Privacy Policy of the Infraserv Höchst Group

Our privacy policy has been translated into English for the convenience of our English-speaking visitors and users of our websites and apps. In cases of doubt as to the appropriate interpretation, only the German text will control.

Copyright notice

The works on our website are protected by copyright. Any use that is not expressly permitted requires the prior consent of the company stated in the legal information. This particularly applies to duplications, adaptations and storage and processing in electronic systems.

Status: 01.09.2023

A. General section

I. General information

1. We are delighted that you are interested in our company. The protection of your personal data is important to us. In the following section, we inform you how we handle your personal data in accordance with Article 12 of the General Data Protection Regulation (GDPR). Personal data is any information relating to an identified or identifiable natural person (“data subject”). This includes information such as name, address, email address, phone number and date of birth.

“We” refers to the Infraserv Höchst Group company that is processing the data and listed under the link below: www.infraserv.com/infraserv-hoechst-gruppe . KFT Chemieservice GmbH is an exception: www.kft.de – this company has its own privacy statement available at: www.kft.de/datenschutz

2. The controller as defined in Article 4(7) of the General Data Protection Regulation is as follows:

(a) For processing carried out by Infraserv GmbH & Co. Höchst KG
Legal information: www.infraserv.com/impressum

(b) For processing carried out by Infraserv Logistics GmbH
Legal information: www.infraserv-logistics.com/impressum

(c) For processing carried out by Infraserv Netze GmbH
Legal information (in German only): www.infraserv-netze.com/impressum.html

(d) For processing carried out by Thermal Conversion Compound Industriepark Höchst GmbH
Legal information: www.infraserv.com/t2c

(e) For processing carried out by Infraserv Höchst Prozesstechnik GmbH
Legal information: www.infraserv.com/prozesstechnik

Provadis Group companies

(f) For processing carried out by Provadis Partner für Bildung und Beratung GmbH
Legal information (in German only): www.provadis.de/impressum

(g) For processing carried out by Provadis School of International Management and Technology AG
Legal information (in German only): www.provadis-hochschule.de/impressum

(h) For processing carried out by Provadis Professionals GmbH
Legal information (in German only): www.provadis-professionals.de/impressum

3. Data protection officer of the companies mentioned under a. to h. above:

Infraserv GmbH & Co. Höchst KG
Data Protection Officer
Industriepark Höchst, C 770
65926 Frankfurt am Main
Email: datenschutz(at)infraserv.com

4. When you contact us by email or through a contact form, we process the data you provide (for example, your email address, name and phone number if provided) in order to respond to your questions. We will delete any data that we may collect in this process once we are no longer required to store it. We are generally required by tax and accounting laws to retain your address, payment and order data for ten years. If there is a legal basis for further processing (for example, another legal retention period), we will restrict processing as much as possible.

II. Your rights as a data subject under the GDPR

You are a “data subject” within the meaning of the GDPR if your personal data is processed. You have the following rights vis-à-vis us as the controller.

If possible, email your requests regarding the exercise of your rights to the address stated under A. I. 2 in the respective legal information/notice or directly to our data protection officer (see A. I. 3) or to the subject-specific addresses stated below.

1. Right of access:

You can request information about whether we process personal data about you. If this is the case, you have a right of access to this personal data as well as other information related to the processing (GDPR Article 15). Please note that this right of access may be limited or excluded in certain cases.

2. Right of rectification:

If personal data about you is not (or is no longer) accurate or complete, you may request that such data be rectified and, where appropriate, completed (GDPR Article 16)

3. Right to erasure or restriction of processing:

If the legal requirements are met, you may request the erasure of your personal data (GDPR Article 17) or the restriction of the processing of such data (GDPR Article 18). However, the right to erasure pursuant to GDPR Article 17(1) and (2) does not exist, inter alia, if the processing of personal data is necessary for compliance with a legal obligation (GDPR Article 17(3) point (b)).

4. Right to object pursuant to GDPR Article 21

You have the right to object at any time to the processing of your data that is carried out on the basis of GDPR Article 6(1) point (f) (data processing on the basis of a balance of interests) or GDPR Article 6(1) point (e) (data processing in the public interest) if there are grounds for doing so that arise from your particular situation. This also includes profiling based on this provision within the meaning of GDPR Article 4(4).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. We also process your personal data in individual cases for direct marketing purposes. If you do not wish to receive marketing communications, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct marketing. We will abide by this objection in the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made in any form and, if possible, should be sent to the addresses listed below.

(a) For direct marketing/advertising done by us (excluding companies of the Provadis Group):

By email: marketing(at)infraserv.com

(b) For direct marketing/advertising done by companies of the Provadis Group:

By email: marketing(at)provadis.de

(c) If using the social media platforms and / or web analytics services used by us, you can also assert your rights against the relevant platform operators and web analytics service providers. You can find the relevant contact details in the operator’s or service provider’s privacy policy.

5. Right to data portability:

Under the conditions laid out in GDPR Article 20, you have the right to demand that we provide you with the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format.

6. Right to withdraw statement of consent under data protection law:

You have the right to withdraw your consent at any time. The withdrawal only takes effect for the future; that is, the withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

(a) With regard to applications for our job postings or internships (excluding Provadis Group companies): hr-portal_admin(at)infraserv.com or by regular mail to the following address: Infraserv GmbH & Co. Höchst KG, HR Services, Bldg. C 770, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(b) With regard to applications for training and internship positions with Provadis Partner für Bildung und Beratung GmbH: ausbildung(at)provadis.de or by regular mail to the following address: Provadis Partner für Bildung und Beratung GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(c) With regard to applications with Provadis Professionals GmbH: service(at)provadis-professionals.de or by regular mail to the following address: Provadis Professionals GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(d) With regard to applications with Provadis School of International Management & Technology: info(at)provadis-hochschule.de or by regular mail to the following address: Provadis School of International Management & Technology, Industriepark Höchst, Bldg. B 835, 65926 Frankfurt am Main, Germany.

