Privacy Policy – Information on the Processing of Personal Data
Introduction and Structure of the Document
We, SEG Electronics GmbH (hereinafter referred to as “the Company,” “we,” or “us”), thank you for visiting our website and for your interest in our company and our services. Your personal data will only be processed in accordance with the provisions of German and European data protection law.Data protection law obliges us, as the controller responsible for data processing, to ensure the protection of your personal data through a variety of measures. One of these obligations is to inform you transparently about the nature, scope, purpose, duration, and legal basis of data processing (see Art. 13 and 14 GDPR). As the data subject, we also address you below as “customer,” “user,” “you,” or “data subject.”In this Privacy Policy, we inform you about how your personal data is processed by us. Our Privacy Policy is structured in a modular manner. It consists of a general section covering all processing of personal data and processing situations that may arise, and a specific section, the content of which relates only to the processing situations specified therein. It is possible that we may use this online document to inform you about processing activities that do not primarily take place on the website. These can be found in the specific section of the document. If you wish to navigate quickly within the document, many browsers offer a search function via the key combination “Ctrl + f.”
Definitions
In accordance with Art. 4 GDPR, the following definitions apply to this document: “Personal data” (Art. 4(1) GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or with the help of information relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. Identifiability may also be given by linking such information with other additional knowledge. The form, medium, or embodiment of the information is irrelevant (e.g., photographs, video, or audio recordings may contain personal data). “Processing” (Art. 4(2) GDPR) means any operation or set of operations performed on personal data, whether or not by automated means. This includes, in particular, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, as well as changing the original purpose of the processing.“Controller” (Art. 4(7) GDPR) means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.“Third party” (Art. 4(10) GDPR) means any natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.“Processor” (Art. 4(8) GDPR) means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller (e.g., IT service providers). A processor is not considered a third party in the legal sense of data protection law.“Consent” (Art. 4(11) GDPR) of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Name and Address of the Controller
The controller responsible for the processing of your personal data within the meaning of Art. 4(7) GDPR, as well as contact details and further information about our company, can be found in the imprint on our website.
Contact Details of the Data Protection Team and Data Protection Officer
For all questions and as a point of contact regarding data protection, our Data Protection Team, consisting of data protection coordinators and our Data Protection Officer, is available at any time. You can reach the Data Protection Team: By post to the address indicated in the imprint, with the addition “Data Protection Team” or by email at: datenschutz@segelectronics.de If, as a data subject, you wish your identity to be known only to the Data Protection Officer and not to the controller, please contact the above email address using an email account that does not reveal your identity. The Data Protection Officer will then offer you a suitable communication channel.
Your Rights
As a data subject, you may exercise your rights regarding your processed personal data at any time by contacting us at the contact details given above. To facilitate your request, we recommend that you contact the Data Protection Team directly. You have the right to: Access (Art. 15 GDPR): Request information on the personal data we process about you. In particular, you may obtain information about the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data (if not collected by us), and the existence of automated decision-making, including profiling, and meaningful information about its details. Rectification (Art. 16 GDPR): Demand without undue delay the correction of inaccurate personal data or the completion of incomplete personal data stored by us. Erasure (Art. 17 GDPR): Request the deletion of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims. Restriction of Processing (Art. 18 GDPR): Request the restriction of processing if you contest the accuracy of the data, the processing is unlawful, or you oppose erasure and request restriction instead. Data Portability (Art. 20 GDPR): Receive the personal data you have provided to us in a structured, commonly used, and machine-readable format or request the transmission to another controller. Objection (Art. 21 GDPR): Object to the processing of your personal data, provided the processing is based on Art. 6(1)(e) or (f) GDPR. Unless it concerns an objection to direct marketing, we ask you to explain why we should not process your data as carried out. In the event of a justified objection, we will examine the situation and either stop or adapt the processing, or demonstrate our compelling legitimate grounds. For many services on our website that process data on the basis of Art. 6(1)(f) GDPR, objection can also be exercised technically via browser technologies, e.g., blocking JavaScripts or cookies. Withdrawal of Consent (Art. 7(3) GDPR): Withdraw any consent you have given (including those provided before 25 May 2018, i.e., before the GDPR entered into force) at any time with effect for the future. This means that we may no longer continue any processing based on that consent. Complaint (Art. 77 GDPR): Lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data infringes the GDPR.
