processing
1. Scope of the processing of personal information
In principle, we process the personal information of our users only to the extent required to make available a functional website and our contents and services. The processing of the personal information of our users routinely takes place only following the user’s granting of consent. An exception applies in cases in which obtaining prior consent is not possible for practical reasons and the processing of the information is permitted by law.
2. Legal basis for the processing of personal information
If we obtain the data subject’s consent for the processing of personal information, European Union General Data Protection Regulation (DSGVO) Art. 6 Par. 1 letter a serves as the legal basis.
In processing personal information required to fulfil a contract to which the data subject is a contracting party, DSGVO Art. 6 Par. 1 letter b serves as the legal basis. This also applies to processing procedures that are required to carry out pre-contractual measures.
If processing of personal information is required to comply with a legal obligation to which our company is subject, DSGVO Art. 6 Par. 1 letter c serves as the legal basis.
In a case where the vital interests of the data subject or another natural person require processing of personal information, DSGVO Art. 6 Par. 1 letter d serves as the legal basis.
If the processing is required to safeguard a justified interest of our company or a third party and this interest is not outweighed by the interests, basic rights and basic freedoms of the data subject, DSGVO Art. 6 Par. 1 letter f serves as the legal basis.
3. Deletion of information and duration of storage
The personal information of the data subject will be deleted or blocked as soon as the purpose for which it was stored no longer exists. Storage can also take place if it has been provided for under European or national legislation in European Union legal regulations, laws or other provisions to which the controller is subject. Blockage or deletion of the information can also take place if a storage period stipulated under the designated standards lapses unless there is a requirement for further storage of the information for the conclusion or fulfilment of a contract.
V. Provision of the website and creation of log files
1. Description and scope of the processing of information
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
In this process, the following information is collected:
- (1) Information regarding browser type and the version used
- (2) The user’s IP address
- (3) Date and time of access
- (4) Query method, URL accessed and version of the HTTP protocol
- (5) Resulting value of the query (HTTP status code) and dimension of the request
- (6) Websites from which the user’s system accessed our website
- (7) Websites that are accessed from the user’s system via our website
The information is also stored in the log files of our system. Not included here are user’s IP addresses or other data that enable the information to be associated with a user. Storage of information together with other personal information pertaining to the user either does not take place or takes place only in an anonymised form.
2. Legal basis for the processing of information
The legal basis for the temporary storage of the information is DSGVO Art. 6 Par. 1 letter f.
3. Purpose of the processing of information
The temporary storage of IP addresses by the system is necessary to enable delivery of the website to the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.
Storage in the log files takes place to ensure the functionality of the website. In addition, the information helps us improve the website and ensure the security of our information systems technology. Assessment of the information for marketing purposes does not take place in this context.
For these purposes, our justified interest in the information processing is based on DSGVO Art. 6 Par. 1 letter f.
4. Duration of storage
The information will be deleted as soon as the fulfilment of the purpose for which it was collected no longer requires this information. In the event that information is captured when the website is made available, this occurs when the respective session comes to an end.
In the event that data is stored in log files, this occurs no later than 60 days after the session. Temporary storage is possible. In this case, the users’ IP addresses are deleted or altered such that it is no longer possible to associate these with the accessing client.
5. Opportunity for objection and removal
The recording of information when the website is made available and the storage of information in log files are essential to the operation of the website. For this reason, it follows that there is no opportunity for the user to raise an objection.
VI. Use of Cookies
1. Description and Scope of the Processing of Information
Our website uses cookies. Cookies are text files that are stored in the Internet browser and transferred from the Internet browser to the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character sequence that enables an explicit identification of the browser when it accesses the website again.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser also be identifiable when moving to another page.
The user’s information collected in this manner is pseudonymised through technical means. In this way, the information on the accessing user can no longer be associated with that user. The information is not stored together with other personal information pertaining to the user.
Upon accessing our website, the user is given notice regarding the use of cookies for purposes of analysis and about this Information Privacy Declaration. In this connection, there is also a tip on how to block the storage of cookies in the browser settings.