(e) If you wish to unsubscribe from one of our newsletters (excluding Provadis Group companies): marketing(at)infraserv.com

(f) If you wish to unsubscribe from one of the newsletters published by a Provadis Group company: abmeldung(at)provadis.com or by regular mail to the following address: Provadis Partner für Bildung und Beratung GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

If you withdraw your consent, your data covered by the consent will be deleted as required under the law. However, if you withdraw your consent, the company will be unable to consider your submitted application in its present form.

7. Right to lodge a complaint with a supervisory authority:

Without prejudice to any other administrative or judicial remedy, the data subject – you – have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, if you consider that our processing of personal data relating to you infringes the GDPR. The data protection authority with jurisdiction over us is the Hessian Commissioner for Data Protection and Freedom of Information:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Phone: +49 611 1408-0
Email: poststelle(at)datenschutz.hessen.de

III. Categories of recipients

At our company, access to your data is granted to the people and departments that need the data to fulfill our contractual and / or legal obligations. Service providers and agents for whom we are vicariously liable (“Erfüllungsgehilfen”) may also receive data for these purposes. They include, but are not limited to, companies in ICT services, logistics, educational services, consulting, sales and marketing as well as public bodies.

Otherwise, we will only disclose information about you if you have consented to us doing so.

IV. Transfer of personal data to third countries

We will only transfer personal data to third countries if the special requirements of GDPR Articles 44 et seq. are met (e.g., adequacy decision by the Commission, standard data protection clauses, approved codes of conduct).

Due to the laws of non-EU member states (e.g., the CLOUD Act in the United States), there is a possibility that parties such as government agencies may access your personal data without us or you being able to prevent, stop or control this, even if the aforementioned prerequisites are met.

V. Technical means used and data collected for technical purposes

We use data on this website and for the provision of our services which your browser or the system transmits so that you can visit the website and use the services. Here are some examples of data that is generally used: IP addresses, requested content, operating system and its interface, language settings, technical status information, date and time of the request.

We use the collected data for the technical administration and further development of our website and the services we offer. For particular services, we use additional technologies that collect data for special purposes that goes beyond the basic data for technical administration and further development. The technologies used in each particular service are indicated in the individual entry forms and in the explanation in Part B – Special section of this Privacy Policy

You can define your personal preferences in our cookie preference center. In this preference center, you can activate or deactivate optional cookies and find detailed information on the individual cookies and their intended use.

VI. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. Any changes will be announced by publishing the amended Privacy Policy on our website. The changes will take effect immediately unless otherwise specified.

B. Special section

I. Own processing activities

Listed below are the processing activities that we as the controller carry out, in some cases using processors.

B.I.1 Using our online platforms

(a) Content, purpose, processing

Our online platforms can be used in various ways by authorized users such as employees, business customers, partner companies and other interested parties. This includes, among others, online registrations for visitors, registrations for events, training courses, seminars, applications for photo permits or removal permits, or services relating to partner company management (such as supplier registration).

If you want to use our online platforms (for example, our Industriepark Höchst site website at www.industriepark-hoechst.com ), you will generally have to register by providing your email address, user name and a password of your choosing. We do not require you to provide your real name; you may use a pseudonym, but we do not recommend it. We use the double opt-in method for registration, which means that your registration will not be completed until you have confirmed it by clicking the confirmation link in a special confirmation email sent to you. If we do not receive your confirmation within 48 hours, your registration will be automatically deleted from our database. The above data must be entered to complete the registration. You can enter all other information voluntarily.

When you use the online platforms, your contact details may become accessible to other online platform users through the search function. For example, you can look up the phone numbers of other online platform users if they have released them. Non-registered members cannot receive any information about you. All registered members can see your user name regardless of its sharing status.

We will share your data with our principal bank for processing any payment obligation you may have entered into.

If you use our online platforms, we will store your data until you permanently delete your account.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in the German Telecommunications and Telemedia Data (TTDPA) § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

B.I.2 Using our mobile apps

(a) Content, purpose, processing

(aa) When you download the mobile app to your device, the app store receives certain necessary information including your user name, email address, customer number for your account, time of the download, payment information and the individual device ID. We have no control over or responsibility for this data collection. We process the data only to the extent required for the mobile app to download to your mobile device.

(bb) In certain cases, we may also require additional information such as your device ID, International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), Mobile Station International Subscriber Directory Number (MSISDN), MAC address for Wi-Fi use, name of your mobile device or email address.

(cc) Using your address book, calendar, photos and reminders

When you first use mobile apps that we are responsible for, a pop-up window will appear in which we ask for permission to use your personal data (from your address book or calendar, for example). If you do not give consent, you will not be able to use all the features of our app. You can also give or withdraw your consent in the app’s settings or in your operating system at a later time.

If you have consented to us accessing personal data, the mobile app will only access your data and transfer it to our server to the extent required to provide the associated function. We will treat your data confidentially and delete it if you withdraw your consent to use it or if your data is no longer needed to provide the services and is not covered by any legal retention obligations. c

(dd) Collection of your location data

We use location-based services to provide special services based on your location. You can use these functions only after having given us your permission in a pop-up window to collect your anonymized location data (for example, using GPS) for the purpose of providing services. You can activate or deactivate the functions at any time in the app’s settings or your operating system’s settings. Your location is only transmitted to us when you use location-based app functions. Your location data will not be used to generate a location history outside of your current location.

(ee) Push messages

Using the function to receive push messages in our mobile apps is optional and not required to use our services. We only use this function to transmit general information about our services and organizational information.

To send push messages to mobile devices, we use the services of OneSignal, Inc, 2850 S Delaware St Suite 201, San Mateo, CA 94403, United States (also referred to as “Push Service Provider”). The push messages are sent using a pseudonymous push token assigned by the push service or by the operating system that you use.

The push service uses this push token to store data such as device type, time of use, IP address when used, language setting as well as the wording of push messages transmitted to the device and the status of your push subscription and associates this data with your mobile device. The push service provider cannot associate this data with any other personal data of yours.

