Privacy Policy

Name and contact details of the data controller: Deutscher Fachverlag GmbH, Mainzer Landstraße 251, 60326 Frankfurt am Main, Germany

If you have any questions that this data protection declaration could not answer, or if you would like more detailed information on any point, please contact us at any time at presse@dfv.de or by post (Deutscher Fachverlag GmbH, Unternehmenskommunikation, Mainzer Landstr. 251, 60326 Frankfurt am Main, Germany).

You can contact our data protection officer as follows: Deutscher Fachverlag GmbH, Datenschutz, Mainzer Landstraße 251, 60326 Frankfurt am Main, Germany or by e-mail to datenschutz@dfv.de.

To provide our website securely and efficiently, we use the services of bitfuel GmbH, Hanauer Landstraße 136A, 60314 Frankfurt am Main. In doing so, our website is accessed from their servers (or servers managed by them). For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

Within the scope of hosting, our web hosting provider processes all data that is generated during the use of our website and communication with us. This regularly includes the IP address, which is necessary to be able to deliver the contents of websites to browsers, and all entries made within our website.

Each time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected in this process:

• Information about the type of browser and the version used
• Your operating system
• Your IP address
• Date and time of access
• Referrer URL (the previously visited page)

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of the data and the log files is Section 25 Para. 2 No. 2 TDDDG. The temporary storage of the IP address by the system is necessary to enable delivery of the website to your computer. For this purpose, your IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data for technical optimization of the website and to ensure the security of our information technology systems.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, there is no possibility to object.

You can find more information about data protection at our web hosting provider here: https://bitfuel.de/datenschutzerklaerung.

When contacting us (e.g. via contact form, email, telephone or via social media), we process your data for processing the contact request and its handling.

If you have given us your consent for this, the legal basis for the processing of this data is Art. 6 para. 1 lit. a GDPR. Otherwise, the legal basis for the processing of this data is Art. 6 para. 1 lit. f GDPR, in particular if the data is transmitted to us by you by sending an e-mail. Insofar as you wish to work towards the conclusion of a contract by contacting us, Art. 6 para. 1 lit. b GDPR represents an additional legal basis.

If we provide a contact form on our website, the data you enter in the input mask is transmitted to us and stored, e.g. inventory data (e.g. names, addresses) and contact data (e.g. e-mail, telephone numbers).

In addition, we record your IP address and the time of submission. The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. Unless explicitly stated in the contact form, the data will not be passed on to third parties.

Your data may also be temporarily stored in a customer relationship management system ("CRM system") or comparable inquiry organization.

Subject to legal retention periods, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when we have finally processed your respective request.

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

You can use the option on our website to apply for a job advertisement. For the application process, you will be redirected to our career site. The subject of data protection is the processing of personal data, in this case in the context of application management. According to Art. 4 No. 1 GDPR, this includes all information relating to an identified or identifiable natural person that is required for the application process and the initiation of an employment, Section 26 BDSG.

The information on applicant management also apply to the following projects:

• dfv Award („Qualitätsmacher:innen des Jahres”)
If you have any questions that this privacy policy could not answer, or if you would like more detailed information on any point, please contact us at any time at jobs@dfv.de or by post (Deutscher Fachverlag GmbH, Human Ressources, Mainzer Landstr. 251, 60326 Frankfurt am Main, Germany).

a. Data processing

For the efficient implementation of application procedures, we use an applicant management system from softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin, which operates the applicant management system as a processor within the meaning of Art. 4 No. 8 GDPR. A data processing agreement in accordance with Art. 28 GDPR has been concluded with the provider, which ensures compliance with the provisions of data protection law.

We remain your first point of contact for exercising your data protection rights and for handling the application process. You can contact us directly or confidentially to the data protection officer under the details of the responsible person given above.

b. Session cookies

We store so-called "cookies" to provide you with an extensive range of functions and to make the use of our websites more comfortable. "Cookies" are small files that are stored on your computer with the help of your browser. If you do not wish "cookies" to be used, you can prevent them from being stored on your computer by making the appropriate settings in your browser. Please note that the functionality and scope of functions of our website may be limited as a result.