Switching on the “Do Not Track” function in popular browsers:
- Firefox: Support Link
- Internet Explorer: Support Link
- Chrome: Support Link
- Edge: Support Link
Please take care to set your browser in such a way that you will be informed when cookies are placed and can make an individualized decision regarding their acceptance or the acceptance of cookies in certain cases or block them altogether. Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You will find this for the respective browsers under the following links:
- Firefox: Support Link
- Internet Explorer: Support Link
- Chrome: Support Link
Note: Please be aware that not accepting cookies can limit the functionality of our website.
*Category
a) Required by the technology
These are absolutely essential cookies that are needed for you to access a website and make use of its features. Without these cookies, some functions cannot be guaranteed.
b) Performance
Performance cookies collect information about the use patterns of a website — essentially, which pages a visitor accesses most frequently and whether the user receives error messages from a page. These cookies do not store information that can permit identification of the user. The information they collect is aggregated and thereby assessed anonymously. These cookies are used exclusively to improve the performance of a website and as a result the user experience.
c) Third-party provider
Third-party cookies are created by embedded plug-ins or add-ons to our website. Examples of these include our live chat system and our Google analysis.
2. Legal Basis for the Processing of Information
The legal basis for the processing of personal information by using technically necessary cookies is DSGVO Art. 6 Par. 1 letter f. The legal basis for the processing of personal information by using cookies for the purpose of analysis is DSGVO Art. 6 Par. 1 letter a in the existence of consent of the user for this purpose.
3. Purpose of the Processing of Information
The purpose of using technologically necessary cookies is to simplify the use of the website for the users.Some functions of our website cannot be offered without the use of cookies. These pages require that the browser be recognised after each page change. The user information collected by technologically necessary cookies is not used to create user profiles. The use of analysis cookies takes place for the purpose of improving the quality of our website and its contents. By analysing cookies, we learn how the website is used and in this way, we can constantly improve our offerings. The only analysis cookies we currently use are the cookies for using the Google analytics. For these purposes, our justified interest in the processing of personal information is based on DSGVO Art. 6 Par. 1 letter f.
4. Duration of Storage, Opportunity for Objection and Removal
Cookies are stored on the user’s computer and are not transmitted from there to our page.This means that you, the user, also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also happen automatically. If cookies are deactivated for our website, it is possible that not all website functions will continue to be fully accessible. You can obtain the pre-set expiry time for the respective cookies by consulting the list at chapter VI. number 1.
VII. Contact Form and Email Contact
1. Description and Scope of the Processing of Information
There is a contact form at our website that can be used to contact us electronically. When a user takes advantage of this opportunity, the information entered in the input mask is sent to us and stored. This information includes:
- Name (optional)
- Company (optional)
- Location (optional)
- Email address (optional depending on contact selected)
- Telephone number (optional depending on contact selected)
At the moment the information is sent, the following information will also be stored:
- The user’s IP address
- Date and time of access
Alternatively, it is possible to establish contact via the provided email address. In this case, the user’s personal information will be stored with the email message you send.
In this context, no information is disclosed to third parties. The information is used exclusively for processing the conversation.
2. Legal Basis for the Processing of Information
The legal basis for the processing of the data is Art. 6 para. 1 lit. f DSGVO.
The legal basis for the processing of information transmitted in the process of the sending of an email message is DSGVO Art. 6 Par. 1 letter f. If the email contact is for the purpose of concluding a contract, the additional legal basis for the processing is DSGVO Art. 6 Par. 1 letter b.
3. Purpose of the Processing of Information
The processing of personal information from the input mask only helps us process the contact itself. In the case of a contact via email, there is a closely related justifiable interest in the processing of the information. The other personal information processed during sending serves to avoid misuse of the contact form and ensure the security of our information system technology.
4. Duration of Storage
The information will be deleted as soon as the fulfilment of the purpose for which it was collected no longer requires this information. For personal information from the contact form’s input mask and that which was sent via email, this occurs when the respective conversation with the user has ended. The conversation is over when the circumstances indicate that the relevant content has been conclusively clarified.
The personal information additionally collected during the sending procedure will be deleted after a period of no longer than seven days.