You can revoke your consent at any time by turning off the “Receive push messages” feature in the app settings or disabling the receipt of push messages in the operating system settings. You can find OneSignal’s privacy policy at: https://onesignal.com/OneSignalSAASPrivacyPolicy.pdf

(ff) Crash notifications

We rely on anonymized crash reports to improve the stability and reliability of our apps.

  • iOS apps: If you have voluntarily and explicitly agreed to the transmission of a crash report in the app settings or after a crash, anonymous information about the crash (state of the app at the time of the crash, stack trace, manufacturer and operating system of the cell phone, last log messages) is transmitted to Apple, Inc., One Apple Park Way, Cupertino, CA 95014, United States, where it is stored for analysis. According to Apple, Inc., this information does not contain any personal data.
  • Android apps: If you have voluntarily and explicitly agreed to the general transmission of crash notifications to Google when setting up your mobile device and your app crashes, information (state of the app at the time of the crash, stack trace, manufacturer and operating system of the cell phone, last log messages) is transmitted to Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, where it is stored for analysis. According to Google LLC, this information does not contain any personal data.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

B.I.3 Using our forums

(a) Content, purpose, processing

Authorized users can read our forums without having to register. If you want to actively participate in the forum, certain forums require you to register by providing your email address as well as a password and user name of your own choosing. We do not require you to provide your real name; you may use a pseudonym if you wish. We use the double opt-in method for registration, which means that your registration will not be completed until you have confirmed it by clicking the confirmation link in a special confirmation email sent to you. If we do not receive your confirmation within 48 hours, your registration will be automatically deleted from our database.

To gain access to the forums, users must provide a user name, password and email address. If you sign up for a forum account, we will store your registration data and all your forum activities for as long as you remain registered.

Neither the administrator of these forums nor the participating moderators are responsible for the users’ activities. Please note that all the personal data you provide in forums becomes public data. You should exercise caution when deciding to publish personal data. We may remove or modify any data published in these forums if we or third parties believe that the data is unlawful.

If you delete your account, your public statements – especially forum posts – will remain visible for all viewers. Your account, however, can no longer be accessed and will be marked as “Guest” in the forum. All other data will be deleted.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

B.I.4 Using an Infraserv GmbH & Co. Höchst KG (“Infraserv”) hotspot

(a) Content, purpose, processing

Infraserv allows users to access the internet over Wi‑Fi at specially designated locations (also referred to as hotspots) within the limits of current technical and operational capabilities. Wi-Fi technology is used to establish wireless data communications between the hotspot and the user’s Wi-Fi device. When the parties’ interests are balanced against each other as required by law, the legitimate interests cited above are not overridden by the fundamental rights and freedoms of data subjects with regard to the protection of personal data. Data processing is therefore an unavoidable consequence of using the hotspot.

When providing internet access, Infraserv records, for technical reasons, nothing more than the MAC address (“Media Access Control address” or also “physical address”) of the access device being used, the date on which the services were used and how long they were used. This data is only stored temporarily and is deleted once it is no longer needed to fulfill the purpose for which it was originally processed.

Infraserv does not store or otherwise process any other personal data when providing internet access.

Infraserv is a service provider for the purposes of German Telemedia Act (TMG) §§ 2, 8 and German Telecommunications Telemedia Data Protection Act (TTDPA) § 2.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

B.I.5 Using our information and contact options prior to entering into a contract

(a) Content, purpose, processing

Where we offer information and contact options on our website (such as sending out advertising brochures, call-back procedures, requests for offers, options to register for events, training courses, seminars or classes), we will use your data solely for this purpose. The data you provide will be stored for no more than three months unless you have expressed an interest in additional information or services. In the latter case, we will store the data for processing as required. When a contract has been formed, we are generally required by tax and accounting laws to retain your address, payment and order data for ten years.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

B.I.6 Using the option to register for events, training courses or seminars

We can also process the data you provide to notify you regularly or sporadically of other attractive products in our portfolio or to send you emails containing relevant information.

B.I.7 Processing job applications

(a) Content, purpose, processing

Our company processes and stores personal data that you provide in your online application solely for the purpose of conducting the application process. When you apply for a training position, internship or cooperative degree program, the data will also be processed by the company at which the practical training takes place (“training partner company”). When you apply for a position through a personnel leasing company or employment agency, the data will also processed by the relevant partner company (“partner company”). Your applicant data will be stored for six months after receipt. If you are offered the option of storing your data for another six months before the end of the six-month period, we will contact you well in advance. The maximum storage period is 24 months. If your application is unsuccessful, the data will be deleted within six months of the rejection date.

Where necessary, Provadis School will process the personal data you provide on your online application in order to complete a work placement under the cooperative education system together with the partner companies of Provadis School. This entails sending to the relevant companies the data and documents that have been provided and digitally stored, such as résumés, all available report cards, letters of reference and other certificates (especially language certificates). If the contract with Provadis School is terminated and/or no more work placements are made, the personal data will be deleted after no more than 24 months.

We process the personal data from your job application, which you disclose on our Careers page (using the online application form, as an attachment or as a paper application where specified), for the purpose of selecting applicants. If you are suitable, your data will be transferred within the Infraserv Höchst Group or to the (training) partner companies for further processing as part of the selection process, both with regard to the specific position and with regard to comparable positions. This data can be accessed by the relevant company managers and, in the case of training positions, internships, cooperative degree programs, personnel leasing or employment agencies, by the relevant managers of the (training) partner companies.

We process certain personal data from your job application and during the selection process, including:

  • First and last name
  • Résumé photo
  • Nationality
  • Contact details (such as home address, phone number)
  • Adult/minor
  • Application data (such as diploma, grades, career preferences, internships, professional experience, letters of reference)
  • Data from application questionnaires
  • Data from aptitude tests (which may still have to be conducted)
  • Data from job interviews (which may still have to be conducted)
  • Information channels that led to the job application

Details regarding the information channels that led you to us will always be anonymized before we analyze it and use it for marketing campaigns.

