Data protection

General data protection information

1. basic information on data protection

This data protection information applies to the use of the web pages at https://www.dtms.de, https://www.dtms-conference.de, for the establishment and use of a telecommunications contract with us by service customers (e.g. for 0800, 0180, 0900, 0137, 118 services) including the use of our online customer portal and for users who make use of services that are realised in our telecommunications network (in particular callers to the 0800, 0180, 0900, 0137, 118 services realised in our network) as well as the use of our web chat and our AI tool. The information also applies to a contact or supplier relationship that you enter into with us or when ordering newsletters or advertising. The information also applies if we expressly refer to it elsewhere.

The controller responsible for data processing is

dtms GmbH:
Registered office of the company: dtms GmbH
Local court: Mainz
HRB no.: 45187
VAT ID No.: DE295520161
Management Board:
Karsten Rudloff, Bernd Schneider, Dirk Moysich

Company address:
dtms GmbH
Taunusstrasse 57
55118 Mainz
Telephone: 06131 4646 000
Fax: 06131 4646 414
E-mail: info@dtms.de

You can reach our data protection officer at
Andreas Bethke
B3 Group of Companies
Information Security - Data Protection - Coaching
Papenbergallee 34
25548 Kellinghusen
Phone: 04822 36 63 000
Fax: 04822 36 63 333
Mail: datenschutz@dtms.de
www.b3-unternehmensgruppe.de

We (the respective "responsible body") attach great importance to the protection of your personal data. We therefore inform you here about our handling of your data and our data protection principles.

We process personal data collected within the scope of this privacy policy in accordance with the applicable statutory provisions on data protection and data security of the Federal Republic of Germany. For us as a telecommunications company, this is the TKG and the TTDSG. From 25 May 2018, data protection will also be governed in particular by the EU General Data Protection Regulation (GDPR) and the (new) BDSG issued for this purpose.

1.1 Data collection and origin of the data

We collect the data that you provide to us when you use our websites, our web chat and our AI tool.

We also collect data as part of a customer relationship with you as a service customer who has telephone numbers (e.g. 0800, 0180, 0900, 0137, 118 etc.) or services realised in our network. This also includes dialling into our "online customer portal".

In addition, in accordance with the TKG and the TTDSG, we collect the connection identifiers used and other traffic data if you use our telecommunications network by dialling a number or service that is realised in our network (e.g. 0800, 0180, 0900, 0137, 118, etc.). In this case, we collect data to establish and maintain the connection or to provide the service and for billing purposes. For this purpose, your subscriber network operator who provides your connection will, under certain circumstances, inform us of your name and address and bill you for the connection. The details depend on which service you use and whether you are dialling in from a fixed or mobile network.

If you enter into a so-called "contact relationship" with us (enquiries or offers for services, newsletter registration), conclude supplier contracts with us or apply for a job with us, we collect and process this data - insofar as this is necessary or appropriate in accordance with Art 6 lit f) GDPR.

We also collect data from publicly accessible sources (e.g. commercial register, your websites, press articles, etc.) to the extent permitted by Art. 6 (f) GDPR.

Personal data that we collect and store in this way may include

IP address and usage data when accessing website content
Name and address and other contact data (telephone numbers, e-mail address, fax number, etc.), registration numbers, names and addresses of authorised representatives, account information and the corresponding data of the responsible contact persons of the service customer
Other inventory or product data as well as traffic and billing data within a customer relationship with service customers, e.g. selected products and tariffs, payment data
Traffic data as well as billing data and name and address and other contact data (telephone numbers, e-mail address, fax number, etc.), registration numbers, names and addresses of authorised representatives, account information as well as the corresponding data of the responsible contact persons of users of our telecommunications network.
Name and contact details in the context of establishing and processing a contact relationship or a supplier relationship.
Name and e-mail address when registering for the newsletter as well as dispatch information for the respective newsletters.
Information that we receive from publicly accessible sources on the basis of Art. 6 para. 1 lit. f) GDPR.
All personal data is only collected within the scope of a legal authorisation or if you have given us your consent.

1.2 Use and disclosure of personal data in general

We use your personal data to enable you to use our website. In addition, data is processed and transmitted when you use our websites, insofar as you use social network services and for anonymised analysis, see section 7 for details.

We generally use your personal data to establish and fulfil a contract with you as a service provider and to bill you.

