Privacy policy
The protection of your personal data (hereinafter referred to as “data”) is of great importance and a major concern to us. In the following, we would, therefore, like to inform you in detail as to what data is collected when you visit our online offers (website, social media), hereinafter referred to as “websites”, and how this data is processed by us in the following. In addition, we would like to inform you about the rights to which you are entitled and the technical and organisational protection measures we have taken with regard to the processing of your data.
The data protection information fulfils the information obligations in accordance with the requirements of Art. 12 et seq. of the EU General Data Protection Regulation (hereinafter referred to as “GDPR”) and provides you with an overview of the processing of your personal data within the scope of the online offers (website, social media) of BFS finance GmbH (hereinafter referred to as “websites”).
Table of contents:
- Who is responsible for processing my data?
- Personal data
- What data is collected?
- For what purposes is the data collected?
- Who receives my data?
- Is my data processed outside the EU or EEA (third country transfer)?
- What data protection rights do I have?
- To what extent is there automated decision-making?
- Google Analytics
- Privacy policy on links to other websites
- Use of the Postident procedure as part of money laundering prevention efforts
- Updating the data protection notice
1. Who is responsible for processing my data?
The company
BFS finance GmbH (hereinafter referred to as the “company”) Carl-Bertelsmann-Str. 23
33332 Gütersloh
E-mail: info@bfs-finance.com
Internet: www.bfs-finance.com
is the operator of the website and responsible for the processing of your data on this website. The company processes personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (hereinafter referred to as “BDSG”).
You can reach the company’s data protection officer at the above postal address, with the addition “Addressed to the data protection officer” or via the e-mail address: datenschutz@bfs-finance.com.
2. Personal data
Personal data is any information relating to an identified or identifiable natural person. An identifiable person is a natural person who can be identified directly or indirectly, in particular, by assigning an identifier such as a name, an e-mail address, a postal address or an online identifier such as an IP address or a cookie identifier.
Processing of personal data is only permitted with legally vaild permission. Your personal data will only be processed when you visit and use the website if the company has legal permission to do so.
3. What data is collected?
When you visit the website, information is automatically collected by the accessing computer (hereinafter referred to as “access data”). This access data includes server log files, which usually consist of information about the browser type and version, the operating system, the Internet service provider, the date and time of use of the website, the previously visited websites and newly accessed websites via the website and the IP address of the computer. With the exception of the IP address, the server log files are not personally identifiable. An IP address is personally identifiable if it is permanently assigned when the internet connection is used, and the internet provider can assign it to a person.
If you continue to use the website services, pseudonymous usage profiles and/or the data you enter on the website (e.g. search words, login data, ratings, form or contract entries, click data) are processed.
In principle, you can use the website without providing your data, for example, to obtain information about us.
A detailed breakdown of the purposes for which, how long, and on what legal basis this data is processed can be found in clause 4 of this privacy policy.
4. For what purposes is the data collected?
The purposes of data processing on this website may result from technical, contractual or legal requirements and, where applicable, consent.
The company shall use the data referred to in clause 3 and the data referred to in clause 4 for the following purposes, among others:
- to provide the website and ensure its technical security, in particular, to correct technical errors, and to ensure that unauthorised persons do not gain access to the website’s systems,
- to process your contact request,
- for the purpose of improving the website offer,
- for the purpose of web tracking and analysis of user behaviour.
Further information on the listed purposes of data processing can be found in the following sections of this privacy notice. If personal data is processed for purposes other than those just listed, you will be informed in the following section about the subject matter, the manner and duration, the purpose, the legal basis applied and any different responsibilities for the processing.
4.1 Use of cookies via Cookie Consent Manager
Cookies are small text files used by websites to make the user experience more efficient. We use cookies to personalise content and ads, and to analyse traffic to our website. We also share information about your use of our website with our analytics partners.
By law, we may store cookies on your device if they are strictly necessary for the operation of this site. For all other cookie types, we need your permission. You can change or withdraw your consent at any time from the cookie statement on our website.
This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages. You can find out which cookies are used in detail in the Cookie Content Manager.
