PRIVACY POLICY

Welcome to PTS Group AG!

PTS Group AG and its affiliates (collectively “PTS”, “we” and “us”) respect your privacy. We offer services that enable our customers to improve businesses.

This Global Privacy Policy describes the types of Personal Data we collect through our services and via our online presence, which include our main website at ptsgroup.de, as well as services and websites that we enable Internet users to access, such as DELTA42. This policy also describes how we use Personal Data, your rights and choices, and how you can contact us about our privacy practices. This policy does not apply to third-party websites, products, or services, even if they link to our Services or Sites, and you should consider the privacy practices of those third-parties carefully.

We are delighted that you are interested in our company. Data protection is very important to the management of PTS. The website pages of PTS can generally be used without providing any personal data. However, if a person wishes to access particular services of our company through our website, we may need to process personal data. If personal data needs to be processed and no statutory basis for this processing activity exists, we will generally ask the data subject to consent to the processing.

Personal data such as the name, address, email address or phone number of the data subject is always processed in a way that is compliant with the General Data Protection Regulation (GDPR) and with country-specific data protection rules that apply for PTS. The aim of this privacy policy is to inform the public about the way in which our company collects, processes and uses personal data and the scope and purpose of this collection, processing and use. It also serves to inform data subjects about their rights.

In its capacity as the controller of the processing and the operator of the website and its pages, PTS has implemented a variety of technical and organisational measures to ensure that personal data processed through our website is protected as seamlessly as possible. However, internet-based data transmission always involves a certain vulnerability and we are thus unable to offer any absolute guarantee in relation to the protection of data. Data subjects are therefore free to provide their personal data to us by other means of communication, for example over the phone.

The privacy policy of PTS is based on the terminology used by EU legislators in the General Data Protection Regulation (GDPR). We want our privacy policy to be easy to read and understand for the general public, our customers and our business partners. We will therefore provide explanations of key terms used in the text below.
This privacy policy includes, among others, the following terms:

2.1 Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.2 Data subject

A data subject is any identified or identifiable natural person whose personal data is being processed by the controller.

2.3 Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.4 Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future during the statutory retention periods. This means that data will still be stored, but can only be used for certain processing purposes, such as audits by the tax authorities.

2.5 Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

2.6 Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

2.7 Controller in charge of the data processing

The controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.8 Joint controllers

Where several companies jointly process personal data and define the purposes and means of their data processing for joint tasks or projects, these companies may be considered ‘joint controllers’ within the meaning of Article 26 GDPR and may therefore establish joint data protection rules and joint measures to safeguard the rights of data subjects.

2.9 Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.10 Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

2.11 Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.12 Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

The controller as defined in the General Data Protection Regulation, and the entity responsible within the meaning of other data protection legislation and provisions in relation to privacy that apply in the member states of the European Union, is: 

PTS Group AG
Cuxhavener Straße 10a
28217 Bremen
Germany
Tel.: +49 421 22494-0
E-Mail: dsgvo@ptsgroup.de
Website: www.ptsgroup.de 

3.1 Name and address of the data protection officer

The data protection officer of the controller is:

Martin Mielke
3G Business Datenschutz GmbH
Michaelkirchplatz 5
10179 Berlin
Germany
E-Mail: mielke@3g-business.de

Data subjects can contact our data protection officer directly with any questions or suggestions they may have in relation to data protection.

As a controller, we have taken appropriate measures to ensure that all information under Articles 13 and 14 and all notices under Articles 15 to 22 and Article 34 are communicated to the data subject of a processing activity in a precise, transparent, understandable and easily accessible way using clear and simple language.
You can view this information or request a copy of it either by contacting your assigned representative at our company directly, sending an email to dsgvo@ptsgroup.de, or downloading the information from our website.

If you visit the PTS website and your browser settings are configured to accept cookies, we will assume that you are interested in using the services and offers of PTS. 