Legal Bases for Data Processing
As a matter of law, the processing of personal data is generally permissible only if it falls under one of the following legal bases: Art. 6(1)(a) GDPR (“Consent”): Where the data subject has voluntarily, in an informed and unambiguous manner, indicated their agreement to the processing of personal data relating to them for one or more specific purposes by means of a statement or other clear affirmative action. Art. 6(1)(b) GDPR (“Contract”): Where processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps prior to entering into a contract at the request of the data subject.Art. 6(1)(c) GDPR (“Legal Obligation”): Where processing is necessary for compliance with a legal obligation to which the controller is subject (for example, statutory record-keeping requirements). Art. 6(1)(d) GDPR (“Vital Interests”): Where processing is necessary in order to protect the vital interests of the data subject or of another natural person. Art. 6(1)(e) GDPR (“Public Interest / Official Authority”): Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. Art. 6(1)(f) GDPR (“Legitimate Interests”): Where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (in particular where the data subject is a minor). Where the processing of personal data is based on Art. 6(1)(f) GDPR, the purposes referred to above also represent our legitimate interests.For each of the processing activities we carry out, the applicable legal basis is specified below. It is possible that a particular processing activity may be based on more than one legal basis.
Data Erasure and Retention Period
For each of the data processing activities we carry out, we specify below how long the data is stored and when it is deleted or blocked. In the case of consent-based processing, the data retention and deletion periods indicated in the respective consent request shall apply. Unless a specific retention period is expressly stated below, your personal data will be deleted or blocked as soon as the purpose of processing or the legal basis for storage no longer applies. As a general rule, your data will be stored only within the territory of the Federal Republic of Germany, in a Member State of the European Union (EU), or in another Contracting State of the Agreement on the European Economic Area (EEA). Possible exceptions to this rule are set out in the following sections and processing descriptions. However, data may be stored beyond the specified period in the event of an (imminent) legal dispute with you or other legal proceedings, or if storage is required under statutory provisions to which we, as the controller, are subject (e.g., Section 257 of the German Commercial Code (HGB), Section 147 of the German Fiscal Code (AO)).Once the statutory retention period prescribed by such legal provisions expires, the personal data will be blocked or deleted, unless further storage is necessary and a corresponding legal basis exists.
Data Security: Website, Email, Fax
We employ technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (e.g., TLS encryption for our website). These measures are implemented taking into account the state of the art, implementation costs, the scope, context, and purposes of processing, as well as the risks involved (including their probability and potential impact) for the data subject. Our security measures are continuously improved in line with technological developments. For secure data transmission over the Internet, we use the hybrid encryption protocol Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL). This software encrypts the information transmitted by you. All data relevant to data protection is stored in encrypted form within a protected database. Please note that the confidentiality of email communication cannot be fully guaranteed. Although our mail servers support transport encryption (TLS), confidentiality may depend on various mail relay servers over which we have no control. Whether these servers also use TLS and whether they scan or store email content is beyond our influence. When you send us a fax, the transmission takes place via the Internet Protocol (FoIP). Technically, this is equivalent to sending an email or website data. We cannot determine whether an IP-based service encrypts the data; therefore, the confidentiality of the transmitted information cannot be guaranteed. We do not recommend sending sensitive information by fax. Further information on this topic is available upon request. Please contact our data protection team for additional details.
Cooperation with Processors
As is common practice for any larger enterprise, we engage external service providers to support our business operations, for example in the areas of IT, logistics, and telecommunications — such as parcel delivery, postal and email communications, database analysis, marketing activities, payment processing, sales, and customer relations.These service providers have access to personal data to the extent necessary to perform their respective tasks. However, they are not permitted to use such data for any other purposes. Processors act solely on our instructions and have been contractually bound in accordance with Article 28 of the EU General Data Protection Regulation (GDPR) to comply with all applicable data protection requirements. Processors are not considered third parties within the meaning of data protection law.