You consent to our collection and processing of the following special categories of personal data:

If your application includes special categories of personal data (for example, information about your health, or a photo that allows us to infer your ethnic background, your visual acuity and/or religion), this data will only be processed so that we can consider your application it its present form in the first place. The information will not be used during the application process unless the law requires us to do so, especially in the case of applications submitted by individuals with severe disabilities. Your data will not be transferred to any third parties except for the (partner) companies named above. You are under no obligation to provide these special categories of personal data with your application.

Any aptitude test that you may complete will consist of several different task groups. The test data will be stored exclusively in our systems. We use this data to determine your aptitude. In the event of a rejection, the corresponding personal data will be deleted at the same time. If an applicant is accepted, this data will be stored for the duration of the statutory retention period (generally 10 years) and then deleted.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point b) (with regard to subsequent processing activities).

B.I.8 Using the commenting function on the intranet

(a) Content, purpose, processing

Authorized users can post comments on our company intranet that are seen throughout the company. The comments are published with the article and show the name the user has indicated. We recommend that users use their real name but they can also use a pseudonym or no user name at all. Comments cannot be traced back to the IP address from which they were posted. The content of comments is solely the responsibility of the user who posted the comment. We do not check comments before they are published. We reserve the right to delete comments, especially if they violate laws or our internal guidelines.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

B.I.9 Video surveillance

(a) Content, purpose, processing

We own and operate Industriepark Höchst (“IPH”) and conduct video surveillance of the industrial park’s outer perimeter, individual facilities and individual lots. Our surveillance is conducted in accordance with our right, as the property owner, to keep out trespassers and with applicable laws, regulations and government requirements to protect our land and the buildings, equipment and individuals on it. The areas under our video surveillance are marked as follows: with regard to perimeter protection, the information is provided using a pictogram and a reference to the responsible unit at the gates of IPH, and otherwise in the vicinity of the area under video surveillance. When the parties’ interests are balanced against each other as required by law, the legitimate interests cited above are not overridden by the fundamental rights and freedoms of data subjects with regard to the protection of personal data. Data processing is therefore an unavoidable consequence of entering the area under video surveillance.

We store video recordings for a limited period of time in order to achieve the purpose cited above during our regular business hours. The recordings are then automatically deleted unless this purpose requires a longer processing period in conjunction with one of the legal bases.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b), GDPR Article 6(1) point (c), GDPR Article 6(1) point (d) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

II. Processing activities using third parties or under joint responsibility

In some cases, your data is processed using third parties within the meaning of GDPR Article 4(10) or under joint responsibility pursuant to GDPR Article 26.

1. Newsletter

(a) Content, purpose, processing

Our newsletters present attractive current offerings in our service portfolio – you can access them at www.infraserv.com/portfolio and at www.provadis.de .

We use double opt-in for newsletter sign-ups. Once you have registered, we will send an email to the email address you provided asking you to confirm that you do in fact want to receive the newsletter.

  • The following applies with respect to the Infraserv portfolio: If you do not confirm your subscription within 15 days, your information will be automatically deleted.
  • The following applies with respect to the Provadis portfolio: If you do not confirm your registration within 48 hours, your information will be placed on a “do not contact” list and automatically erased after one month.

We also store your IP addresses and the points in time when you registered and confirmed your subscription. The purpose of this procedure is to be able to prove your registration and identify any potential misuse of your personal data.

All you have to provide to receive the newsletter is your email address. Other, separately highlighted data is optional and will be used to address you personally. Once you opt in, we will store your email address for the purpose of sending you the newsletter.

Please note that we analyze your user behavior when we send out newsletters. We use the tracking functions of ClickDimensions LLC (for more information, see “Web Analytics”) or empaction GmbH for this purpose. Our emails contain “web beacons” (also known as tracking pixels), which are one-pixel graphics stored on our website that are used for user behavior analysis. We associate the collected data and web beacons with your email address and an individual ID to conduct the analyses. The ID is also included in links contained in newsletters. We then use this collected data to create a user profile to tailor the newsletter to your personal interests. In this process, we track when you read our newsletters and what newsletter links you click in order to determine your personal interests. We associate this data with your actions on our website.

You can object to this tracking at any time by clicking the separate link provided in each email or by notifying us through a different communications channel. The information is stored exclusively for the duration of the newsletter subscription. Once you unsubscribe, we only store anonymized statistical data. Tracking is not possible if you have deactivated automatic image loading in your email software. In this case, the newsletter will not be displayed completely and you may not be able to use its full functionality. If you manually display the pictures, the tracking function will be active.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2. Google Marketing Platform

(a) Content, purpose, processing

This website also uses Google Marketing Platform, an online marketing tool. Google Marketing Platform uses cookies in order to show ads that are relevant for the user, improve campaign performance reports and avoid displaying the same ads to a user repeatedly if you have given your prior consent. Google uses a cookie ID to track which ads are displayed in which browser and prevent them from being displayed more than once. In addition, Google Marketing Platform can use cookie IDs to record “conversions” that relate to ad requests. One example of a conversion is when a user sees a Google Marketing Platform ad and later, using the same browser, accesses the advertiser’s website and makes a purchase there. According to Google, Google Marketing Platform cookies do not contain any personal information.

Your browser automatically establishes a direct connection to the Google server based on the marketing tools. We have no control over the scope or further use of the data that Google collects with this tool and are therefore providing this information based on our understanding: When Google Marketing Platform is integrated, Google is told that you have accessed a certain part of our website or clicked one of our advertisements. If you have registered for a Google service, Google will be able to associate the visit with your account. Even if you are not registered with Google or are not logged in, the provider may still discover and store your IP address.

