Data privacy statement

Data privacy statement

Scope
This data privacy statement outlines how the responsible provider, Bertrandt AG, Birkensee 1, D-71139 Ehningen, Germany, Phone + 49 7034 656-0, Fax + 49 7034 656-4151, collects and uses personal data on this website as well as the extent and purpose of such collection and use. The statutory law pertaining to data privacy is set down in Germany's Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and Telecommunications and Telemedia Data Protection Act (TTDPA).

 

This privacy policy explains how we process personal data (referred to below simply as "data") on our online platform and the related websites, functions, content and external online presences, such as our social media profiles, (referred to below jointly as the "online platform") and describes the scope and purpose of this activity. The definitions of the terms used, such as "personal data" and "processing", can be found in Article 4 of the General Data Protection Regulation (GDPR).


Name of the controller:
Bertrandt AG
Birkensee 1
71139 Ehningen


Represented by the members of the management board:
Dr. Andreas Fink (Technology)
Michael Lücke (Sales)
Markus Ruf (Finance)


Department manager with responsibility for data processing:
Bernhard Zechmann


Data protection officer:
Michael Walther
datenschutz@bertrandt.com


Address of the controller:
Bertrandt AG
Birkensee 1
71139 Ehningen
Phone + 49 7034 656-0
Fax + 49 7034 656-4151
E-mail: info@bertrandt.com
Link to Imprint


Types of data processed:

  • Master data (for example names and addresses)
  • Contact details (for example e-mail addresses, phone numbers)
  • Content (for example text, photos, videos)
  • Contract data (for example the subject and the term of the contract, the customer category)
  • Payment data (for example bank details, payment history)
  • Usage data (for example web pages visited, content that is of interest, access times)
  • Metadata and communication data (for example, device information, IP addresses)
  • Customer and partner data (data from business relationships)
  • Applicant and employee data


Processing special categories of data (Article 9(1) of the GDPR):

  • We process the following special categories of data: biometric data for the unique identification of a natural person as part of the authentication process on end devices and health data as part of the employment relationship. Otherwise we process only those special categories of data that are provided voluntarily by users without them being requested to do so, for example data entered in online forms.


Categories of data subjects:

  • Prospects (address and quotation data)
  • Customers (address data, contact details, including phone, fax and e-mail data, contract data, support information, including customer development, statistics, accounting and payment data)
  • Employees, applicants, apprentices, interns, former employees (primarily application data, career and education data and qualifications); contract data, master data and accounting data (information about private and business addresses, type of work, salary payments, name and age of relatives where this information is relevant for employers' social contributions, income tax data, bank details, assets entrusted to the employee); contact details; employee status; qualifications; employee appraisals; professional career; HR administration and management data; data on working hours and terminal access data; diary management data; communication data and data on processing and monitoring transactions and technical systems; emergency contact details.
  • Business partners and suppliers (address, accounting and payment data), if these data are necessary for the purpose of data processing.

The data subjects are referred to below as "users".


Purpose of data processing
Provision of consultancy and development services with or for customers of Bertrandt AG and its subsidiaries (Bertrandt Group) in Germany and in other countries and all the associated businesses. Storage and processing of personal data for our own purposes and on behalf of business partners, customers and cooperative partners of the Bertrandt Group in accordance with the relevant service agreements.


Additional purposes of data processing:

  • Providing the online platform, its content and its functions
  • Providing contractual services and customer Support
  • Responding to enquiries and communicating with users
  • Marketing, advertising and market Research
  • Security measures
  • Applications (e-recruiting)
  • Processing employee data


Recipients or categories of recipients of the data:

  • Public bodies that receive data on the basis of legal regulations (for example social security agencies, financial authorities)
  • Internal departments that participate in implementing the relevant business processes (human resources management, accounting, purchasing, marketing, sales, telecommunications and IT)
  • External contractors (service providers) with responsibility for processing orders
  • Other external bodies, such as banks, (salary payments, insurance services)
  • Contractual partners

In accordance with Article 13 of the GDPR, we are informing you about the legal basis for our data processing activities. If the legal basis is not referred to in our privacy policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR. The legal basis for data processing for the provision of our services, the performance of contracts and the response to enquiries is Article 6(1)(b) of the GDPR. The legal basis for data processing for compliance with our legal obligations is Article 6(1)(c) of the GDPR and the legal basis for data processing for the purposes of our legitimate interests is Article 6(1)(f) of the GDPR. If the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) of the GDPR.

Please check the content of our privacy policy regularly. We will amend the privacy policy whenever this is necessary as a result of changes in our data processing activities. We will inform you if the changes require your cooperation (for example your consent) or if another form of individual notification is needed.

In accordance with Article 32 of the GDPR, taking into account the latest technology, the costs of implementation, the nature, scope, context and purposes of processing and the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we will take the appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The measures include in particular ensuring the confidentiality, integrity and availability of data by controlling the physical access to the data and safeguarding the access, entry, transmission, availability and separation of the data. We have also introduced procedures to guarantee the awareness of the rights of the data subjects, the erasure of data and the reaction to risks to the data. We also take into consideration the protection of personal data during the development and selection of hardware, software and procedures in accordance with the principle of data protection by design and by default (Article 25 of the GDPR).