5. Opportunity for Objection and Removal
The user has the possibility at any time to object to the storage of personal data. If the user contacts us by e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VIII. Information Privacy in Applications and Application Procedures
1. Description and Scope of the Processing of Information
SuMth collects and processes personal information of applicants for the purpose of implementing the application process. The processing can take place electronically. This is especially the case if an applicant sends corresponding application documents electronically, such as by email, to the controller. If the controller contracts to hire the applicant, the transferred information is stored for the purpose of executing the employment relationship in conformity with provisions of the law.
If the applicant is not hired by the controller, the application documents are automatically deleted six months after the decision not to hire the applicant, provided that the controller has no other justified interest in processing that would prevent the deletion. An example of another justified interest, in this sense, could be a procedural burden of proof in compliance with the General Treatment Act (Allgemeiner Gleichbehandlungsgesetz – AGG).
2. Registration
This website offers users to create a user account. Within the scope of this registration, mandatory information will be provided based on DSGVO Art. 6 Par. 1 letter b for the purpose of providing the user account itself. Processed information especially includes any login information (name, password as well as email address). Any information provided within the scope of this registration will be used for the purpose of using the user account and its purpose.
Users can be informed by email about information relevant to the user account, e.g., technical changes. If users have cancelled their user account, data in regard to this user account will be deleted in accordance with the legal provisions for record retention. It rests with the user to back up their data before the contract ends. We are authorized to irretrievably delete all information recorded during the duration of the contract.
Within the scope of using our registration and login functionalities as well as using the user account, IP address and time of access will be saved. The storage takes place based on our legitimate interests, amongst others for protection against misuse and any other unauthorized use. Forwarding this data to third parties will only occur if necessary to pursue our claims or in case of statutory obligations in accordance with DSGVO Art. 6 Par. 1 letter c. IP addresses are anonymized or deleted at the latest 7 days after creation.
3. Terms of Use
a) General Obligations of the User
You agree to use the career portal and the online application form in accordance with their proper purpose. Furthermore, you promise not to use our services to distribute illegal content or to violate the rights of third parties. In particular, it is forbidden to distribute materials that are pornographic, extremist, racist, or harmful to minors; it is also forbidden to intentionally send viruses or misuse applications for breaking into another network, host, or account.
You give us your permission to send all communication concerning your usage of our services via email unless another path of communication is provided for under mandatory statutory law.
b) Liability
You will be held liable for all content you place on the career portal and the online application forms, e.g., texts, photographs, graphics, files, links, etc. You promise not to violate any trademarks, copyrights, personal rights, or other third-party rights.
SuMth is only liable for contents in accordance with the German Teleservices Act and the Interstate Media Services Agreement for foreign content when (1) SuMth knows of illicit actions or contents and, in case of damage claims, is familiar with the facts or circumstances under which the illicit actions or contents become manifest, or (2) SuMth does not act to remove illicit contents or to block access to them immediately after these have come to its attention.
c) Violating Terms of Use
SuMth reserves the right to remove illicit contents (e.g., contents that violate legal or regulatory statutes or offend against good morals) from portal applications without having previously warned the offending user. SuMth also reserves the right to temporarily or permanently block users that violate these terms of use. The offending user will be immediately notified if such measures are taken. Blocked users are not entitled to compensation.
IX. Customer Satisfaction Survey
1. Description and Scope of Data Processing
The following data is collected in the course of the customer satisfaction survey:
- Name of the firm
At the time the message is sent, the following data will also be stored:
- The IP address of the user
- Date and time of registration
The data will not be passed on to third parties in this context. The data is used exclusively for the processing of the customer satisfaction inquiry. All analyses of the results take place exclusively in anonymous form.
2. Legal Basis for Data Processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. f DSGVO.
3. Purpose of the Data Processing
The processing of personal data from the input mask serves SuMth solely for the processing and analysis of the customer satisfaction survey and the derivation of measures. The other personal data processed during the sending process serve to prevent misuse of the customer satisfaction survey and to ensure the security of our information technology systems.
