Privacy Policy of Masterplan com GmbH

I. General Information

1. Scope

This Privacy Policy applies to the following operations:

the use of our website/s and all other internet pages referring to it (for details see section "Websites");
the use of the learning platform integrated into our website, if this is provided to users by ourselves (for details see section "Learning platform");
the use of our external websites (for details see section "External sites"); and
the application process (for details see section "Applications").

2. Data Controller

We take the protection of your personal data and the legal obligations serving this protection very seriously. The legal requirements demand comprehensive transparency about the processing of personal data. Only if you are sufficiently informed about the purpose, nature and scope of the processing, the processing is comprehensible for you as a data subject.

The responsible party within the meaning of the General Data Protection Regulation (GDPR) is the

Masterplan com GmbH
Dircksenstraße 47
10178 Berlin
Deutschland

Phone: +49 234 810 502 00
E-Mail: info@masterplan.com

Hereinafter referred to as the "Controller" or "we".

You can reach the data protection officer at:

Sascha Kremer
c/o KREMER RECHTSANWÄLTE
Brückenstraße 21
50667 Köln

E-Mail: privacy@masterplan.com
Phone: +49 221 271 418 74

3. Definitions

The terms used in this Privacy Policy (e.g., data categories, purposes and legitimate interests, as well as terms from the GDPR) are explained in the section "Definition" (VIII.).

4. General information on data processing

We process personal data only to the extent permitted by law. Disclosure of personal data takes place exclusively in the cases described below. Personal data is protected by appropriate technical and organizational measures (e.g. pseudonymization, encryption).

Unless we are required by law to store or disclose personal data to third parties (in particular law enforcement agencies), the decision as to which personal data we process and for how long, and the extent to which we disclose it, depends on which functionalities you use in each individual case.

5. Duration of storage

The personal data will be deleted as soon as the purpose of the processing no longer applies or otherwise a reason for deletion pursuant to Art. 17 (1) GDPR applies (e.g. you have revoked a consent granted to us). Exceptionally, we may nevertheless continue to process your personal data if an exception to the obligation to delete pursuant to Art. 17 (3) GDPR applies (e.g. a legal storage obligation exists).

Insofar as we need to provide information about the storage period of cookies and similar technologies, you will find the details in our Consent Tool, which you can access here www.masterplan.com.

Personal data that we process as part of an application (see below) is stored for a period of six months after completion of the application process.

6. Automated decisions in individual cases including profiling

Automated decisions in individual cases, including profiling, do not take place.

7. Rights of data subjects

As a data subject, you have the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to deletion under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR. You have the right to complain to a data protection supervisory authority (Art. 77 GDPR).

The data protection supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin

However, you are free to complain to another data protection supervisory authority.

8. Notification obligations of the controller

On this website, data is collected and stored for marketing, market research and optimization purposes using the SalesViewer® technology of SalesViewer® GmbH on the basis of legitimate interests of the website operator (GDPR Art. 6(1)(f)). For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymized and is not used to personally identify the visitor to this website. The data stored as part of Salesviewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. The collection and storage of data can be objected to at any time with effect for the future by please following this link https://www.salesviewer.com/opt-out click to prevent the collection by SalesViewer® within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

9. Duty to provide

9.1 Unless otherwise explained in the information on the legal basis, you are not obliged to provide personal data. If we base the processing on Art. 6 (b) GDPR, your personal data is required for the performance of a contract or for the conclusion of a contract. If you do not provide the personal data, the performance or conclusion of the contract is not possible. If you do not provide the data in the cases of Art. 6 (1) (a), (f) GDPR, the use of the affected parts of our services and functions is not possible.

9.2 In order to make use of the services and functions explained here, access rights to the following interfaces, device functions and data of your end device may be required: camera, microphone, files (e.g. photos). You are not required to grant the permissions. However, use of the services and functions is then not possible or only possible to a limited extent.

10. Data transfer to third countries

Data transfers to third countries outside the European Union (EU) and the European Economic Area (EEA) are only permitted in compliance with the special provisions of Art. 44 et seq. GDPR are permissible. If such a third country transfer occurs during the processing of your personal data, we will indicate the third country transfer and the basis for the transfer in the following.