 

The security measures include, in particular, the encrypted transmission of data between your browser and our Server.

If, when we are processing data, we disclose or transfer the data to other people and companies (processors and third parties) or give them access to the data in other ways, we do this only with legal permission (for example if data needs to be transferred to third parties for the performance of a contract in accordance with Article 6(1)(b) of the GDPR), with your consent, on the basis of a legal obligation or in accordance with our legitimate interests (for example when using agents, web hosters etc.).


If we appoint third parties to process the data on the basis of a processing contract, this is in accordance with Article 28 of the GDPR.

If we process data in a third country (in other words, outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs during the use of third-party services or during the disclosure or transfer of data to third parties, this will only be done for the purpose of fulfilling our (pre-)contractual obligations, with your consent, on the basis of a legal obligation or in accordance with our legitimate interests. Providing that we are legally or contractually permitted to do so, we only process data or have it processed in a third country under the special conditions described in Article 44 ff. of the GDPR. This means that the processing is based, for example, on special guarantees and on the official recognition of a level of data protection equivalent to that of the EU (for example in the USA in the form of the Privacy Shield) or compliance with officially recognised special contractual obligations (standard contractual clauses).

You have the right to request confirmation of whether or not your data have been processed and to obtain details of these data and other information and copies of the data in accordance with Article 15 of the GDPR.


You have the right to request that your data are completed or corrected if they are incorrect in accordance with Article 16 of the GDPR.


Under the terms of Article 17 of the GDPR, you have the right to request that your data are immediately erased or, under the terms of Article 18 of the GDPR, to request that restrictions are placed on the processing of your data.


You have the right to receive the personal data that you have provided to us, under the terms of Article 20 of the GDPR, and to request that your data are transferred to another controller.


You also have the right, in accordance with Article 77 of the GDPR, to lodge a complaint with the relevant supervisory authority. The relevant data protection supervisory authority is:


Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Tel.: 0711/61 55 41 - 0
Fax: 0711/61 55 41 - 15
E-mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

You have the right to withdraw the consent that you have given in accordance with Article 7(3) of the GDPR with future effect.

You can object at any time to your data being processed in future under the terms of Article 21 of the GDPR. You can object in particular to processing of the data for the purposes of direct Marketing.

We use temporary and permanent cookies. These are small files that are stored on users' devices (for an explanation of the term and a description of the function of cookies, see the last section of this privacy policy). Cookies are needed in part for security purposes and in part for the operation of our online platform (for example for displaying the website). They are also used to store the user's decision concerning the confirmation of the cookie banner. We and our technology partners also use cookies to measure audience reach and for marketing purposes. Users will be informed about this in this privacy policy.


You can make a general objection to the use of cookies for online marketing purposes using a number of services, in the case of tracking cookies in particular, via the US site http://www.aboutads.info/choices/ and the EU site http://www.youronlinechoices.com/. You can also prevent cookies from being stored on your devices by blocking them in your browser settings. Please note that this may result in you not being able to use all the functions of our online platform.

The data that we process can be erased or restrictions can be placed on the processing of the data under the terms of Articles 17 and 18 of the GDPR. Unless otherwise stated in this privacy policy, the data that we store will be erased as soon as they are no longer needed for their original purpose and provided that there are no legal retention requirements that would prevent them from being erased. If the data are not erased because they are needed for other legally permitted purposes, the processing of these data will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored under the provisions of commercial or tax law, if other retention requirements apply to them.


Germany: Under the provisions of legislation, data must be stored for six years in accordance with Section 257(1) of the Commercial Code (books of accounts, inventories, opening balance sheets, annual financial statements, trade letters, accounting records etc.) and for ten years in accordance with Section 147(1) of the Fiscal Code (accounts and records, situation reports, accounting records, trade or business letters, documents of relevance for taxation etc.).


Austria: Under the provisions of legislation, data must be stored for seven years in accordance with Section 132(1) of the Federal Fiscal Code (bookkeeping documents, records/invoices, accounts, records, commercial papers, lists of incomings and outgoings etc.), for 22 years in relation to property and for 10 years for documents relating to electronic, telecommunication, radio and television services provided to consumers in EU member states and the associated Mini One-Stop Shop (MOSS).


Other countries: The retention period for all other countries is not given here. Documents must be retained in accordance with the provisions of legislation.


The erasure period consists of the retention period plus a reasonable period for erasing the data. This constitutes the mandatory erasure period.

Sources and data categories
We process personal data that we receive from you as part of our business relationship.


We process personal data that we have received with permission from other companies and that we need in order to provide our services (for example to implement orders, for the performance of contracts or on the basis of the consent given by you).


We process personal data that we have obtained from public sources (for example the press and the media) and that we are allowed to process. The relevant personal data include master data (name, address and other contact details, date and place of birth and nationality) and identification data (for example ID card details). They also include order data (for example details of orders, product data), data resulting from the performance of our contractual obligations (for example sales figures), creditworthiness data, credit scoring/rating data, marketing and sales data (including advertising scores), documentation data (for example from documented conversations), data concerning your use of our online media (for example the time that you accessed our website, apps or newsletter, our pages and entries that you clicked on) and other data equivalent to the categories referred to here.