If you use our telecommunications network through a call or a connection, we use your data to enable and bill this use. It may also be necessary for us to exchange your data with the respective service provider, for example in the event of disrupted payments. In addition, data is exchanged with the subscriber network operator that provides your connection, insofar as this is necessary for the provision of the service and its billing as well as the collection of the fee. Accordingly, data may be transferred to other network operators or providers of telecommunications services if this is necessary for the service you have selected as a user.

If you enter into a contact, supplier or application relationship with us, we will use your data to establish and fulfil or process this relationship and, if applicable, to bill you.

In addition, we use data that we have lawfully obtained for the purpose of advertising by post and also by e-mail or telephone, provided that you have given your specific and effective consent to this.

Overall, it may also be necessary for us to pass on your data to external service providers as part of order processing. In addition, we may exchange data with credit agencies in individual cases and within the authorisation pursuant to Art. 6 para. 1 lit. f) GDPR if this is necessary or appropriate for the establishment of a contract or the enforcement of claims. We will neither sell your personal data to third parties nor market it in any other way.

Data transfers to third countries occur in the context of the administration, development and operation of IT systems and only insofar as a) the transfer is generally permitted and b) the special requirements for a transfer to a third country are met, in particular the data importer guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to processors in third countries. This is based on the provisions of the GDPR, the Federal Data Protection Act and the Telemedia Act. Data may also be transferred when using our websites, see section 7 for details.

2. Purposes of the data processing

We process the aforementioned personal data in accordance with the provisions of the GDPR and the Federal Data Protection Act (BDSG) and - where applicable - the Telecommunications Act (TKG) and the Telemedia Act (TTDSG).

2.1 For the fulfilment of contractual or pre-contractual obligations (Art. 6 (1) (b) GDPR)

The processing of personal data takes place for the use of our website by you, for the fulfilment of a contract with you as a service provider, when using our network and in the case of a contact or application relationship. The purposes of the data processing and the necessity are primarily based on the purposes specifically determined by the aforementioned legal relationships.

Within the scope of a contract with a service provider, this includes in particular the establishment, structuring, fulfilment, consultation and billing of such a customer relationship as well as the exchange of personal data with necessary business partners (e.g. transferring or receiving network operators when switching providers, data exchange with interconnection partners). When using our network, we also exchange data with other network operators insofar as this is necessary to establish and maintain the connection or to provide the desired service, as well as for billing and invoicing, including debt collection. This also includes storing data on payment behaviour. We need this data in order to be able to carry out the dunning process or a possible blocking.

Processing also takes place to process your enquiries and to initiate customer relationships or a comparable contact relationship, as well as for job applications.

For the aforementioned purposes, it may also be necessary for us to pass on your data to group companies or external service providers as part of order processing.

2.2 Processing in the context of a balancing of interests (Art. 6 para. 1 lit f. GDPR)

If necessary for our purposes, we process your data beyond the actual fulfilment of the preliminary contract or contract to protect our legitimate interests or those of third parties, unless your interests in not processing the data prevail:

Anonymisation of IP addresses when using our website for statistical purposes, data security and the optimisation of our website.
Use of our website with social network plug-ins with data exchange to the social networks, unless the user objects to this data transfer by blocking the JavaScript or loading a plug-in that prevents the transfer. In this case, the use of the website function may be restricted, see section 7 for details.
Possible measures for the data security of our website, such as in particular the storage of IP addresses, if the specific threat situation makes this appear appropriate. Establishment and fulfilment of contact relationships within the scope of expediency
Processing of job applications within the scope of expediency
Recovery of outstanding claims; here we work together with reliable partners, see section 6.
Postal advertising, unless you object to this
E-mail advertising, provided you have previously consented to such advertising.

2.3 Processing within the scope of your consent (Art. 6 para. 1 lit a) GDPR)

If you give us your consent to the processing of personal data for a specific purpose in accordance with the existing requirements, we will process this data within the scope of the consent.

2.4 Processing on the basis of legal requirements (Art. 6 para. 1 lit c) GDPR)

We process your personal data insofar as we are subject to a legal obligation, such as the statutory retention obligations or information or monitoring obligations towards state institutions within the framework of the law.

3. data transfer to third parties

Within our company, those persons who are entrusted with the processing of your data will have access to it within the scope of necessity or appropriate expediency. Service providers and vicarious agents employed by us may also be given access to personal data for these purposes if they comply with our written instructions under data protection law and general data secrecy within the scope of commissioned processing and - where applicable - maintain telecommunications secrecy.