Conditions for the Transfer of Personal Data to Third Countries
In the context of our business relationships, your personal data may be disclosed or transferred to third-party companies. Such entities may also be located outside the European Economic Area (EEA), i.e., in so-called “third countries.” Any such processing is carried out exclusively for the purpose of fulfilling contractual and business obligations and maintaining your business relationship with us. Detailed information on specific transfers is provided in the relevant sections of this Privacy Policy. In general, we indicate the country in which the service provider’s registered office is located.Certain third countries have been recognized by the European Commission as providing a level of data protection comparable to that of the EEA through so-called adequacy decisions. As of December 2021, adequacy decisions have been issued for the following countries and territories: Andorra, Argentina, Canada, the Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay, the Republic of Korea, and the United Kingdom.In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to the absence of comparable legal safeguards. In such cases, we ensure that data protection is adequately maintained, typically through binding corporate rules, the European Commission’s Standard Contractual Clauses for the protection of personal data, certifications, or approved codes of conduct.
Automated Decision-Making
We do not intend to use any personal data collected from you in connection with procedures involving automated decision-making (including profiling).
Obligation to Provide Personal Data
We do not make the conclusion of contracts with us dependent on your prior provision of personal data. As a customer, you are generally neither legally nor contractually obligated to provide us with your personal data. However, it may not be possible for us to offer certain services or products – or to offer them only in a limited way – if you do not provide the data required for that purpose. Should this be the case in relation to specific products or processing activities described below, you will be expressly informed of this in advance.
Legal Obligation to Disclose Certain Data
We may, in some cases, be subject to specific statutory or legal obligations requiring us to disclose lawfully processed personal data to third parties, particularly to public authorities (Article 6(1)(c) GDPR).
Amendment of the Privacy Policy
In the course of developments in data protection law, as well as technological or organizational changes, this document is regularly reviewed to determine whether updates or additions are necessary.We reserve the right to amend this Privacy Policy at any time, with effect for the future, in compliance with applicable data protection regulations. Any changes will be published at this location.
Current version: June 6, 2025
Information on the Processing of Personal Data in Specific Processing Activities
The following sections describe processing activities grouped according to various categories of individuals whose data is processed (“data subjects”).
Website Visitors
Information about our company and the services we offer is available in particular at www.segelectronics.de and its associated subpages (collectively referred to as the “Websites”). When you visit our Websites, personal data concerning you is processed.Your data is processed only for as long as is necessary to achieve the purposes of processing mentioned above; the legal bases specified in connection with each purpose apply accordingly. Any third parties engaged by us will store your data on their systems only for as long as necessary to perform the services commissioned by us. The following categories of recipients – generally acting as processors – may have access to your personal data: Service providers responsible for operating our Website and for processing data stored or transmitted through the systems (e.g., data center services, payment processing, IT security). The legal basis for such disclosure is Article 6(1)(b) or (f) GDPR, insofar as the recipients are not processors. Public authorities or government agencies, where disclosure is required to fulfill a legal obligation. The legal basis for such disclosure is Article 6(1)(c) GDPR. Individuals or entities involved in our business operations, such as auditors, banks, insurers, legal advisers, regulatory authorities, parties involved in corporate acquisitions, or joint venture formations. The legal basis for such disclosure is Article 6(1)(b) or (f) GDPR.Beyond the cases described above, we will only disclose your personal data to third parties if you have provided your explicit consent to such disclosure in accordance with Article 6(1)(a) GDPR.
Processed Personal Data on the Website / Log Data
When our Websites are used for informational purposes only, the following categories of personal data are collected, stored, and processed by us. When you visit our Websites, a so-called log data record (“server log file”) is stored temporarily and in anonymized form on our web server. This record typically consists of: the page from which the request originated (the “referrer URL”), the name and URL of the page requested, the date and time of access, a description of the type, language, and version of the web browser used, the IP address of the requesting computer, the volume of data transmitted, the operating system in use, an indication of whether the request was successful (access status / HTTP status code), the time zone difference relative to GMT. The processing of log data serves statistical purposes and the improvement of the quality of our Website – particularly the stability and security of the connection. The legal basis for this processing is Article 6(1)(f) GDPR. It is possible that we may temporarily process additional information provided by your operating system, browser, or other technologies to our web servers in order to enable the proper display and functionality of the Website. The legal basis for this processing is also Article 6(1)(f) GDPR.
Services for Storing or Accessing Information on Your Device (Cookies, Plugins, JavaScript, etc.)