Purpose of processing and legal basis
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) and in particular:


For the performance of contractual obligations (Article 6(1)(b) of the GDPR)
We process personal data (Article 4(2) of the GDPR) in order to fulfil our obligations under the terms of customer contracts concluded with you and, in particular, for the performance of our contracts and pre-contractual measures with you and the implementation of your orders and all the necessary activities associated with the operation and management of our company in the development services industry.


The purposes of processing the data are related primarily to the specific product or service (for example, the order or framework agreement).


You can find further details on the purposes of the data processing in the relevant contract documents and general terms and conditions.


As part of the process of balancing our interests (Article 6(1)(f) of the GDPR)
Your data can also be used by us and by third-parties as part of the process of balancing our legitimate interests.


This is done for the following purposes:

  • Support for customer consultancy, customer services and sales
  • General management of the business and development of services, systems and products
  • Fulfilment of internal requirements and of the requirements of associated companies
  • Ensuring IT security and safeguarding IT operations
  • Advertising and market and opinion research
  • Making legal claims and defence in legal Disputes
  • Preventing and investigating crimes, together with risk management and fraud prevention


Our interests and those of other controllers in the processing of the data are based on the relevant purposes and are also of a commercial nature (the efficient implementation of orders, sales, avoiding legal risks).


If the specific purpose allows for this, we and the other controllers will process your data in a pseudonymised or anonymised form.


On the basis of your consent (Article 6(1)(a) of the GDPR
If you consent to us processing your personal data for specific purposes (for example passing on the data within the group, using your e-mail address for business partners and for advertising that goes beyond similar products and services), the lawfulness of the processing is based on your consent. Your consent is the legal basis for the processing of the data. You can withdraw your consent at any time. This also applies to the withdrawal of consent granted to us before 25 May 2018. Please note that the withdrawal of consent takes effect in the future. It does not affect the processing of data before the consent was withdrawn.


Use of the data

Your data will only be disclosed to the following recipients and categories of recipients:

  • Service providers for the fulfilment and invoicing of the contract
  • Banks and providers of payment services for invoicing and processing payments
  • Service providers for the operation of the IT infrastructure
  • Service providers for printing invoices and customer information letters
  • Service providers for storing and destroying files
  • Public bodies in legitimate cases (for example social security agencies, financial authorities, the police, the public prosecution service, supervisory authorities)
  • Credit agencies and credit scoring companies for information on creditworthiness and assessment of the credit risk
  • Debt collection service providers and lawyers for the purpose of collecting debts. We will inform you before we transfer the data.


Your data will be transferred to the departments within our company and within the other controllers' organisations that need the data to fulfil contractual and legal obligations or to do their work (for example sales and marketing).


The following bodies may also receive your data:

  • Processors that we use (Article 28 of the GDPR) in particular for IT services, logistics and printing services which process your data on our behalf and on our instructions
  • Public bodies and institutions if there is a legal or official Obligation
  • Our agents, employees and representatives
  • Auditors, service providers and our subsidiaries and group companies (and their agents, employees, consultants and representatives)
  • Specialist companies as part of contractual agreements for cloud solutions that can use processing centres inside and outside the European Union (in particular in the United States)
  • Other bodies if you have give us your consent for them to receive your data


Storage of the data
If necessary, we will process and store your personal data for the duration of our business relationship, which also includes the preparation for and implementation of contracts.


The data can also be stored in our customer relationship management system (SAP CRM system) or equivalent systems and applications.


It is important to understand that our business relationship is a continuing obligation that can last for years. 


We are also subject to a variety of storage and documentation requirements under the terms of the German Commercial Code (HGB) and the Fiscal Code (AO). The storage and documentation periods specified in this legislation are between two and ten years. The storage period also depends on the legal periods of limitation which are generally three years under the terms of Sections 195 ff. of the German Civil Code (BGB), but in some cases can be up to thirty years. If necessary, we will process your personal data for the duration of our business relationship, which also includes the preparation for and implementation of contracts. We are also subject to a variety of storage and documentation requirements. The storage and documentation periods are implemented in accordance with the provisions of the legislation.


Transferring data to a third country or an international organisation
Data will be transferred to third countries (countries outside the European Economic Area (EEA)) only if this is necessary in order for us to implement your order or for the purposes of our contractual relationship, if it is required by law or if you have given us your consent. We will send you specific information about the details if this is required by law.


Your data will be transferred to countries outside the European Economic Area (EEA) (third countries) only if this is necessary in order for us to implement your order, if it is required by law or if you have given us your consent.


Marketing and, in particular, sending newsletters to existing customers and Partners
We are permitted to send newsletters to existing customers and partners if the newsletters contain only marketing material about products and services that serve a similar purpose. Existing customers and partners are customers and partners that we have an active business relationship with, but not prospects, for example. We are also required to inform our customers when they place their first order about the possibility that they will receive marketing material and to give them the right to withdraw free of charge. If this is not the case, we will at the very least use the opt-in process to remain in online contact with customers for marketing purposes. These marketing purposes include providing information about our products and services and about the latest news from our company, together with invitations to events.


Data protection rights
Every data subject has the right of access under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. In the case of the right of access and the right to erasure, the restrictions in Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply. In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act (BDSG)).