In addition, as part of the realisation of services in our network, data is exchanged with the participating network operators and other service providers in accordance with the TKG and the TTDSG, in particular when changing providers and when establishing and maintaining connections across network boundaries as well as for billing and the collection of receivables. This transmission only takes place within the scope of necessity, as stipulated in §§ 9 ff. TTDSG is prescribed. The details of the data exchange and data processing depend on the type of service used and whether you call the service from the fixed or mobile network. For further details, please contact the provider of the subscriber line that enables you to dial the services that are realised in our network. Information can also be obtained from the respective service provider whose services you select as a user in our network. As we do not know your specific provider of the subscriber line or the service provider you will select in the future in advance, we cannot provide you with any specific information at this point about the address at which you can contact your respective contractual partner, your operator of the subscriber line or your service provider.

We work together with third parties in the recovery of claims, see section 6.

In particular, we will not transmit any personal data to third parties for the purposes of advertising or address trading.

When using our website, data is transmitted to the providers of social networks, see section 7.

4. Data transfer to a third country or to international organisations

Data is only transferred to countries outside the EU or the EEA ("third country") if this is necessary for the execution of the contractual relationship (contract with the service provider or for the use of the services realised in our network). In the case of other contractual relationships, such as a contact relationship or an application, such data transfer only takes place for the fulfilment of this contractual relationship or if this is exceptionally appropriate due to a legitimate interest. The same applies to the use of our website from locations outside the EU or the EEA. When using our website, data is transmitted to the providers of social networks, see section 7.

5. Duration of data storage

When using the website, we store the IP address and usage data for the duration of the usage process. In addition, the IP address is stored insofar as this is appropriate for data security and the clarification or prevention of security or data protection breaches, whereby the appropriateness depends on the specific threat situation. In this case, the IP addresses are only stored for as long as is appropriate for the aforementioned purposes, usually no longer than three months. In the event of a criminal complaint or prosecution or the enforcement of claims against persons who commit security or data protection violations, the data may be stored and used until the claims have been finally clarified or enforced. When using our website, data is also transmitted to analytics services and social network providers, see section 7.
In order to establish, structure and fulfil a contract with you as a service provider, we store the data until the end of the contract and beyond, namely until the end of the calendar year following the year in which the contract is terminated. At the end of this period, the data is not deleted but blocked, as we are required by commercial and tax law to store the data for up to 10 years. This storage also applies to the invoice totals. In particular, we store the individual connections and the resulting billing data for a period of 3 calendar months if this is necessary for billing purposes with you or other network operators or service providers. If the party liable to pay (e.g. you or the user/end customer or network operator liable to pay) raises objections in due time, the data will be stored until the objections have been clarified or the claim has been collected. Further storage will only take place in exceptional cases if this is permitted under the TKG and the TTDSG (e.g. troubleshooting, clarification and prevention of misuse).

If you as an end user use a service that is realised in our network, we process and store your data as part of this usage process for as long as it lasts and is necessary for the usage. After the end of the usage process, we will store your data for a period of 3 calendar months if this is necessary for the purpose of billing you or other network operators or service providers. If the party liable to pay (e.g. user/end customer) raises objections in due time, the data will be stored until the objections have been clarified or the claim has been collected. Further storage will only take place in exceptional cases if this is permitted under the TKG and the TTDSG (e.g. troubleshooting, clarification and prevention of misuse).

In the context of a contact relationship, the contact data and communication data are stored and used insofar as this is necessary for the respective communication purpose or is appropriate within the scope of reasonableness.

In the context of an application relationship, the contact data and the application data are stored and used insofar as this is necessary for the respective application purpose or is appropriate within the scope of reasonableness. If the application is not accepted, the data will be deleted within two months of notification of the rejection, provided that no other legitimate interests of the controller conflict with deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

If you register with us for the newsletter or a competition, your data will be stored and used until you unsubscribe from the newsletter or we cancel the newsletter. Your consent and the information about the previous mailing will remain stored until the limitation period for possible injunctive relief on your part has expired, but we will no longer use the data for the further mailing of newsletters. The details of data processing can be found in the respective competition.