- Necessary cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Functional cookies help website owners understand how visitors interact with websites by collecting information anonymously.
- Marketing cookies help optimise the user experience and measure the website’s reach. With the help of these cookies, we are able to record and evaluate user behaviour on the website. For web tracking, however, the personal identification of the user in question is generally not required, so when your access data is recorded, the stored IP address is either not used or only used in a shortened form (shortening by the last octet) and pseudonymous usage profiles are created. Personal usage profiles are only created in exceptional cases and if you have given your consent for the relevant cookie to be set via our Cookie Consent Manager. These cookies can basically share the information collected with other organisations or advertisers. These are persistent cookies that almost always come from third parties. Web tracking services are regularly provided by our service providers, who, however, only process usage profiles according to our instructions and not for their own purposes. This is ensured by means of commissioned processing contracts. If the service providers are established outside the European Union or the European Economic Area (hereinafter referred to as “EU or EEA”), a so-called third country transfer takes place. This is permissible if you have consented to it, we have created a guarantee for a level of data protection that is adequate to the European standard, or the EU Commission has classified the respective third country as a secure third country. The third country transfer of the respective service is marked below. Further information on the recipients of your data and the transfer to third countries can be found in clauses 6 and 7 of this data protection notice.
4.1.1 Legal basis for data processing
The legal basis for setting functional cookies is Art. 6 (1) lit. f GDPR. Functional cookies are set to ensure the technical usability of the website. The legal basis for setting optional cookies for the purpose of collecting and evaluating pseudonymous usage profiles is Art. 6 (1) lit. a GDPR. The data processing is, therefore, based on your consent to the data processing with the help of our cookie consent manager (opt-in).
4.1.2 Duration of storage or criteria for determining this duration
The data that is collected and evaluated when functional and optional cookies are used is generally stored until you object to their use. However, the storage period of the analysis cookies is a maximum of 24 months.
4.1.3 Possibility to register your objection and request removal
You have the right to object to the processing of your personal data when using functional cookies in accordance with Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation. If you wish to exercise your right of objection, please contact the contact address given in clause 1. If you object to this data processing, you will only be able to use the website to a limited extent or not at all.
Furthermore, you can revoke your consent to the processing of your data in the context of the use of optional cookies at any time with effect for the future. The revocation can be done from a technical standpoint by an opt-out in our cookie manager on this website or by the technical cleaning of cookies by the browser you use. Via the “Privacy Settings” footer, which can be found at the bottom of the website, you can access the settings screen of our Cookie Consent Manager.
4.2 Personalised newsletter
On the website, there is the possibility to subscribe to free newsletters. In order to send you a newsletter, we process the e-mail address, name of your company and the country provided by you on the basis of the consent you gave when registering. We use the so-called double opt-in procedure to register for the newsletter. After you have registered and given your consent, we will send you a message to the e-mail address you have provided, in which we ask you to confirm your registration. In order to prevent misuse of your data and to prove your consent, we store your access data recorded during registration, as well as the registration notification and the texts used for this purpose. After confirmation, you are registered for the newsletter, and your data will be stored in our customer database.
For the dispatch of our free, personalised newsletter, we collect statistical data on the use of our website, in order to optimise our offer accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, with the help of which data is collected for marketing and optimisation purposes, and then stored and processed on the servers of our marketing automation tool. The data collected will be merged with the personal data you provide on the website to create a profile. Profiling can be stopped by deactivating the cookie function in your browser.
4.2.1 Purposes and legal basis of data processing
The dispatch of our newsletter and the downloading of content aim to address business customers in an advertising manner, in order to inform them about the products, solutions and services of BFS finance GmbH.
The free, personalised newsletter aims to address (potential) business customers in an advertising manner, in order to inform them about products, solutions and services of BFS finance GmbH, as well as about events. The legal basis for the processing of your data when registering and participating in the newsletter is consent in accordance with Art. 6 (1) lit. a GDPR / Section 7 (2) No. 3 Unfair Competition Act (UWG).
4.2.2 Duration of storage or criteria for determining this duration
Your data will be stored during your participation in the newsletter. Following a period of inactivity with regard to the newsletter, your data will be stored for a period of 1 year in order to be able to prove that your consent was obtained for the newsletter, and that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.