There are several ways to avoid participating in the tracking process:

(i) by setting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving any third-party ads;

(ii) by disabling conversion tracking cookies by setting your browser to block cookies from “ww.googleadservices.com” at https://www.google.com/settings/ads ; this setting will be deleted when you delete your cookies;

(iii) by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign at http://www.aboutads.info/choices ; this setting will be deleted when you delete your cookies;

(iv) by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers at http://www.google.com/settings/ads/plugin . Please note, however, that you may not be able to use the full functionality of our websites if you do this.

(b) Legal basis (GDPR / TTDPA)

The legal basis for processing your data is given in GDPR Article 6(1) point (f). For more information, visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org .

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google . The legal basis for the use of Google is GDPR Article 6(1) point (a).

2.1 Google Analytics and Google Tag Manager

(a) Content, purpose, processing

Our websites use Google Analytics, a web analytics service provided by Google Inc (‘Google’). We use the Google Tag Manager for this purpose. Google Analytics uses “cookies” – text files placed on your computer – to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored on a Google server in the United States. If IP anonymization is activated on this website, Google will, however, truncate your IP address beforehand within the member states of the European Union or within other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. By request of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.

Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.

You can refuse to store cookies by changing your browser settings; please note, however, that you may not be able to use the full functionality of this website in this case. If you do not want Google to collect and process the data that the cookie generates with regard to your use of the website (including your IP address), you can download and install the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout .

If you do not want to use the browser add-on or are using a browser on a mobile device, you can also click this link to prevent any future collection by Google Analytics within this website (the opt-out only works in this browser and only for this domain). This places an opt-out cookie on your device. If you delete your cookies in this browser, you will have to click this link again.

This website uses Google Analytics with the extension “_anonymizeIp()”. This extension ensures that IP addresses are only processed in truncated form and so cannot be linked to a person. The extension therefore prevents you from being identified by any of the data collected on you because it immediately deletes personal data.

We use Google Analytics to regularly analyze and improve the use of our website. If you have consented to its use, the analytical statistics allow us to improve our online presence and give you a more engaging user experience. This website also uses Google Analytics to analyze cross-device visitor flows based on user ID if you have given your prior consent.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.2 Google Ads

(a) Content, purpose, processing

We use Google Ads to advertise our services on external websites. We can track the success of individual advertisements in relation to the advertising campaign data. We want to show you advertising that you find interesting.

Google delivers these ads through “ad servers”. We use ad server cookies to track certain parameters of success such as impressions or clicks. If you reach our website through a Google ad, Google Ads will place a cookie on your PC if you have given your prior consent. These cookies generally expire after 30 days and are not designed to identify you personally. These cookies generally contain various analytical parameters (for example, unique cookie ID, number of ad impressions per placement, last impression and opt-out information).

These cookies enable Google to recognize your internet browser. If a user visits certain pages on an Ads customer’s website and the cookie stored on the user’s computer has not yet expired, Google and the customer will be able to tell that the user clicked the ad and was sent to this page. Each Ads customer is assigned a different cookie. That means that cookies cannot be tracked across multiple Ads customers’ websites. We do not process personal data in connection with the above advertisements. We only receive statistical analyses from Google. We can use these analyses to determine which advertisements have been particularly effective. We receive no further data from using AdWords, nor can we identify users based on this information.

Your browser automatically establishes a direct connection to the Google server based on the marketing tools. We have no control over the scope or further use of the personal data that Google collects with this tool, and are therefore providing this information based on our understanding: When Ads Conversion is integrated, Google is told that you have accessed a certain part of our website or clicked one of our advertisements. If you have registered for a Google service, Google will be able to associate the visit with your account. Even if you are not registered with Google or are not logged in, Google may still discover and store your IP address.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.3 Google Maps

(a) Content, purpose, processing

Our website uses Google Maps which lets us show you interactive maps directly on our websites and gives you convenient access to map functions.

When you visit the website and provide consent, Google is notified that you have accessed a website page containing Google Maps. The provider will then also receive the data described in Section 3 of this policy. This happens whether or not you have a Google account or are logged into a Google account. If you are logged in with Google, your data will be linked to your account. If you do not want this data to be linked to your Google profile, you will have to log out before activating the button. Google stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.4 Google Remarketing

(a) Content, purpose, processing

Our website uses Google Remarketing. If you have given prior consent, Google Remarketing will continue to show you our ads after you leave our website as you continue to use the internet. This feature relies on cookies stored in your browser, which Google uses to track and analyze your user behavior when you visit various websites. This allows Google to recognize that you have visited our website before. According to Google, the data collected during remarketing is not merged with any personal data that Google may have stored on you. Google claims that it uses pseudonymization for remarketing.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3. Social media

We maintain company pages on various social platforms (“social media presence”). These pages contain our latest news, photos and videos and allow interested users to communicate with us.

When you visit our social media presences from our websites, you access them through social media interfaces. We use a “two-click solution” where those interfaces are used. In a two-click system, your personal data is not automatically transferred to the providers the moment you access our website. You can identify the social media provider by its logo. The provider is only notified that you have accessed the page on our website when you activate the associated field by clicking it. You then have the option to share the URL and the information you entered with other users.

The data is processed for the following purposes and required to achieve those purposes.

Communicating with social media channel visitors, processing requests, collecting statistical information on the usage intensity of our social media channels; conducting customer surveys, marketing campaigns, market analyses, sweepstakes, contests or similar promotions or events; resolving disputes and litigation; establishing, exercising or defending against legal claims or litigation; enforcing existing contracts.

Your actions (comments, posts, likes, etc.) on the social media platforms that we use are published by the platform operators.

We have very little influence over data processing by the platform operators. Where we do have influence (e.g. through configuration), we prevail upon the social media platform operator – within the limits of our abilities – to handle data in compliance with data protection laws. However, there are many areas where we have no influence over how social media platform operators process data, nor do we know exactly what data the operator is processing. Since we therefore cannot provide any reliable information about the purpose and scope of their processing of your data, we ask that you review the privacy policy listed below for the relevant platform operator.