On our Websites, we use services and technologies to store information on your device and/or to access information already stored on your device. These technologies may include, for example, cookies.Cookies are text files and/or entries in the browser’s own database that uniquely identify the browser you are using by means of a characteristic string of characters. When cookies or similar technologies are used, certain information is exchanged between the entity that sets the cookie and your device. Cookies and other services may contain data that enable recognition of the device you are using. In some cases, cookies and related technologies store only specific configuration details that are not personally identifiable.Some services can be declined or technically disabled if your browser permits this. However, please note that doing so may prevent you from using all features of our Website to their full extent.The help function in the menu bar of most web browsers explains, for example, how to prevent your browser from accepting new cookies, how to have your browser notify you when a new cookie is set, or how to delete all cookies already stored. You can also configure your browser to disable specific technologies (such as JavaScript) that some services rely on.Where services on our Websites process personal data on the basis of Article 6(1)(f) GDPR, you may technically exercise your right to object through such browser settings and technologies. Categories of Services by Function Services used on our Websites can be differentiated by their purpose and functionality as follows: Technical Services: These are strictly necessary to navigate the Website, use basic functions, and ensure the security of the Website. They neither collect information about you for marketing purposes nor store information about which websites you have visited. Performance Services: These collect information about how you use our Website, which pages you visit, and, for example, whether any errors occur during use. They do not collect any information that could identify you personally. All data collected is anonymous and is used solely to improve our Website and to better understand what interests our users. Advertising, Targeting & Sharing Services, Social Media Plugins: These are used to provide Website users with advertising or third-party offers tailored to their interests and to measure the effectiveness of such offers. They may also enhance the interactivity of our Website with other services (such as social networks).All of these services involve storing information on your device and/or accessing information already stored on your device.
Legal Classification under Telecommunications and Data Protection Law
In contrast to the functional distinction above, legislators differentiate between only two categories of services: Services necessary for the transmission of a message over a public telecommunications network and/or essential for the provider of an online service to supply a telemedia service explicitly requested by the user. Necessity may arise from technical, legal, economic, operational, and/or contractual requirements. Services used for all other purposes: Any use of services that are technically, legally, economically, operationally, and/or contractually essential for the provision of an explicitly requested service may rely on a legal basis other than consent under Article 6(1)(a) GDPR.
Service: Hosting via Amazon Web Services (AWS)
This Website uses Amazon Web Services (AWS) as its hosting platform. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg (hereinafter "AWS").AWS acts as a processor on our behalf (see section "Cooperation with Processors") and operates under the legal basis of the controller. Through AWS, we deliver this Website. In this process, the data listed in the section “Processed Personal Data on the Website / Log Data” is processed. The processing is based on the legal basis Article 6(1)(f) GDPR. For further information on data protection at AWS, please see: https://aws.amazon.com/de/privacy
General Services on the Website
We currently use the following services described above. Where processing is based on consent under Article 6(1)(a) GDPR, we also indicate how consent is requested.
Consent Management Tool / Consent Management Provider (CMP) – "Cookie Banner"
We use services to request and manage user consent for individual services.
Service: Finsweet Cookie Consent
We use the Finsweet Cookie Consent service, provided by Finsweet Inc., 8 The Green, Suite B, Dover, DE 19901, USA. Finsweet Cookie Consent is a cookie consent management tool that ensures cookies and scripts on our website are set or loaded only with your explicit consent. No personal data of site visitors is processed. The tool merely stores the information about the consent status in a technically necessary cookie in your browser to remember your selection.The purpose of processing this data is to manage and document users’ consent for the use of cookies in accordance with statutory data protection requirements. The legal basis for this data processing is Article 6(1)(c) GDPR, as we are legally obliged to demonstrate the consent of our website visitors. For further information on data protection at Finsweet, see their privacy policy: https://www.finsweet.com/privacy
Service: Content Delivery Network (CDN) Cloudflare
We use the Cloudflare Content Delivery Network (CDN) service on our websites, operated by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA. Processing of personal data only occurs if you have given consent under Article 6(1)(a) GDPR. Additional information about this processing is provided in the consent request via the consent management tool.If consent is granted, the service may be used to load content from this website via a distributed network of Cloudflare servers. By using this technology, the server geographically closest to you is accessed, meaning Cloudflare is informed about your use of the service. The use of the Cloudflare CDN serves the purpose of optimizing the user experience. Further information on how Cloudflare handles your personal data can be found here: https://www.cloudflare.com/de-de/privacypolicy
Service: jsDelivr Delivery – CDN