General information on the basis for transmission:

If the transfer is based on an adequacy decision within the meaning of Art. 45 GDPR, you can find an overview of the adequacy decisions here.
If the transfer is based on so-called standard data protection clauses of the EU Commission within the meaning of Art. 46 (c) GDPR, you can find the EU Commission's implementing decision (EU 2021/914) containing the contractual clauses here.

11. Right of objection

In accordance with Art. 21 (1) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR. If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such purposes pursuant to Article 21 (2) GDPR. The objection can be made form-free and should be directed to our contact details above.

12. Revocation of consent

In accordance with Art. 7 (3) GDPR, you have the right to revoke your consent at any time with effect for the future informally by mail or e-mail. The lawfulness of the processing carried out based on the consent until the revocation is not affected by this. Upon your revocation, we will delete the personal data processed based on the consent if there is no other legal basis for its processing. The revocation can be made form-free and should be directed to our contact details above.

II. Interaction of the Privacy Policy and the Cookie Policy and Consent Tool

The Privacy Policy informs you about data processing based on the regulations of the GDPR and, if applicable, the BDSG. If the provisions of the TTDSG are relevant for individual matters, you will find the relevant information in the Consent Tool at www.masterplan.com. This also applies to the information on saving or reading out data on your end device.

III. Data processing during the use of our website

The use of the website and its functions regularly requires the processing of personal data. Unless otherwise indicated, the following statements apply to all websites that we operate and that link to this Privacy Policy.

Please note that links on our website may take you to other websites that are not operated by us but by third parties. Such links are either clearly marked by us or are recognizable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.

Provision of the website
Purpose of the distribution: Advertising and personalized marketing, information security
Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products.
‍Data categories: Connection data, usage dataRecipients of the data: IT service provider
‍Intended third country transfer: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR)

Content Delivery Network (CDN), security and DNS service.
Purpose of processing: advertising and personalized marketing measures, information security.
‍Legal basis: Art. 6 (1) (f) GDPR.
‍Data categories: Usage data, connection data, content data if applicable.
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR.)

Subscription to our newsletter
Purpose of processing: advertising and personalized marketing measures, user, prospect and/or customer support, analysis and performance measurement, and optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a), (f) GDPR.
‍Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research.
‍Data categories: Master data, contact data, connection data and content data.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR)

Request for information
Purpose of processing: advertising and personalized marketing measures, user, prospect and/or customer support.
‍Legal basis: Art. 6 (1) (f) GDPR, Art. 6 (1) (b) GDPR (if your request concerns a conclusion of a contract or an existing contract).
‍Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research.
‍Data categories: Master data, contact data, connection data and content data.
Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR).

Registration for user tests and seminars/workshops.
Purpose of processing: event management, user, prospect and/or customer support, proof of your registration; ensuring the security of our information technology systems.
‍Legal basis: Art. 6 (1) (f) GDPR, Art. 6 (1) (b) GDPR (if your request concerns a conclusion of a contract or an existing contract).
‍Legitimate interests: Customer acquisition, customer retention, customer recovery, promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research, integration of desired or required functionalities.
‍Data categories: Contact data, master data, connection data and content data.Recipients of the data: IT service providers; if applicable, platform operators and media, contractual partners (e.g., transport companies, operators of event venues and platforms).
‍Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR).

Customer account
Purpose of processing: Advertising and personalized marketing measures, order fulfillment and contract management.
‍Legal basis: Art. 6 (1) (b), (f) GDPR.
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, Promotion of sales activities, Operation, integrity and security of digital products.
‍Data categories: Connection data, usage data, content data, master data if applicable and contact data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR.)

Contact
Purpose of processing: user, prospect and/or customer support.
‍Legal basis: Art. 6 para. 1 sentence 1 letter f GDPR, Art. 6 (1) (b) GDPR (if the inquiry leads to a subsequent conclusion of a contract or concerns an existing contract).
‍Data categories: Connection data, content data, master data if applicable and contact data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR.)

Consent management
Purpose of processing: legal matters and compliance measures, information security.
‍Legal basis: Art. 6 (1) (c), (f) GDPR
‍Data categories: master data, if applicable, contact data, usage data, connection data, content data.
‍Legitimate interests: Prevention of criminal offences, misdemeanors and other detrimental actions, integration of desired or required functionalities.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR).