6. recovery of outstanding claims

Insofar as the recovery of an outstanding debt becomes necessary from the contractual relationship or in any other way in the context of safeguarding our legitimate interests - and the interests of the fundamental rights and freedoms of the data subject, which require the protection of personal data, do not outweigh this - we alternatively commission one of the following legal entities with the recovery:

Debt collection company:

TEKA-Collection GmbH
Normannenweg 32
20537 Hamburg

HIB Hanse Inkasso Bureau GmbH & Co. KG
Normannenweg 32
20537 Hamburg

Clearing for 0900 & 118 numbers (offline billing):

REAL Solution Inkasso GmbH & Co. KG
Normannenweg 32
20537 Hamburg

nexnet GmbH
Linkstraße 2
10785 Berlin

The data required for recovery will be transmitted to the legal entity commissioned in each case. The legal basis is Article 6(1)(b) and Article 6(1)(f) of the GDPR. For further information on data processing by the aforementioned legal entities, please contact them at the address provided.

7 Other processing operations

The other processing operations carried out when using our website are described below.

7.1 Automatically collected information for web analysis

For technical reasons, your Internet browser automatically transmits data to the web server when you access the website. This data is collected for marketing and optimization purposes in addition to the provision of services, see below.

7.2 Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Most of the cookies we use are so-called service cookies that we set when you visit our website in order to be able to provide the service you have requested securely. These service cookies are automatically deleted at the end of your visit.

7.3 LinkedIn

Our website uses functions of the LinkedIn network. You can recognize the call of LinkedIn, LinkedIn, 2029 Stierlin Court, Mountain View, CA 94043 USA, by the "in" sign on a blue background. If you activate our "in" button as part of the 2-click solution, a connection is established with the LinkedIn server and the LinkedIn plugin is loaded on the respective website. The content of the "in" button is transmitted by LinkedIn directly to your browser, which integrates it into the website. There is a possibility that your IP address will be transmitted to LinkedIn in the USA in this way. If you are a LinkedIn member and do not want LinkedIn to collect data about you via our website when the "in" button is activated and link it to your member data stored on LinkedIn, you must log out of LinkedIn before visiting our website.

We have no influence over the data that LinkedIn collects in this way, nor over the scope of the data collected by LinkedIn. We also have no knowledge of the content of the data transmitted to LinkedIn. Details on data collection by LinkedIn as well as your rights and settings options can be found in LinkedIn's privacy policy.

You can find this information at http://www.linkedin.com/legal/privacy-policy

7.4 X

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at https://twitter.com/privacy .

You can change your data protection settings on Twitter in the account settings at https://twitter.com/account/settings .

7.5 Xing

We would like to inform you here about the processing of personal data via the XING share button function.

The "XING share button" is used on this website. When you access this website, your browser establishes a short-term connection to the servers of XING AG ("XING"), which are used to provide the "XING Share Button" functions (in particular the calculation/display of the counter value). XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior through the use of cookies in connection with the "XING Share Button". You can access the latest data protection information on the "XING share button" and additional information on this website: https://www.xing.com/app/share?op=data_protection

7.6 Hubspot

We use Hubspot, an integrated software solution for online marketing, on our website. The provider of this service is Hubspot Inc, 25 First St. 2nd Floor Cambridge, MA, USA. The software company also has a branch in Ireland with the address 1 Sir John Rogerson's Quay, Dublin 2, Ireland.

For the purpose of optimizing our marketing measures, the following data in particular may be processed via HubSpot Geographic location, browser type, navigation information, referral URL, performance data, frequency of use, domain names, pages viewed, aggregated usage, version of operating system, internet service provider, IP address, device identifier, duration of visit, events that occur within the application, clickstream data.

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. If you do not want HubSpot to process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future in the cookie settings.

The storage period for cookies is 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been fulfilled, unless statutory retention periods prevent deletion.

As part of processing via HubSpot, data may be transferred to the USA. In order to guarantee the level of data protection in the USA, we have concluded the standard data protection clauses with HubSpot. In addition, a Transfer Impact Assessment (TIA) was carried out for this purpose.

Further information about how HubSpot works can be found in the HubSpot Inc. privacy policy, available at: http://legal.hubspot.com/de/privacy-policy

7.7 Google services

7.7.1 Google Analytics

We use Google Analytics on our website, a web analysis service to optimize advertising measures. The provider of this service is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The following data may be processed for the purpose of optimizing our advertising measures IP address, time of visit, device and browser information as well as information on the use of our website.