We set the cookie JSESSIONID on the careers page as a technically necessary session cookie. This stores a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close the browser. The legal basis for the use of technically necessary cookies is Section 25 Para. 2 No. 2 TDDDG.

c. Application process

As part of the application process, you can set up and manage an account in the career portal after configuring a username and password. You can use further options in the softgarden applicant management system beyond the individual application and make your individual settings (e.g. inclusion in a talent pool).

For efficient and promising application, you can provide the following information as part of your application to us:

• Personal contact data (including name, address, telephone number, etc.)
• Curriculum vitae data e.g.
• School education
• Vocational training
• Work experience
• Language skills
• Profiles in social networks (e.g. XING, LinkedIn)
• Documents in connection with applications (photo, cover letter, references, work samples, etc.).

The legal basis for processing for the purposes of carrying out the application procedure and initiating an employment is Section 26 (1) BDSG, Art. 6 para. 1 sentence 1 lit. f and a GDPR. In addition, the use of an applicant management system is in our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

d. Disclosure of data

Your data will not be passed on to unauthorized third parties in the context of applicant management and will only be processed for the purposes stated in this privacy policy. Your data will be passed on to internal departments and specialist managers, insofar as knowledge of the details from the application process is necessary and permissible for the selection of applicants or for internal administrative purposes. For this purpose, your details may be forwarded by e-mail or within a management system. Legal basis can be Section 26 para. 1 BDSG, Art. 6 para. 1 sentence 1 lit. f as well as a GDPR.
A transfer to external third parties may also take place for the defense of legal claims based on legitimate interest or in the context of the investigation of or disclosure to government agencies, insofar as a law requires this or there is an obligation to disclose. The information obligations vis-à-vis data subjects within the meaning of Art. 13, 14 GDPR are ensured in advance of the transfer in question, insofar as these are to be fulfilled separately.

e. CV analysis with "Textkernel"

We process and analyze documents uploaded by you using AI technology to extract resume data and convert it into a structured form (so-called "CV parsing").

To ensure data subject rights and security standards, a contract for data processing has been concluded with the service provider. The data processor is the ISO27001-certified provider Textkernel B.V., Nieuwendammerkade 26 A 5, (1022AB) Amsterdam, the Netherlands. The data processing takes place on a server in Germany in a secured environment. 

The legal basis for the processing is Section 26 para. 1 BDSG as well as Art. 6 para. 1 p. 1 lit. f GDPR, to initiate an employment and to make the application process as efficient as possible. Personal data will not be transferred to unsafe third countries. Your data will be deleted from the Textkernel cache after processing.

f. Feedback module

Accompanying your application, we may ask you to submit your feedback after an interview and 3 months after you are hired. For this purpose, we will send you an invitation link that will lead you to the rating system to submit your feedback. The purpose of the processing is the further development and optimization of our recruiting and application processes as well as the corporate image.

For this purpose, the following data is processed automatically:

• Contact details (name, e-mail)
• Position title of the job for which you have applied
• Location of the position
• Job category
• Applicant ID

The feedback itself is stored anonymously in the database. A personal reference is not established. In addition to a star rating of individual questions, you have the option of leaving comments here. We expressly ask you not to leave any personal data in the comments. The information collected in this way may be displayed together with your feedback on our rating page or transmitted to external partners such as kununu.

Participation is purely voluntary and only takes place with your consent, without which it is not possible to provide feedback. The legal basis is Art. 6 para. 1 lit. a GDPR.

g. Subscription to job advertisements

To be informed about new job offers, you can subscribe to the job newsletter or have suitable jobs displayed on our career board (RSS feed). You can define the subscription in more detail by specifying the desired job as well as the location.

For the subscription, it is also necessary to provide your e-mail address. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 Para.1 lit. a GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter.
No personal data is processed via the RSS feed itself to inform you about new job advertisements.

h. Online surveys "Easyfeedback”

At the end of the application process, you may be shown an invitation to a survey by softgarden via a link. The survey takes place via a service of easyfeedback GmbH to query the application experience. softgarden conducts this survey as the controller within the meaning of Art. 4 No. 7 GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) as well as for the further development of softgarden products.