We use the jsDelivr service on our websites, a Content Delivery Network (CDN). The provider of this service is Prospect One Ltd., Królewska 65A/1, PL-30-081 Krakow, Poland. This service can load content from our websites via a distributed network, in particular open-source software projects, including packages hosted on GitHub, npm, and WordPress.org. By using this technology, the server geographically closest to you is accessed when you use this service.The use of the CDN serves the purpose of optimizing user experience and improving the performance and availability of our website. In doing so, this service processes your IP address and the information when you visited our website.The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is to provide our website as fast, secure, and reliable as possible. If a consent management tool is used, we may alternatively rely on consent under Article 6(1)(a) GDPR. Details regarding consent will then be provided in the consent management tool. Further information is available in the provider’s privacy information: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
Service: Amazon CloudFront CDN
We use the Amazon CloudFront service on our websites, a Content Delivery Network (CDN). The provider is Amazon Web Services EMEA S.à r.l., 38 Avenue John F. Kennedy, L-1855, Luxembourg. This service can load content from our websites via a distributed network. By using this technology, the server geographically closest to you is accessed when you use this service. The use of the CDN serves the purpose of optimizing user experience and improving the performance and availability of our website. In doing so, this service processes your IP address and the information when you visited our website. The legal basis for this processing is Article 6(1)(f) GDPR. Our legitimate interest is to provide our website as fast, secure, and reliable as possible. If a consent management tool is used, we may alternatively rely on consent under Article 6(1)(a) GDPR. Details regarding consent will then be provided in the consent management tool.Further information is available in the provider’s privacy information: https://policies.google.com/privacy
Service: Leadfeeder / Leadinfo
This website uses the Leadfeeder service, a web analytics tool, operated by Leadfeeder, Liidio Oy / Leadfeeder, Keskuskatu 6 E, 00100 Helsinki, Finland.Processing only occurs if you have given your consent in accordance with Article 6(1)(a) GDPR. Additional information about this potential processing can be found in the consent management tool.If consent is given, an analysis of your use of our websites and online services is enabled. Leadfeeder uses this information to evaluate your visit to the website, generate reports on website activity for us, and provide other services related to website and internet usage. Leadfeeder may also transfer this information to third parties if required by law or if third parties process these data on behalf of Leadfeeder.Further information is available in the provider’s privacy information: https://www.leadinfo.com/de/datenschutz/
Applicants
You can apply to us in various ways. Regardless of the method you use to apply, your applicant data will be processed exclusively for handling your application and, after the conclusion of the selection process, will be stored for a maximum of six months and then deleted, unless you provide us with consent for further processing in a talent pool.During the application process, the following personal data may be processed by us: All data you provide to us during the application process (e.g., in your application documents or during interviews).If applicable, additional data that we lawfully obtain during the course of the application process (e.g., from publicly accessible sources such as professional networks).This may also include special categories of personal data (e.g., disability status, racial or ethnic origin, religious or philosophical beliefs, or trade union membership), if provided to us through one of the aforementioned channels. The legal basis is the decision regarding the establishment of an employment relationship or, after its establishment, the execution of the employment relationship in accordance with §26(1) BDSG-new and Art. 6(1)(b) GDPR. After the conclusion of the selection process, all data are retained for an additional six months to allow us to respond legally to any disputes related to the application process. This limited retention is based on Art. 6(1)(f) GDPR. Service: Application via EmailYou have the option to apply via email. Please send your application documents to bewerbung@segelectronics.de. We point out that for applications via email, we cannot guarantee the confidentiality of your data. Although we provide transport encryption (TLS) via our mail server, confidentiality may depend on various mail relay servers over which we have no control. We cannot ensure whether these servers use TLS or whether they evaluate the emails. If you have concerns about this, please use postal mail for your application.
Business Partners and Information Seekers
When contacting us by telephone, we collect information for caller identification (caller ID). If your phone number is not suppressed or withheld, we can see the number from which you are calling. The phone number, call date, and call time are automatically stored by our telephone system and are used only to return your call if you requested a callback or if your call was interrupted due to technical problems. These data are deleted no later than 4 weeks. We do not record calls.When contacting us by email, the email is stored and used for the purpose you indicated in your message (e.g., product order). The same applies to fax communications.If you order products or request information materials from us, we create a customer account for you. This account contains the following data: The name and contact details of the company for which you are placing the order; Your first and last name as the contact person. For each order processed through this customer account, we store: Date of order and delivery; Ordered products; Current order status
These data are required to process your order and/or request and are processed exclusively for this purpose (Art. 6(1)(b) or (f) GDPR). Unless otherwise stated, the retention periods for these data follow the legal storage obligationsapplicable to us.