4.2.3 Possibility to register your objection and request removal
You can revoke your consent to processing in the context of sending personalised newsletters at any time by informing the company of your revocation via the e-mail address info@bfs-finance.com or with the subject line “Revocation of Consent to Newsletter”. An objection can also be made by using the unsubscribe link in the newsletter e-mail.
4.3. Personalised newsletters when downloading e-books/whitepapers/studies
In return for the download of whitepapers/e-books/studies (hereinafter referred to as “Content”) on current topics from our business areas, as well as in return for services provided within the scope of special promotions (e.g. fundraising campaigns, etc.), we have agreed with you to send you a personal newsletter.
Under this agreement, and in order to send you a newsletter, we process the e-mail address, name of your company and country that you provide. We use the so-called double opt-in procedure to register for the newsletter. After registration, we will send you a message to the e-mail address you provided, in which we ask you for confirmation. In order to prevent the misuse of your data and to prove this agreement, we store your access data recorded during registration, as well as the registration notification and the texts used for this purpose.
For the dispatch of our free, personalised newsletter, we collect statistical data on the use of our website, in order to optimise our offer accordingly and to adapt the offer (newsletter and other content) to your needs. For this purpose, one or more cookies are stored on your computer, with the help of which data is collected for marketing and optimisation purposes, and then stored and processed on the servers of our marketing automation tool. The data collected will be merged with the personal data you provide on the website to create a profile. Profiling can be stopped by deactivating the cookie function in your browser.
After confirmation, you are registered for the newsletter, and your data will be stored in our customer database.
4.3.1 Purposes and legal basis of data processing
The dispatch of our newsletter and the downloading of so-called content aims to address business customers in an advertising manner, in order to inform them about products, solutions and services of BFS finance GmbH and about events.
The free, personalised newsletter aims to address (potential) business customers in an advertising manner, in order to inform them about products, solutions and services of BFS finance GmbH, as well as about events. The legal basis for the processing of your data when registering and participating in the newsletter is consent in accordance with Art. 6 (1) lit. a GDPR / Section 7 (2) No. 3 Unfair Competition Act (UWG).
4.3.2 Duration of storage or criteria for determining this duration
Your data will be stored during your participation in the newsletter. Following a period of inactivity with regard to the newsletter, your data will be stored for a period of 1 year in order to be able to prove that your consent was obtained for the newsletter, and that we have acted in accordance with the law. The same applies if you have revoked your consent. Data processing for advertising purposes will then no longer take place.
4.3.3 Possibility to register your objection and request removal
You can revoke your consent to processing in the context of participation in our personalised newsletter offer when downloading e-books/whitepapers/studies at any time by notifying the company of your revocation via the e-mail address info@bfs-finance.com or with the subject “Revocation of Consent to receive Newsletter”. An objection can also be made by using the unsubscribe link in the newsletter e-mail.
4.4 Business customer survey
If you have a business relationship with us, we may occasionally use your information to conduct a customer survey to gauge your satisfaction with our services and identify areas for improvement. Participation in the survey is voluntary, and only takes place with those customers who have given us their consent to do so when establishing the business relationship. The survey is conducted with the help of service providers who are controlled by us as order processors, and who are bound by instructions. A data protection review of these was carried out by us before the surveys were conducted.
4.4.1 Purposes and legal basis of data processing
The purpose of the survey is to improve our products, our services and thus to expand and maintain good customer relations. The data protection basis for this survey is found in Art. 6 (1) lit. f GDPR. Our legitimate interests are to provide our customers with a regular and efficient channel to express criticism so that we can adapt our services accordingly.
4.4.2 Duration of storage or criteria for determining this duration
The data used is stored in our CRM system for the duration of our contractual relationship. After the termination of our contractual relationship, the data will only be used for a final customer satisfaction survey and then blocked for this type of data processing.