The relevant data protection supervisory authority is:


Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Tel.: +49 711 61 55 41 0
Fax: +49 711 61 55 41 15
E-mail: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de


Profiling (scoring)
We process your data in some cases using an automated procedure with the aim of assessing certain personal aspects (this is known as profiling, as described in Article 4(4) of the GDPR). Profiling is used, for example, to identify your potential interest in products and services. This evaluation uses statistical procedures to process current and past customer data. The results allow us to make a more targeted approach to you, which meets your needs, and to provide support for consultancy, customer service and sales.


Right to object (Article 21 of the GDPR)


a. The right to object in individual cases
You have the right to object at any time for reasons relating to your personal situation to your personal data being processed on the basis of Article 6(1)(f) of the GDPR (data processing for the purposes of legitimate interests). This also applies to profiling under the terms of this provision as described in Article 4(4) of the GDPR, which may be taking place for reasons of customer consultancy and customer service or for sales purposes.


If you make an objection, your personal data will no longer be processed, unless we can demonstrate compelling legitimate grounds for processing the data which override your interests, rights and freedoms or unless we are processing the data to establish, exercise or defend legal claims.


b. The right to object to data processing for direct marketing purposes
We and the other controllers can process your data for direct marketing purposes under the provisions of the legislation. You have the right to object at any time to your personal data being processed for marketing purposes of this kind. This includes profiling if it is related to direct marketing.


If you object to your personal data being processed for direct marketing purposes, we will no longer process them for these purposes. Your objection can be made in any form. Our contact details are:


Bertrandt AG
Birkensee 1
71139 Ehningen
Phone + 49 7034 656 0
Fax + 49 7034 656 4151
E-mail: info@bertrandt.com

If you make contact with us (using a contact form or by e-mail), your data will be processed for the purpose of handling your enquiry in accordance with Article 6(1)(b) of the GDPR.


Your data can also be stored in our customer relationship management system (SAP CRM system) or equivalent enquiry systems.


We will erase the enquiries when they are no longer needed. We will check every two years to determine whether the enquiries are needed. Enquiries from customers with a customer account will be stored permanently. We will refer to the information in the customer account to decide when they should be erased. If legal archiving obligations apply, the enquiries will be erased when these obligations expire (the end of the storage period is six years under the terms of commercial law and ten years under the terms of tax law). The erasure period consists of the retention period plus a reasonable period for erasing the data. This constitutes the mandatory erasure period.

Applicant data
Personal data can be processed as part of the working relationship if they are needed to establish, implement and terminate an employment contract. As a result of this, applicants' personal data can be processed at the start of a working relationship. You will find detailed information about data processing during the application process at https://www.bertrandt.com/en/career/your-application/use-of-data/

 

Employee data
Implementing and ending a working relationship: Personal data can also be processed when implementing and ending a working relationship. Data processing when implementing and ending a working relationship is governed by the regulations on employment contracts and the group data protection manual. The relevant HR department can give applicants full access to the data protection manual before their working relationship with the company begins. The manual is available on the intranet after they start work.

 

Data processing on the basis of legal permission
Data can be processed on the basis of legal permission, if the provisions of legislation require the data to be processed.

 

Data processing on the basis of consent
Employees' personal data can also be processed if the employees have given their consent in a form which complies with legal requirements.

 

Automated decision-making in the working relationship
If automated decision-making is used in the applicant selection process or in the assessment of skills profiles, this is not the only basis for decisions during the application process at Bertrandt. Another assessment is always made by a natural person to prevent incorrect decisions from being made. The data subject will be informed of the possible result of an individual decision and will have the opportunity to express their opinion.

 

Telecommunication data
The company provides telephone systems, e-mail addresses, an intranet, Internet access and internal social media options to enable employees to do their jobs. These systems can be used in accordance with the relevant provisions of legislation and the company's internal regulations. If employees have permission to use these systems for private purposes, they must comply with the company's internal regulations.


If there is specific and legitimate suspicion of a violation of the law or of company guidelines, investigations relating to an event or a person can be carried out. In these cases, the corporate security department and data protection department must be involved.

We do not intend to request or obtain personal data from people under the age of 18, but this is sometimes unavoidable. Under the terms of Article 8 of the GDPR, children can only give their consent when they are at least 16 years old. There are different age limits for giving consent in individual EU member states. The regulations for giving consent in each country must be complied with.

If you enter comments or posts in online systems, your IP addresses will be stored for the purpose of our legitimate interests under the terms of Article 6(1)(f) of the GDPR.


This information is stored for our security if illegal content is included in comments or posts (insults, prohibited political propaganda etc.). In cases such as these we may ourselves be held liable for the comment or the post and therefore we need to know the identity of the author.

On the basis of our legitimate interests (in other words, interests in the analysis, optimisation and cost-effective operation of our online platform under the terms of Article 6(1)(f) of the GDPR), we use content and service offerings from third parties on our online platform in order to integrate the content and services, such as videos or fonts (referred to below as "content"). This requires the third-party providers to obtain the user's IP address, because without the IP address they cannot send the content to the user's browser. The IP address is therefore needed to display this content. We endeavour only to include content from providers that use the IP address solely for the purpose of delivering the content. Third-party providers can also use pixel tags (invisible graphics also known as web beacons) for statistical or marketing purposes. The pixel tags allow information such as the visitor traffic to the pages of the website to be evaluated. The pseudonymised information can also be saved in cookies on the user's device and can include technical data concerning the browser and the operating system, the referring websites, the visiting time and other details of the use of our online platform. This can also be linked with information of the same kind from other sources.