Analysis and performance measurement
Purpose of processing: analysis and performance measurement as well as optimization of products and/or services, advertising and personalized marketing measures.
‍Legal basis: Art. 6 (1) (f) GDPR.
‍Legitimate Interests: Analysis and optimization of own offers, services and advertising measures, promotion of sales activities, advertising and image improvement, market and opinion research.
‍Data categories: Usage data, connection data, content data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

Google Tag Manager
‍We use the Google Tag Manager to integrate third-party content. This is a technical solution that does not itself store or read any cookies or similar technologies that require consent, but merely controls the conditions under which the other programs used on our website and described below are activated. Nor is any personal data processed with the Google Tag Manager itself.

‍Integration of external fonts
Purpose of processing: Advertising and personalized marketing measures.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products
‍Data categories: Connection data
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

Integration of external content (photos, videos and posts).
‍Purpose of processing: advertising and personalized marketing measures.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Integration of desired or required functionalities, design, operation and availability of digital products, customer acquisition, customer retention, customer recovery.
‍Data categories: Connection data, content data, usage data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR)

Marketing measures
Purpose of processing: Advertising and personalized marketing measures.
‍Legal basis: Art. 6 (1) (a) GDPR.
‍Legitimate interests: Promotion of sales activities, promotion of economic interests, advertising and image improvement, market and opinion research, analysis and optimization of own offers, services and advertising measures.
‍Data categories: Usage data, connection data, contact data if applicable, master data, content data.
‍Recipients of the data: IT service providers, contractual partners, platform operators and media.
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses, adequacy decisions.)

Google Ads Conversion Tracking
Purpose of processing: advertising and personalized marketing measures
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Usage data, connection data
‍Recipients of the data: IT service provider, platform operator and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

Google reCAPTCHA
Purpose of processing: Advertising and personalized marketing measures.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Ensuring the security of our website and our information technology systems.
‍Data categories: Connection data, usage data
‍Recipients of the data: IT service providers, platform operators and mediaIntended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

Google Analytics
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Usage data, connection data, content data if applicable.
‍Recipients of the data: IT service providers, platform operators and mediaIntended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

Google Ads
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Usage data, connection data, content data if applicable.
‍Recipients of the data: IT service providers, platform operators and mediaIntended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Google Double Click
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: Content data, connection data, usage data
‍Recipients of the data: IT service providers, platform operators and mediaIntended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

YouTube
Purpose of processing: user, interested party and customer support.
‍Legal basis: Art. 6 (1) (f) GDPR.
‍Data categories: Usage data, connection data, content data
‍Recipients of the data: IT service provider, platform operator and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Facebook Pixel
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Connection data, usage data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

LinkedIn Ads
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Connection data, usage data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

LinkedIn Conversion Tracking - LinkedIn Insight Tag
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (a) GDPR
‍Data categories: Usage data, connection data
‍Recipients of the data: IT service providers, platform operators and mediaIntended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Bing Ads
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: User data, connection data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

New Relic JS Agent
Purpose of processing: Information security, security and emergency management.
‍Legal basis: Art.6 (2) (f) GDPR Legitimate interests: Ensuring the stability of our systems
‍Data categories: Connection data, usage data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Bing Pixel
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: User data, connection data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Clarity
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: User data, connection data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Daw Bridge
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: User data, connection data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Matomo Cloud
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: User data, connection data
‍Recipients of the data: IT service providers, platform operators and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Log Rocket
Purpose of processing: Information security, security and emergency management.
‍Legal basis: Art.6 (1) (a) GDPR
‍Data categories: Connection data
‍Recipients of the data: IT service provider, platform operator and media
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

IV. Data processing in the application procedure

Integration and implementation of applicant management
Purpose of processing: applicant management
‍Legal basis: Art. 6 (1) (b) GDPR, for storage for future application procedures with us and with affiliated companies Art. 6 (1) (a) GDPR.
‍Data categories: Master data, contact data, content data, contract data, applicant and employee data, if applicable connection data, if applicable usage data and, if applicable, special categories of personal data as defined in Art. 9 (1) GDPR (depending on the specific job advertisement; only the data relating to your application that you provide to us and that are required for the application process are stored).
Recipients of the data: Personnel service provider, IT service provider
‍Intended third country transfer: none

V. Data processing when using our Learning platform

Provision of the learning platform
Purpose of processing: information security, user, interested party and customer support.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, promotion of sales activities, operation, integrity and security of digital products.
‍Data categories: Connection data, usage data
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases USA (based on the standard data protection clauses of the EU Commission, Art. 46 (2) (c) GDPR)

Registration as a user with the Learning platform
Purpose of processing: user, prospect and customer support, order fulfillment and contract management.
‍Legal basis: Art. 6 (1) (b), (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, Promotion of sales activities, Operation, integrity and security of digital products.
‍Data categories: Connection data, usage data, content data, master data, contact data, contract data, payment data if applicable, location data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions).