5.1 What are cookies? 

Cookies are small text files that are stored on your computer or other end device when you visit a website. The cookie information is subsequently retransmitted from your computer upon every visit to the website that placed the cookie. 
Cookies are useful because they can help us make it easier for you to use our website. They enable us to see how users navigate our website and to analyse how our website offering is being used. In the long run, this will help us improve our online offering and make our website more user-friendly. 

5.2 Cookies and their use by PTS 

When you visit the website of PTS, you accept the use and storage of cookies. Most web browsers save cookies automatically. You can of course also view our website without accepting cookies. 

PTS does not analyse any of your online movements, if you have: 

  • not accepted cookies 
  • enabled the Do Not Track function 
  • enabled the opt-out function (see ‘Manage cookies’) 

The steps for disabling the storing of cookies and enabling the Do Not Track function differ from browser to browser. You should usually be able to find instructions in the help section of your web browser. 

5.3 Types of cookies used by PTS 

PTS generally uses two types of cookies: 

Session cookies
These are temporary cookies that are stored on your hard drive only for the duration of your visit to our website and will be deleted automatically when the browser is closed. 
PTS uses session cookies to make sure that the user identification during visits to the PTS customer website section is uninterrupted, which ensures seamless functionality. 
Using the customer section of the PTS website therefore requires the browser settings to be configured in such a way that session cookies are accepted. 

Cookies with a longer run time
Cookies with a longer run time are used exclusively for website usage analysis and help us improve the performance of our website. 

In order to be able to analyse the browsing behaviour of our users, PTS uses the Google Analytics tools. It is not possible for us to infer the identity of individual persons from this data. This data will not be combined with other data sources. 

5.4 Manage cookies (opt-out) 

If you do not want PTS to store and analyse information about your browsing behaviour, you are free to object to this at any time (opt-out). 
If you choose not to accept cookies, an opt-out cookie will be deposited in your browser. This opt-out cookie does not contain any information and its sole purpose is to enable our website to recognise that you have opted out.
At this stage, you can decide whether you want to accept a unique web analysis cookie being stored in your browser in order to enable the website operator to collect and analyse a variety of statistical data. 

5.5 Information on the opt-out cookie 

Deleting all cookies from your hard drive will also delete the opt-out cookie. In this case, the opt-out procedure will need to be carried out again.
If you use several browsers or other end devices, you will need to complete the opt-out procedure for each individual browser on each device used to access the PTS website. We are not able to identify whether different website visits were made by the same person, end device or browser. 

The PTS website collects a set of general data and information upon every website access by a data subject or automated system. This general data and information is stored in the server log files. It may include (1) the browser type and version used to open the website, (2) the operating system used by the accessing system, (3) the website from which the accessing system navigated to our website (the ‘referrer’), (4) the sub-pages of our website that were visited by the accessing system, (5) the date and time of the website access, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other comparable data and information that can be used to protect and defend our IT systems against attacks.
PTS does not trace this general data and information back to the data subject. The actual purpose of collecting this information is (1) to be able to render our website content correctly, (2) to optimise our website content and advertisements based on this information, (3) to ensure the long-term operability of our IT systems and our website technology and (4) to be able to provide criminal authorities with all information of relevance to the prosecution in the event of a cyber attack. This data and information is collected anonymously and is evaluated by PTS  for statistical purposes and in order to increase data protection and data security in our company with the ultimate goal of ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from any personal data provided by a data subject. 

6.1 Ways to contact us through our website 

In keeping with statutory requirements, the website of PTS includes information on how to contact our company quickly by electronic means and how to communicate with us directly. This includes an email address. If a data subject contacts the controller by email or via an online contact form, the personal data submitted by the data subject will be stored automatically. Such personal data submitted voluntarily by the data subject to the controller will be stored for processing purposes or to establish contact with the data subject. This personal data will not be passed on to third parties. 

6.2 Subscription to our newsletter 

On the website of PTS, users are given the opportunity to subscribe to the newsletter of our company. Which personal data are transmitted to the data controller when the newsletter is ordered results from the input mask used for this purpose. 