4.4.3 Possibility to register your objection and request removal
You have the right to revoke your consent to the use of your data for business customer survey purposes at any time. You will find a corresponding notice in every e-mail inviting you to participate. You also have the right to object to the processing of your data. You also have the right to demand the deletion of your data in accordance with Art. 17 GDPR. Furthermore, you have the right to correct your data and to receive information about the data stored by us.
In order to exercise your data subject rights, please get in touch via the contact address mentioned in clause 1.
4.5 Online application
This website links to the job vacancies of BFS finance GmbH and the Riverty group of companies, where you can apply for a job. You will be redirected to the applicant portal via the job advertisement. In this respect, the actual data processing for the application procedure for your online application does not take place on this website.
4.5.1 Deviating responsibility under data protection law
The company that has published the job advertisement and is looking for new employees is responsible for the job advertisements. This company is also the one that receives your data upon receipt of your application. Your data will not be passed on to other bodies unless this is required by law or you consent to this.
Further information on the responsibilities, the purpose of the data processing and the legal basis, as well as possible recipients and storage period, can be found in the respective job advertisement. You will find further details on the data processing for the specific application procedure for your online application when you register and create your applicant profile.
4.5.1 Purposes and legal basis of data processing
Upon receipt of your online application for a specific job vacancy, your data will be processed for recruitment purposes. In the contractual initiation phase of an employment relationship, your potential employer has an interest in ensuring that you have the professional competence and personal suitability required for the vacant position.
The legal basis for the processing of your data is Art. 6 (1) lit. b GDPR / Section 26 (1) p. 1 BDSG. The data processing, therefore, takes place for the purpose of establishing a potential contractual relationship or employment relationship with you.
4.5.2 Duration of storage or criteria for determining this duration
Your data will be processed as long as it is necessary for the establishment of the employment relationship. After completion of the online application and the hiring decision, your data will be deleted after expiry of the statutory retention period (currently, this is normally 6 months).
4.5.3 Possibility to register your objection and request removal
Due to the applicable legal basis, there is no right of objection pursuant to Art. 21 GDPR for the described processing operation. If you have any questions about this, you can always contact us at the address given in clause 1.
4.6 Contact form, e-mail and telephone contact
On the website, there is the possibility to contact the company via an e-mail address, a telephone number or our contact form. If you take advantage of this option, the data entered, your e-mail address and/or your telephone number, as well as your request, will be transmitted to the company. Depending on the request (e.g. questions about the company’s products and services, the assertion of your data subject rights such as information), your contact data will be processed further (with the help of service providers).
4.6.1 Purposes and legal basis of data processing
The legal basis for the processing of your contact data is Article 6 (1) lit. f GDPR. The legitimate interests lie in the processing of your request and further communication. If your aim of establishing contact involves the conclusion of a contract with the company, the legal basis for the processing of your contact data is Art. 6 (1) lit. b GDPR.
4.6.2 Duration of storage or criteria for determining this duration
After your request has been processed and further communication has ended, the contact data will be deleted. This is not the case if, by establishing contact, your aim is to conclude a contract with the company, or if you assert your data subject rights such as information. For this purpose, the data will be stored until the contractual and/or legal obligations have been fulfilled and legal retention periods do not prevent deletion. This is normally the case after 6 months.
4.6.3 Possibilities of objection and removal
You have the right to object to the processing of your contact details on grounds relating to your particular situation. If you wish to exercise your right of objection, please contact the contact address given in clause 1. If you object, the communication cannot be continued. This does not apply if the storage of your contact data is necessary for the initiation or fulfilment of a contract, or the assertion of your data subject rights.
4.7 Loox
Loox is a cloud-based contact relationship management system (CRM system) and is used to record and keep up-to-date information on prospects, new customers, existing customers, partners, competitors, suppliers and service providers of AFS companies.
If your contact details are collected, for example, on this website by registering for our newsletter, the data is transferred to the contact relationship management system for further processing, and is processed there for the purposes for which it was collected. Logical client separation ensures that only those companies have access to the data stored there that are legally authorised to do so (e.g. through their consent or a corresponding contractual relationship with you).