Use of the Learning platform
Purpose of processing: user, prospect and customer support, order fulfillment and contract management.
‍Legal basis: Art. 6 (1) (b), (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, customer acquisition, customer retention, customer recovery, Promotion of sales activities, Operation, integrity and security of digital products.
‍Data categories: Connection data, usage data, content data, master data, contact data, contract data, payment data if applicable, location data if applicable.
‍Recipients of the data: IT service provider
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

VI. External (Web-)sides

Facebook
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery.
‍Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data.
‍Recipients of the data: Platform operator and media (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
‍Intended Third Country Transfers: On a case-by-case basis, USA and other third countries (standard data protection clauses and adequacy decisions).

Instagram
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery.
‍Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data.
‍Recipients of the data: Platform operator and media (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
‍Intended Third Country Transfers: On a case-by-case basis, USA and other third countries (standard data protection clauses and adequacy decisions.)

LinkedIn (profile)
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery.
‍Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data.
‍Recipients of the data: Platform operator and media (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn")).
‍Intended third country transfer: On a case-by-case basis, USA and other third countries (standard data protection clauses and adequacy decisions.)

YouTube Channel
Purpose of processing: Advertising and personalized marketing measures, analysis and performance measurement as well as optimization of products and/or services.
‍Legal basis: Art. 6 (1) (f) GDPR
‍Legitimate interests: Design, operation and availability of digital products, advertising and image improvement, market and opinion research, customer acquisition, customer retention, customer recovery.
‍Data categories: Master data, contact data, content data, usage data, connection data and, if applicable, location data.
‍Recipients of the data: Platform operator and media (Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland ("Google")).
‍Intended third country transfer: In individual cases, USA and other third countries (standard data protection clauses and adequacy decisions.)

VII. Information about Joint Controllers

In the cases listed below, we are jointly responsible with another entity within the meaning of Art. 4 No. 7, 26 GDPR. You are free to address your request directly to any of the joint controllers. Depending on the specific agreement on data protection rights with the other party, we will forward your request to the other party.

Operation of our Facebook page(s)
‍As part of the operation of our Facebook page(s), we have a joint responsibility with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
‍The gist of the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
Facebook is responsible for implementing your data subject rights.
‍Facebook will inform you about your data subject rights at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Operation of our Instagram page(s)
‍As part of the operation of our Instagram page(s), we have a joint responsibility with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
‍The gist of the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
Facebook is responsible for implementing your data subject rights.
‍Facebook will inform you about your data subject rights at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Operation of the LinkedIn page
‍As part of the operation of our LinkedIn page, we have a joint responsibility agreement with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").
‍The essence of the agreement can be found here: https://legal.linkedin.com/pages-joint-controller-addendum.
LinkedIn is responsible for implementing your data subject rights.
‍LinkedIn will inform you about your data subject rights at: www.linkedin.com/legal/privacy-policy.

VIII. Definitions

The terms used in this Privacy Policy (e.g. data categories, purpose categories, categories of recipients and legitimate interests, as well as terms from the GDPR) are explained here.

From the GDPR
‍This privacy policy uses the terms of the legal text of the GDPR. You can view the definitions (Art. 4 GDPR), for example, at eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679. For the definition of health data, please refer to Art. 4 No. 15 GDPR. If other special categories of personal data are processed, you will find the explanations in Art. 4, 9 (1) GDPR. If the processed data is personal data about criminal convictions and criminal offenses, you will find the information on this in Art. 10 GDPR.