The collection of the survey data is secured by SSL encryption as standard and softgarden does not establish any personal reference within the scope of the evaluation. The survey can be cancelled at any time. The data processed up to the point of cancellation can be used for the purposes stated.
Your participation in the survey is purely voluntary and by participating you declare your consent, without which your participation is not possible, Art. 6 para. 1 lit. a GDPR. The processing of the data for evaluation purposes is anonymized at softgarden.

You can find more information about the data protection of easyfeedback in the following notes: https://easy-feedback.de/privacy/datenschutzerklaerung.

i. Talent pool

As part of your application or via the "Get in touch" (German: “In Kontakt treten”) button, you have the opportunity to recommend yourself for our talent pool. The processing is necessary in order to be considered automatically for further job postings, i.e., for similar or otherwise suitable positions.

If you register for the talent pool via the "Get in touch" button, the following information can be requested:

• Salutation, academic title (optional)
• First name, last name, e-mail address
• Job fields of interest
• Current career level
• Preferred location(s)
• XING profile or resume

Inclusion in the talent pool is purely voluntary with your consent as well as using an opt-in link. The legal basis is Art. 6 para. 1 lit. a GDPR. Furthermore, we will write to you after 6 months to ask whether you would still like to be part of the talent pool.

j. "Social media in the application process" survey

We conduct surveys on the topic of "social media in the application process" and use survey and feedback solutions from various service providers for this purpose where necessary. In this context, personal data is only processed to the extent that this is necessary for the provision and implementation of the surveys, or you have consented to this.

For example, the temporary storage of the IP address by the system is necessary to enable delivery of the survey to your browser at all. The data processed may include, in particular, content data (e.g. entries in forms), usage data (e.g. web pages visited, access times) and meta/communication data (e.g. IP addresses). Participation is, of course, voluntary.

The legal basis for the processing of the data, if you have given your consent, is Art. 6 para. 1 p. 1 lit. a GDPR. Furthermore, the data processing is based on our legitimate economic interest pursuant to Art. 6 para.1 p. 1 lit. f GDPR for the purpose of conducting an objective survey to achieve the purpose of the survey. If the survey serves the fulfillment of a contract or the implementation of pre-contractual measures, the legal basis for the processing of the data is Art. 6 para. 1 lit. b of the GDPR.
Services used and service providers:

• Microsoft Forms: online forms; service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland; website: https://www.microsoft.com/de-de/microsoft-365/online-surveys-polls-quizzes; privacy policy: https://privacy.microsoft.com/de-de/privacystatement

k. Deletion of data

Your data will be stored for the duration of the application process as well as in accordance with legitimate retention periods after completion of the application process. In the event of a rejection, the data will be kept for 6 months. After successful recruitment, the data will be retained for another 7 months. After the retention period has expired, the data is completely anonymized. The processing of anonymized data sets is not subject to the material scope of data protection regulations, so that anonymized data can be processed for statistical and analytical purposes, for the preparation of market studies or for product development.

l. Cloudflare

We use the services of the ISO 27001-certified provider Cloudflare Inc, 101 Townsend St, San Francisco, USA and its subsidiary Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany ("Cloudflare") to increase the security of our platform, in particular to protect against DDoS attacks, and to improve the speed of delivery. Cloudflare provides a network of servers capable of delivering optimized content to the end user and intercepting virus-laden traffic.

The services provided by Cloudflare include the product "Data Localization Suite" with the components "Regional Services" and "Metadata Boundary for Customers". Both components ensure that the transfer of personal data when using our platform takes place exclusively within the EU.

The "Regional Services" ensure that the customer content traffic, in this case the end customer traffic, is securely transferred to Cloudflare PoPs within the region we have selected and is checked within a Point of Presence (PoP) in this defined region.

We have chosen Germany as a selected region, so all traffic is checked exclusively on servers in Germany. Metadata Boundary ensures that Cloudflare does not transfer any customer logs originating from the services used outside the European Union.

