A. Privacy Policy in accordance with GDPR


I. Name and address of controller

The controller within the meaning of the General data Protection Regulation (GDPR) and other national data protection laws of the member states and other data protection regulations is:

SCHWIND eye-tech-solutions GmbH 
Mainparkstrasse 6-10 
D-63801 Kleinostheim
Telefon: +49 (0) 6027 508 0
Email: info@eye-tech.net
Website: https://www.eye-tech-solutions.com/

II. Name and address of data protection officer

The data protection officer of the controller is:

You can contact the data protection officer of the controller at:
Data protection officer 
SCHWIND eye-tech-solutions GmbH 
Mainparkstrasse 6-10
D-63801 Kleinostheim   
Email: datenschutzbeauftragter@eye-tech.net 
Telephone: +49 (0) 6027 508 249 

III. General information on data processing

1. Scope of the processing of the personal data

We generally only process the personal data of our users insofar as necessary for the provision of a functioning website as well as our contents and services. The personal data of our users is routinely only processed with the user’s consent. Situations where it is genuinely impossible to obtain consent prior to processing the data and such processing is permitted by law form an exception to this rule. 

2. Legal basis for the processing of personal data

In the event of us obtaining consent from the data subject for the processing of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. Art. 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a contract to which the data subject is a contracting party. This also applies to processing activities required for the performance of pre-contractual measures. Art. 6 (1) lit. c GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a legal obligation to which our company is subject. Art. 6 (1) lit. d GDPR serves as the legal basis in the event of vital interests of the data subject or another natural person making it necessary to process personal data.

If data needs to be processed to maintain a legitimate interest of our company or third party and this interest is not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing. 

3. Data erasure and storage period

The personal data of the data subject is erased or blocked as soon as the purpose for its storage ceases to exist. The data may be stored for longer periods if stipulated by European or national legislation in EU regulations and directives, laws or other regulations to which the controller is subject. The data is also blocked or erased upon expiry of a storage period stipulated in one of the above standards, unless the storage of the data remains necessary for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the accessing computer system. 
The following data is collected in this case:

  1. Information on the browser type and version
  2. The user’s operating system
  3. Referrer URL
  4. Host name of the accessing computer
  5. User’s IP address
  6. Date and time of access

The data is also stored in the log files of our system. This does not apply to the user’s IP address or other data that makes it possible to allocate the data to one specific user. This data is not stored together with other personal user data.

2. Legal basis for data processing 

Art. 6 (1) lit.f GDPR is the legal basis for the temporary storage of data. 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to make it possible to transmit the website to the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose. 

These purposes also constitute our legitimate interest in processing of the data in accordance with Art. 6 (1) lit. f GDPR.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for the provision of the website, this is the case once each session has ended. 

5. Option to object or erasure

The collection of the data is crucial for the provision of the website and the storage of the data in log files for the operation of the website. The user therefore does not have any option to object. 

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the browser and/or by the browser on the user’s computer. A cookie may be stored on the user’s computer when the user accesses a website. This cookie contains a distinctive character sequence that makes it possible to clearly identify the browser when the website is accessed again. 

You can largely decide which technologies we may employ. Some of them are technically necessary to ensure that our website functions properly. Others will only be used by us with your consent. Click here to read all the necessary information:

You can change the settings at any time there, e.g. withdraw your consent with future effect.

VI. Newsletter

1. Description and scope of data processing

You can subscribe to a free of charge newsletter on our website. When you subscribe to the newsletter, the data from the input mask is transferred to us:

  • salutation
  • title
  • forename
  • surname
  • email address
  • country
  • language
  • distributor/user specification

The following additional data is collected during the subscription process:

  1. Date and time of subscription

Your consent for the processing of the data is obtained and reference made to this Privacy Policy during the subscription process.

The data is not transferred to third parties in connection with the processing of the data for the sending of newsletters. The data is used exclusively for sending the newsletters.

2. Legal basis for data processing

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data upon the user subscribing to the newsletter if the user has given consent.

3. Purpose of data processing

The user’s email address is collected in order to send the newsletter. 

The other personal data is collected during the subscription process in order to prevent misuse of the services or email address used.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. The user’s email address is therefore stored for as long as the user subscribes to the newsletter. 

The other personal data collected during the subscription process is generally erased after seven days.

5. Option to object or erasure

The affected user can unsubscribe from the newsletter at any time. An unsubscribe link is included in every newsletter. 

This also makes it possible to withdraw consent to the storage of the personal data collected during the subscription process.