3.1. YouTube

(a) Content, purpose, processing

Our website contains embedded YouTube videos that are stored on http://www.YouTube.com and can be played directly by clicking the links shown below:

YouTube is a service of Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “Google”). All videos on our website have been embedded in “privacy-enhanced mode” which means that YouTube will not receive any data about you if you do not play the videos. Before activating the video function, you will only see a preview loaded from our own web server. It is not until you play the video that YouTube will receive the information that you have accessed the corresponding section of our website. The personal data specified in this case will also be transmitted. Once activated, we have no influence on this data transmission.

The data is transmitted regardless of whether or not you have a YouTube account or are logged into a YouTube account. If you are logged in with Google, your data will be linked to your account.

During the data transfer to Google, your personal data is transferred to Google servers, which may also be located in the United States. Data protections in the United States are less rigorous than data protections in the EU. This means, among other things, that the US authorities can access personal data more easily and that there are only limited rights against such measures. When you activate the YouTube video function, you consent to the transfer of personal data to Google.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal basis for processing your personal data is your consent in accordance with GDPR Article 6)(1) point (a) as well as TTDPA § 25(1). You give this consent by activating the video function. When activated, your personal data will be transferred to Google as described above.

3.1.1 YouTube Retargeting

(a) Content, purpose, processing

On our YouTube channels, we use Google Ads, a service provided by Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “Google”). Google Ads allows us to serve ads on YouTube by defining target audiences. We determine who sees our videos based on various criteria offered by Google, such as location, age and interests.

In addition, we use remarketing on YouTube to show personalized ads to viewers on YouTube and video partner sites based on their previous interactions with our videos or YouTube channel. To do this, we create remarketing campaigns that reach people who have taken certain actions on YouTube, including:

  • Watching any video or any of our videos from any of our channels or other channels
  • Subscribing to one of our channels
  • Visiting one of our websites
  • Liking or sharing, or adding to a playlist, any video from one of our channels

At no time are we able to identify an individual user when using Google Ads on YouTube.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.2 X (formerly Twitter)

(a) Content, purpose, processing

Our Twitter pages can be accessed using the following links:

Our Twitter pages are operated on Twitter, a social network of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you visit our Twitter pages, personal data is processed in accordance with Twitter’s privacy policy. You can find this privacy policy here .

We use statistical information relating to the use of our Twitter pages, which Twitter provides in anonymized form through the “Analytics” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your Twitter user name as well as comments and messages that you send us through our Twitter pages
  • Your activity on our Twitter pages through the Twitter Analytics service such as visits to our websites, the volume of interactions, information about which countries and cities our visitors come from and statistics about the gender ratio of our visitors
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.3 XING

(a) Content, purpose, processing

Our Xing pages can be accessed using the following links:

Our XING pages are operated on Xing, a social network operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”).

When you visit our XING pages, XING processes your personal data in accordance with their privacy policy, which you can view here: https://privacy.xing.com/en/privacy-policy .

We use statistical information relating to the use of our XING pages, which XING provides in anonymized form through its statistics service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your XING user name as well as comments and messages that you send us through our XING pages
  • Your activities on our XING pages through the XING statistics service, e.g., the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.3.1 XING AdManager

(a) Content, purpose, processing

We use XING AdManager to draw attention to our products. By using XING AdManager, we define target audiences based on the following criteria:

  • Location (e.g., country, region, city)
  • Companies (e.g., business sectors, names, size)
  • Interests (e.g., member groups, interests)
  • Work experience (e.g., job titles, functions, seniority, skills)
  • Education and training (e.g., degrees, schools, fields of study)
  • Demographic data (e.g., gender, age)

Using its algorithm as a basis, XING displays our content on its platform to users who fit the defined target audience.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.4 Kununu

(a) Content, purpose, processing

Our Kununu pages can be accessed using the following links:

Our Kununu pages are operated on Kununu, a social network operated by Kununu NEW WORK AUSTRIA XING kununu onlyfy GmbH, Schottenring 2-6, A - 1010 Vienna, Austria (“Kununu”).

When you visit our Kununu pages, Kununu processes your personal data in accordance with their privacy policy, which you can view here: https://privacy.xing.com/en/privacy-policy . We use statistical information relating to the use of our Kununu pages, which Kununu provides in anonymized form through its statistics service. It is not possible for us to draw conclusions about individual users or access individual user profiles. We process the following personal data:

  • Your Kununu user name as well as comments and messages that you send us through our Kununu pages
  • Your activities on our Kununu pages through the Kununu statistics service, e.g., the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5 LinkedIn

(a) Content, purpose, processing

Our LinkedIn pages can be accessed using the following links:

Our LinkedIn pages are operated on LinkedIn, a social network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). When you visit our LinkedIn pages, LinkedIn processes your personal data in accordance with their privacy policy, which you can find here .We process the following personal data:

  • Your LinkedIn user name as well as comments and messages that you send us through our LinkedIn pages
  • Information necessary to respond to requests from our visitors

We use statistical information (visits to our websites, the volume of interactions, information about which countries and cities our visitors come from and statistics about our visitors’ area of work) in connection with the use of our LinkedIn company pages, which LinkedIn provides in anonymized form via the LinkedIn “Analytics” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

For this reason, we and LinkedIn are considered “joint controllers” within the meaning of the GDPR and have therefore concluded a joint responsibility agreement in order to meet the requirements of the GDPR. You can find this agreement here . This where you can find all the information that is relevant to you as a data subject, in particular regarding the exercise of your rights as a data subject.

Beyond that, we have no influence on the processing of your personal data in connection with your use of our LinkedIn webpages.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5.1 LinkedIn Campaign Manager

(a) Content, purpose, processing

We use LinkedIn Campaign Manager to draw attention to our products.

Your personal data is processed in LinkedIn Campaign Manager, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). In the event of technical support, teams from LinkedIn Inc. located at 1000 W Maude, Sunnyvale, CA 94085, USA, may access your personal data.