The personal data processed by Cloudflare includes all content transmitted by our customers and applicants, i.e. beyond the IP address, all files (application documents) and multimedia images, graphics, audio or video, as well as any interaction of their browser with our system.

Cloudflare sets technically necessary cookies, which are required for security purposes and for the secure provision of the service and user-friendliness on our platform, § 25 para. 2 no. 2 TDDDG.

Your personal data will be stored by Cloudflare for as long as is necessary for the purposes described, usually 124 calendar days.

Website: https://www.cloudflare.com/de-de/; Privacy Policy: https://www.cloudflare.com/privacypolicy/

a. Photo/video

We would like to point out that photos and video recordings may be made during events. These recordings may be published afterwards in various media (print as well as online media and social media channels).

The legal basis for the recording of photo and video material is Art. 6 para. 1 lit. f, 85 GDPR in connection with §§ 22, 23 KUG. The photo and video recordings are made for the purposes of reporting, marketing, public relations, and informative presentation of our commercial services. In these purposes also lies our legitimate interest in the data processing. The publication of individual recordings is intended to take place indefinitely, which is why selected photos and videos are kept for an indefinite period for specific purposes. Other photos and videos will be deleted as soon as they are no longer necessary to achieve the purpose of their processing.

If you do not wish to be photographed, please signal this clearly to the photographer. You can object to this data processing in justified cases at any time, e.g. by sending an e-mail to the above-mentioned contact options.

b. Participant lists

We would like to inform you that we may compile participant data such as name, function and company on participant lists. These lists of participants can be used for the purpose of exchanging information among participants as follows: Issuance or display at individual events or also retrievable as a download in password-protected user areas on the homepage and in password-protected user areas in event apps. The legal basis for the issue or display of participant lists is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest in data processing also lies in the aforementioned purposes.

In justified cases, you can object to this data processing at any time, e.g. by sending an email to the above-mentioned contact options.

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer. When you access a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables the browser to uniquely identify you when you return to the website.

We use cookies to make our website functional and user-friendly. These cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website.

The legal basis for the use of technically necessary cookies is Section 25 para. 2 No. 2 TDDDG. The purpose of their use in these cases is to enable and simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

We also use services on our website that we use for reach measurement, online marketing and the integration of third-party content and functions.

For reach measurement, we analyze the surfing behavior of website visitors, i.e. we evaluate the behavior and interests of users, e.g. to determine which content is particularly interesting or which functions require optimization. For this purpose, cookies or similar procedures with the same purpose may be used to create user profiles of website visitors. In addition to the IP address, information on websites visited, content viewed and technical characteristics such as the browser used as well as details on usage times and location data may be processed in this context.

In the context of online marketing, we process personal data of website visitors for the marketing of advertising space or the display of advertising content. These are intended to be tailored to the potential interests of users, which is why we measure their effectiveness. Cookies or similar procedures with the same purpose may be used for this purpose and user profiles of the website visitors may be created. In addition to the IP address, information on visited websites, viewed content and technical characteristics such as the browser used as well as information on usage times and location data can be processed in this context. These cookies can later also be read on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.

In addition, we integrate functional and content elements (e.g. images, videos, texts and buttons) from third-party providers on our website. These functional and content elements are usually obtained from the servers of these third-party providers. To display this content and functionality, it is necessary for the providers to process the IP address of the users in order to send the content to the browser. The providers of the functional and content elements may also use so-called pixel tags or "web beacons", i.e. invisible graphics, for statistical and marketing purposes. This information may also be stored in cookies. In addition to the IP address, information on visited websites, viewed content and technical characteristics, such as the browser used, as well as information on usage times and the use of our offers, can be processed in this context. This information may also be combined with such information from other sources.