4.7.1 Purposes and legal basis of data processing
The purpose of the data processing is the legally compliant use of your personal master data for further data processing for which you have authorised us, among other things, through your consent, or for which we have been authorised through a corresponding contractual relationship for data processing. The legal basis is, therefore, Art. 6 (1) lit. a GDPR or Art. 6 (1) lit. b GDPR.
4.7.2 Duration of storage or criteria for determining this duration
The data used is stored in our CRM system for the duration of our contractual relationship. After the termination of our contractual relationship, the data will only be used for a final customer satisfaction survey and then blocked for this type of data processing. If the data processing is based on consent, the data will be deleted if you have objected to its further use in the future.
4.7.3 Possibilities of objection and removal
If the data processing is based on a contractual relationship agreed between you and us, there is no right to object to the processing operation described in accordance with Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time. You also have the right to demand the deletion of your data in accordance with Art. 17 GDPR. Furthermore, you have the right to correct your data and to receive information about the data stored by us. To exercise your data subject rights, please contact the contact address mentioned in clause 1.
4.8 Digital events and activities
The company offers digital events for its employees, customers and/or service providers (hereinafter “Participants”). The events take place on separate areas of the own website, or on the externally hosted platforms of connected service providers. Depending on the event, participants are required to visit the website prepared for the event (a so-called landing page) by means of a user name and password, or by means of a password defined in advance for the event (hereinafter “participation data”). In the process, the IP address and the required participation data of the participants are processed.
4.8.1 Purposes and legal basis of data processing
The purpose of the data processing is to enable participation in the company’s digital events and functions. The legal basis under data protection law is based on the purposes pursued with the events. In the case of mandatory training for our employees, for example, the legal basis is regularly Art. 6 (1) lit. b) GDPR / Section 26 (1) BDSG. Participation and the associated data processing are, therefore, necessary for the performance of the employment relationship. If the event offered is an optional, i.e. voluntary training or an information event for the participants, the legal basis is regularly Art. 6 (1) lit. f) GDPR. The processing is, therefore, carried out on the basis of a legitimate interest that lies in the creation of additional offers for the participants and is, moreover, voluntary. It is also possible that service providers do not provide the offered event as a data processor within the meaning of Art. 4 No. 8 GDPR, but act as a data controller within the meaning of Art. 4 No. 7 GDPR. In these cases, the participation is always voluntary and depends on your consent to the data processing. If it concerns such an event, you will be asked on the landing page to give your consent to the data processing of the respective organiser. The legal basis for data processing is then Art. 6 (1) lit. a) GDPR. In this case, they must assert their data protection rights directly with the organiser. For more information on this, see clause 7.
4.8.2 Duration of storage or criteria for determining this duration
The company processes your data in the context of offering digital events and functions until the conclusion of the respective event. Accordingly, your data (user name, e-mail address, IP address) will be completely deleted after the end of the event. If your data is processed by the organiser under its own responsibility, the duration of storage is determined by the respective data protection information of the organiser.
4.8.3 Possibilities of objection and removal
If the data processing is based on a contractual relationship and/or employment relationship agreed between you and us, there is no right to object to the processing operation described in accordance with Art. 21 GDPR. If your consent is the legal basis for the data processing, you have the right to object to this processing at any time for the future. You also have the right to demand the deletion of your data in accordance with Art. 17 GDPR. Furthermore, you have the right to correct your data and to receive information about the data stored by us. In order to exercise your data subject rights, please get in touch via the contact address mentioned in clause 1.
5. Who receives my data?
Within the company, access to your data is given to those offices that need it to fulfil the purposes outlined in clause 4. Service providers used by the company may also have access to your data (so-called “order processors”, e.g. data centres, hosting, IT infrastructure support or web design). Contracts for order processing ensure that these service providers are bound by instructions, data security and the confidential handling of your data.
6. Is my data processed outside the EU or EEA (third country transfer)?
Insofar as the service providers and/or third parties outside the EU or the EEA mentioned in clause 4 process your data for the purposes mentioned in clause 4, this may result in your data being transferred to a country where no level of data protection adequate to the EU or the EEA can be guaranteed. However, such a level of data protection can be ensured with an appropriate guarantee. Standard contractual clauses provided by the EU Commission can be considered as a suitable guarantee. Pursuant to the judgement of the European Court of Justice of 16 July 2020 (Case C-311/18), service providers engaged by us in a third country will be obliged to disclose to us what additional appropriate technical and organisational measures have been implemented to prevent government surveillance mechanisms. If there are doubts regarding the lawfulness of such data processing, the service providers concerned shall be obliged to adapt their technical and organisational measures.