The PTS informs its customers and business partners at regular intervals by way of a newsletter about offers of the company. The newsletter of our company can only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by an affected person for the first time for newsletter mailing using the double-opt-in procedure. This confirmation email is used to check whether the owner of the e-mail address as the person concerned authorized the receipt of the newsletter.

When subscribing to the newsletter, we also store the IP address of the computer system used by the person concerned at the time of registration, as well as the date and time of registration, as assigned by the Internet Service Provider (ISP). The collection of this data is necessary in order to understand the (possible) misuse of an affected person’s e-mail address at a later date and therefore serves as legal safeguards for the controller.

The personal data collected in the context of registering for the newsletter will be used exclusively to send our newsletter. Subscribers to the newsletter may also be notified by e-mail if this is necessary for the operation of the newsletter service or registration, as might be the case in the event of changes to the newsletter or technical changes. There will be no transfer of the personal data collected as part of the newsletter service to third parties. Subscription to our newsletter may be terminated by the person concerned at any time. The consent to the storage of personal data that the data subject has given us for the newsletter dispatch can be revoked at any time. For the purpose of revoking the consent, there is a corresponding link in each newsletter. It is also possible to unsubscribe from the newsletter at any time, directly on the controller’s website, or to inform the controller in a different way. 

6.7 Routine erasure and blocking of personal data 

The controller will process and store the personal data of data subjects only for the period of time that is required to achieve the purpose of the data storage, or in compliance with any laws or other provisions applicable to the controller that were implemented by EU legislators or by another competent legislator. 

If the purpose for the data storage ceases to exist or if a data retention period determined by EU legislators or by another competent legislator expires, personal data is routinely blocked or erased in accordance with statutory provisions. 

Article 6 (1) a GDPR provides the legal basis for our company’s processing activities for which we obtain the consent of the data subject for a particular processing purpose. If personal data needs to be processed to perform duties under a contract to which the data subject is a party, as for example in the case of processing activities required to deliver goods, perform a service or provide a consideration, such processing activities are based on Article 6 (1) b GDPR. The same applies for processing activities required to perform steps prior to entering into a contract, e.g. in relation to enquiries about our products or services. Where our company needs to process personal data to comply with legal obligations such as tax requirements, such processing activities are based on Article 6 (1) c GDPR. In rare cases, personal data may need to be processed to protect the vital interests of the data subject or of another natural person. This might, for example, be the case if a person visiting our company premises sustains an injury and the person’s name, age, health insurance details or other vital information need to be provided to a doctor, a hospital, or another third party. Such processing activities would be based on Article 6 (1) d GDPR. Last but not least, processing activities may also be based on Article 6 (1) f GDPR. This provision forms the legal basis for processing activities that are not covered by any of the above legal bases, provided that the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing activities are permitted, in particular, because European legislators have expressly provided for them. The legislators were of the opinion that a legitimate interest could be assumed to exist where the data subject is a client of the controller (recital 47 sentence 2 GDPR). 

7.1 Legitimate interests in processing activities pursued by the controller or a third party 

Where personal data is processed on the basis of Article 6 (1) f GDPR, our legitimate interest is to conduct our business activities for the benefit of our employees and shareholders. 

7.2 Duration for which personal data is stored 

The duration for which personal data will be stored is determined by the applicable statutory retention period. At the end of the prescribed retention period, standard procedure is to erase the data, provided it is no longer required for the performance of a contract or to take steps prior to entering into a contract. 

7.3 Statutory or contractual requirements for the provision of personal data; data required for the formation of a contract; obligations of data subjects who provide personal data; possible consequences of a failure to provide data 

We would like to clarify for you that in certain cases, the provision of personal data is required by law (e.g. tax laws) or contractual stipulations (e.g. information on the counterparty to an agreement). To form a contract, it may be necessary for a data subject to make personal data available to us that we will subsequently need to process. A data subject may, for example, be required to provide us with certain personal data if a contract is to be concluded between our company and the data subject. A failure to provide this personal data would make the conclusion of a contract with the data subject impossible. Before providing personal data, the data subject must contact our data protection officer. Based on the specifics of the individual case, our data protection officer will inform the data subject whether the provision of personal data is required by law or contract or is necessary to conclude a contract, whether the data subject is under any obligation to provide the personal data, and what the consequences of a failure to provide such personal data would be

As a responsible business, we do not use automated decision-making processes or profiling. 