4. Duration of Storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the customer satisfaction survey, this is the case when the business relationship has ended and potential new initiation of business is no longer relevant.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of Objection and Removal
The user has the possibility to object to the storage of their personal data at any time. In such a case, the data collected will be restricted, and all personal data will from now on only be stored anonymously.
X. Social Plug-ins
1. Description and Scope of the Processing of Information
Our web pages incorporate plug-ins for the following social networks:
- Youtube
Further information regarding the social plug-ins listed above may be found at Section X “Use of additional tools and add-ons at our website”.
When you use these plug-ins, personal information is transferred to the respective social networks and stored. Amongst other things, this information includes:
- IP addresses
- Stored cookies
- User log-ins to the social networks (if the user is actively logged in)
- Web page visited
- Time of visit
2. Legal Basis for the Processing of Information
The legal basis for the use of social plug-ins is DSGVO Art 6 Par. 1 letter f. The legal basis for the processing of the information is DSGVO Art. 6 Par. 1 letter a in the existence of consent of the user. Voluntary consent is assumed under the double-click variant or any alternative use of the plug-in.
3. Purpose of the Processing of Information
SuMth’s justified interest and our purpose in using social plug-ins is to make the wider public more aware of our offerings. The social networks are responsible for handling the information of their users in a manner that complies with information privacy.
4. Duration of Storage
The networks themselves are responsible for handling the information in conformity with information privacy.
5. Opportunity for Objection and Removal
Users have the opportunity at any time to revoke their consent to the processing of their personal information. In this case, the objection must be directed to the respective social networks.
XII. Use of Additional Tools and Add-ons at Our Website
1. Google reCAPTCHA
At this website, we also use the reCAPTCHA function by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function primarily assists in distinguishing whether an entry is made by a natural person or improperly by mechanical and automated processing. The service includes the sending to Google of the IP addresses and possibly other information required by Google for the reCAPTCHA service in accordance with DSGVO Art. 6 Par. 1 letter f, based on our justified interest in the determination of the authenticity of individual Internet transactions and the avoidance of misuse and spam.
Google LLC, with headquarters in the United States, is certified for the US-European “Privacy Shield” information privacy agreement that ensures compliance with the level of information privacy applicable in the EU.
Further information regarding Google reCAPTCHA as well as Google’s Information Privacy Declaration can be examined at https://www.google.com/intl/de/policies/privacy/.
2. Facebook
SuMth has integrated components of Facebook, Inc. into this website. Facebook is a social network.
A social network is an Internet-driven social meeting place, an online community that generally enables users to communicate with one another and to integrate in virtual space. A social network can serve as the platform for the exchange of opinions and experiences or it enables the Internet community to provide personal or business-related information. Amongst other functions, Facebook assists the users of the social network in creating private profiles, uploading photos, and networking via friend requests.
Facebook’s operating company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The controller for the processing of personal information of data subjects residing outside the United States or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For each accession of an individual page of this website operated by the controller and featuring an integrated Facebook component (Facebook plug-in), the Internet browser on the data subject’s information technology system is automatically permitted by the respective Facebook components to download from Facebook a depiction of the corresponding Facebook components. A general overview of all Facebook plug-ins can be requested at this link. In the context of this technical process, Facebook learns which specific sub-page of our website is visited by the data subject.
If the data subject is logged into Facebook at this time, each time the data subject accesses our website, and for the duration of the respective session at our website, Facebook detects which specific sub-page of our website is being visited by the data subject. This information is compiled by the Facebook components and associated with the respective data subject’s Facebook account. If the data subject activates one of the Facebook buttons integrated into our website, such as the “like” button, or if the data subject leaves a comment, Facebook associates this information with the data subject’s individual Facebook user account and stores this personal information.
Via the Facebook components, Facebook always receives information that the data subject has visited our website; if the data subject is concurrently logged into Facebook at the time of the accession, this happens whether or not the data subject has clicked the Facebook component. If the data subject does not want this information transferred to Facebook, this transfer can be blocked by logging out of the Facebook account prior to accessing our website.
The data guidelines published by Facebook, accessible at this link, provide information regarding Facebook’s collection, processing, and use of personal information. There is also an explanation of the settings offered by Facebook to protect the data subject’s privacy. In addition, various applications are available to enable suppression of information transfer to Facebook. Such applications can be used by the data subject to suppress information transfer to Facebook.