The IP address transmitted by the browser used as part of Google Analytics is not merged with other Google data. In order to ensure the best possible protection of your personal data, Google Analytics has been extended on this website by the code "anonymizeIp". This code causes the last 8 bits of the IP addresses to be deleted and your IP address to be recorded anonymously (so-called IP masking). Your IP address will be shortened by Google before transmission within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.

The maximum storage period is 14 months[DT3].

The legal basis for processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. If you do not want the aforementioned data to be processed by Google, you can refuse your consent or revoke it at any time with effect for the future in the cookie settings.

Further information on Google's terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html.

7.7.2 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be revoked at any time.

The data will be deleted if the purpose has been fulfilled and there are no conflicting legal provisions.

Data may be transferred to the USA as part of processing. The data transfer to the USA is based on the adequacy decision between the USA and the EU. Google is certified as a company under the US-EU Data Privacy Framework.

For more information on the purpose and scope of data collection and processing, as well as further information on your rights in this regard and settings options to protect your privacy, please refer to Google's advertising privacy policy: http://www.google.de/intl/de/policies/technologies/ads .

7.7.3 Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to subsequently display interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.g. cell phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising by clicking on the following link: https://www.google.com/settings/ads/onweb/ .

The use of this service is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

The data will be deleted if the purpose has been fulfilled and there are no conflicting statutory provisions.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=de .

7.7.4 Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can analyze which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this service is based on your consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be revoked at any time.

The data will be deleted if the purpose has been fulfilled and there are no conflicting legal provisions.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

7.8 Lead Gen Forms

We use so-called Lead Gen Forms from LinkedIn for the purpose of acquiring new customers. We use this functionality to address interested parties in a more targeted manner. By using these services, we offer interested parties a function with which they can provide us as users of LinkedIn with their e-mail address or other user information.

The following data may be processed for this purpose Surname, first name, e-mail address, telephone number.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. If you no longer wish your data to be processed, you can withdraw your consent with effect for the future by using our contact form.

After the purpose has been achieved, we will delete the data you have transmitted via Lead Gen Forms, unless we are legally obliged to retain it for a longer period of time or we still need your personal data to execute or process an existing contractual relationship or for verification purposes.

Details on how LinkedIn handles your personal data can be found in LinkedIn's privacy policy.

7.9 LinkedIn Insight Tag

Our website uses the "LinkedIn Insight Tag" conversion tool from LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) for the purpose of optimizing our advertising measures.

The LinkedIn Insight Tag places a cookie in the user's browser. LinkedIn uses this to collect data such as URL, referrer URL, device properties, browser properties and IP address.

LinkedIn anonymizes the data within 7 days. It deletes the data again within 90 days. We do not receive any personal data. It is possible to receive summarized reports on the demographics of the target group and the performance of our ads.

The legal basis for processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR, § 25 Para. 1 TTDSG. If you do not want LinkedIn to process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future in the cookie settings.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out"), click here.

Further information on LinkedIn's terms of use and data protection can be found at https://de.linkedin.com/legal/privacy-policy#data

7.10 Leadinfo

For the purpose of improving customer communication, this website uses the service of the provider Leadinfo B.V. Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands.

With the help of this service, publicly accessible company data, such as company names and addresses, are displayed to us by processing the IP address. After use, the IP addresses are deleted.

In addition, two first-party cookies are used to provide us with information on user statistics.

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TTDSG. If you do not want Leadinfo to process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future in the cookie settings.

You also have an opt-out option here. If you opt out, your data will no longer be collected by Leadinfo.

Further information on Leadinfo's terms of use and data protection can be found at https://www.leadinfo.com/de/datenschutz/.

7.11 Jira Service Management

We use the Jira Service Management System software from Atlassian Inc (1098 Harrison Street, San Francisco, California 94103, USA) to process any concerns of our customers. The software is used in particular for error management, troubleshooting and operational project management.

For this purpose, your e-mail address, user name and the password you have created will be processed in encrypted form if you wish to view your request via the portal. However, it is not mandatory to create a user account (consisting of e-mail address and password). The log-in data for the portal can be created by yourself and can also be changed or deleted at any time. You generally have the option of requesting the deletion of all personal data at any time via Atlassian at https://www.atlassian.com/de/trust/privacy/gdpr/request-delete-personal-data.

The legal basis for the processing of your data is the fulfillment of our contractual obligations pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

Data is transferred to the USA. Atlassian Inc. is certified under the Data Privacy Framework program. In addition, we have concluded an order processing agreement with Atlassian Inc. in accordance with Art. 28 GDPR and standard contractual clauses.