9.1 Right to be informed 

The GDPR grants every data subject the right to be informed about the collection and use of their personal data. If a data subject wants to exercise this right to obtain information, the data subject may contact our data protection officer or any other employee of the controller at any time. 

9.2 Right of access 

The GDPR grants every data subject the right to access the personal data that is being stored and processed and to obtain a copy of this information from the controller free of charge. It furthermore grants every data subject the right to obtain information about: 

  • the purposes of the processing 
  • the categories of personal data concerned 
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations 
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period 
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing 
  • the right to lodge a complaint with a supervisory authority 
  • where the personal data is not collected from the data subject, any available information as to its source 
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject 

The data subject also has the right to obtain information as to whether their personal data was transferred to a third country or an international organisation. Where personal data is transferred to a third country or to an international organisation, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. 

If a data subject wants to exercise this right to obtain such information, he or she may contact our data protection officer or any other employee of the controller at any time. 

9.3 Right to rectification 

The GDPR grants every data subject the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement. 

If a data subject wishes to exercise this right to rectification, they may contact our data protection officer or any other employee of the controller at any time. 

9.4 Right to erasure (‘right to be forgotten’) 

The GDPR grants every data subject the right to demand that their personal data be erased without undue delay if one of the following reasons applies and if the processing is not required: 

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed. 
  • The data subject withdraws the consent on which the processing is based according to Article 6 (1) a GDPR or Article 9 (2) a GDPR and there is no other lawful basis for the processing. 
  • The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (1) GDPR. 
  • The personal data has been unlawfully processed. 
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. 
  • The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR. 

If one of the aforementioned reasons applies and a data subject wishes to arrange for the erasure of the personal data that PTS  holds about the data subject, he or she may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of PTS will ensure that the erasure request is executed without undue delay. 

If the personal data has been published by PTS  and if our company – in its capacity as the controller – is obliged to erase the personal data pursuant to Article 17 (1) GDPR, PTS  will take appropriate measures, including technical measures, to inform other controllers in charge of processing the published personal data that the data subject has submitted a request for these controllers to erase any links to its personal data or copies or replicas of its personal data, unless the data is required for processing purposes; PTS  will take account of available technological means and implementation costs when determining what measures are appropriate in this context. The data protection officer or other employee of PTS will initiate the necessary steps on a case-by-case basis. 

9.5 Right to restrict processing 

The GDPR grants every data subject the right to restrict the processing of their personal data where one of the following applies: 

  • The accuracy of the personal data is contested by the data subject, whereby the restriction applies for a period enabling the controller to verify the accuracy of the personal data. 
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead. 
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims. 
  • The data subject has objected to processing pursuant to Article 21 (1) pending verification of whether the legitimate grounds of the controller override those of the data subject. 

If one of the aforementioned conditions applies and a data subject wishes to request a restriction of the processing of their personal data held by PTS, the data subject may contact our data protection officer or any other employee of the controller at any time. The data protection officer or other employee of PTS will initiate the restriction of processing accordingly. 

9.6 Right to data portability 

The GDPR grants every data subject the right to receive the personal data they have provided to a controller, in a structured, commonly used and machine-readable format. The data subject also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6 (1) a GDPR or Article 9 (2) a GDPR or on a contract pursuant to Article 6 (1) b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. 

In exercising his or her right to data portability pursuant to Article 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided the rights and freedoms of others are not adversely affected. 

If a data subject wants to exercise this right to data portability, they may contact the data protection officer of PTS  or any other employee of the company at any time. 

9.7 Right to object 

The GDPR grants every data subject the right to object at any time, on grounds relating to their own particular situation, to processing of their personal data which is based on Article 6 (1) e or f GDPR. This also applies to profiling based on those provisions. 