3. Instagram
SuMth has integrated components of the Instagram app into this website. Instagram is an app that qualifies as an audio-visual platform; it facilitates user sharing of photos and videos and additionally enables such information to be disseminated further into other social networks.
The company is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
For each accession of an individual page of this website operated by the controller and featuring an integrated Instagram component (insta-button), the Internet browser on the data subject’s information technology system is automatically permitted by the respective Instagram components to download from Instagram a depiction of the corresponding Instagram components. In the context of this technical process, Instagram learns which specific sub-page of our website is visited by the data subject.
If the data subject is logged into Instagram at this time, each time the data subject accesses our website, and for the duration of the respective session at our website, Instagram detects which specific sub-page of our website is being visited by the data subject. This information is compiled by the Instagram components and associated with the respective data subject’s Instagram account. If the data subject activates one of the Instagram buttons integrated into our website, the data and information being transmitted are associated with this information with the data subject’s individual Instagram user account and stored and processed by Instagram.
Via the Instagram components, Instagram always receives information that the data subject has visited our website; if the data subject is concurrently logged into Instagram at the time of the accession, this happens whether or not the data subject has clicked the Instagram component. If the data subject does not want this information transferred to Instagram, this transfer can be blocked by logging out of the Instagram account prior to accessing our website.
Further information and applicable Instagram information privacy provisions can be accessed at this link and this link.
4. LinkedIn
SuMth has integrated components from the LinkedIn Corporation into this website. LinkedIn is an Internet-based social network that facilitates the user’s connection to existing business contacts and links to new business contacts. Over 400 million registered persons in more than 200 countries use LinkedIn. This makes LinkedIn one of the largest platforms for business contacts and one of the world’s most frequently visited websites.
LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for information privacy matters outside the United States.
For each individual access of our website, which features a LinkedIn component (LinkedIn plug-in), this component allows a corresponding depiction of the component from the browser used by the data subject to be downloaded by LinkedIn. Additional information on LinkedIn plug-ins can be obtained at this link. In the context of this technical process, LinkedIn learns which specific sub-page of our website is visited by the data subject.
If the data subject is logged into LinkedIn at this time, each time the data subject accesses our website, and for the duration of the respective session at our website, LinkedIn detects which specific sub-page of our website is being visited by the data subject. This information is compiled by the LinkedIn components and associated with the respective data subject’s LinkedIn account. If the data subject activates one of the LinkedIn buttons integrated into our website, LinkedIn associates this information with the data subject’s individual LinkedIn user account and stores this personal information.
Via the LinkedIn components, LinkedIn always receives information that the data subject has visited our website; if the data subject is concurrently logged into LinkedIn at the time of the accession, this happens whether or not the data subject has clicked the LinkedIn component. If the data subject does not want this information transferred to LinkedIn, this transfer can be blocked by logging out of the LinkedIn account prior to accessing our website.
LinkedIn provides the opportunity to administer email messages, text messages, and targeted advertisements along with advertisement settings at this link. In addition, LinkedIn uses partners like Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame, who can place cookies. Such cookies can be blocked at this link. LinkedIn’s relevant information privacy provisions are accessible at this link, and LinkedIn’s cookie guidelines are accessible at this link.
5. Pinterest
SuMth has integrated components from Pinterest Inc. into this website. Pinterest is known as a social network—an Internet-driven social meeting place and an online community that enables users to communicate, share opinions, and provide personal or business-related information. Pinterest facilitates the dissemination of image collections, individual images, and descriptions on virtual pin walls (a process known as pinning) that can be shared (re-pinned) or discussed by other users.
Pinterest’s operating company is Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA.
For each accession of an individual page of this website operated by the controller and featuring an integrated Pinterest component (Pinterest plug-in), the Internet browser on the data subject’s information technology system is automatically permitted by the respective Pinterest components to download from Pinterest a depiction of the corresponding Pinterest components. More detailed information on Pinterest is accessible at this link. In the context of this technical process, Pinterest learns which specific sub-page of our website is visited by the data subject.