By using LinkedIn Campaign Manager, we define target audiences based on the following criteria:

  • Location (e.g., country, region, city)
  • Companies (e.g., business sectors, names, size)
  • Interests (e.g., member groups, interests)
  • Work experience (e.g., job titles, functions, seniority, skills)
  • Education and training (e.g., degrees, schools, fields of study)
  • Demographic data (e.g., gender, age)

Using its algorithm as a basis, LinkedIn displays our content on its platform to users who fit the defined target audience.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5.2 LinkedIn Lead Generation

(a) Content, purpose, processing

When you use our LinkedIn business account, e.g., by subscribing to download or stream a video or other asset offered, such as a white paper, we process the contact details provided (such as your name, email address and company) for the purpose of providing you with information on the products and services related to the content by sending you private messages or posts. For this purpose, we also use LinkedIn LeadGen Forms, a tool that provides us with user contact information (in accordance with LinkedIn’s User Agreement).

We store your personal data in LinkedIn Campaign Manager, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). In the event of technical support, teams from LinkedIn Inc. located at 1000 W Maude, Sunnyvale, CA 94085, USA, may access your personal data. Data protections in the United States cannot be compared with those in the EU. If you subscribe to our content, you expressly consent to the transfer of your personal data to the United States.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

3.5.3 LinkedIn Insight Tag

(a) Content, purpose, processing

Our websites use the conversion tool “LinkedIn Insight Tag” of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool creates a cookie in your web browser, which allows the collection of data such as: IP address, device and browser properties and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us but provides anonymized reports on website target audience and ad performance. In addition, LinkedIn offers the possibility of retargeting visitors with the Insight Tag. We can use this data to display targeted advertising outside of our websites without identifying website visitors. For more information on data protection at LinkedIn, please refer to LinkedIn’s privacy policy. You can find this privacy policy here .

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our websites (“opt-out”), click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.6 Instagram

(a) Content, purpose, processing

Our Instagram pages can be accessed using the following links:

Our Instagram pages are operated on Instagram, a social network owned by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, the service provider for Instagram. When you visit our Instagram pages, Instagram processes your personal data in accordance with their privacy policy, which you can find here .

We use statistical information relating to the use of our Instagram pages, which Instagram provides in anonymized form through the Instagram “Insights” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.We process the following personal data:

  • Your Instagram user name as well as comments and messages that you send us through our Instagram pages
  • Information necessary to respond to requests from our visitors
  • Your activity on our Instagram pages through the Instagram Insights service such as visits to our websites, the range of posts, information about which countries and cities our visitors come from and statistics about the gender ratio of our visitors

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.7 Facebook

(a) Content, purpose, processing

The Provadis Facebook page can be accessed using the following link: https://www.facebook.com/provadis .

The Provadis Facebook fan pages are operated on Facebook, a social network of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Facebook”). When you visit the fan pages, Facebook processes your personal data in accordance with their privacy policy, which you can find here .

We use statistical information relating to the use of the fan pages, which Facebook provides in anonymized form through the Facebook “Insights” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

Provadis processes the following personal data:

  • Your Facebook user name as well as comments and messages that you send us through the fan pages
  • Information necessary to respond to requests from fan page visitors
  • Your activity on the fan pages about the Facebook Insights service such as visits to our fan pages, the range of posts, information about which countries and cities the fan page visitors come from and statistics about the gender ratio of our visitors

More information about Facebook Insights can be found here .

For this reason, Provadis and Facebook are considered “joint controllers” within the meaning of the GDPR and have therefore concluded a joint responsibility agreement in order to meet the requirements of the GDPR. You can find this joint responsibility agreement here . This where you can find all the information that is relevant to you as a data subject, in particular regarding the exercise of your rights as a data subject.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.7.1 Meta Ads Manager

(a) Content, purpose, processing

Provadis uses the Meta Ads Manager to draw users’ attention to the Provadis company presence on Facebook, Instagram, in the Meta Audience Network and in Messenger and its content (posts) and to attract new followers. With this service, Provadis can show targeted Provadis content and the Provadis channel as a recommendation to Facebook and Instagram users who may not be subscribed to the Provadis channel based on their interests and interactions. The groups of people can be defined based on the general characteristics of place of residence, age, gender, language and interests. It is not possible to select individual users.

Beyond the processing of personal data mentioned in this privacy policy, Provadis has no influence on the processing of personal data in connection with the use of the fan pages.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.7.2 Facebook Custom Audiences

(a) Content, purpose, processing

On our websites, we use a “tracking pixel” of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, a subsidiary of Meta Platforms, Inc. 1601, Willow Road Menlo Park, CA 94025, USA. We use the Meta pixel to track the success of our own Meta ad campaigns and to optimize Meta ad campaigns based on target audiences.

After clicking on a Meta ad or visiting our websites, the pixel on our websites stores a cookie on the user’s device. The cookie processes data about whether the user arrived at our websites via a Meta ad and allows us to analyze the user’s behavior until the purchase is completed. This allows us to track the success rate of our own Meta ad campaigns. In addition, the pixel processes data about the fact that the user has visited our websites and makes it possible to optimize Meta ad campaigns based on target audiences.

When you visit our websites, a direct connection to Meta’s servers is established via the Meta pixel integrated on our websites. The cookie-generated information about the use of these websites (including the user’s IP address) is transmitted to Meta.

You can find more information about data protection at Facebook at https://www.facebook.com/privacy/policy/ .

The cookies are persistently stored on the end device even after the web browser has been closed, which makes it possible to recognize users the next time they visit our websites. The collected data is anonymous for us and does not allow us to draw any conclusions about the user. If the user is registered with Facebook, Meta can associate the collected information with the user account. Even if the user does not have a Facebook account or is not logged in when visiting our websites, it is possible for Meta to process and store the IP address and other data identifying the user.