In the event of an objection, PTS  will no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or if the processing is for the establishment, exercise or defence of legal claims. 

Where personal data is processed by PTS  for direct marketing purposes, the data subject shall have the right to object at any time to processing of their personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by PTS  for direct marketing purposes, PTS  will no longer be process personal data for such purposes. 

Where personal data is processed by PTS for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest. 

If a data subject wishes to exercise this right to object, he or she may approach the data protection officer of PTS directly or contact any other employee of the company. In relation to the use of information society services, the data subject may, at its free discretion, exercise its right to object by means of automated processes based on technical specifications, notwithstanding the provisions of Directive 2002/58/EC. 

9.8 Automated individual decision-making, including profiling 

The GDPR grants every data subject the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless this decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent. 

If the decision is (1) necessary for entering into, or performance of, a contract between the data subject and a data controller or (2) based on the data subject’s explicit consent, PTS  will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 

If the data subject wishes to exercise their rights in relation to automated decision-making, they may contact our data protection officer or any other employee of the controller at any time. 

9.9 Right to withdraw consent to data processing 

The GDPR grants every data subject the right to withdraw consent to the processing of their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, they may contact our data protection officer or any other employee of the controller at any time. 

The controller collects and processes personal data of applicants for the purposes of conducting the application procedure. Data may be processed using electronic methods. This applies in particular where applicants submit their application documents to the controller electronically, e.g. by email or through an online form provided on a website. If the controller and the applicant enter into an employment contract, the data submitted with the application will be stored, in accordance with statutory requirements, for the purposes of carrying out administrative tasks in relation to the employment relationship. If the controller and the applicant do not conclude an employment contract, the application documents will automatically be deleted two months after the applicant was informed that the application was unsuccessful, unless the data erasure conflicts with other legitimate interests of the controller. Other legitimate interests within the meaning of this provision include, but are not limited to, the requirement to furnish evidence in proceedings under the German General Equal Treatment Act (AGG). 

11.1 Google Analytics  

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. 
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. 
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout. 
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google’s privacy policy: support.google.com/analytics/answer/6004245.
You can opt-out by following this opt-out linkhttps://adssettings.google.com/authenticated 

11.2 Social media  

Data protection provisions regarding the use of Facebook 

The controller has integrated components of Facebook on this website. Facebook is a social network. 

A social network is a social platform provided on the internet, i.e. an online community that typically enables users to communicate and interact with each other in a virtual sphere. A social network can be used as a platform for sharing opinions and experiences, and it enables members of the online community to make personal or company-related information available to others. Facebook offers its social network users functionalities such as creating a personal profile, uploading photos and building a network of contacts by sending friendship requests to other users. 

Facebook is operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. In relation to data subjects based outside the US and Canada, the controller in charge of the data processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

Every time an individual page of the controller’s website that is equipped with the Facebook component (Facebook plug-in) is accessed, the web browser of the data subject’s IT system is automatically prompted by the integrated Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be accessed at facebook. As part of the aforementioned process, Facebook obtains information on which specific sub-page of our website the data subject is accessing. 

If the data subject is logged into Facebook at the same time, Facebook is able to recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the Facebook component and allocated to the relevant Facebook account of the data subject. If the data subject uses one of the Facebook buttons embedded on our website – e.g. the ‘Like’ button – or posts a comment, Facebook allocates this information to the personal Facebook user account of the data subject and stores this personal data. 

Facebook is notified by the Facebook component about the data subject visiting our website whenever the data subject is logged into Facebook whilst accessing our website; this happens regardless of whether or not the data subject clicks on the Facebook component. If the data subject does not wish this information to be provided to Facebook, they can prevent this data from being transmitted to Facebook by logging out of their Facebook account before visiting our website. 