If the data subject is logged into Pinterest at this time, each time the data subject accesses our website, and for the duration of the respective session at our website, Pinterest detects which specific sub-page of our website is being visited by the data subject. This information is compiled by the Pinterest components and associated with the respective data subject’s Pinterest account. If the data subject activates one of the Pinterest buttons integrated into our website, Pinterest associates this information with the data subject’s individual Pinterest user account and stores this personal information.
Via the Pinterest components, Pinterest always receives information that the data subject has visited our website; if the data subject is concurrently logged into Pinterest at the time of the accession, this happens whether or not the data subject has clicked the Pinterest component. If the data subject does not want this information transferred to Pinterest, this transfer can be blocked by logging out of the Pinterest account prior to accessing our website.
The data guidelines published by Pinterest, accessible at this link, provide informative details regarding Pinterest’s collection, processing, and use of personal information.
6. Twitter
SuMth has integrated Twitter components into this website. Twitter is a multilingual, publicly accessible microblogging service through which users can send and disseminate “tweets”—short messages limited to 280 characters. These tweets may be accessed by anyone, not just registered Twitter users. Additionally, tweets are displayed to the “followers” of the respective user. Followers are other Twitter users who follow a specific user’s tweets. Moreover, Twitter facilitates discourse with a broader public through hashtags, links, or retweets.
Twitter’s operating company is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
For each access to an individual page of this website operated by the controller and featuring an integrated Twitter component (Twitter button), the Internet browser on the data subject’s system is automatically prompted by the Twitter components to download a depiction of the corresponding Twitter components. Further information about Twitter buttons is accessible at this link. In this process, Twitter learns which specific sub-page of our website has been visited by the data subject. The purpose of integrating Twitter components is to enable users to share our website content, enhance its digital visibility, and increase visitor engagement.
If the data subject is logged into Twitter at this time, each time the data subject accesses our website, and for the duration of their session, Twitter detects which specific sub-page of our website is being visited. This information is compiled by the Twitter components and associated with the data subject’s Twitter account. If the data subject activates a Twitter button integrated into our website, the data and information transmitted are linked to the data subject’s individual Twitter user account and stored by Twitter.
Through the Twitter components, Twitter always receives information that the data subject has visited our website. If the data subject is logged into Twitter at the time of access, this occurs whether or not the data subject has clicked the Twitter component. If the data subject does not want this information transferred to Twitter, this transfer can be prevented by logging out of the Twitter account before accessing our website.
LinkedIn’s relevant information privacy provisions are accessible at this link.
7. Xing
SuMth has integrated Xing components into this website. Xing is an Internet-based social network that facilitates the user’s connection to existing business contacts and links to new business contacts. Individual users can create a personal profile, while companies can create a company profile or publish job postings on Xing.
Xing is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Deutschland.
For each access to an individual page of this website operated by the controller and featuring an integrated Xing component (Xing plug-in), the Internet browser on the data subject’s system is automatically prompted by the Xing components to download a depiction of the corresponding Xing components. Additional information on Xing plug-ins can be found at this link. In this process, Xing learns which specific sub-page of our website has been visited by the data subject.
If the data subject is logged into Xing at this time, each time the data subject accesses our website, and for the duration of their session, Xing detects which specific sub-page of our website is being visited. This information is compiled by the Xing components and associated with the data subject’s Xing account. If the data subject activates one of the Xing buttons integrated into our website, such as the “share” button, Xing associates this information with the data subject’s individual Xing user account and stores this personal information.
Through the Xing components, Xing always receives information that the data subject has visited our website. If the data subject is logged into Xing at the time of access, this occurs whether or not the data subject has clicked the Xing component. If the data subject does not want this information transferred to Xing, this transfer can be prevented by logging out of the Xing account before accessing our website.
The data guidelines published by Xing, accessible at this link, provide information about Xing’s collection, processing, and use of personal information. Additionally, Xing has published information privacy tips for the XING share button at this link.
8. YouTube
SuMth has integrated components of YouTube into this website. YouTube is an Internet video portal that enables video publishers to upload video clips at no cost and allows other users to view, evaluate, and comment on them without any charge. YouTube permits the publication of all types of videos, including complete films, television programs, music videos, trailers, and user-generated content.
YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Through its certification under the EU-US Privacy Shield, Google and its YouTube subsidiary guarantee that the EU information privacy provisions will be observed, even when information is processed in the United States. More information about this certification is available at this link.
We use YouTube in connection with the “Expanded Information Privacy Mode” to display videos for you. The legal basis for this is DSGVO Art. 6 Par. 1 letter f), which justifies our interest in improving the quality of our Internet presence. According to YouTube, the “Expanded Information Privacy Mode” ensures that data is only transmitted to YouTube if you actually play a video.
Without this “Expanded Information Privacy Mode,” a connection to the YouTube server in the United States is established as soon as you access one of our web pages with an embedded YouTube video. This connection is required to play the respective video on our website through your Internet browser. Consequently, YouTube minimally collects and processes your IP address, the date, time, and the website you visit, while also connecting to Google’s “DoubleClick” advertising network.
If you are logged into YouTube while visiting our website, YouTube associates the connection with your YouTube account. If you wish to avoid this, please log out from your YouTube account before visiting our website or adjust your YouTube account settings accordingly.
To analyze user behavior and enhance functionality, YouTube uses cookies on your device through your Internet browser. If you do not agree with this, you can block cookies through your browser settings. For detailed information on this, please refer to the “cookies” section above.
For more information regarding the collection and use of information and your rights and privacy options, please refer to Google’s privacy policy at this link.
XIII. Hosting and Subcontracting
Hosting and maintenance are done in-house by SuMth.
XIV. Rights of the Data Subject
The following list covers all rights of the data subject under the DSGVO. Rights that are not relevant to the specific website are not required to be listed. Therefore, the list can be shortened.
If your personal information is processed, you are considered a data subject under the DSGVO and have the following rights against the controller:
1. Right to Information
You can request a confirmation from the controller whether personal information concerning you is being processed.
If such processing is taking place, you can request the following information from the controller:
- The purposes for which the personal information is being processed;
- The categories of personal information that are being processed;
- The recipients or categories of recipients to whom the personal information has been or will be disclosed;
- The expected duration of storage or, if not determinable, the criteria for determining this duration;
- The existence of the right to rectification or deletion, restriction of processing, or objection to processing;
- The right to lodge a complaint with a supervisory authority;
- Information about the source of the data if not collected from the data subject;
- The existence of automated decision-making, including profiling, under DSGVO Art. 22 Pars. 1 and 4 — with meaningful details about the logic involved and the potential impact on the data subject.
Additionally, you may request information about whether your personal data will be transferred to a third country or an international organization and the appropriate safeguards in accordance with DSGVO Art. 46.
2. Right to Rectification
If your personal information is incorrect or incomplete, you have the right to request correction or completion from the controller. The controller must promptly rectify the data.
3. Right to Restrict Processing
You can request the restriction of processing under the following conditions:
- If you dispute the accuracy of your data for a duration that allows the controller to verify its accuracy;
- If the processing is unlawful, but you prefer restriction over deletion;
- If the controller no longer needs the data, but you require it for legal claims;
- If you have objected to processing under DSGVO Art. 21 Par. 1 and the balance of interests has not been determined.
If processing is restricted, your data may only be processed (apart from storage) with your consent or for legal claims, to protect another person’s rights, or due to significant public interest.
You will be informed before any restriction on processing is lifted.
4. Right to Deletion (“Right to be Forgotten”)
a) Obligation to Delete: You can request the prompt deletion of your personal information if:
- It is no longer needed for the purposes collected;
- You withdraw consent under DSGVO Art. 6 Par. 1(a) or Art. 9 Par. 2(a);
- You object under DSGVO Art. 21 Par. 1, and there are no overriding legitimate grounds;
- The processing was unlawful;
- Deletion is required by law under EU or Member State regulations;
- The data was collected in relation to information society services under DSGVO Art. 8 Par. 1.
b) Notification to Third Parties: If your data has been made public and the controller is obliged to delete it, they must take reasonable steps to inform other controllers processing the data about your request.
c) Exceptions: Deletion is not required if processing is necessary:
- For exercising the right to free expression;
- For fulfilling a legal obligation;
- For reasons of public health interest under DSGVO Art. 9 Pars. 2(h), (i), and Art. 9 Par. 3;
- For archiving, research, or statistical purposes under DSGVO Art. 89 Par. 1;
- For asserting, exercising, or defending legal claims.