8. Facebook fan page

We use the technical platform and services of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We would like to point out that you use this Facebook page and its functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).

Meta Platforms Ireland Ltd. and we are jointly responsible for the processing of personal data for the creation of usage statistics in accordance with Art. 26 GDPR. The agreement on joint responsibility applies, which you can find at the following link: https://de-de.facebook.com/legal/terms/page_controller_addendum

If you are a Facebook user, the data specified in the Meta Data Policy will be processed. For non-registered users, cookies may be stored in their browser.

This information is used to process user data for market research and advertising purposes. The data enables Meta Platforms Ireland Ltd. to create user profiles and display personalised advertisements. You can find more information in the Meta Data Policy.

Your user data is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. This enables us to constantly optimise our Facebook offering for you. Facebook provides more information on this at the following link: http://de-de.facebook.com/help/pages/insights

Facebook does not conclusively and clearly state how it uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, and we are not aware of this. As the operator, we do not make any decisions regarding the processing of Insights data, as Meta Platforms Ireland Ltd. is primarily responsible under the GDPR.

The legal basis for the processing of user data is based on the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f in an effective external presentation and more efficient communication with our customers and interested parties.

The personal data will be deleted or blocked as soon as the purpose of storage no longer applies and there are no legal provisions to the contrary.

Any further storage of this data by Meta Platforms Ireland Ltd. will be governed exclusively by the provisions of its Data Policy and Terms of Use.

The data collected by Facebook is exchanged within Meta Platforms Ireland Ltd, which includes Instagram, WhatsApp and Oculus, for example. You can find this information in the Meta Data Policy under "How do the Meta companies work together?"

The data collected about you in this context is processed by Meta Platforms Ireland Ltd. and may be transferred to countries outside the European Union.

The data subject rights listed in our data protection information can be asserted with Meta Platforms Ireland Ltd. and with us in the context of the use of Facebook pages.

9. Microsoft Teams

We offer participation in our online events via video / audio through the video conferencing function of Microsoft Teams (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland).

As part of our online events using Microsoft Teams, the following personal data may be processed

Communication data (e.g. your email address, if you provide this personal data)
Log files, protocol data
Metadata (e.g. IP address, time of participation, etc.)
Profile data (e.g. your user name, if you provide this yourself)

Text, audio and video data: You may have the opportunity to use the chat function in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the "Microsoft Teams" applications.
The data processing is based on our legitimate interest pursuant to Art. 6 para. 1 f) GDPR in organising online information events to inform participants about specialist topics and for business activities.

In addition, the legal basis for data processing when organising "online meetings" is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are held within the framework of contractual relationships.

Personal data that is processed in connection with participation in "online meetings" will not be passed on to third parties unless it is intended to be passed on. The provider of Microsoft Teams necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft Teams.

Data processing takes place on servers in data centres in the European Union in Ireland and the Netherlands.

The personal data will be deleted as soon as the purpose of storage no longer applies and there are no legal provisions to the contrary.

10. Your rights as a data subject

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under Sections 34 para. 1 no. 2 and 35 para. 1 sentence 1 BDSG apply to the right of access and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

You can withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

11. right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

12. right to lodge a complaint with the competent supervisory authority

In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority.

13. amendment of our data protection provisions

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

14. Data protection information in the application process

Applicants' documents generally include the data required for assessment and selection, which results from the job description or is communicated separately. The documents are only stored for as long as is necessary for the recruitment process.

15. web hosting

Our website is hosted in-house by dtms GmbH.

Deviating from this, our web tools are hosted by the following providers:

Mittwald CM Service GmbH & Co. KG
Königsberger Street 4-6
32339 Espelkamp

Telephone: +49-5772-293-100
Fax: +49-5772-293-333

HRA: 6640, AG Bad Oeynhausen
VAT ID No.: DE814773217

General partner: Robert Meyer Verwaltungs GmbH, AG Bad Oeynhausen HRB 13260
represented by the managing directors: Robert Meyer, Maik Behring

Telephone & e-mail availability:
Customer service is available by telephone Mon-Fri from 09.00 to 18.00 on 0800/440-3000.
E-mail: support@mittwald.de

You can find the data protection provisions of our web tool host on the following website: www.mittwald.de/datenschutz.