A copy of these guarantees can be requested from the contact details given in clause 1 above.
Any guarantees may be waived by way of exception if, for example, you consent or the third country transfer is necessary for the performance of your contract with the company. The EU Commission has also recognised certain third countries as secure third countries, so that appropriate guarantees on the part of the company can also be dispensed with at this point.
A third country transfer takes place in the following cases, among others:
- for the provision and default settings of the website, service providers are used whose data centres are located in a third country or who can access the data centres within the European Union or the EEA from a branch in a third country. The company has agreed with these service providers on compliance with the European level of data protection via standard contractual clauses.
- for the use of web tracking services, service providers are used whose data centres are located in a third country or who can access the data centres within the European Union or the EEA from a branch in a third country. The company has agreed with these service providers on compliance with the European level of data protection via standard contractual clauses pursuant to Art. 46 (2) lit. c GDPR.
7. What data protection rights do I have?
You have the right to the disclosure of personal information held about you by us at any time. If data about you is incorrect or no longer up to date, you have the right to request that it be corrected. You also have the right to request the deletion or restriction of the processing of your data in accordance with Art. 17 or Art. 18 GDPR. You may also have the right to receive the data you have provided in a common and machine-readable format (right to data portability). If you have given your consent to the processing of personal data for certain purposes, you can revoke this consent at any time with effect for the future. The revocation is to be addressed to the company at the contact address stated under clause 1. In accordance with Art. 21 GDPR, you also have the right to object at any time to the processing of your data on the legal basis of Art. 6 (1) lit. f GDPR for reasons arising from your particular situation.
In addition, you have the option of contacting a data protection authority and filing a complaint there. The competent authority for the company is the
State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-999
E-mail: poststelle@ldi.nrw.de
However, you can also contact the data protection authority responsible for your place of residence.
8. To what extent is there automated decision-making?
We do not use any fully automated decision-making processes for the purposes mentioned under clause 4 .
9. Google Analytics
We use the web analysis services google analytics to analyze the use of the websites.
Operating company is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
9.1 Use of google analytics
A cookie is set for this purpose. The information generated by this cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there.
The website uses Google Analytics exclusively with the setting of IP anonymization, so that IP addresses are only processed in a shortened form in order to exclude references to individual website visitors. Through the IP-anonymization on this website, your IP address will be shortened by Google within member states of the EU or in other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. If you provide your consent, you agree to the processing of the data collected about you by Google in the manner and for the purpose described above.
Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
For more information follow the attached links:
- https://policies.google.com/privacy?hl=de&gl=de
- https://marketingplatform.google.com/about/analytics/terms/de/
- https://marketingplatform.google.com/intl/de/about/analytics/
When you follow one of the links, you will leave our private space. The legal basis of the following websites will apply.
9.2 Purpose, legal basis, duration of storage and possibilities of objection
For the aforementioned points, the company refers to section 4, in particular to 4.1.1, 4.1.2 and 4.1.3. The statements on optional cookies apply.
10. Privacy policy on links to other websites
10. Data protection information regarding social plugins and social media
By means of the following data protection information, the company fulfils its duty to provide information pursuant to Art. 13, 14 GDPR. This obligation to provide information also extends to the social media presences and not exclusively to the use of social plugins. A reference to this data protection information can be found on the corresponding social media pages. This means that the company also fulfils its duty to provide information in this regard (see Beck’s Online Forms for IT and Data Law 15th Edition 2023 Status: 01/05/2023, Tobias Schubert, Hengeler Mueller Partnerschaft von Rechtsanwälten mbB, rec. 2.).
The social media presences are referred to in the following text as fan pages.
Where social plugins are mentioned, these are the interfaces from the company’s website to social media.