5. Right to Be Informed
If you have asserted the right to rectification, deletion, or restriction of the processing of your personal information with the controller, the controller is obligated to communicate this rectification, deletion, or restriction to all recipients to whom your personal information was disclosed. This obligation applies unless it proves impossible or involves an unreasonable effort.
You also have the right to be informed by the controller regarding these recipients to whom your personal information has been disclosed.
6. Right to Data Portability
You have the right to receive the personal information concerning you that you have made available to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this information to another controller without obstruction from the original controller, provided that:
- The processing is based on consent in accordance with DSGVO Art. 6 Par. 1 letter a or Art. 9 Par. 2, or on a contract under DSGVO Art. 6 Par. 1 letter b.
- The processing occurs through automated procedures.
Furthermore, you have the right to have your personal information transferred directly from one controller to another, provided it is technically feasible and does not negatively impact the rights and freedoms of others.
It is important to note that the right to data portability does not apply when processing personal information is necessary to perform a task in the public interest or when exercised through official authority granted to the controller.
7. Right of Objection
For reasons pertaining to your specific situation, you have the right at any time to object to the processing of your personal information based on DSGVO Art. 6 Par. 1 letter e or f, including profiling based on these provisions.
The controller will cease processing your personal information unless there are compelling, protection-worthy reasons for the processing that outweigh your interests, rights, and freedoms, or if the processing serves the purpose of asserting, exercising, or defending legal claims.
If your personal information is processed for direct advertising purposes, you have the right to object at any time to the processing of your data for such advertising. This right also extends to profiling associated with direct advertising.
Should you object to the processing for direct advertising purposes, your personal information will no longer be used for these purposes.
In connection with the use of information society services, and notwithstanding Guideline 2002/58/EC, you can exercise your right of objection through automated procedures that use technical specifications.
8. Right to Revoke the Information Privacy Legal Declaration of Consent
You have the right to revoke your information privacy legal declaration of consent at any time. Please note that the lawfulness of the processing based on your consent before its revocation remains unaffected by this action.
9. Automated Decision on a Case-by-Case Basis Including Profiling
You have the right not to be subjected to a decision based exclusively on automated processing — including profiling — that has a legal effect on you or that significantly affects you in a similar manner. This does not apply if the decision:
- is required for the conclusion or fulfillment of a contract between you and the controller,
- is allowable based on legislation of the European Union or one of its Member States to which the controller is subject, provided that reasonable measures to safeguard your rights and freedoms as well as your justified interests are in place, or
- takes place with your express consent.
Such decisions may not be based on particular categories of personal information in accordance with DSGVO Art. 9 Par. 1 unless DSGVO Art. 9 Par. 2 letter a or g applies, and reasonable measures have been found to protect your rights and freedoms as well as your justified interests.
In the cases referenced above in (1) and (3), the controller shall take reasonable steps to safeguard your rights and freedoms as well as your justified interests. These measures minimally include the right to obtain the intervention of a person, to explain your own point of view, and to challenge the decision.
As a company conscious of its responsibility, we renounce automatic decision-making and profiling.
10. Right to Appeal to a Supervisory Authority
Notwithstanding further administrative or judicial remedies under the law, you have the right to appeal to a supervisory authority, especially in the Member State of your residence, workplace, or the location of the presumed violation, if you believe that the processing of the personal information concerning you constitutes a breach of the DSGVO.
The supervisory authority to which the appeal is submitted shall inform the complainant regarding the status and outcome of the appeal, including the possibility of a legal remedy in accordance with DSGVO Art. 78.
XVI. Miscellaneous
Parts of this Information Privacy Declaration were prepared using the Information Privacy Declaration Generator of the German Information Privacy Society (DGD).