The privacy policy published by Facebook, which can be accessed at https://www.facebook.com/about/privacy/, provides further information on the collection, processing and use of personal data by Facebook. The policy also explains what adjustments data subjects can make to their Facebook settings in order to protect their privacy. Furthermore, there are various applications that enable data subjects to prevent data from being transmitted to Facebook, e.g. Facebook blockers. Applications of this type can be used by data subjects to suppress the transmission of data to Facebook. You can opt-out by following this opt-out linkhttps://www.facebook.com/settings?tab=ads 

Data protection provisions regarding the use of YouTube 

The controller has integrated components of YouTube on this website. YouTube is an online video platform that enables video content publishers to make video clips available online for free and offers other users the possibility to view, rate and comment on these video contents for free. YouTube allows users to publish a wide range of content. Videos available on this platform therefore range from entire films and TV shows to music videos and trailers as well as videos produced by individual users. 

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. 

Every time an individual page of the controller’s website with an embedded YouTube component (YouTube video) is accessed, the web browser of the data subject’s IT system is automatically prompted by the embedded YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/intl/en-GB/yt/about/. As part of the aforementioned process, YouTube and Google obtain information on which specific sub-page of our website the data subject is accessing. 

If the data subject is logged into YouTube at the same time, YouTube can recognise the specific sub-page visited on our website every time the data subject accesses a sub-page that contains an embedded YouTube video. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the data subject. 

YouTube and Google are notified by the YouTube component about the data subject visiting our website whenever the data subject is logged into YouTube whilst accessing our website; this happens regardless of whether or not the data subject clicks on a YouTube video. If data subjects do not wish this information to be provided to YouTube and Google, they can prevent this data from being transmitted to these recipients by logging out of their YouTube account before visiting our website.
The privacy policy published by YouTube, which can be accessed at https://policies.google.com/privacy, provides further information on the collection, processing and use of personal data by YouTube and Google. You can opt-out by following this opt-out linkhttps://adssettings.google.com/authenticated 

Data protection provisions regarding the use of LinkedIn 

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users to connect with existing business contacts and establish new business contacts. LinkedIn currently has more than 400 million registered users from more than 200 countries. It is therefore currently the largest platform for business contacts and one of the most visited websites in the world. 

LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. Matters of data protection outside the US fall within the scope of responsibility of LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland. 

Every time an individual page of our website with an embedded LinkedIn component (LinkedIn plug-in) is accessed, the web browser used by the data subject is prompted by the embedded component to download a representation of the corresponding LinkedIn component from LinkedIn. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. As part of the aforementioned process, LinkedIn obtains information on which specific sub-page of our website the data subject is accessing. 

If the data subject is logged into LinkedIn at the same time, LinkedIn is able to recognise the specific sub-pages of our website that the data subject is accessing every time the data subject visits our website and for the entire duration of each visit to our website. This information is collected by the LinkedIn component and allocated to the relevant LinkedIn account of the data subject. If the data subject uses an embedded LinkedIn button on our website, LinkedIn allocates the information transmitted by this action to the data subject’s personal LinkedIn user account and stores and processes this personal data. 

LinkedIn is notified by the LinkedIn component about the data subject visiting our website whenever the data subject is logged into LinkedIn whilst accessing our website; this happens regardless of whether or not the data subject clicks on the LinkedIn component. If the data subject does not wish this information to be provided to LinkedIn, they can prevent this data from being transmitted to LinkedIn by logging out of their LinkedIn account before visiting our website. 

The LinkedIn web page https://www.linkedin.com/psettings/guest-controlsoffers users a range of options for managing email and text message notifications, unsubscribing from targeted advertising and adjusting their display settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, all of which use cookie placement methods. Users can opt out of these cookies at https://www.linkedin.com/legal/cookie-policy. The privacy policy of LinkedIn can be accessed at https://www.linkedin.com/legal/privacy-policy. The cookie policy of LinkedIn can be accessed at https://www.linkedin.com/legal/cookie-policy. 

You can opt-out by following this opt-out link:  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

11.3 Hotjar 

We use Hotjar in order to better understand our users’ needs and to optimise this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymised user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.  https://www.hotjar.com/legal/policies/privacy/ 

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.  https://www.hotjar.com/legal/compliance/opt-out/