Visable GmbH – Pixel Tags
Bertrandt uses products and services for analysis and marketing purposes, which are provided by Visable GmbH (www.visable.com) in cooperation with them. To that end, pixel-code technology is used to collect, process and store data in order to create at least pseudonymised, but where possible and meaningful, completely anonymous user profiles. Data collected, which may initially still include personal data, is transmitted to Visable or is collected directly by Visable and is used to create the aforementioned user profiles there. Visitors to this website are not personally identified and no other personal data is merged with the user profiles. If IP addresses are identified as personal, they are immediately deleted. You can object to the processing operations described with future effect at any time: Exclude from Tracking (Note: Link sets a 1st-party cookie for an opt-out)

Use of stock image agencies (Getty Images/Shutterstock/Fotolia) by third-party providers 
Images from stock image agencies may be used in this third-party offering. These images can be identified by the name Getty Images, Shutterstock or Fotolia on the edge of the picture. The display of these images requires the stock image agency to identify the user's IP address so that the images can be sent to the user's browser. The IP address is therefore needed to display this content. As far as we are currently aware, the IP address is used only for this purpose. However, the provider has no influence over whether the stock image agency stores IP addresses for statistical purposes, for example. If the provider becomes aware that the IP addresses are being stored, the users will be informed or the images will be removed. You can find more information in the privacy policies of:

Getty Images: http://www.gettyimages.de/Corporate/PrivacyPolicy.aspx
Shutterstock: https://www.shutterstock.com/de/privacy
Fotolia: https://de.fotolia.com/Info/Agreements/PrivacyPolicy


Cookies and measuring audience reach

  • Cookies are information that is sent from our web server or from third-parties' web servers to users' web browsers and stored on users' devices for later use. Cookies can be small files or other forms of information.
  • We use session cookies that are stored only for the period when the user is visiting our online platform (for example to allow the user's login status to be stored). Session cookies contain randomly generated unique identification numbers which are known as session IDs. Cookies also contain details of their origin and their storage period. These cookies cannot store any other data. Session cookies are deleted when the user leaves our online platform and logs out or closes the browser.
  • This privacy policy provides information for users about the use of cookies for pseudonymised reach measurement.
  • If users do not want cookies to be stored on their computers, they can block cookies in their browser settings. Stored cookies can be deleted in the browser's settings. Blocking cookies can lead to restrictions on the functioning of the online platform.
  • You can prevent cookies from being used for audience reach measurement and for advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and also on the US website http://www.aboutads.info/choices and the European website http://www.youronlinechoices.com/uk/your-ad-choices/.

 

Registration function

  • Data entered as part of the registration process, for example on the Bertrandt career portal, allow the user to use the online platform. E-mails containing information relating to the online platform or to the registration process, such as changes in the scope of the online platform or technical issues, can be sent to users. The data are taken from the entry form as part of the registration process.

 

Google Analytics

  • On the basis of our legitimate interests (in other words, interests in the analysis, optimisation and cost-effective operation of our online platform under the terms of Article 6(1)(f) of the GDPR), we use Google Analytics, a web analysis service provided by Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the way users use the online platform is generally sent to and stored on a Google server in the USA.
  • Google is certified under the Privacy Shield agreement and therefore provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
  • Google will use this information on our behalf to evaluate the way users use the online platform, to collate reports on activities on the online platform and to provide us with other services related to the use of the online platform and the Internet. Pseudonymised usage profiles of the users can be created from the processed data.
  • We also use Google Analytics to display the advertisements in Google's and its partners' advertising services only to those users who have shown an interest in our online platform or who have certain features (for example, an interest in specific subjects or products that have been identified on the basis of the websites the user has visited) that we have informed Google about (Remarketing and Google Analytics Audiences). Using the Remarketing Audiences we aim to ensure that our advertisements correspond with the potential interests of users and are not annoying.
  • We use Google Analytics only with IP anonymisation activated. This means that Google will truncate users' IP addresses in member states of the European Union and in other countries that form part of the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there.
  • The IP address sent by the user's browser is not combined with other data held by Google. Users can change their browser settings to prevent cookies from being stored. Users can also prevent the data generated by the cookie relating to the usage of the online platform from being sent to and processed by Google by downloading a browser plugin from the following link and installing it: https://tools.google.com/dlpage/gaoptout?hl=de.
  • You can find more information about the way Google uses data, the settings available and the options for objecting on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("How Google uses data when you use our partners' sites or apps"), https://policies.google.com/technologies/ads ("Advertising"), https://adssettings.google.com/authenticated ("Managing the information that Google uses to display adverts for you").



