Protecting your privacy when using our website is particularly important to us. Therefore, the following informs you about the collection of anonymous and personal data.
1. Provider / Responsible entity in terms of data protection
This website is a service provided by
Tel: +49 (0)40 80 80 700
represented by Mathias Hueske and Babette Roeder (managing directors)
registered in the commercial register of the district court Hamburg under commercial register B (HRB) No. 79328
2. Contact Information of the Data Protection Organization
3. Responsible regulatory authority
The Hamburg officer for Data Protection and Freedom of Information (Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, HmbBfDI), Ludwig-Erhard-Str 22, 7th floor, 20459 Hamburg, tel.: 040/42854-4040, fax: 040/42854-4000, e-mail: firstname.lastname@example.org
4. General principles
4.1 Lawfulness of data processing
Your personal information from the contact form (name, E-Mail) will be processed and saved in compliance with relevant statutory regulations regarding data protection, especially the regulation (EU) 2016/679 of the European Parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), of the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and other data-related laws [e.g. the Telemedia Act (Telemediengesetz, TMG)].
The elicitation and use of personal data will only be carried out if the processing of the data is permitted by legal regulations or after consent. We list the specific legal bases for the processing of personal data below as part of the description of the individual data processing operations.
4.2 Duration of storage
Your personal data will be deleted or barred once the purpose of the storage no longer applies. Furthermore, storage may be performed if this has been stipulated by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. Data will also be barred or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfillment of a contract.
4.3 Disclosure of personal data
If we pass on personal data, we do so exclusively to service companies that support us in fulfilling the data processing activities described below. These companies may only use your personal data as so-called commissioned processors to fulfill their tasks on our behalf and are obliged to comply with the relevant data protection provisions. The processors we use are:
- PlusServer GmbH, Venloer Straße 47, 50672 Köln
- Personio SE & Co. KG, Seidlstraße 3, 80335 München
Otherwise, personal data will only be passed on to third parties if this is specified below as part of the description of the individual data processing operations or if we are legally obliged to do so in individual cases.
4.4 Location of the data processing
We process your personal data in countries of the European Union (EU) or the European Economic Area (EEA). With regard to any processing of personal data by service providers or other third parties based outside the EU/EEA, please refer to the descriptions of the individual data processing operations below.
5. The collection of personal data when visiting our website
You can visit our website without disclosing who you are. You can also contact us via our contact form and/or the e-mail address provided by us. Generally, we only learn the following about you:
- the name of your internet service provider
- the website from which you are visiting us (referrer URL)
- the pages of our website that you visit
- the date and time of your visit and the amount of data transferred
- notification of successful retrieval
- browser type and version of the requesting computer / end device
- the operating system of the requesting computer / end device
- the IP addresses of the requesting computer / end device
5.1 Website visit
This information is evaluated locally on our server for statistical purposes only. As an individual user, you remain anonymous, a combination with your personal data will naturally not take place, unless you have explicitly consented to this. There is no transmission of data to external systems. Technically unnecessary cookies are not used.
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f or, in the case of your consent, lit. a DSGVO.
5.2 E-mail contact and contact form
We only collect further personal data if you provide it to us voluntarily and on your own initiative. This may be the case, for example, as part of an application process or when contacting us. In such cases, we generally only collect the data that we are legally authorized to collect and that is absolutely necessary for the performance of the services you have requested. If we collect personal data from you, you only ever have to provide the required data. The mandatory data fields are marked. All additional data you provide is purely voluntary and does not have to be disclosed by you. If you nevertheless provide this data, then by disclosing it you give us your consent that we may also store and process this data of yours for the purpose stated in each case; in some cases we also request your express consent for purposes under data protection law that require explicit consent, that you can of course give voluntarily, that is not tied to any further requirements and that can be revoked at any time for the future.
The legal basis for the processing of the data is Art. 6 (1) lit. f DSGVO. If the purpose of contacting you is to conclude a contract or a contractual obligation, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
For the highest possible security of your data, it will be transmitted in encrypted form via TLS encryption. This is to prevent misuse of the data by third parties. We will only store and process your data on servers within the European Union.
5.3 Duration of the storage
The data will be deleted once it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail or via the contact form, this is the case when the respective conversation with you has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
5.4 Options for objection and elimination
6. Job e-mail newsletter
a) Description of data processing
If you have registered to receive our job e-mail newsletter, we will use your e-mail address for the purpose of sending the newsletter. We use a tool from the service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, for the technical processing of the newsletter dispatch.
b) Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG if the user has given consent.
c) Purpose of the data processing
The aforementioned personal data is processed for the purpose of sending the job newsletter.
d) Duration of storage
The user's email address is only stored for these purposes for as long as the user wishes to receive the job email newsletter.
e) Right of objection and cancellation
The user can revoke their consent to receive the job e-mail newsletter at any time. The cancellation can be made in the newsletter itself or by sending an email to email@example.com.
7. Storage of the IP address
We store the IP address communicated by your web browser for a period of seven days, strictly for the purpose of detecting, limiting and eliminating attacks on our websites and servers. After this period, we delete or anonymize the IP address. The legal basis is Art. 6 para. 1 lt. f DSGVO.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of storage of data in log files, this is the case after 7 days at the latest.
8. Usage of cookies
Cookies are small text files that are stored on your computer. We only use technically necessary session cookies, which are necessary for the smooth functioning of our website. Technically unnecessary cookies and third-party cookies are not used.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. b and lit. f DSGVO.