Additional definitions:

Data categories
When we indicate the categories of data processed, we mean the following data:

Master data (e.g., names, address, dates of birth).
Contact data (e.g. e-mail addresses, telephone number, messenger services)
Content data (e.g., text entries, photographs, videos, contents of documents/files)
Contract data (e.g., subject matter of contract, terms, customer category)
Payment data (e.g. bank details, payment history, use of other payment service providers)
Usage data (e.g., history on our website, use of certain content, access times, contact or order history)
Connection data (e.g., device information, IP addresses, URL referrers).
Location data (e.g. GPS data, IP geolocation, access points).
Diagnostic data (e.g., crash logs, website/app performance data, other technical data used to analyze malfunctions and errors)
Applicant and employee data (e.g. employment history, working hours, vacation periods, periods of incapacity to work, appraisals, training and further education, social data, bank details, social security number, health insurance/health insurance number, salary expectations and salary data as well as tax identification number, proofs and documents, working hours, public offices held, social security data, occupational integration management data)

Purposes of data processing
In the following sections, we state the purposes pursued as purpose categories to improve comprehensibility and readability. In some cases, there may be overlaps with our "legitimate interests" (see definitions below). This is in the nature of the matter.

Unless otherwise specified, the purposes are to be understood as follows:

Advertising and personalized marketing measures: Includes, for example, the opening of public and, where applicable, restricted-access websites, apps and/or external pages for general information about our products/services (e.g., general website about our company, press pages, social media pages), personalized communication with users, interested parties and/or customers (e.g., newsletters), playout of (personalized) recommendations and advertising activities (e.g. e.g., personalized newsletters, playout of advertising on other websites, search engines, social media pages and/or apps, and generally in advertising networks), merging and linking of data (possibly involving other parties such as publishers in advertising networks) to ensure commission claims for advertising materials.
Safety and emergency management: all processes are recorded which, in the respective context, serve to ensure the relevant safety requirements and the prevention and/or treatment of accidents and emergencies, such as access controls, video monitoring, logging, evacuation, personal rescue and damage limitation.
Analysis and performance measurement as well as optimization of products and/or services: Includes e.g. opinion polls and voting, comparison tests (so-called A/B testing), analysis and (usually aggregated) evaluation of user, prospect and/or customer behavior in the online and/or offline area (e.g. through click paths, mouse movements and heat maps), analysis and evaluation of the success of general and, if applicable, personalized marketing measures, needs-based design of our (digital) products and services based on the analyzed demand and/or usage behavior.
Order fulfillment and contract management: Includes all processing operations required for the fulfillment of the relevant orders/contracts, such as the processing of master data and contact data for the fulfillment of the customer's orders, payment processing including any necessary transfer of data to payment service providers, processing of returns, license verification.
Operation and further development of internal IT systems: Includes, among other things, user management, authentication and technical logging, as well as IT support and the further development and adaptation of systems and the associated processing of personal data. This applies regardless of whether the IT systems are operated by the controller itself or by a service provider (processor).
Applicant management: Includes, among other things, personnel marketing and processes in the context of initiating employment, such as processing applications (digital and analog), communicating with applicants, conducting interviews, assessment center procedures and trial work, setting up talent pools, and documenting the outcome of applications.
Business partner maintenance: All processes are recorded that serve to analyze and select suitable business partners and to maintain existing business relationships.
Warranty, guarantee, goodwill and general service: Includes in particular the processing of warranty, guarantee and goodwill cases, as well as any information on updates, improvements and recall campaigns.
Identity and/or creditworthiness check: The aim of the processing is to check the identity of the data subject, insofar as this is necessary for the respective process, and/or to check the creditworthiness and/or solvency of an interested party or contractual partner.
Information security: Processing operations are recorded that serve to protect against risks and to secure IT systems, as well as to achieve the protection goals of confidentiality, availability and integrity of data, systems and processes (e.g., differentiation of human access and bot access, detection and defense against abusive access, security-relevant analysis of the use of digital products and services).
Logistics and fleet management: Includes, among other things, the planning, management, and control of our logistics, including external logistics service providers, and the management of our fleet, including compliance with legal obligations.
User, prospect and/or customer support: Includes, for example, contact forms, chat systems including chat bots and callback options, and generally the processing of various inquiries (e.g., advice, service, complaints).
Human resources and personnel management: Includes all processes for implementing employment or processes that are closely related to employment, such as onboarding, personnel administration, fulfillment of employer obligations, personnel development including training, and continuing education, voluntary employer benefits, personnel planning and controlling, company health management, company social counseling, company co-determination, measures to terminate employment, investigative and disciplinary measures, and offboarding.
Project management including project collaboration: project coordination and execution, project planning, project schedule management, project information sharing, project collaboration.
Legal matters and compliance measures: Covers, for example, the assertion, exercise and enforcement of legal claims and processes for compliance with legal requirements (e.g., as part of data protection consent management) and for the prevention and/or clarification and prosecution of legal violations.
Event management: All processes required for the implementation of offline and online events (e.g., registration, participant management, implementation of the event, processing of personal preferences and needs, data processing in the context of video conferencing and/or instant messaging services), photo, audio and/or video documentation of events, issuance of certificates of participation are recorded.
Administration: Covers processes that include basic functions of business operations such as communication, accounting, billing and reporting, documentation and archiving, knowledge and contact management.