Google remarketing and marketing Services

  • On the basis of our legitimate interests (in other words, interests in the analysis, optimisation and cost-effective operation of our online platform under the terms of Article 6(1)(f) of the GDPR), we use the marketing and remarketing services (referred to in brief as Google marketing services) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google").
  • Google is certified under the Privacy Shield agreement and therefore provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
  • Google marketing services enable us to display more carefully targeted adverts for and on our website so that we can show users only those adverts that potentially correspond with their interests. If a user is shown adverts for products, for example, that they have looked at on other websites, this is known as remarketing. When users access our website and other websites where Google marketing services are used, Google immediately executes a piece of code and adds (re)marketing tags (invisible graphics or code also known as web beacons) to the website. These tags store an individual cookie or small file on the user's device (equivalent technologies can be used instead of cookies). The cookies can come from a range of domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. The cookie contains information about which web pages users have visited, which content they are interested in and which offers they have clicked on. It also contains technical data about the browser and the operating system, the referring websites, the visiting time and other details of the use of the online platform. Users' IP addresses are also recorded. In the context of Google Analytics, users' IP addresses will be truncated in member states of the European Union and in other countries that form part of the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. The IP address is not combined with other data relating to the user in other offerings from Google. Google can link the information described above with similar information from other sources. If users subsequently visit other websites, they can be shown adverts that correspond with their interests.
  • Users' data are processed in pseudonymised form by Google marketing services. This means that Google does not store and process the names and e-mail addresses of the users, but instead processes the relevant data from cookies in pseudonymised user profiles. From Google's perspective, the adverts are not managed and displayed for a person who can be identified, but for a cookie owner, regardless of who owns the cookie. This does not apply if a user has specifically authorised Google to process the data in non-pseudonymised form. The information about users collected by Google marketing services is sent to Google and stored on Google's servers in the USA.
  • The Google marketing services that we use include the online advertising program Google AdWords. Every AdWords customer receives a different conversion cookie. This means that cookies cannot be traced via the websites of AdWords customers. The information obtained from the cookies is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers can see the total number of users who have clicked on their advert and been taken to a page with a conversion tracking tag. However, they are not given any information that would allow them to identify users in person.
  • Using Google marketing services, we can incorporate third parties' DoubleClick adverts. DoubleClick uses cookies that allow Google and its partner websites to display adverts on the basis of visits by users to this website or other websites on the Internet.
  • Using Google marketing services, we can incorporate third parties' AdSense adverts. AdSense uses cookies that allow Google and its partner websites to display adverts on the basis of visits by users to this website or other websites on the Internet.
  • We also use the Google Optimizer service. This enables us to use A/B testing to identify the impact of various changes to a website (for example changes to the entry fields, the design etc.). Cookies are stored on users' devices for the purposes of these tests. However, only pseudonymised user data are processed.
  • We can also use Google Tag Manager to incorporate Google analysis and marketing services into our website.
  • You can find more information about Google's use of data for marketing purposes on its overview page: https://policies.google.com/technologies/ads. Google's privacy policy is available at https://policies.google.com/privacy.
  • If you would like to block interest-based advertising from Google marketing services, you can use the settings and opt-outs provided by Google: https://adssettings.google.com/authenticated.

 

Facebook, Custom Audiences and Facebook marketing Services

  • On the basis of our legitimate interests in the analysis, optimisation and cost-effective operation of our online platform and for these purposes, we use the Facebook pixel from the Facebook social media network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
  • Facebook is certified under the Privacy Shield agreement and therefore provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
  • Using the Facebook pixel, Facebook can identify the visitors to our online platform as a target group for the display of adverts (Facebook ads). We use the Facebook pixel to display our Facebook ads only to those Facebook users who have shown an interest in our online platform or who have certain features (for example, an interest in specific subjects or products that has been identified on the basis of the websites the user has visited) which we have informed Facebook about (Custom Audiences). Using the Facebook pixel we aim to ensure that our Facebook ads correspond with the potential interests of users and are not annoying. The Facebook pixel also allows us to determine the effectiveness of Facebook ads for statistical and market research purposes by identifying whether users are transferred to our website after clicking on a Facebook ad (conversion).
  • Data are processed by Facebook in accordance with Facebook's data usage guidelines. You can find general information about the display of Facebook ads in Facebook's data usage guidelines at: https://www.facebook.com/policy.php. You can find specific, detailed information about the Facebook pixel and how it works in the Facebook help: Das Facebook-Pixel | Facebook Business-Hilfebereich.
  • You can prevent the Facebook pixel from collecting your data and using it to display Facebook ads. To select which type of ads you want to be displayed to you in Facebook, you can open the page set up by Facebook and find out about the settings for usage-based ads: https://www.facebook.com/settings?tab=ads. The settings apply to all types of devices, including desktop computers and mobile devices.