6. Used services and service providers:

VII. Registering for the SCHWIND portal

1. Description and scope of data processing

Users can register on our website. To do so, they need to provide personal data. The data is entered in an input mask, transferred to us and stored during this process. The data is not transferred to third parties. The following data is collected during the registration process:

  1. Email address
  2. Salutation (gender)
  3. Title (voluntary information)
  4. Forename
  5. Surname
  6. Job description
  7. Primary email address
  8. Alternative email address (voluntary information)
  9. Business phone number (voluntary information)
  10. Mobile number (voluntary information)
  11. Name of company/clinic/surgery
  12. Country
  13. City
  14. Post code (voluntary information)
  15. Federal state/county (voluntary information)
  16. Street/address (voluntary information)
  17. Company website (voluntary information)
  18. Company phone number (voluntary information)
  19. Laser serial number (voluntary information)

The following data is also collected when registering:

  1. Date and time of registration

Consent to the processing of this data is obtained from the user during the registration process.

2. Legal basis for data processing 

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.

3. Purpose of data processing

The user has to register for accessing certain contents and services on our website. The contents of the SCHWIND portal are aimed exclusively at our SCHWIND users and sales partners.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected.

This is the case for the data collected during the registration process if the registration is withdrawn or amended on our website.

5. Option to object or erasure

As a user, you can cancel your registration at any time. You can request for your personal data stored to be modified at any time. 

You can manage your data yourself within the portal in the "My Account" area. If you wish to delete your account, please inform us by e-mail.

VIII. Contact form and email contact

1. Description and scope of data processing

Our website contains a contact form that can be used for making contact via this electronic medium. If a user uses this option, the data entered in the input mask is transferred to, and stored by, us. This data comprises:

  1. Salutation
  2. Title
  3. Forename
  4. Surname
  5. Clinic/ company
  6. Telephone
  7. Email
  8. Country
  9. Message

The following data is also collected when sending the message:

  1. Date and time of message

Your consent for the processing of the data is obtained and reference made to this Privacy Policy when sending the message.

Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted in the email is stored. 

The data is not transferred to third parties in this case. The data is used exclusively for processing the conversation.

2. Legal basis for data processing 

Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.

Art. 6 (1) lit. f GDPR is the legal basis for the processing of the data which is transferred during email transmission. If contact is made via email in order to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

3. Purpose of data processing

The personal data entered in the input mask is processed exclusively for processing the contact. If contact is made via email, this also constitutes the required legitimate interest in processing the data.
The other personal data processed during the message sending process serves to prevent misuse of the contact form and ensure the security of our IT systems.

4. Storage period

The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. For the personal data from the input mask of the contact form and the personal data sent via email, this is the case when the respective conversation with the user has been concluded. The conversation has been concluded when the circumstances show that the matter in question has been clarified in full and final. 

The additional personal data collected during the message sending process is erased no later than after seven days.

5. Option to object or erasure

The user may withdraw their consent to the processing of the personal data at any time. If the user contacts us via email, the user may object to the storage of their personal data at any time. In this case, the conversation cannot be continued.

Please inform us in writing, by post or e-mail if you wish to object to the storage of your personal data.

All personal data stored during the contacting process is deleted in this case.

6. Inquiries to sales partners

You can search for sales partners for our products on our website. When using the sales partner search, we as the manufacturer receive a copy of your inquiry to the sales partner, so that we can support the sales partner in finding the best technical solution for you in a timely manner. The legal basis for the storage of data is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of data for the optimized provision of our services, in particular in the storage of data for the optimized provision of our services, especially in the configuration and planning of our products and the recording of market demand trends. . If we conclude a contract with a manufacturer's guarantee, the additional legal basis is Art. 6 para. 1 lit. b GDPR.

The data is transmitted to the selected sales partner. The legal basis for this is Art.6 para. 1 lit. b GDPR, as the search for distribution partners is aimed at the conclusion of a contract.

If the distribution partner is in a non-secure third country, the data will be transferred with the consent of the applicant pursuant to Art. 49 para. 1 lit. a GDPR after the applicant has been informed about the risks of data transfer due to the lack of comparable data protection levels in the recipient country and the lack of guarantees for data security by the data transfer authorities involved. Furthermore, when searching for a distribution partner in a non-safe third country, the transfer is necessary for the fulfilment of the search request, so that Art. 49 para. 1 lit. b GDPR also serves as the legal basis.