Legitimate interests
‍In the following sections, we specify our legitimate interests within the meaning of Art. 6 (1) (f) GDPR as categories in order to improve comprehensibility and readability. In some cases, there may be overlaps with our "purposes" (see definitions above). This is in the nature of the matter. Unless otherwise specified, the stated legitimate interests are to be understood as follows:

Promotion of sales activities: e.g., promotion of our sales by evaluating the demand of our customers, analysis of the interests and purchasing and demand behavior of our prospects, users and/or customers.
Promotion of economic interests: e.g., measures to reduce costs and cut costs, avoid/reduce significant additional costs, generally increase earnings (esp. by outsourcing to service providers) and avoid competitive disadvantages.
Advertising and image enhancement, market and opinion research: e.g., opinion surveys, voting, product and/or service ratings and other reviews, and the integration of these results.
Analysis and optimization of our own offers, services and advertising measures: e.g., analysis of user, prospective customer and/or customer behavior for the optimization of processes, services and products, needs-based design of our products, services and marketing measures and direct customer approach.
Design, operation, and availability of digital products: includes, for example, the integration of general functions of websites, apps, and other digital products.
Operation, integrity and security of digital products: in particular, defense against requests overloading the service (denial of service attacks) or excessive use of bots to destabilize a platform, IT security measures such as saving log files and, in particular, IP addresses for a longer period of time in order to detect and ward off misuse, including beyond the legally required level.
Direct advertising (personalized marketing): in particular, direct approaches to prospective customers and customers that are not based on consent, such as product recommendations based on previous demand behavior, including the processing of data in preparation for direct advertising (e.g., customer segmentation, affinity ratings).
Integration of desired or required functionalities: integration of functionalities that are in the interest of the customer, are played out at the request of the customer and/or are necessary for the provision of the service (e.g., the integration of contact options on websites or in apps or, for example, the possibility of saving configurations by the user (e.g., language selection).
Assertion, exercise or defense of legal claims: e.g., preservation of evidence, to clarify the facts in the event of a foreseeable legal dispute.
Customer acquisition, customer retention, customer recovery: e.g. operation of a customer relationship management (CRM)for prospect and customer care.
Freedom of opinion, press and broadcasting: in particular, processing that previously fell under the so-called media privilege.
Protection of the body and health of the data subjects
Promotion of legitimate interests in a group of companies: performance of organizational, procedural or entrepreneurial tasks from the cooperation of several affiliated companies (see the explanations for Art. 48 GDPR).
Prevention of criminal offences, administrative offences and other detrimental actions: in particular fraud prevention, preventive measures within the framework of an internal control system, measures to clarify risks following corresponding suspicious cases or other indications of possible actions to the detriment of the controller or other persons.
Reduction of default risks: identification of economic, technical, procedural or organizational risks for the company that could lead to a complete or partial failure of the company, parts of the company or products or services of the company
Other legitimate interests: Where relevant, these interests are explained separately at the respective points.

In the following section, we list the categories of recipients we use in our Privacy Policy:

Banks and other financial service providers
Public authorities and other public bodies
Professional secrecy providers and their companies/entities
IT service providers
Opponents in legal disputes
Group companies and other affiliated companies
Customers and interested parties
Suppliers
Personnel service providers
Platform operators and media
Associations, organizations and interest groups
Landlords
Insurance companies
Contractors (without customers)