The legal basis for the processing of personal data by the services used is, provided you have given us your consent, Section 25 para. 1 sentence 1 TDDDG. For some data processing, however, Section 25 para. 2 No. 2 TDDDG forms the legal basis. This serves the purpose of improving the quality of our website and its content. This tells us how the website is used and enables us to continuously optimize our offering. Please refer to the cookie settings on the website for the specific legal basis for the respective data processing. You can also find out which data is processed by the respective service and further details on the third-party services currently used in the cookie settings on the website or in the linked privacy policy of the respective service.

Click on the “Cookie settings” link at the bottom of the website (footer) or the corresponding icon on the website. If you use software such as Ghostery, AdBlock, or similar via your browser, the cookie banner may be blocked under certain circumstances. As a result, the data protection information contained therein may not be displayed to you.

To offer information about us and to be able to communicate with users, we operate accounts within social networks. These can be accounts of our company as well as individual divisions and media brands, as well as the pages of our corporate influencers.

Various user data may also be processed by the operators of the social networks outside the European Union and in particular in the USA. This data may include inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., entries in online forms), usage data (e.g., websites visited, interest in content, access times), and meta/communication data (e.g., device information, IP addresses).

The operators of the social networks generally also process the users' data for market research and advertising purposes. The usage behavior stored in cookies on the users' computers and the users' interests can be used by the operators to play interest-based advertising inside and outside the networks. Therefore, we refer to the data protection statements of the respective networks for a detailed presentation of data processing and data subject rights.

We process data in connection with the operation of our social media presences based on our legitimate economic interest pursuant to Art. 6 para.1 sentence 1 lit. f GDPR for the efficient processing of contact requests, queries and for communication with you, for the needs-based design of our offers, for product information and for customer care.

Pages can be operated in the following social networks:

• Instagram: social network; service provider: Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA (parent company: Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland); Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
  
• Facebook pages: Social network; service provider: Meta Platforms, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We are jointly responsible with Facebook Ireland Ltd. for the collection of data from visitors to our Facebook pages. Facebook and we are each independently responsible for the further processing of the data. This data may include content data (e.g., input in online forms), usage data (e.g., interest in content, access times), and meta/communication data (e.g., device information, IP addresses). Facebook also processes this information to provide it to us by way of analysis via so-called "page insights". This provides us with insights into how people interact with our pages and what content is of interest. For this purpose, we have concluded a data protection agreement with Facebook, in which Facebook states the security measures it uses to protect this data and that it complies with the rights of those affected (e.g. information, deletion). You can access the agreement here: https://www.facebook.com/legal/terms/page_controller_addendum. Further information can be found in the "Information on Page Insights": https://www.facebook.com/legal/terms/information_about_page_insights_data; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy.
  
• LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  
• X (formerly Twitter): social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; privacy policy: https://twitter.com/privacy, (settings for individualization and data: https://twitter.com/personalization).
  
• Xing: Social network; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; website: https://www.xing.de; privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
• TikTok: social network; service provider: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland and TikTok Information Technologies UK Limited, Kaleidoscope, 4 Lindsey Street, London, United Kingdom, EC1A 9HP; website: https://www.tiktok.com; privacy policy: https://www.tiktok.com/de/privacy-policy.
• WhatsApp channels: If we operate a WhatsApp channel and you have subscribed to it, we would like to inform you that neither we as the channel operator nor the other subscribers can draw conclusions about individual persons. Names and mobile phone numbers are only visible to WhatsApp. A WhatsApp user account is required to subscribe. Service provider: WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.whatsapp.com/; Privacy Policy for WhatsApp channels: https://www.whatsapp.com/legal/channels-privacy-policy-eea?lang=de_DE.

So-called plugins from social networks may also be used on our website. We may use plugins from the following providers: Facebook, Twitter, XING, LinkedIn, Instagram, TikTok.

We do not use direct plugins from social networks on our website, but instead use a privacy-friendly alternative in which the social media buttons are merely integrated as links to the pages of the external service providers. With the help of this solution, you can determine yourself whether and when data is transmitted to the operators of the respective social networks. Therefore, when you call up our website, no data will be automatically transmitted to the above-mentioned social networks as a matter of principle. Only when you yourself actively click on the respective button do you switch to the website of the social network and your browser establishes a connection to the servers of the respective social network. Thereupon, your data can be processed by the operator.