Corporate Sale, Merger, and Acquisition (M&A)
We reserve the right to transfer our business operations or individual business units, in whole or in part, to a third party, for example as part of a corporate sale (e.g., via an asset deal). In this context, it may be necessary to transfer personal data to the acquirer to ensure the continuation of existing customer relationships. The legal basis for such data processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in carrying out the transfer of business processes and customer relationships in a legally compliant and economically efficient manner. In doing so, we carefully consider the interests, fundamental rights, and freedoms of the affected individuals, particularly regarding the confidentiality and security of their data.Prior to any planned transfer of personal data in such a transaction, the affected individuals will be informed in advance. They then have the opportunity to raise objections to the intended transfer. Such objections are treated in accordance with Art. 21 GDPR (right to object). In these cases, we carefully assess on a case-by-case basis whether the objection outweighs the intended transfer and whether the transfer must be prevented.A transfer to third parties outside the European Union or European Economic Area occurs only if the conditions of Arts. 44 et seq. GDPR are met, particularly if an adequate level of data protection is ensured.
Visitors to Social Media Services
We maintain a presence on social media platforms. The purpose is to communicate with interested parties (such as customers, potential employees, trainees) and to conduct general public relations.When you visit our social media profiles, personal data may be processed. In many cases, we act as joint controllerstogether with the social media service provider when we jointly determine the purposes and means of data processing. Where possible, we have entered into joint controllership agreements in accordance with Art. 26 GDPR. Nevertheless, despite any joint responsibility, we do not have full control over how the social media service processes data.How a social media service uses data for its own purposes, the extent to which activities are assigned to individual visitors, how long data is stored, and whether data from a visit is shared with third parties is often not fully or clearly disclosed by social media providers.We emphasize that you use the functions of the social media service at your own responsibility. This particularly applies to interactive features (e.g., commenting, sharing, liking, group dialogues, professional exchanges, uploading photos, entering search terms). You should assume that any data you voluntarily provide may be processed by the social media service for its own purposes, such as analyzing topics you are presumed to be interested in.The legal basis for processing is determined by the social media service and is detailed in the service’s privacy policylinks. Depending on the circumstances, social media services may rely on different legal bases. If a legal basis is required for our part, the processing is based on our legitimate interests (Art. 6(1)(f) GDPR), namely communication with interested parties and effective public relations.
Service: Presence on LinkedIn
We maintain a presence on the LinkedIn platform. The LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is jointly responsible with us for data processing on LinkedIn.When you visit our LinkedIn page, LinkedIn collects your usage data, such as:the URL of the website you came from and the website you navigate to next,the time of your visit,your IP address, proxy server, operating system, web browser, and similar information.These data are used to provide us with aggregated information on how you use our LinkedIn page and its content.The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union, particularly to the USA. For the USA, there is an adequacy decision by the EU Commission dated 10 July 2023, which confirms an adequate level of data protection for transfers to companies participating in the EU-U.S. Privacy Framework.However, we do not have knowledge or control over how LinkedIn uses your data for its own purposes.Further information can be found in LinkedIn’s privacy policy at: https://de.linkedin.com/legal/privacy-policy.
Service: Presence on StepStone
We maintain a presence on the StepStone platform, an online career portal for job postings and application processes. StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf, Germany (“StepStone”), is jointly responsible with us for data processing on StepStone.When you visit our company profile on StepStone or interact with one of our job postings, StepStone collects usage data, such as:the time and duration of your visit,your interactions with our profile (e.g., clicks, views of job postings),and, if you use a registered profile, information about your user behavior and any applicant data you have provided. These data are provided to us in aggregated form to deliver statistical information regarding the reach, interaction, and performance of our job postings and content. In addition, StepStone may process your data for its own purposes, particularly for profiling, interest-based display of job postings, and improving its services.The data collected about you in this context are processed by StepStone and may, if applicable, be shared with third parties. StepStone may also transfer personal data to countries outside the EU. Information about possible transfers to third countries and the underlying safeguards can be found in StepStone’s privacy policy.We do not have knowledge or control over how StepStone uses your data for its own purposes.Further information is available in StepStone’s privacy policy at: https://www.stepstone.de/Ueber-StepStone/datenschutzerklaerung/.