If users have deleted the cookies in their browser, they can prevent new cookies from being set by making the relevant settings in their Facebook account at https://www.facebook.com/settings?tab=ads .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

3.8 WhatsApp Business

(a) Content, purpose, processing

We use WhatsApp Business, a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as an information hotline for interested parties. Any contact is made exclusively by the interested party. We do not store the interested party’s data nor do we use the data to contact the interest party.

The WhatsApp Business provider is responsible for data processing if users use the web-based WhatsApp Business messenger service or have downloaded the app to their mobile device. However, it is only necessary to call up this page or this app if the user wishes to use it to communicate with us. In general, please be advised that the security of individual services may depend on the user’s account settings. Even when end-to-end encryption is used, the service provider can draw conclusions about the fact that users communicate with us, and when, and can, if applicable, collect location data.

When using the messenger service, the personal data provided by the user and, if applicable, other personal data such as usage data (interests, access times) as well as meta and communication data (device information, IP address) is processed by the messenger service provider.

Personal data processed in connection with the request made by the user will generally not be disclosed to third parties unless it is intended for disclosure. The messenger service provider has information about the above-mentioned data.

You can find more information about data processing by the messenger service provider here: https://www.whatsapp.com/privacy .

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

3.9 Social Listening

(a) Content, purpose, processing

As part of our social media activities, we also use “social listening” or “social monitoring” technologies (hereinafter collectively referred to as “social listening”) to get a picture of how our products and services are perceived and identify what we can do better. We do this by submitting a search request on a social network and then evaluating the presented comments and posts. We can only view posts that have been made freely available to an unrestricted public by the users of the social network.

The data collected as well as the scope of data processing is basically determined by the type and content of the search request and the posts. For example, we may collect a text-based post or an uploaded image file.

We generally only receive statistical data in response to our search requests. In isolated cases, however, the search results can also show us specific posts and comments that allow us to draw conclusions about individual users, for example, if the results contain a user name that may also be that user’s real name. These kinds of posts solely serve as samples of public perceptions.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

4. Web crawler tool

(a) Content, purpose, processing

We use the tools Echobot, SnapAddy and the D&B Hoovers company database to determine company and personal data.  These tools digitize data and/or discover and process digitally available data from public sources. The systems obtain and process data from online news, blogs, company websites, register databases and business social media networks, websites, business cards and email signatures. You can find detailed information on this in the system operators’ privacy policies:

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

5. Provadis Coach

(a) Content, purpose, processing

Provadis Coach is used for business purposes for a booked seminar, traineeship or employment relationship. Users can receive learning content as well as appointments through Provadis Coach. It is also used for internal communication among users and instructors/trainers. Users must register with their first and last name or email address and a password assigned by us, which they must change themselves after the first login.

When using our Provadis Coach, we store the personal data required for contract performance until the user’s account is permanently deleted at the end of training, continuing education or degree program. Furthermore, we store the user-provided data for as long as Provadis Coach is used unless the user has previously deleted it. Users can manage and change all the data in a protected customer area.

When Provadis Coach is used, the user’s personal data may become accessible to other Provadis Coach users. Non-registered members cannot receive any information about the users. All registered members can see the user name regardless of its sharing status.

To prevent unauthorized access to personal data by third parties, the connection is encrypted using SSL technology.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

6. Video conferencing software in teaching

(a) Content, purpose, processing

(i) Generally applicable provisionsWe use the video conferencing software “Zoom” of Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, United States of America, when we provide virtual and hybrid classes.

This service can generally be used in your browser without the need to set up a user account. In this case, the provider collects and stores the following data to technically establish the connection:

  • IP address of your end-user device
  • Date and time of use
  • Time zone difference from Greenwich Mean Time (GMT)
  • Access status/HTTP status code
  • Data volume transferred
  • Browser
  • Operating system and its interface
  • Browser language and version

You can find more information about data privacy at Zoom at https://explore.zoom.us/en/privacy/ .

(ii) Additional provisions regarding user accounts for teachers

When using the service as a teacher, a user account is created for the teacher with the service provider. In this case, the following data will be stored in addition to the usage data specified above:

  • Email address
  • Last and first name
  • Preferred language
  • User ID and password

The users consent to the use and storage of this additional personal data when they click the activation link in the invitation and create the user account. If they do not consent to the use, the personal data will be automatically deleted after 30 days. If they consent to the use, the account and related personal data will be deleted when they no longer teach for the Provadis Group.

(b) Legal basis (GDPR / TTDPA)

Regarding (i) The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b) (with regard to subsequent processing activities).

Regarding (ii) The legal bases are given in TTDAP § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (a) (with regard to subsequent processing activities) and TTDAP § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b) (with regard to subsequent processing activities).

III. Processing activities by third parties

Listed below are the processing activities that we carry out using third parties.

1. Third-party booking tools

(a) Content, purpose, processing

Whenever users wish to book individual appointments on our website, this is usually done using third-party booking tools. Information required for booking the appointment is highlighted; the other information is voluntary. We process the user-provided data to manage the booking. The data is stored for a maximum period of one year from the end of the appointment.

The following additionally applies for booking individual appointments at the Industrial Clinic of Infraserv GmbH & Co. Höchst KG: When appointments are booked, data is collected only to the extent necessary to clearly associate the person with the selected appointment and match this data to the Industrial Clinic’s medical database. This data matching is done manually at the Industrial Clinic and by the Industrial Clinic’s own staff. There is no IT interface with the Industrial Clinic’s system. Individual appointments at the Industrial Clinic are stored at the Industrial Clinic for 120 days from the end of the appointment.

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b).

2. Other websites of third parties

(a) Content, purpose, processing

Our website links to other websites so that users can receive interesting and related information. Our website also uses or links to third-party apps. These websites or mobile apps operated by third parties outside of our website or apps are not under our control and are not covered by this privacy policy. When users access other websites or use mobile apps by clicking the available links, the website or mobile app operator can collect the users’ personal data. Users are responsible for the disclosure of personal data. We are not responsible, legally or otherwise, for what third parties do:

(b) Legal basis (GDPR / TTDPA)

The legal bases are given in TTDPA § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).