The data of the inquirer will be deleted as soon as the inquiry of the user has been finally clarified, without the conclusion of a contract with the user. If a manufacturer's warranty contract is concluded, the data will be deleted when the data is no longer required for the execution of the contract. Mandatory statutory provisions - in particular retention periods within the framework of possible business correspondence or for tax reasons - remain unaffected by this.

7. Brochure Download

On our website we offer the free download of product and advertising brochures for our laser systems. For this purpose, we collect the cash on delivery, the email address and the country of the interested party in a form before the download. The offer is directed exclusively at commercial customers for the purpose of initiating a contractual relationship as well as for advertising information of our products. After entering the data, the interested party receives a download link by email, with which he can then download the documents.

The legal basis of data processing in the initiation of a contractual relationship is Art. 6 para. 1 lit. b GDPR. For general advertising purposes, Art. 6 para. 1 lit. f GDPR is the legal basis. Our legitimate interest results from the security of preventing misuse of our advertising material and enabling the download of brochures in the applicable language.

We store and use the data for advertising purposes until we receive an objection. If data is stored for contract fulfilment or contract initiation, it is deleted when the data is no longer required for these purposes. The statutory retention periods remain unaffected by this.

8. Inquiries to doctors

Within the scope of the physician inquiry, direct communication with the requested physician takes place via your email program after your selection of the responsible physician. To do this, select the country or place where you are looking for a doctor. Another filter criterion is the specific treatment method. After selection, we will communicate directly without receiving any personal data as part of your communication with the selected physician.

IX. Web analysis

Click here to read all the necessary information on web analysis: 

Jump to V. Use of cookies

You can modify the settings at any time there, e.g. you can withdraw your consent with future effect and/or object to the use of the web analysis tool by deactivating it.

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • clicks on external links 
  • internal search queries
  • interaction with videos
  • file downloads
  • seen / clicked ads
  • language settings

Also recorded:

  • Your approximate location (region)
  • your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • your internet service provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your [pseudonymous] use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients
Recipients of the data are/may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of storage
The data sent by us and linked to cookies are automatically deleted after 2 [OR: 14] months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.

Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings [LINK TO CONSENT TOOL SETTINGS HERE] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HEREhttps://marketingplatform.google.com/about/analytics/terms/en/.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.

X. Rights of the data subject

If your personal data is being processed, you are the data subject within the meaning of the GDPR and you have the following rights against the controller:

1. Right to information

You can request confirmation from the controller if your personal data is being processed by us. 

If such processing is taking place, you can request the following information from the controller:

  1. purposes of the processing of the personal data;
  2. categories of the personal data that is being processed;
  3. recipients and/or categories of recipients to whom your personal data has been, or will be, disclosed;
  4. planned storage period of your personal data or, if specific information cannot be provided regarding this question, criteria for determining the storage period;
  5. existence of the right to rectification or erasure of your personal data, the right to restriction of processing by the controller or the right to objection against the processing; 
  6. existence of the right to complain to a supervisory authority;
  7. all available information about the origin of the data if the personal data has not been collected from the data subject;
  8. existence of automatic decision making, including profiling in accordance with Art. 22 (1) and (4) GDPR, and, at least in these cases, pertinent information about the logic involved as well as the reach and intended effects of such processing on the data subject.

You have the right to request information if your personal data is transferred to a third country or international organisation. In this context, you may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

This right to information may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

2. Right to rectification

You have the right to rectification and/or completion against the controller if your personal data that is being processed is incorrect or incomplete. The controller must rectify the data immediately.

This right to rectification may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

3. Right to restriction of processing

You may request for the processing of your personal data to be restricted in the following circumstances:

  1. if you dispute the accuracy of your personal data for a period that enables the controller to check the accuracy of the personal data;
  2. if the processing is illegal and you reject the erasure of the personal data and instead request for the use of your personal data to be restricted;
  3. if the controller no longer requires the personal data for the purpose of its processing, but you need it for asserting, enforcing or defending legal claims, or
  4. if you object against the processing in accordance with Art. 21 (1) GDPR and it has not yet been established if the legitimate interests of the controller outweigh your legitimate interests.

If the processing of your personal data has been restricted, this data may, with the exception of its storage, only be processed with your consent or for the assertion, enforcement or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interests of the European Union or one of its member states.

If the restriction of the processing has been restricted according to the above conditions, you will be informed by the controller before rescinding the restriction.

