This Privacy Statement provides information on the type, scope and purpose of processing of personal data (hereinafter termed ‘data’) within our online offering and associated websites, features and content (subsequently referred to collectively as the ‘online offering’).
With regard to the terminology used, such as ‘processing’ or ‘controller’, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR). In addition, we inform you below about the third-party components we use for optimisation purposes and increasing the quality of use, insofar as third parties are hereby responsible for processing data.
Types of data processed
• Usage data (e.g. websites visited, interest in content, access times).
• Meta/communication data (e.g. truncated IP addresses).
Categories of data subjects
Visitors to and users of the online offering (we shall subsequently collectively term the data subjects ‘users’).
Purpose of the processing
• Provision of the online offering, its features and content.
• Answering contact requests and communicating with users.
• Security measures
• Reach measurement/Marketing
Pursuant to Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the Privacy Statement, the following shall apply:
The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR. The legal basis for processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 Para. 1 lit. b GDPR. The legal basis for processing in order to fulfil our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 lit. d GDPR shall form the legal basis.
In accordance with Art. 32 GDPR, taking into account the available technology, implementation costs and the type, scope, circumstances and purposes of processing, as well as the varying likelihood of occurrence and severity of the risk for the rights and freedoms of natural persons, we take suitable technical and organisational measures to ensure a level of protection that is appropriate to the risk.
In particular, the measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as preventing the accessing, input, forwarding, ensuring availability and separation of the data. In addition, we have set up procedures that guarantee an awareness of data subject rights, deletion of data and reaction to data threats.
Deletion of data
In accordance with Art. 17 and 18 of GDPR, the data we process are deleted or subject to restrictions when processed. Unless expressly stated in this Privacy Statement, the data we store are deleted as soon as they are no longer required for their intended purpose and deleting the data does not conflict with any statutory retention requirements. If the data are not deleted because they are required for other legally admissible purposes, there will be limitations on how the data can be processed.
Cookies and the right to object to direct advertising
We do not store any cookies about you or your device without your express consent. Consent is carried out via a ‘consent management’ process. In addition, storage of cookies can be prevented by deactivating them in the browser settings. Please note that deactivating cookies may mean that some features for this online offering do not work correctly.
Data protection information in the application process
We only process applicants’ details for the purpose and within the scope of the application process, in accordance with the legal requirements. The processing of applicants’ data takes place in order to fulfil our (pre)contractual obligations as part of the application process within the meaning of Art. 6 Para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if it becomes necessary for us to process the data, e.g. in the context of legal proceedings (additionally, § 26 BDSG [Federal Data Protection Act] applies in Germany).
The application process requires that applicants send us their applicant data. If we offer an online form the requisite applicant information is marked; otherwise, it is found in the job descriptions and principally includes information about the individual, their postal and contact addresses and the documents that form part of the application, such as the cover letter, Curriculum Vitae and references. In addition, applicants are able to provide us with supplementary information voluntarily.
When sending us their application, applicants consent to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this Privacy Statement.
Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants as part of the application process, they are also processed in accordance with Art. 9 Para. 2 lit. a GDPR (e.g. health data, where required for performing the job in question).
Where an online form has been provided, applicants can send us their applications using the online form on our website. The data are encrypted and transmitted to us in accordance with the latest technology. Furthermore, applicants can send us their applications by email. However, please note that emails are not generally sent in an encrypted format and applicants themselves must ensure that encryption is in place. We cannot therefore accept any responsibility for the transmission route between the sender and receipt of the application on our server and we therefore recommend either using the online form or sending the application by post. Instead of applying via the online form and email, applicants still have the option of sending us their application by post.
In the event, that the application is successful, the data provided by the applicants can be further processed by us for the purposes of the employment. Where, however, the application is not successful in leading to the offer of a job, the applicant’s data will be deleted. The applicant’s data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
Subject to a justified revocation by the applicant, the data will be deleted once a period of six months has expired, to enable us to answer any follow-up questions to the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
Getting in contact
When contacting us (e.g. via the contact form, by email, phone or social media), the user’s information will be processed in accordance with Art. 6 Para. 1 lit. b (as part of the contractual/precontractual relations), Art. 6. Para. 1 lit. f (other requests) GDPR for the purposes of handling and processing the contact inquiry. The user’s information can be stored within a Customer Relationship Management system (‘CRM system’) or similar system for organizing inquiries.
We delete these inquiries as soon as they are no longer required. Furthermore, the legal obligations, with regard to archiving also apply.
Collection of access data and log files
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR regarding every occasion the server upon which this service is located is accessed (server log files). The access data includes the name of the website visited, the file, date and time of the visit, data volume transferred, notification of successful retrieval, browser type and version, the user’s operating system, URL referrer (the site visited beforehand), truncated IP address.
For reasons of security (e.g. to investigate acts of abuse or fraud), log file information is stored for a maximum of 7 days and then deleted. Data that must be stored for longer for evidence purposes are excluded from deletion until final clarification of the respective incident.
Google Tag Manager
Google Tag Manager is an interface solution that we use to manage website tags (and to incorporate Google Analytics, as well as other Google marketing services in our online offering). The Tag Manager itself (which implements the tags) does not process any personal information about the user. With respect to the processing of users’ personal data, reference is made to the following information on Google services.
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and the Internet. In the process, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with IP anonymization activated. This means that users’ IP addresses are truncated by Google within Member States of the European Union or within other contracting states of the Agreement on the European Economic Area.
The IP address transmitted by the user’s browser is not amalgamated with other Google data.
Further information on data use by Google, along with configuration and revocation options, can be found in Google’s privacy statement
Amazing Apes, July 2021