Facebook social plugins

  • On the basis of our legitimate interests (in other words, interests in the analysis, optimisation and cost-effective operation of our online platform under the terms of Article 6(1)(f) of the GDPR), we use social plugins from the social media network facebook.com which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins can show interactive elements or content (for example videos, graphics and text). They can be identified by means of the Facebook logo (a white "f" on a blue tile, the term "Like" or a "thumbs up" symbol) or are labelled "Facebook social plugin". A list and images of Facebook social plugins can be found here: https://developers.facebook.com/docs/plugins/.
  • Facebook is certified under the Privacy Shield agreement and therefore provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
  • When a user accesses a function on this online platform that contains a plugin, the user's device creates a direct link to Facebook's servers. Facebook sends the content of the plugin directly to the user's device, which incorporates it into the online platform. This allows usage profiles of users to be created from the processed data. We would like to draw users' attention to the fact that we have no influence over the extent of the data that Facebook obtains using this plugin.
  • The plugin informs Facebook that a user has opened the corresponding page on our online platform. If the user is logged into Facebook, Facebook is able to link this visit to the user's Facebook account. When users interact with the plugins, for example by clicking on the Like button or adding a comment, the corresponding information is sent directly from the user's device to Facebook, where it is stored. If the user is not a member of Facebook, Facebook can still identify and store the user's IP address. According to Facebook, only anonymised IP addresses are stored in Germany.
  • For more information about the extent of the data collected, the purpose they are used for and the processing of the data by Facebook, together with the rights and settings to protect users' privacy, refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.
  • If users are members of Facebook, but do not wish Facebook to collect information about them via our online platform or to link this information with their stored member data, they must log out from Facebook and delete the cookies before visiting our online platform. Users can select other settings and block the use of their data for marketing purposes in the Facebook profile settings: https://www.facebook.com/settings?tab=ads. They can also use the US website http://www.aboutads.info/choices/ and the European website http://www.youronlinechoices.com/. The settings apply to all types of devices, including desktop computers and mobile devices.

 

The Google+1 button

  • This online platform uses the +1 button of the Google Plus social media network, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google"). The button takes the form of the characters "+1" on a white or coloured background.
  • When a user accesses a page on this online platform that contains the button, the user's browser creates a direct link to Google's servers. Google sends the content of the +1 button directly to the user's browser and this is then integrated into the website. We have no influence over the extent of the data collected by Google using this button. According to Google, it does not collect any personal data unless the user clicks on the button. The data, including the IP address, is only collected and processed if members are logged in.
  • For more information about the extent of the data collected, the purpose they are used for and the processing of the data by Google, together with the rights and settings to protect users' privacy, users can refer to the Google privacy policy for the +1 button: http://www.google.com/intl/de/+/policy/+1button.html and the FAQ: http://www.google.com/intl/de/+1/button/.

 

Data privacy policy for the use of YouTube plugins (videos)
Plugins from YouTube.de/YouTube.com, which are operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA, USA, represented by Google Inc., are used on this online platform. When you visit a web page on our online platform that contains a plugin of this kind, a connection is made to YouTube's servers which then instruct your browser to display the plugin on the web page. This means that information about which of our web pages you have visited is passed on to the YouTube server. If you are logged in as a YouTube member, YouTube will link this information with your personal YouTube account. If you use the plugin directly, for example by clicking on the start button of a video or adding a comment, this information will be linked with your YouTube account, unless you log out of your account before using the plugin. Information about how YouTube gathers and uses the data on the platform and about plugins can be found in YouTube's data privacy policy: http://www.youtube.com.

 

Privacy policy for the use of XING plugins
This website uses plugins from XING.de, which is operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. When you visit a web page on our online platform that contains a plugin of this kind or actively click on the XING logo, a connection is made to XING's servers which then instruct your browser to display the plugin on the web page. This means that information about which of our web pages you have visited is passed on to the XING server. If you are logged in as a XING member, XING will link this information with your personal XING account. If you use this plugin, for example by clicking on the XING logo/button or adding a comment, this information will be linked with your XING user account. You can only prevent this from happening by logging out of the account before using the plugin. Information about how XING gathers and uses data and about plugins can be found in XING's data privacy policy: http://www.xing.de.

 

Using the LinkedIn button
On our online platform we use the marketing functions of the LinkedIn network (the LinkedIn Insight Tag). The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you access web pages on our online platform that contain LinkedIn functions, a direct link is created between your browser and the LinkedIn server. LinkedIn then receives information to the effect that you have visited our online platform, together with your IP address. The LinkedIn Insight Tag allows us to analyse the success of our campaigns on LinkedIn and to identify target groups for these campaigns on the basis of the interaction between users and our online platform. If you are registered with LinkedIn, it is possible for LinkedIn to link your interaction with our online platform with your user account. If you click on the LinkedIn "Recommend" button and you are logged into your LinkedIn account, LinkedIn can link your visit to our online platform with you and your user account. LinkedIn is certified under the Privacy Shield agreement and therefore provides a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Privacy policy for the use of Instagram plugins
Our online platform incorporates functions of the Instagram service. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link content from our pages with your Instagram profile by clicking on the Instagram button. This enables Instagram to link your visit to our online platform with your user account. As the provider of the online platform, we know nothing about the content of the data that is transferred or about how it is used by Instagram. Privacy policy: instagram.com/about/legal/privacy/.



Privacy policy for the use of Hotjar
We use Hotjar to better understand the needs of our users and to optimise the experience on this website. Hotjar works with cookies and other technologies to collect data about the behaviour of our users and their end devices, in particular IP address of the device (is only recorded and stored in anonymised form during your website use), screen size, device type (unique device identifiers), information about the browser used, location (country only), preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymised user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

On the basis of our legitimate interests under the terms of Article 6(1)(f) of the GDPR, we collect data relating to every access to the server where this service is located (server log files). The access data include the name of the web page that was accessed, the file and the date and time of the access, the amount of data transferred, a message confirming that the access was successful, the browser type and version, the user's operating system, the referring URL (the page previously visited), the IP address and the requesting provider.


For security reasons, log file information is stored for a maximum of seven days (for example to investigate abuse and fraud) and then erased. Data that need to be stored for a longer period as evidence will not be erased until the incident has been finally resolved.

We have a presence on social networks and platforms to enable us to communicate with existing and potential customers and other users who play an active role on these networks and platforms and to inform them about our services. When users access the networks and platforms, the general terms and conditions and the data processing guidelines of their operators apply.


Unless otherwise stated in our privacy policy, we process the data of users who communicate with us on the social networks and platforms, write posts on our online presence or send us Messages.

Below you will find information about the content of our newsletter, the process of subscribing to and sending the newsletter and the statistical evaluation of data, together with your right to unsubscribe from the newsletter. By subscribing to our newsletter, you agree to receive it and to the use of the process described below.


The content of the Newsletter
We send newsletters, e-mails and other online notifications containing marketing information (referred to below as the "newsletter") only with the consent of the recipient or with legal permission. If the content of the newsletter is described in detail as part of the process of subscribing to the newsletter, this content is a decisive factor in obtaining the user's consent. Our newsletters contain information about our products, offerings and campaigns and our company.


Sending newsletters to existing customers and partners
We are permitted to send newsletters to existing customers and partners if the newsletters contain only marketing material about products and services that serve a similar purpose. Existing customers and partners are customers and partners that we have an active business relationship with, but not prospects, for example. We are also required to inform our customers and partners when they place their first order about the possibility that they will receive marketing material and to give them the right to withdraw free of charge. If this is not the case, we will at the very least use the opt-in process to remain in online contact with customers and partners for marketing purposes. These marketing purposes include providing information about our products and services and about the latest news from our company, together with invitations to events.


Prospects and other contacts
For prospects and other contacts that we do not have an active business relationship with we use a double opt-in procedure and a logging process. Subscribing to our newsletter is based on the double opt-in procedure. After you subscribe to the newsletter, you will receive an e-mail that asks you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else's e-mail address. The subscriptions to the newsletter are logged in order to ensure that the subscription process follows the legal requirements. This includes storing the time of the subscription and the confirmation, together with the IP address. Any changes made to the personal data stored by the e-mail marketing service provider are also logged.


E-mail marketing service provider
The newsletter is sent by Inxmail GmbH, Wentzingerstr. D-79106 Freiburg, Germany, referred to below as the "e-mail marketing service provider". You can find the privacy policy of the e-mail marketing service provider here: https://www.inxmail.de/datenschutz.

The e-mail marketing service provider can use this data in pseudonymised form, in other words, without linking it with a user, to improve its own services, for example to optimise the technical process of sending the e-mails and displaying the newsletter or for statistical purposes, in order to identify which country the recipients come from. However, the e-mail marketing service provider will not use the data from our newsletter recipients to contact them itself and will not pass the data on to third parties.


Subscription data
To subscribe to the newsletter, you simply need to enter your e-mail address. We also ask you to give your name so that we can address you personally in the newsletter.


Measuring success
The newsletter contains a web beacon, which is a file the size of a pixel that is accessed by the e-mail marketing service provider's server when you open the newsletter. This involves collecting technical information, such as details of your browser and your system, your IP address and the time when the access took place. This information is used to improve the technical aspects of the service using the technical data and the target groups and their reading behaviour on the basis of the location of the access (which can be identified using the IP address) and the time of the access.


Other information which is valuable for statistical surveys includes whether the newsletter is opened, which text and image links the reader clicks on and whether images were downloaded. The recipient's behaviour is tracked anonymously, unless the recipient has given tracking permission. If we have tracking permission, the data obtained using unique count tracking is stored in personalised form. If we do not have tracking permission, the data are stored in anonymised form. However, neither we or the e-mail marketing service provider aim to monitor individual users. We use our evaluations to identify the reading habits of our users, to adapt our content to meet their needs and to provide different content depending on their interests.


Germany: The recipient's consent is required in order to send the newsletter and measure its success in accordance with Article 6(1)(a) and Article 7 of the GDPR in conjunction with Section 7, paragraph 2, point 3 of the German Act against Unfair Competition and on the basis of the legal permission specified in Section 7, paragraph 3 of the German Act against Unfair Competition.


Austria: The recipient's consent is required in order to send the newsletter and measure its success in accordance with Article 6(1)(a) and Article 7 of the GDPR in conjunction with Section 107, paragraph 2 of the Austrian Telecommunications Act and on the basis of the legal permission specified in Section 107, paragraphs 2 and 3 of the Austrian Telecommunications Act.


Other countries: The legal regulations in each country govern the sending of the newsletter and the measurement of its success.


The subscription process is logged on the basis of our legitimate interest in accordance with Article 6(1)(f) of the GDPR and is used to prove that users have consented to receive the newsletter.


Unsubscribing
You can unsubscribe from the newsletter at any time or, in other words, withdraw your consent. You will find a link that allows you to unsubscribe at the end of every newsletter. If a user has only subscribed to the newsletter and has terminated their subscription, their personal data will be erased. Users can also unsubscribe by sending a message to the contact details given above (the controller).

Your Contact

Michael Walther

Data protection officer Bertrandt Group