Your right to restriction of processing may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

4. Right to erasure

a) Erasure obligation

You may request for the controller to erase your personal data immediately. In this case, the controller must erase this data immediately if one of the following reasons applies:

  1. Your personal data is no longer required for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing is based in accordance with Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal basis for the processing. 
  3. You object to the processing in accordance with Art. 21 (1) GDPR and there are no other overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR. 
  4. Your personal data was processed illegally. 
  5. Your personal data has to be erased in order to fulfil a legal obligation under EU law or the law of one of its member states to which the controller is subject. 
  6. Your personal data was collected in connection with services offered by the information provider in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has published your personal data and is obliged to erase it in accordance with Art. 17 (1) GDPR, the controller shall, whilst taking into consideration the available technology and implementation costs, take reasonable measures, including technical measures, to inform all persons responsible for the processing of the personal data of the fact that you, the data subject, have requested the erasure of all links to, or all copies or duplicates of, this personal data. 

c) Exceptions

The right to erasure does not exist if the processing is required

  1. for exercising the right to free speech and information;
  2. for fulfilling a legal obligation which requires the processing in accordance with the laws of the EU or one of its members states to which the controller is subject or for exercising public powers that have been transferred to the controller;
  3. for public health interests in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;
  4. for archiving purposes that are of public interest, scientific or historic research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR insofar as the right stated in paragraph a) is likely to make the fulfilment of the purposes of this processing impossible or would seriously impair it, or
  5. for the assertion, enforcement or defence of legal claims.

5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing against the controller, the latter must inform all recipients to which your personal data has been disclosed of the rectification or erasure of this data or restriction of its processing, unless this proves to be impossible or would incur unreasonable expenses.

You have the right against the controller to be informed about these recipients.

6. Right to data portability

You have the right to be given your personal data that you provided to the controller in a structured, standard and machine-readable format. You further have the right to transfer this data to another controller without the controller who was entrusted with the personal data attempting to stop you, if

  1. the processing is based on consent in accordance with Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or a contract in accordance with Art. 6 (1) lit. b GDPR, and
  2. the data is collected using automatic processes.

When executing this right, you further have the right to effect that your personal data is transferred directly from one controller to another, insofar as this is technically possible. This must not impair the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data required for the fulfilment of a task that is in the interest of the public or a task that is performed in execution of public powers that have been transferred to the controller.

7. Right to object

You have the right to object at any time against the processing of your personal data in accordance with Art. 6 (1) lit. e or f GDPR for reasons arising from your particular situation. This also applies to any profiling based on these provisions. 

The controller shall no loner process your personal data, unless the controller can provide evidence of mandatory, protectable reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, enforcement or defence of legal claims.

If your personal data is processed for direct advertising purposes, you have the right to object to the processing of your personal data for the purpose of such advertising at any time. This also applies to any profiling linked to such direct advertising.

If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.

You may exercise your right to object using automated processes which use technical specifications in connection with the use of services of the information provider, regardless of Directive 2002/58/EC.

You further have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR for reasons arising from your specific situation.

Your right to object may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.

8. Right to withdraw consent in accordance with data protection law

You have the right to withdraw your consent in accordance with data protection law at any time. The withdrawal of your consent shall not affect the legitimacy of the processing based on the consent given until the time of withdrawal.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision solely based on automated processing, including profiling, which has a legal effect against you or has other similar severe consequences for you. This does not apply if the decision 

  1. is required for the conclusion or fulfilment of a contract between you and the controller,
  2. is legitimate based on legal provisions of the EU or its member states to which the controller is subject and these legal provisions contain reasonable measures for maintaining your rights and freedoms as well as your legitimate interests, or
  3. is made with your explicit consent.

However, such decisions must not be based on specific categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR apply and reasonable measures for the protection of rights and freedoms as well as your legitimate interests have been implemented.

With regard to the cases mentioned in paragraphs (1) and (3), the controller shall implement reasonable measures to maintain the rights and freedoms as well as your legitimate interests, which includes, at a minimum, the right to effect intervention by a person of the controller, the right to state your own opinion, and the right to appeal against the decision.

10. Right to complain to a supervisor authority

Notwithstanding any other legal remedy under administrative law or before a court, you have the right to complain to a supervisory authority, particularly in the member states of your domicile, place of work or place of alleged violation if you are of the opinion that the processing of your personal data violates the GDPR. 

The supervisory authority where you submit your complaint will inform the complainant about the status and results of the complaint, including the option of legal remedy before a court in accordance with Art. 78 GDPR.


Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Twitter

We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

For details, see the Twitter Privacy Policy: https://twitter.com/privacy.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.


Last update of the privacy policy: November 2022.