Microsoft Internet Explorer
Our website links to our company profile (hereinafter referred to as "fan page") on the XING service. This service is offered by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (hereinafter referred to as: "XING"). When you merely visit our website, no data is transmitted to XING. If you click on the link to our company profile (XING logo), you will automatically be redirected to our company profile on XING. If you are logged in with your XING profile, XING will associate your visit to our XING page with your profile. You can prevent this by logging out of your XING profile before visiting our XING page.
XING processes your personal data when you visit our company profile. As the owner of the company profile, we have no influence on the data processed by XING. You can find out which personal data is processed by XING and which data protection rights you have towards XING in XING’s data protection information, which you can view by clicking on the following link: https://www.xing.com/privacy
Our website links to our company profile on the LinkedIn service. This service is offered by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as "LinkedIn"). When you merely visit our website, no data is transmitted to LinkedIn. If you click on the link to our company profile (LinkedIn logo), you will be automatically redirected to our company profile on LinkedIn. If you are logged in with your LinkedIn profile, LinkedIn will associate your visit to our LinkedIn page with your profile. You can prevent this by logging out of LinkedIn before visiting our LinkedIn page.
LinkedIn processes your personal data when you visit our company profile. We as the owner of the company profile have no influence on the data processed by LinkedIn. You can find out which personal data is processed by LinkedIn and which data protection rights you have towards LinkedIn in LinkedIn's data protection information, which you can view by clicking on the following link: https://www.linkedin.com/legal/privacy-policy
11. Job applicants
When you apply for a job at our company, the queried information (first name, last name, e-mail address, message, uploaded documents) is transmitted to us. We will of course treat your application and the personal data contained therein confidentially. We only pass on your application internally and only to the people who need to know about it as part of the recruitment process (e.g., the HR department and the relevant department heads).
Your application documents or the personal data contained therein are stored and processed on our servers and our systems for the purpose of processing your application and handling the application process. After the application process has been completed, your application documents and personal data will be stored for a further six months for internal company reasons and will then be deleted without residue. The purpose of the storage is, among other things, the proper handling of your application process. The legal basis is Art. 6 Para. 1 lit b) DSGVO and § 26 Para. 1 BDSG. We do not provide any further information after the deletion has been carried out. If you have given us your explicit consent to include you in the applicant pool, we will store your application and the personal data contained therein for up to 24 months after completing the application process in order to be able to consider you for comparable/similar job offers. In this case, the legal basis is your consent in accordance with Art. 6 Para. 1 lit. a. DSGVO.
12. Applicant portal
When an application is submitted via the contact forms in the career section of the website (https://eos-uptrade.jobs.personio.de/), the data from the input mask, such as first name, last name, e-mail address, telephone number, gender, starting date of employment, expected salary as well as application documents uploaded by the applicant (e.g., CV, other documents), is transmitted to Personio GmbH. Consequently, when sending an application including applicant data and applicant documents, the appointed service provider receives, processes and prepares the sent data. We have concluded an AV contract with Personio GmbH. The legal basis for the processing of the data subsequent to your sending the direct application via the designated form is Art. 6 para. 1 lit. b DSGVO, Section 26 para. 1 BDSG (initiation of an employment relationship) as well as Art. 6 para. 1 lit. a DSGVO, insofar as you agree to the processing beyond this.
Alternatively, it is possible to contact us via the provided e-mail address: firstname.lastname@example.org.
13. Linking to external content
14. Revoking your consent
If you have given us your consent under data protection law for certain data uses and/or services, you can of course revoke this consent at any time with effect for the future. To do so, sending a simple message to the address given below is sufficient:
Tel.: +49 (0)40 80 80 700
15. Your rights as a data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:
15.1 Right of access
You have the right to request information as to whether data concerning you is being processed; if this is the case, you have the right to be informed about this personal data and to the information listed in detail in Art. 15 DSGVO.
15.2 Right to rectification
You have the right to request the rectification of inaccurate personal data concerning you and, if necessary, the completion of incomplete personal data without undue delay (Art. 16 DSGVO).
15.3 Right to restriction of processing
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 DSGVO is met, e.g., if you have objected to the processing, for the duration of the examination whether the objection can be granted.
15.4 Right to erasure
You have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 DSGVO applies, e.g. if the data is no longer required for the purposes pursued and the statutory retention provisions do not prevent deletion.
15.5 Right to data transferability
Pursuant to Art. 20 DSGVO, you have the right to receive the personal data concerning you that you have provided to us in a structured, standard and machine-readable format in order to be able to either transfer it yourself or - if technically feasible - have it transferred by us to a third party.
15.6 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(e) DSGVO (data processing in the public interest) and Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests) (Art. 21 DSGVO); this also applies to profiling based on this provision (as defined in Art. 4 No. 4 DSGVO). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
For this purpose, a simple message to the address given below is sufficient:
Tel.: +49 (0)40 80 80 700
15.7 Right to revoke the declaration of consent under data protection law
You have the right to revoke a declaration of consent made to us under data protection law at any time. Revoking your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
15.8 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data violates data protection law.
The contact details of the supervisory authority that is responsible for us can be found above in this data protection notice.
We draw your attention to the fact that the above data subject rights may be limited by EU law or applicable national law.
To exercise the above rights, please contact us using the contact information in this privacy notice. Inquiries submitted to us electronically will generally be answered electronically, unless you have specified otherwise in your inquiry.
16. Further information
If you have any further questions or suggestions on the subject of data protection or if you would like us to provide you with information on your data or to correct or delete it, please write to us by e-mail or letter to:
Tel.: +49 (0)40 80 80 700
The continuous development of the internet and the associated frequent changes in the applicable legal standards make it necessary to adapt our data protection information from time to time. We will inform you at this point about corresponding changes.
Hamburg, May 2023