For more information on the purpose and scope of data processing by the plugin provider, please refer to the respective privacy statements of these providers. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

When using our apps, we process your data to provide the functionalities of our apps, as well as to monitor their security and to be able to further develop them.

If the provision of the functionalities of the apps requires the processing of your data, this serves the fulfillment of contractual obligations. If the provision of the functionalities requires your active authorization (e.g., by enabling device functions), this is also necessary for the fulfillment of contracts and pre-contractual requests. The legal basis is Art. 6 para. 1 p. 1 lit. b. GDPR or §25 para. 2 no. 2 TDDDG. Your authorization to access certain functions of the device used and the data stored in the device may be necessary for the use of the app and its functions under certain circumstances. These authorizations can be granted by users and revoked by default in the settings of the device used. The exact procedure for controlling app permissions in this case depends on the device and the software. By changing the settings in your device (revocation of the respective permissions), it may no longer be possible to fully use all functions of the app.

If you have expressly given us your consent to the processing of the data, the processing of the data covered by the consent is based on the consent, Art. 6 para. 1 p. 1 lit. a. GDPR or §25 para. 1 p. 1 TDDDG.

In addition to inventory data (e.g. names, addresses) and meta/communication data (e.g. device information, IP addresses) and payment data (e.g. bank details, invoices, payment history), contractual data (e.g. subject matter of the contract, term, customer category) may also be processed.

For the purpose of analyzing the usage and functionality of the apps, as well as storing your individual settings, a universal and unique identifier (UUID) is stored. This identifier is generated when the app is installed (but is not associated with the device), remains stored between the launch of the app as well as its updates, and is deleted when you remove the app from your device.

The download of our apps takes place via special online platforms operated by other service providers (so-called "app stores"). Therefore, in addition to our privacy policy, we also refer to the privacy notices of the respective app stores. This applies in particular with regard to the procedures used in the app stores for reach measurement, interest-based marketing and, where applicable, payment obligations.

In addition to inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., e-mail, telephone numbers), contractual data (e.g., subject matter of contract, term, customer category), the operators of the app stores may also process usage data (e.g., web pages visited, interest in content, access times) and meta/communication data (e.g., device information, IP addresses) for the provision of contractual services and for customer service. The legal basis for this is the fulfillment of the contract and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. GDPR) and, if applicable, legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR) and §25 para. 2 no. 2 TDDDG.

Services used and service providers:

• Apple App Store: app and software sales platform; Service provider: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA; Website: https://www.apple.com/de/ios/app-store/; Privacy policy: https://www.apple.com/legal/privacy/de-ww/.
• Google Play Store: app and software sales platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://play.google.com/store/apps?hl=de; Privacy policy: https://policies.google.com/privacy.

As data subject, you have the following rights:

• Right of access, Art. 15 GDPR
• Right to rectification, Art. 16 GDPR
• Right to erasure, Art. 17 GDPR
• Right to restriction of processing, Art. 18 GDPR
• Right to data portability, Art. 20 GDPR
• Right to object, Art. 21 GDPR

If you have given us consent in accordance with Section 25 Para. 1 Sentence 1 TDDDG, Art. 6 sec. 1 lit. a or Art. 9 sec. 2 lit. a GDPR, you are entitled to revoke this at any time. However, such revocation will not have any effect on the lawfulness of the processing previously done on the basis of the consent up to the time of revocation.

In addition, you are also entitled to file complaints at the competent supervisory agency.

In singular instances, the disclosure of personal data may be required owing to statutory requirements (for example under tax-related laws) or contractual agreement or may be required for conclusion of contract. In such case, you are obligated to make the personal data available, as in other case it might not be possible to conclude contracts.

Changes to this data protection policy might be required due to changes and adaptations of the services made available, due to statutory and legal amendments and reforms, as well as possible subsequent closures of legal voids. You may open and print the current data protection policy from any website of this Internet service by clicking the Privacy Policy link.

The German version of this data privacy policy shall be solely authoritative; the English version is for information purposes only.