Social plugins from social networks are used on the website. The company is currently represented on the social platforms LinkedIn and Xing. The company uses social plugins on the website for these services.
The services are offered by LinkedIn and New Work SE.
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Xing is nationally operated by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.
According to decisions of the European Court of Justice from 2018 and 2019, the company and the operator of the social network are joint controllers as referred to in Art. 26 GDPR.
The company follows the debate and the audits by the competent authorities and continuously checks independently whether the company can continue to operate its fan pages under the prevailing data protection conditions.
10.1 Use of social plugins
If the user activates the social plugin, it neither actively sends personal data or other information, nor are third parties permitted to access it.
In this case, the user’s browser establishes a direct connection to the LinkedIn and Xing servers. By embedding the plugins, the providers receive the information that the user’s browser has accessed the corresponding page of the company’s website, even if the user does not have a profile or is not currently logged in.
By visiting the company’s fan page through the providers mentioned, numerous data are processed, e.g. the visit can be assigned to the respective user account or, if no user account exists, data can be collected via cookies that are stored on the end device or the IP address. This may result in the creation of user profiles that can be used by the providers for statistical purposes or for individualised advertising purposes, among other things.
This information (including the IP address) is transmitted by the user’s browser directly to a server of the respective provider, if applicable even outside the EU or the EEA, presumably in the USA, and stored there.
Therefore, it is explicitly pointed out that the LinkedIn and Xing services used by the company store user data (e.g. personal information, IP address) in compliance with the data utilisation guidelines used there and use them for business purposes. The company has no influence on the collection of data and their further use by the social networks.
Information on data processing by the providers as well as your data protection rights and settings options for the protection of user data can be found in the data protection information of the social networks. At this point, the user can also view their own cooperation options referred to in Art. 13 para. 2 letter e GDPR. The operator of the social network is also obliged to provide information pursuant to Art. 13 GDPR.
10.2 Use of the fan page
The company uses the fan page to share posts concerning products and corporate culture as well as non-business activities.
Furthermore, the company makes use of the following services in its social media presence:
10.2.1 Contact with the sales team
You can contact the company’s sales team by means of the button provided for this purpose. After clicking this button, users are asked to enter their first and last name, e-mail address, title, position and company. Furthermore, users must provide their consent to the company contacting them by e-mail after the enquiry has been sent.
Further use of the data is based on the company’s general data protection provisions. Processing only takes place for the purpose of establishing initial contact.
10.2.2 Application function
The company does not currently use the application functions of the respective websites. The company creates posts on currently available jobs. If users would like to receive further information on the jobs or submit an application, they are forwarded to the website https://createyourowncareer.de. The data protection provisions of the above-mentioned website apply to further processing.
Apart from the company’s internal data processing, data is also processed by the platform operator.
Please refer to the above information in this regard.
10.3 Purpose and legal basis of data processing
The use of social plugins and fan pages is used solely for the company’s marketing purposes.
Data processing takes place on the legal basis of Art. 6 para. 1 sentence 1 letter f) GDPR.
10.4 Duration of storage
The data are stored until the purpose for which they were collected has been fulfilled. Please refer to section 9.5 if premature erasure is requested.
10.5 Possibility of objection and erasure
If the data processing is based on a contractual relationship agreed between you and us, there is no right of objection to the described processing procedure pursuant to Art. 21 GDPR. If your consent is the legal basis for data processing, you have the right to object to this processing at any time. Pursuant to Art. 17 GDPR, you also have the right to demand the erasure of your data. Furthermore, you have the right to the rectification of your data and to receive information about the data stored by us. To exercise your rights as a data subject, please contact the address provided in Clause 1.
If data are processed directly by LinkedIn and Xing in the course of the use of these websites, your above-mentioned objection and erasure options only exist directly toward the operators of the websites.
11. Use of the Postident procedure as part of money laundering prevention efforts
In order to prevent money laundering, the company is obligated by law to identify and check certain individuals. The company uses three procedures (PostIdent) offered by Deutsche Post AG, as the service provider commissioned by the company, for identification where in-person verification is not possible.
The data protection information for the use of the Postident procedure can be accessed via the following link: