Privacy Policy of the Infraserv Höchst Group

Our privacy policy has been translated into English for the convenience of our English-speaking visitors and users of our websites and apps. In cases of doubt as to the appropriate interpretation, only the German text will control.

Copyright notice:

The works on our websites and apps are protected by copyright. Any use that is not expressly permitted requires the prior consent of the company named in the legal information section. This applies, without limitation, to reproductions, edits, and storage and processing in electronic systems.

Last updated: May 30, 2025

A. GENERAL INFORMATION

I. General information

1. We are delighted that you are interested in our company. The protection of your personal data is important to us. In the following section, we inform you how we handle your personal data in accordance with Article 12 of the General Data Protection Regulation (GDPR). Personal data is any information relating to an identified or identifiable natural person (“data subject”). This includes information such as name, address, email address, phone number and date of birth.

“We” refers to the Infraserv Höchst Group company that is processing the data and listed under the link below: www.infraserv.com/infraserv-hoechst-gruppe .

In addition, KFT Chemieservice GmbH ( www.kft.de/en ) has specific provisions that can be found in the following privacy policy: https://www.kft.de/en/data-protection-declaration .

2. The controller as defined in Article 4(7) of the General Data Protection Regulation is as follows:

(a) For processing carried out by Infraserv GmbH & Co. Höchst KG
Legal information: www.infraserv.com/impressum

(b) For processing carried out by Infraserv Logistics GmbH
Legal information: www.infraserv-logistics.com/impressum

(c) For processing carried out by Infraserv Netze GmbH
Legal information (in German only): www.infraserv-netze.com/impressum.html

(d) For processing carried out by Thermal Conversion Compound Industriepark Höchst GmbH
Legal information: www.infraserv.com/t2c

(e) For processing carried out by Infraserv Höchst Prozesstechnik GmbH
Legal information: www.infraserv.com/prozesstechnik

Provadis Group companies

(f) For processing carried out by Provadis Partner für Bildung und Beratung GmbH
Legal information (in German only): www.provadis.de/impressum

(g) For processing carried out by Provadis School of International Management and Technology AG
Legal information (in German only): www.provadis-hochschule.de/impressum

(h) For processing carried out by Provadis Professionals GmbH
Legal information (in German only): www.provadis-professionals.de/impressum

3. Data protection officer of the companies mentioned under a. to h. above:

Infraserv GmbH & Co. Höchst KG
Data Protection Officer
Industriepark Höchst, C 770
65926 Frankfurt am Main
Email: datenschutz (at) infraserv.com

4. When you contact us by email or through a contact form, we process the data you provide (for example, your email address, name and phone number if provided) in order to respond to your questions. We will delete any data that we may collect in this process once we are no longer required to store it. We are generally required by tax and accounting laws to retain your address, payment and order data for ten years. If there is a legal basis for further processing (for example, another legal retention period), we will restrict processing as much as possible.

II. Your rights as a data subject under the GDPR

You are a “data subject” within the meaning of the GDPR if your personal data is processed. You have the following rights vis-à-vis us as the controller.

If possible, email your requests regarding the exercise of your rights to the address stated under A. I. 2 in the respective legal information/notice or directly to our data protection officer (see A. I. 3) or to the subject-specific addresses stated below.

1. Right of access

You can request confirmation from us regarding whether or not we process your personal data.

If such processing takes place, you can request us to provide information about the following:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that is processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) the planned length of time that the personal data concerning you will be stored or – if specific details are not available – the criteria used to determine that length of time;

(5) the existence of the right to rectify or erase personal data concerning you; the right to restrict processing by the controller; and the right to object to such processing;

(6) the existence of the right to lodge a complaint with a supervisory authority;

(7) all available information on the origin of the data if the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to GDPR Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved and about the significance and envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards in connection with the transfer pursuant to GDPR Article 46.

This right of access may be limited wherever access will likely make it impossible or impracticable to achieve the research or statistical purposes and the limitation of your right is necessary in order to achieve the research or statistical purposes.

For AI-based data processing, your right of access extends to processing activities and functions of the AI systems used for data processing.

2. Right of rectification

You have the right to request that we correct and/or complete your personal data in accordance with GDPR Article 16 if the processed personal data concerning you is incorrect or incomplete.

Your right to rectification may be limited wherever rectification will likely make it impossible or impracticable to achieve the research or statistical purposes and the limitation of your right is necessary in order to achieve the research or statistical purposes.

3. Right to erasure

3.1 Obligation to delete

You can request that we immediately delete the personal data concerning you. We are obligated to delete this data immediately if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to GDPR Article 6(1) point (a) or Article 9(2) point (a) and there is no other legal basis for processing.

(3) You object to the processing pursuant to GDPR Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Article 21(2).

(4) The personal data concerning you was processed unlawfully.

(5) The erasure of personal data concerning you is necessary for compliance with a legal obligation to which we are subject under Union or Member State law.

(6) The personal data concerning you was collected in relation to information society services offered in accordance with GDPR Article 8(1).

3.2 Information shared with third parties

If we made the personal data concerning you public and are required to delete it in accordance with GDPR Article 17(1), we will take appropriate measures, including technical measures, to inform data controllers who process the personal data that you have requested the erasure of all links to, or copies or replications of, such personal data. These measures will take into consideration the available technology and implementation costs.

3.3 Exceptions

The right to erasure does not apply if the processing is necessary

(1) to exercise the right to freedom of expression and information;

(2) to fulfill a legal obligation that requires the processing under Union or Member State law to which we are subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in us;

(3) for reasons of public interest in the area of public health pursuant to GDPR Article 9(2) point (h) and (i) and Article 9(3);

(4) for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes in accordance with GDPR Article 89(1) insofar as the right referenced in section (a) will likely make it impossible or impracticable to achieve the objectives of this processing; or

(5) for asserting, exercising or defending legal claims.

4 Right to restriction of processing

You can request the restriction of processing of personal data concerning you in accordance with GDPR Article 18 under the following conditions:

(a) if you dispute the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of the personal data;

(b) the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of its use instead;

(c) we no longer need the personal data for the purposes of the processing, but it is required by you for establishing, exercising or defending legal claims; or

(d) you objected to the processing pursuant to GDPR Article 21(1) and it is not yet clear whether our legitimate grounds outweigh yours.

If the processing of the personal data concerning you has been restricted, such data may, with the exception of storage, only be processed with your consent or for establishing, exercising or defending legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

We will notify you before lifting any restrictions on processing imposed pursuant to the above conditions.

Your right to restriction of processing may be limited wherever restriction of processing will likely make it impossible or impracticable to achieve the research or statistical purposes and the limitation of your right is necessary in order to achieve the research or statistical purposes.

5 Right to be informed

If you have the right to request rectification, erasure or restriction of processing from us, we are obligated to communicate the rectification, erasure or restriction to all the recipients of personal data concerning you unless doing so proves impossible or impracticable.

You have the right to be informed about these recipients.

6 Right to data portability

You have the right to receive any personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. After this data has been provided, you also have the right to transmit this data to another controller without hindrance from us provided that

(a) the processing is based on consent pursuant to GDPR Article 6(1) point (a) or Article 9(2) point (a) or on a contract pursuant to GDPR Article 6(1) point (b); and

(b) the processing is carried out using automated means.

When exercising this right, you also have the right to have the personal data concerning you transferred directly from us to another controller where technically feasible. This must not interfere with the freedoms and rights of others.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7 Right to object pursuant to GDPR Article 21

You have the right to object at any time to the processing of your data that is carried out on the basis of GDPR Article 6(1) point (f) (data processing on the basis of a balance of interests) or GDPR Article 6(1) point (e) (data processing in the public interest) if there are grounds for doing so that arise from your particular situation. This also includes profiling based on this provision within the meaning of GDPR Article 4(4).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

We also process your personal data in individual cases for direct marketing purposes. If you do not wish to receive marketing communications, you have the right to object to this at any time; this also applies to profiling insofar as it is associated with such direct marketing. We will abide by this objection in the future.

We will no longer process your data for direct marketing purposes if you object to processing for these purposes.

The objection can be made in any form and, if possible, should be sent to the addresses listed below.

(a) For direct marketing/advertising done by us (excluding companies of the Provadis Group), send an email to: marketing (at) infraserv.com

(b) For direct marketing/advertising done by companies of the Provadis Group, send an email to: marketing (at) provadis.de

(c) If using the social media platforms and / or web analytics services used by us, you can also assert your rights against the relevant platform operators and web analytics service providers. You can find the relevant contact details in the operator’s or service provider’s privacy policy.

In connection with the use of information society services, and notwithstanding Directive 2002/58 EC, you also have the option of exercising your right to object by means of automated procedures using technical specifications.

8 Right to withdraw statement of consent under data protection law

You have the right to withdraw your consent at any time. The withdrawal only takes effect for the future; that is, the withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

If you withdraw your consent, your data covered by the consent will be deleted as required under the law. If processing is based on consent, the withdrawal should be addressed to the following contact addresses where possible:

(a) With regard to applications for our job postings or internships (excluding Provadis Group companies): karriere (at) infraserv.com or by regular mail to the following address: Infraserv GmbH & Co. Höchst KG, HR Services, Bldg. C 770, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(b) With regard to applications for training and internship positions with Provadis Partner für Bildung und Beratung GmbH: ausbildung (at) provadis.de or by regular mail to the following address: Provadis Partner für Bildung und Beratung GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(c) With regard to applications with Provadis Professionals GmbH: service (at) provadis-professionals.de or by regular mail to the following address: Provadis Professionals GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

(d) With regard to applications with Provadis School of International Management & Technology: info (at) provadis-hochschule.de or by regular mail to the following address: Provadis School of International Management & Technology, Industriepark Höchst, Bldg. B 835, 65926 Frankfurt am Main, Germany.

(e) If you wish to unsubscribe from one of our newsletters (excluding Provadis Group companies): marketing (at) infraserv.com

(f) If you wish to unsubscribe from one of the newsletters published by a Provadis Group company: abmeldung (at) provadis.com or by regular mail to the following address: Provadis Partner für Bildung und Beratung GmbH, Personnel Center, Bldg. B 852, Industriepark Höchst, 65926 Frankfurt am Main, Germany.

9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, the data subject – you – have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, if you believe that our processing of your personal data infringes the GDPR. The data protection authority with jurisdiction over us is the Hessian Commissioner for Data Protection and Freedom of Information:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Phone: +49 611 1408-0
Email: poststelle (at) datenschutz.hessen.de

III. Categories of recipients

At our company, access to your data is granted to the people and departments that need the data to fulfill our contractual and / or legal obligations. Service providers and agents for whom we are vicariously liable (“Erfüllungsgehilfen”) may also receive data for these purposes. They include, but are not limited to, companies in ICT services, logistics, educational services, consulting, sales and marketing as well as public bodies.

Otherwise, we will only disclose information about you if you have consented to us doing so.

IV. Transfer of personal data to third countries

Personal data will only be transferred to third countries (countries outside the EU) if the specific requirements of GDPR Article 44 et seq. are met:

1 Adequacy decision

The transfer of data to a third country is permitted under GDPR Article 45(1) where the EU Commission has decided that the third country ensures an adequate level of protection. If the EU Commission has issued such an adequacy decision for a third country, the data transfer is permitted provided that the other requirements of the GDPR are met.

2 Standard data protection clauses

If there is no adequacy decision within the meaning of GDPR Article 45(1) for a third country, preformulated clauses of the EU Commission (the “standard data protection clauses”) may ensure an adequate level of data protection and be used as the legal basis for data transfers in accordance with GDPR Article 46(2) point (c). The standard data protection clauses must be the binding basis for the data transfer. However, the standard data protection clauses alone are not always sufficient to ensure an adequate level of protection. Instead, data exporters must also verify that the applicable third country’s legal situation and practices do not restrict the level of protection provided by the standard data protection clauses.

3 Existence of other suitable guarantees or exceptions

Furthermore, data transfers to third countries are also permitted without an adequacy decision or standard data protection clauses if additional appropriate safeguards in accordance with GDPR Article 46 are in place.

4 Exceptions pursuant to GDPR Article 49

The exceptions set out in GDPR Article 49 can also justify a transfer of personal data to a third country. In particular, data transfers to a third country are also permitted if the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;

Due to the laws of third countries (e.g., the CLOUD Act in the United States), there is a possibility that parties such as government agencies may access your personal data without us or you having the ability to prevent, stop or control this, even if the aforementioned prerequisites are met.

V. Technical means used, data collected for technical purposes and use of cookies

1 Technical means used and data collected for technical purposes

We use data on this website and for the provision of our services which your browser or the system transmits so that you can visit the website and use the services. Here are some examples of data that is generally used: IP addresses, requested content, operating system and its interface, language settings, technical status information, date and time of the request.

We use the data collected for the technical administration and further development of our website and services. For particular services, we use additional technologies that collect data for special purposes that goes beyond the basic data for technical administration and further development. The technologies used in each particular service are indicated in the individual entry forms and in the explanation in Part B – Special section of this Privacy Policy.

2 Use of cookies

2.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to ensure that our website functions properly. Some elements of our website require that the browser used to access the site be identifiable even after moving from one page to the next. We also use cookies on our website to analyze user behavior.

The data stored and transmitted in cookies is described in the cookie preference center (accessible on the relevant website) and explained in more detail, including the legal basis and purpose of processing, under section B. of this privacy policy in the context of the relevant processing activities.

2.2 Storage duration, objection and deletion options in the cookie preference center

Cookies are stored on the user’s computer and transmitted to our website. This means that you, the user, have full control over how cookies are used. You can disable or restrict the storage of cookies by adjusting your internet browser settings. You can delete cookies that have already been saved at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to use all of the website’s features to their full extent. You can manage your personal preferences in our cookie preference centers (for Infraserv Höchst in the footer of https://www.infraserv.com under "Cookie-Settings") on various websites. In these preference centers, you can activate or deactivate optional cookies and find detailed information on the individual cookies and their intended use.

VI. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. Any changes will be announced by publishing the amended Privacy Policy on our website. The changes will take effect immediately unless otherwise specified.

B. SPECIAL PART

I. Own processing activities

Listed below are the processing activities that we as the controller carry out, in some cases using processors.

1. Using our online platforms

(a) Content, purpose, processing

Our online platforms can be used in various ways by authorized users such as employees, business customers, partner companies and other interested parties. This includes, among others, online registrations for visitors, registrations for events, training courses, seminars, applications for photo permits or removal permits, or services relating to partner company management (such as supplier registration).

If you want to use our online platforms (for example, our Industriepark Höchst site website at www.industriepark-hoechst.com ), you will generally have to register by providing your email address, user name and a password of your choosing. We do not require you to provide your real name; you may use a pseudonym, but we do not recommend it.

We use the double opt-in method for registration, which means that your registration will not be completed until you have confirmed it by clicking the confirmation link in a special confirmation email sent to you. If we do not receive your confirmation within 48 hours, or within 15 days for individual applications, your registration will be automatically deleted from our database. The above data must be entered to complete the registration. You can enter all other information voluntarily.

When you use the online platforms, your contact details may become accessible to other online platform users through the search function. For example, you can look up the phone numbers of other online platform users if they have released them.

Non-registered members cannot receive any information about you. All registered members can see your username regardless of its sharing status. We will share your data with our key relationship bank for processing any payment obligation you may have entered into. If you use our online platforms, we will store your data until you permanently delete your account.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in the German Telecommunications Digital Services Data Protection Act (TDDDG) § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

2. Using our mobile apps

(a) Content, purpose, processing

(i) When you download the mobile app to your device, the app store receives certain necessary information including your user name, email address, customer number for your account, time of the download, payment information and the individual device ID. We have no control over or responsibility for this data collection. We process the data only to the extent required for the mobile app to download to your mobile device.

(ii) In certain cases, we may also require additional information such as your device ID, International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI), Mobile Station International Subscriber Directory Number (MSISDN), MAC address for Wi-Fi use, name of your mobile device or email address.

(iii) Using your address book, calendar, photos and reminders

When you first use mobile apps that we are responsible for, a pop-up window will appear in which we ask for permission to use your personal data (from your address book or calendar, for example). If you do not give consent, you will not be able to use all the features of our app. You can also give or withdraw your consent in the app’s settings or in your operating system at a later time.

If you have consented to us accessing personal data, the mobile app will only access your data and transfer it to our server to the extent required to provide the associated function. We will treat your data confidentially and delete it if you withdraw your consent to use it or if your data is no longer needed to provide the services and is not covered by any legal retention obligations.

(iv) Collection of your location data

We use location-based services to provide special services based on your location. You can use these functions only after having given us your permission in a pop-up window to collect your anonymized location data (for example, using GPS) for the purpose of providing services. You can activate or deactivate the functions at any time in the app’s settings or your operating system’s settings. Your location is only transmitted to us when you use location-based app functions. Your location data will not be used to generate a location history outside of your current location.

(v) Push messages

Using the function to receive push messages in our mobile apps is optional and not required to use our services. We only use this function to transmit general information about our services and organizational information.

To send push messages to mobile devices, we use the services of OneSignal, Inc, 2850 S Delaware St Suite 201, San Mateo, CA 94403, United States (also referred to as “Push Service Provider”). The push messages are sent using a pseudonymous push token assigned by the push service or by the operating system that you use.

The push service uses this push token to store data such as device type, time of use, IP address when used, language setting as well as the wording of push messages transmitted to the device and the status of your push subscription and associates this data with your mobile device. The push service provider cannot associate this data with any other personal data of yours.

You can revoke your consent at any time by turning off the “Receive push messages” feature in the app settings or disabling the receipt of push messages in the operating system settings. You can find OneSignal’s privacy policy at: https://onesignal.com/OneSignalSAASPrivacyPolicy.pdf

(vi) Crash notifications

We rely on anonymized crash reports to improve the stability and reliability of our apps.

  • iOS apps: If you have voluntarily and explicitly agreed to the transmission of a crash report in the app settings or after a crash, anonymous information about the crash (state of the app at the time of the crash, stack trace, manufacturer and operating system of the cell phone, last log messages) is transmitted to Apple, Inc., One Apple Park Way, Cupertino, CA 95014, United States, where it is stored for analysis. According to Apple, Inc., this information does not contain any personal data.
  • Android apps: If you have voluntarily and explicitly agreed to the general transmission of crash notifications to Google when setting up your mobile device and your app crashes, information (state of the app at the time of the crash, stack trace, manufacturer and operating system of the cell phone, last log messages) is transmitted to Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States, where it is stored for analysis. According to Google LLC, this information does not contain any personal data.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

3. Using our forums

(a) Content, purpose, processing

Authorized users can read our forums without having to register. If you want to actively participate in the forum, certain forums require you to register by providing your email address as well as a password and username of your own choosing. We do not require you to provide your real name; you may use a pseudonym if you wish.

We use the double opt-in method for registration, which means that your registration will not be completed until you have confirmed it by clicking the confirmation link in a special confirmation email sent to you. If we do not receive your confirmation within 48 hours, or within 15 days for individual applications, your registration will be automatically deleted from our database.

To gain access to the forums, users must provide a username, password and email address. If you sign up for a forum account, we will store your registration data and all your forum activities for as long as you remain registered.

Neither the administrator of these forums nor the participating moderators are responsible for the users’ activities. Please note that all the personal data you provide in forums becomes public data. You should exercise caution when deciding to publish personal data. We may remove or modify any data published in these forums if we or third parties believe that the data is unlawful.

If you delete your account, your public statements – especially forum posts – will remain visible for all viewers. Your account, however, can no longer be accessed and will be marked as “Guest” in the forum. All other data will be deleted.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

4. Using an Infraserv GmbH & Co. Höchst KG (“Infraserv”) hotspot

(a) Content, purpose, processing

Infraserv allows users to access the internet over Wi‑Fi at specially designated locations (also referred to as hotspots) within the limits of current technical and operational capabilities. Wi-Fi technology is used to establish wireless data communications between the hotspot and the user’s Wi-Fi device. When the parties’ interests are balanced against each other as required by law, the legitimate interests cited above are not overridden by the fundamental rights and freedoms of data subjects with regard to the protection of personal data. Data processing is therefore an unavoidable consequence of using the hotspot.

When providing internet access, Infraserv records, for technical reasons, nothing more than the MAC address (“Media Access Control address” or also “physical address”) of the access device being used, the date on which the services were used and how long they were used. This data is only stored temporarily and is deleted once it is no longer needed to fulfill the purpose for which it was originally processed.

Infraserv does not store or otherwise process any other personal data when providing internet access.

Infraserv is a service provider for the purposes of the German Digital Services Act (DDG) § 1 and German Telecommunications Digital Services Data Protection Act (TDDDG) § 2.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

5. Using our information and contact options prior to entering into a contract

(a) Content, purpose, processing

Where we offer information and contact options on our website (such as sending out advertising brochures, call-back procedures, requests for offers, options to register for events, training courses, seminars or classes), we will use your data solely for this purpose. The data you provide will be stored for no more than three months unless you have expressed an interest in additional information or services. In the latter case, we will store the data for processing as required.
When a contract has been formed, we are generally required by tax and accounting laws to retain your address, payment and order data for ten years.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

6. Using the option to register for events, training courses or seminars

We can also process the data you provide to notify you regularly or sporadically of other attractive products in our portfolio or to send you emails containing relevant information.

7. Processing job applications

(a) Content, purpose, processing

Our company processes and stores personal data that you provide in your online application solely for the purpose of conducting the application process.

When you apply for a training position, internship or cooperative degree program, the data will also be processed by the company at which the practical training takes place (“training partner company”).

When you apply for a position through a personnel leasing company or employment agency, the data will also be processed by the relevant partner company (“partner company”).

Your applicant data will be stored for six months after receipt. If you are offered the option of storing your data for another six months before the end of the six-month period, we will contact you well in advance. The maximum storage period is 24 months. If your application is unsuccessful, the data will be deleted within six months of the rejection date.

Where necessary, Provadis School will process the personal data you provide on your online application in order to complete a work placement under the cooperative education system together with the partner companies of Provadis School. This entails sending to the relevant companies the data and documents that have been provided and digitally stored, such as résumés, all available report cards, letters of reference and other certificates (especially language certificates). If the contract with Provadis School is terminated and/or no more work placements are made, the personal data will be deleted after no more than 24 months.

We process the personal data from your job application, which you disclose on our Careers page (using the online application form, as an attachment or as a paper application where specified), for the purpose of selecting applicants. If you are suitable, your data will be transferred within the Infraserv Höchst Group or to the (training) partner companies for further processing as part of the selection process, both with regard to the specific position and with regard to comparable positions. This data can be accessed by the relevant company managers and, in the case of training positions, internships, cooperative degree programs, personnel leasing or employment agencies, by the relevant managers of the (training) partner companies.

We process certain personal data from your job application and during the selection process, including:

  • First and last name
  • Résumé photo
  • Nationality
  • Contact details (such as home address, phone number)
  • Adult/minor
  • Application data (such as diploma, grades, career preferences, internships, professional experience, letters of reference)
  • Data from application questionnaires
  • Data from aptitude tests (which may still have to be conducted)
  • Data from job interviews (which may still have to be conducted)
  • Information channels that led to the job application

Details regarding the information channels that led you to us will always be anonymized before we analyze it and use it for marketing campaigns.

If your application includes special categories of personal data (for example, information about your health, or a photo that allows us to infer your ethnic background, your visual acuity and/or religion), this data will only be processed so that we can consider your application it its present form in the first place. The information will not be used during the application process unless the law requires us to do so, especially in the case of applications submitted by individuals with severe disabilities. Your data will not be transferred to any third parties except for the (partner) companies named above. You are under no obligation to provide these special categories of personal data with your application.

Any aptitude test that you may complete will consist of several different task groups. The test data will be stored exclusively in our systems. We use this data to determine your aptitude. In the event of a rejection, the corresponding personal data will be deleted at the same time. If an applicant is accepted, this data will be stored for the duration of the statutory retention period (generally 10 years) and then deleted.

(b) Legal basis (GDPR / TDDDG)

The legal basis is given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) points (a), (b), Article 9 (with regard to subsequent processing activities).

8. Using of "MIKA"

(a) Content, purpose, processing

On the platform we call "MIKA", users are presented with company-specific content on a personalized communication and information platform. This platform is provided by Staffbase GmbH, Annaberger Str. 73, 09111 Chemnitz ("Staffbase"). MIKA can be accessed via both business and private devices. There is a dedicated app for smartphones. Third parties (e.g. customers and suppliers) can use the public part of the app or our websites.

Before using the browser version or downloading the mobile app from the Apple App Store or Google Play Store, you will be informed about the processing of personal data and must consent to the processing.

Users of the app can be notified of new posts using the iOS and Android push function. They can also decide whether they wish to receive notifications of new posts by email. This must be set at the start of using the app; the setting can be changed at any time, the default setting is "activated".

For the technical dispatch of the notification, the backend sends a corresponding interface call to each potential recipient when a new article is published. To perform the service, the device ID of the end device is stored with the assignment to the user account when notifications are activated.

User data is only provided by Staffbase in aggregated form and does not allow any conclusions to be drawn about natural persons. The evaluations in the analysis area also do not allow any conclusions to be drawn about the user. We can only view the following evaluations: Frequency of views, comparison of views and interaction with content over any period of time, analysis of different content types (such as news, pages and chat, filtering of user activity based on group memberships).

To support the provision of Staffbase services, Staffbase uses the sub-processors listed in the following link: https://staffbase.com/de/legal/unterauftragsverarbeiter/

Within MIKA, it is possible to post articles and make comments. These are published using the respective user profile with first name and surname next to the post or comment. The respective author is responsible for the content. The content is not checked by the company before publication. However, we reserve the right to delete them, especially if they violate laws or our internal guidelines.

(b) Legal basis (GDPR / TDDDG)

The legal basis is TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and Article 6(1) point (a) (with regard to subsequent processing activities) and GDPR Article 6(1) point (f).

9. Video surveillance

(a) Content, purpose, processing

We own and operate Industriepark Höchst (“IPH”) and conduct video surveillance of the industrial park’s outer perimeter, individual facilities and individual lots. Our surveillance is conducted in accordance with our right, as the property owner, to keep out trespassers and with applicable laws, regulations and government requirements to protect our land and the buildings, equipment and individuals on it.

The areas under our video surveillance are marked as follows: with regard to perimeter protection, the information is provided using a pictogram and a reference to the responsible unit at the gates of IPH, and otherwise in the vicinity of the area under video surveillance.

When the parties’ interests are balanced against each other as required by law, the legitimate interests cited above are not overridden by the fundamental rights and freedoms of data subjects with regard to the protection of personal data. Data processing is therefore an unavoidable consequence of entering the area under video surveillance.

We store video recordings for a limited period of time in order to achieve the purpose cited above during our regular business hours. The recordings are then automatically deleted unless this purpose requires a longer processing period in conjunction with one of the legal bases.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b), GDPR Article 6(1) point (c), GDPR Article 6(1) point (d) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

II. Processing activities using third parties or under joint responsibility

In some cases, your data is processed using third parties within the meaning of GDPR Article 4(10) or under joint responsibility pursuant to GDPR Article 26.

1. Newsletter

(a) Content, purpose, processing

Our newsletters present attractive current offerings in our service portfolio – you can access them at www.infraserv.com/portfolio and at www.provadis.de .

We use double opt-in for newsletter sign-ups. Once you have registered, we will send an email to the email address you provided asking you to confirm that you do in fact want to receive the newsletter.

The following applies with respect to the Infraserv portfolio: If you do not confirm your subscription within 15 days, your information will be automatically deleted.

The following applies with respect to the Provadis portfolio: If you do not confirm your registration within 48 hours, your information will be placed on a “do not contact” list and automatically erased after one month.

We also store your IP addresses and the points in time when you registered and confirmed your subscription. The purpose of this procedure is to be able to prove your registration and identify any potential misuse of your personal data.

All you have to provide to receive the newsletter is your email address. Other, separately highlighted data is optional and will be used to address you personally. Once you opt in, we will store your data for the purpose of sending you the newsletter.

Additional mandatory information is collected and stored for whitepaper downloads on the Infraserv website (www.infaserv.com ). If you do not confirm your request within 15 days, your information will be deleted automatically.

Infraserv uses “Microsoft Dynamics 365 Customer Insights - Journeys” from Microsoft Corporation (Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807) to send e-mail communications and provide forms (newsletter subscriptions, whitepaper downloads). Data processing takes place within the EU.

You can find more information about privacy in Microsoft’s privacy policy at https://privacy.microsoft.com/de-de/privacystatement . You can find information on the use of cookies at https://docs.microsoft.com/de-de/dynamics365/customer-engagement/marketing/cookies .

Please note that we analyze your user behavior when we send out newsletters. We use the tracking functions of “Dynamics 365 Customer Insights – Journeys” or empaction GmbH for this purpose. To enable this analysis, the emails contain “web beacons” (also known as tracking pixels), which are one-pixel graphics stored on our website that are used for user behavior analysis. We link the collected data and web beacons with your email address and an individual ID to conduct the analyses. Links received in the newsletter also contain this ID. We use the data obtained in this way to create a user profile to tailor the newsletter to your personal interests. In doing so, we track when you read our newsletters and what newsletter links you click in order to determine your personal interests. We link this data with the actions you take on our website.

The following applies for Infraserv: Users can unsubscribe from the mailing list at any time by clicking the separate link provided in each email or by notifying us through a different communications channel.

The following applies for Provadis: Users can unsubscribe from the mailing list at any time by clicking the separate link provided in each email or by notifying us through a different communications channel. The information will only be stored for the duration of the newsletter subscription. Once you unsubscribe, we only store anonymized statistical data.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2. Google Marketing Platform

(a) Content, purpose, processing

This website also uses Google Marketing Platform, an online marketing tool. Google Marketing Platform uses cookies in order to show ads that are relevant for the user, improve campaign performance reports and avoid displaying the same ads to a user repeatedly if you have given your prior consent. Google uses a cookie ID to track which ads are displayed in which browser and prevent them from being displayed more than once. In addition, Google Marketing Platform can use cookie IDs to record “conversions” that relate to ad requests. One example of a conversion is when a user sees a Google Marketing Platform ad and later, using the same browser, accesses the advertiser’s website and makes a purchase there. According to Google, Google Marketing Platform cookies do not contain any personal information.

Your browser automatically establishes a direct connection to the Google server based on the marketing tools. We have no control over the scope or further use of the data that Google collects with this tool and are therefore providing this information based on our understanding: When Google Marketing Platform is integrated, Google is told that you have accessed a certain part of our website or clicked one of our advertisements. If you have registered for a Google service, Google will be able to associate the visit with your account. Even if you are not registered with Google or are not logged in, the provider may still discover and store your IP address.

There are several ways to avoid participating in the tracking process:

(i) by setting your browser software accordingly; in particular, the suppression of third-party cookies will result in you not receiving any third-party ads;

(ii) by disabling conversion tracking cookies by setting your browser to block cookies from “ww.googleadservices.com” at https://www.google.com/settings/ads ; this setting will be deleted when you delete your cookies;

(iii) by disabling the interest-based ads of the providers that are part of the “About Ads” self-regulatory campaign at http://www.aboutads.info/choices ; this setting will be deleted when you delete your cookies;

(iv) by permanently disabling it in your Firefox, Internet Explorer or Google Chrome browsers at http://www.google.com/settings/ads/plugin . Please note, however, that you may not be able to use the full functionality of our websites if you do this.

(b) Legal basis (GDPR / TDDDG)

The legal basis for processing your data is given in GDPR Article 6(1) point (f). For more information, visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

In cases where personal data is transferred to the United States, the following terms and conditions of the third-party provider apply: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google . The legal basis for the use of Google is GDPR Article 6(1) point (a).

2.1 Google Analytics and Google Tag Manager

(a) Content, purpose, processing

Our websites use Google Analytics, a web analytics service provided by Google Inc (‘Google’). We use the Google Tag Manager for this purpose. Google Analytics uses “cookies” – text files placed on your computer – to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored on a Google server in the United States. If IP anonymization is activated on this website, Google will, however, truncate your IP address beforehand within the member states of the European Union or within other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. By request of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage for the website operator.

Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.

You can refuse to store cookies by changing your browser settings; please note, however, that you may not be able to use the full functionality of this website in this case. If you do not want Google to collect and process the data that the cookie generates with regard to your use of the website (including your IP address), you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en .

If you do not want to use the browser add-on or are using a browser on a mobile device, you can also click this link to prevent any future collection by Google Analytics within this website (the opt-out only works in this browser and only for this domain). This places an opt-out cookie on your device. If you delete your cookies in this browser, you will have to click this link again.

This website uses Google Analytics with the extension “_anonymizeIp()”. This extension ensures that IP addresses are only processed in truncated form and so cannot be linked to a person. The extension therefore prevents you from being identified by any of the data collected on you because it immediately deletes personal data.

We use Google Analytics to regularly analyze and improve the use of our website. If you have consented to its use, the analytical statistics allow us to improve our online presence and give you a more engaging user experience. This website also uses Google Analytics to analyze cross-device visitor flows based on user ID if you have given your prior consent. Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.2 Google Ads

(a) Content, purpose, processing

We use Google Ads to advertise our services on external websites. We can track the success of individual advertisements in relation to the advertising campaign data. We want to show you advertising that you find interesting.

Google delivers these ads through “ad servers”. We use ad server cookies to track certain parameters of success such as impressions or clicks. If you reach our website through a Google ad, Google Ads will place a cookie on your PC if you have given your prior consent. These cookies generally expire after 30 days and are not designed to identify you personally. These cookies generally contain various analytical parameters (for example, unique cookie ID, number of ad impressions per placement, last impression and opt-out information).

These cookies enable Google to recognize your internet browser. If a user visits certain pages on an Ads customer’s website and the cookie stored on the user’s computer has not yet expired, Google and the customer will be able to tell that the user clicked the ad and was sent to this page. Each Ads customer is assigned a different cookie. That means that cookies cannot be tracked across multiple Ads customers’ websites. We do not process personal data in connection with the above advertisements. We only receive statistical analyses from Google. We can use these analyses to determine which advertisements have been particularly effective. We receive no further data from using AdWords, nor can we identify users based on this information.

Your browser automatically establishes a direct connection to the Google server based on the marketing tools. We have no control over the scope or further use of the personal data that Google collects with this tool, and are therefore providing this information based on our understanding: When Ads Conversion is integrated, Google is told that you have accessed a certain part of our website or clicked one of our advertisements. If you have registered for a Google service, Google will be able to associate the visit with your account. Even if you are not registered with Google or are not logged in, Google may still discover and store your IP address.

Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.3 Google Maps

(a) Content, purpose, processing

Our website uses Google Maps which lets us show you interactive maps directly on our websites and gives you convenient access to map functions.

When you visit the website and provide consent, Google is notified that you have accessed a website page containing Google Maps. The provider will then also receive the data described in Section 3 of this policy. This happens whether or not you have a Google account or are logged into a Google account. If you are logged in with Google, your data will be linked to your account. If you do not want this data to be linked to your Google profile, you will have to log out before activating the button. Google stores your data in user profiles that it uses for advertising, market research and/or to tailor its website to market needs. This analysis (which even includes users who are not logged in) is mainly done to show targeted advertising and notify other users in the social network about what you have done on our website.

Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point a) (with regard to subsequent processing activities).

2.4 Remarketing

2.4.1 Google

(a) Content, purpose, processing

Our website uses Google Remarketing. If you have given prior consent, Google Remarketing will continue to show you our ads after you leave our website as you continue to use the internet. This feature relies on cookies stored in your browser, which Google uses to track and analyze your user behavior when you visit various websites. This allows Google to recognize that you have visited our website before. According to Google, the data collected during remarketing is not merged with any personal data that Google may have stored on you. Google claims that it uses pseudonymization for remarketing.

Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

2.4.2 The Trade Desk

(a) Content, purpose, processing

We use cookies from "The Trade Desk" on our website to track your visit. The purpose of the tracking technology is the retargeting/targeting of visitors as part of the media campaign to identify them later and to address them again with an advertising medium.
Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: The Trade Desk, 42 N. Chestnut St., Ventura, CA 93001, USA; E-Mail: dpo (at) thetradedesk.com : transparentadvertising.eu/privacy .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activitie

3. Social media

We maintain company pages on various social platforms (“social media presence”). These pages contain our latest news, photos and videos and allow interested users to communicate with us.

When you visit our social media presences from our websites, you access them through social media interfaces. We use a “two-click solution” where those interfaces are used. In a two-click system, your personal data is not automatically transferred to the providers the moment you access our website. You can identify the social media provider by its logo. The provider is only notified that you have accessed the page on our website when you activate the associated field by clicking it. You then have the option to share the URL and the information you entered with other users.

The data is processed for the following purposes and required to achieve those purposes.

Communicating with social media channel visitors, processing requests, collecting statistical information on the usage intensity of our social media channels; conducting customer surveys, marketing campaigns, market analyses, sweepstakes, contests or similar promotions or events; resolving disputes and litigation; establishing, exercising or defending against legal claims or litigation; enforcing existing contracts.

Your actions (comments, posts, likes, etc.) on the social media platforms that we use are published by the platform operators.

We have very little influence over data processing by the platform operators. Where we do have influence (e.g., through configuration), we prevail upon the social media platform operator – within the limits of our abilities – to handle data in compliance with data protection laws. However, there are many areas where we have no influence over how social media platform operators process data, nor do we know exactly what data the operator is processing. Since we therefore cannot provide any reliable information about the purpose and scope of their processing of your data, we ask that you review the privacy policy listed below for the relevant platform operator.

3.1. YouTube

3.1.1 Youtube Platform

(a) Content, purpose, processing

Our website contains embedded YouTube videos that are stored on http://www.YouTube.com and can be played directly by clicking the links shown below:

YouTube is a service of Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “Google”). All videos on our website have been embedded in “privacy-enhanced mode”, which means that YouTube will not receive any data about you if you do not play the videos. Before activating the video function, you will only see a preview loaded from our own web server. It is not until you play the video that YouTube will receive the information that you have accessed the corresponding section of our website. The personal data specified in this case will also be transmitted. Once activated, we have no influence on this data transmission.

The data is transmitted regardless of whether or not you have a YouTube account or are logged into a YouTube account. If you are logged in with Google, your data will be linked to your account.

During the data transfer to Google, your personal data is transferred to Google servers, which may also be located in the United States. Data protections in the United States are less rigorous than data protections in the EU. This means, among other things, that the US authorities can access personal data more easily and that there are only limited rights against such measures. When you activate the YouTube video function, you consent to the transfer of personal data to Google.

Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal basis for processing your personal data is your consent in accordance with GDPR Article 6)(1) point (a) as well as TDDDG § 25(1). You give this consent by activating the video function. When activated, your personal data will be transferred to Google as described above.

3.1.2 YouTube Retargeting

(a) Content, purpose, processing

On our YouTube channels, we use Google Ads, a service provided by Google LLC, D/B/A YouTube, 901 Cherry Ave., San Bruno, CA 94066, USA (hereinafter referred to as “Google”). Google Ads allows us to serve ads on YouTube by defining target audiences. We determine who sees our videos based on various criteria offered by Google, such as location, age and interests.

In addition, we use remarketing on YouTube to show personalized ads to viewers on YouTube and video partner sites based on their previous interactions with our videos or YouTube channel. To do this, we create remarketing campaigns that reach people who have taken certain actions on YouTube, including:

  • Watching any video or any of our videos from any of our channels or other channels
  • Subscribing to one of our channels
  • Visiting one of our websites
  • Liking or sharing, or adding to a playlist, any video from one of our channels

At no time are we able to identify an individual user when using Google Ads on YouTube.

Cases where personal data is transferred to the United States are subject to the following third-party provider’s terms and conditions: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001: Legal Frameworks for Data Transfers – Privacy Policy & Terms of Service – Google .

(b) Legal basis (GDPR / TDDDG)

The legal basis for processing your personal data is your consent in accordance with GDPR Article 6(1) point (a) as well as TDDDG § 25(1). You give this consent by activating the video function. When activated, your personal data will be transferred to Google as described above.

3.2 X (formerly Twitter)

(a) Content, purpose, processing

Our Twitter pages can be accessed using the following links:

Our Twitter pages are operated on Twitter, a social network of Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you visit our Twitter pages, personal data is processed in accordance with Twitter’s privacy policy. You can find this privacy policy here .

We use statistical information relating to the use of our Twitter pages, which Twitter provides in anonymized form through the “Analytics” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your Twitter user name as well as comments and messages that you send us through our Twitter pages
  • Your activity on our Twitter pages through the Twitter Analytics service such as visits to our websites, the volume of interactions, information about which countries and cities our visitors come from and statistics about the gender ratio of our visitors
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.3 Xing

3.3.1 Xing Plattform

(a) Content, purpose, processing

Our Xing pages can be accessed using the following links:

Our XING pages are operated on Xing, a social network operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”).

When you visit our XING pages, XING processes your personal data in accordance with their privacy policy, which you can view here: https://privacy.xing.com/en/privacy-policy .

We use statistical information relating to the use of our XING pages, which XING provides in anonymized form through its statistics service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your XING user name as well as comments and messages that you send us through our XING pages
  • Your activities on our XING pages through the XING statistics service, e.g., the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.3.2 XING AdManager

(a) Content, purpose, processing

We use XING AdManager to draw attention to our products. By using XING AdManager, we define target audiences based on the following criteria:

  • Location (e.g., country, region, city)
  • Companies (e.g., business sectors, names, size)
  • Interests (e.g., member groups, interests)
  • Work experience (e.g., job titles, functions, seniority, skills)
  • Education and training (e.g., degrees, schools, fields of study)
  • Demographic data (e.g., gender, age)

Using its algorithm as a basis, XING displays our content on its platform to users who fit the defined target audience.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.4 Kununu

(a) Content, purpose, processing

Our Kununu pages can be accessed using the following links:

Our Kununu pages are operated on Kununu, a social network operated by Kununu NEW WORK AUSTRIA XING kununu onlyfy GmbH, Schottenring 2-6, A - 1010 Vienna, Austria (“Kununu”).

When you visit our Kununu pages, Kununu processes your personal data in accordance with their privacy policy, which you can view here: https://privacy.xing.com/en/privacy-policy . We use statistical information relating to the use of our Kununu pages, which Kununu provides in anonymized form through its statistics service. It is not possible for us to draw conclusions about individual users or access individual user profiles. We process the following personal data:

  • Your Kununu user name as well as comments and messages that you send us through our Kununu pages
  • Your activities on our Kununu pages through the Kununu statistics service, e.g., the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Information necessary to respond to requests from our visitors

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5 LinkedIn

3.5.1 LinkedIn Platform

(a) Content, purpose, processing

Our LinkedIn pages can be accessed using the following links:

Our LinkedIn pages are operated on LinkedIn, a social network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). When you visit our LinkedIn pages, LinkedIn processes your personal data in accordance with their privacy policy, which you can find here .We process the following personal data:

  • Your LinkedIn user name as well as comments and messages that you send us through our LinkedIn pages
  • Information necessary to respond to requests from our visitors

We use statistical information (visits to our websites, the volume of interactions, information about which countries and cities our visitors come from and statistics about our visitors’ area of work) in connection with the use of our LinkedIn company pages, which LinkedIn provides in anonymized form via the LinkedIn “Analytics” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

For this reason, we and LinkedIn are considered “joint controllers” within the meaning of the GDPR and have therefore concluded a joint responsibility agreement in order to meet the requirements of the GDPR. You can find this agreement here . This where you can find all the information that is relevant to you as a data subject, in particular regarding the exercise of your rights as a data subject.

Other than that, we do not have any control over how your personal information is processed when you use our LinkedIn webpages.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5.2 LinkedIn Campaign Manager

(a) Content, purpose, processing

We use LinkedIn Campaign Manager to draw attention to our products.

Your personal data is processed in LinkedIn Campaign Manager, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). In the event of technical support, teams from LinkedIn Inc. located at 1000 W Maude, Sunnyvale, CA 94085, USA, may access your personal data.

By using LinkedIn Campaign Manager, we define target audiences based on the following criteria:

  • Location (e.g., country, region, city)
  • Companies (e.g., business sectors, names, size)
  • Interests (e.g., member groups, interests)
  • Work experience (e.g., job titles, functions, seniority, skills)
  • Education and training (e.g., degrees, schools, fields of study)
  • Demographic data (e.g., gender, age)

Using its algorithm as a basis, LinkedIn displays our content on its platform to users who fit the defined target audience.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point f) (with regard to subsequent processing activities).

3.5.3 LinkedIn Lead Generation

(a) Content, purpose, processing

When you use our LinkedIn business account, e.g. by subscribing to download or stream a video or other asset offered, such as a white paper, we process the contact information you provide (such as your name, email address and company) for the purpose of providing you with information about the products and services related to the following content by sending you private messages, posts or emails:

  • Technical information, information about the range of services and Infraserv Höchst Group event notices
  • News from the Infraserv Höchst Group, such as information about interdisciplinary events

We also use LinkedIn LeadGen Forms for this purpose, a tool that provides us with user contact information (in accordance with LinkedIn’s User Agreement).

We store your personal data in LinkedIn Campaign Manager, which is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). In the event of technical support, teams from LinkedIn Inc. located at 1000 W Maude, Sunnyvale, CA 94085, USA, may access your personal data. Data protections in the United States cannot be compared with those in the EU. If you subscribe to our content, you expressly consent to the transfer of your personal data to the United States.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (a) (with regard to subsequent processing activities).

3.5.4 LinkedIn Insight Tag

(a) Content, purpose, processing

Our websites use the conversion tool “LinkedIn Insight Tag” of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This tool creates a cookie in your web browser, which allows the collection of data such as: IP address, device and browser properties, and page events (e.g., page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us but provides anonymized reports on website target audience and ad performance. In addition, LinkedIn offers the possibility of retargeting visitors with the Insight Tag. We can use this data to display targeted advertising outside of our websites without identifying website visitors. For more information on data protection at LinkedIn, please refer to LinkedIn’s privacy policy. You can find this privacy policy here .

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To disable the Insight tag on our websites (“opt-out”), click here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

3.6 Instagram

(a) Content, purpose, processing

Our Instagram pages can be accessed using the following links:

Our Instagram pages are operated on Instagram, a social network owned by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, the service provider for Instagram. When you visit our Instagram pages, Instagram processes your personal data in accordance with their privacy policy, which you can find here .

We use statistical information relating to the use of our Instagram pages, which Instagram provides in anonymized form through the Instagram “Insights” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your Instagram user name as well as comments and messages that you send us through our Instagram pages
  • Information necessary to respond to requests from our visitors
  • Your activity on our Instagram pages through the Instagram Insights service such as visits to our websites, the range of posts, information about which countries and cities our visitors come from and statistics about the gender ratio of our visitors

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

3.7 Threads

(a) Content, purpose, processing

Our Threads site can be accessed via the following link:

We use Threads, a social network operated by Meta Platforms Ireland Limited at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Threads is part of the Instagram product. When you visit our Threads pages, your personal data will be processed in accordance with Meta Platforms Ireland’s privacy policy in relation to Instagram and the “Supplemental Threads Privacy Policy”, available here .

We process the personal data set out in section B.II.3.6 when you use Threads.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

3.8 Facebook

3.8.1 Facebook Platform

(a) Content, purpose, processing

Our Facebook pages can be accessed via the following links:

Our Facebook fan pages are operated on Facebook, a social network of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Facebook”). When you visit the fan pages, Facebook processes your personal data in accordance with their privacy policy, which you can find here .

We use statistical information relating to the use of the fan pages, which Facebook provides in anonymized form through the Facebook “Insights” service. It is not possible for us to draw conclusions about individual users or access individual user profiles.

We process the following personal data:

  • Your Facebook user name as well as comments and messages that you send us through the fan pages
  • Information necessary to respond to requests from fan page visitors
  • Your activity on the fan pages about the Facebook Insights service such as visits to our fan pages, the range of posts, information about which countries and cities the fan page visitors come from and statistics about the gender ratio of our visitors

More information about Facebook Insights can be found here .

For this reason, Provadis and Facebook are considered “joint controllers” within the meaning of the GDPR and have therefore concluded a joint responsibility agreement in order to meet the requirements of the GDPR. You can find this joint responsibility agreement here . This where you can find all the information that is relevant to you as a data subject, in particular regarding the exercise of your rights as a data subject.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

3.8.2 Meta Ads Manager

(a) Content, purpose, processing

We use the Meta Ads Manager to draw users’ attention to our company presence on Facebook, Instagram, in the Meta Audience Network and in Messenger and its content (posts) and to attract new followers. This service allows us to have our company’s content and channels recommended to specific target groups on Facebook and Instagram – whose users may not be subscribed to our company channels – based on their interests and interactions. The groups of people can be defined based on the general characteristics of place of residence, age, gender, language and interests. It is not possible to select individual users.

We have no influence on the processing of personal data in connection with the use of the fan pages beyond the processing of personal data mentioned in this privacy policy.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

3.8.3 Facebook Custom Audiences

(a) Content, purpose, processing

On our websites, we use a “tracking pixel” of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, a subsidiary of Meta Platforms, Inc. 1601, Willow Road Menlo Park, CA 94025, USA. We use the Meta pixel to track the success of our own Meta ad campaigns and to optimize Meta ad campaigns based on target audiences.

After clicking on a Meta ad or visiting our websites, the pixel on our websites stores a cookie on the user’s device. The cookie processes data about whether the user arrived at our websites via a Meta ad and allows us to analyze the user’s behavior until the purchase is completed. This allows us to track the success rate of our own Meta ad campaigns. In addition, the pixel processes data about the fact that the user has visited our websites and makes it possible to optimize Meta ad campaigns based on target audiences.

When you visit our websites, a direct connection to Meta’s servers is established via the Meta pixel integrated on our websites. The cookie-generated information about the use of these websites (including the user’s IP address) is transmitted to Meta.

You can find more information about data protection at Facebook at https://www.facebook.com/privacy/policy/ .

The cookies are persistently stored on the end device even after the web browser has been closed, which makes it possible to recognize users the next time they visit our websites. The data collected is anonymous for us and does not allow us to draw any conclusions about the user. If the user is registered with Facebook, Meta can associate the collected information with the user account. Even if the user does not have a Facebook account or is not logged in when visiting our websites, it is possible for Meta to process and store the IP address and other data identifying the user.

If the user has deleted their browser’s cookies in the meantime, they can prevent new cookies from being set by making the relevant settings in their Facebook account at https://www.facebook.com/settings?tab=ads .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (a) (with regard to subsequent processing activities).

3.9 WhatsApp Business

(a) Content, purpose, processing

We use WhatsApp Business, a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as an information hotline for interested parties. Any contact is made exclusively by the interested party. We do not store the interested party’s data, nor do we use the data to contact the interested party ourselves.

The WhatsApp Business provider is responsible for data processing if users use the web-based WhatsApp Business messenger service or have downloaded the app to their mobile device. However, it is only necessary to call up this page or this app if the user wishes to use it to communicate with us. In general, please be advised that the security of individual services may depend on the user’s account settings. Even when end-to-end encryption is used, the service provider can draw conclusions about the fact that users communicate with us, and when, and can, if applicable, collect location data.

When using the messenger service, the personal data provided by the user and, if applicable, other personal data such as usage data (interests, access times) as well as meta and communication data (device information, IP address) is processed by the messenger service provider.

Personal data processed in connection with the request made by the user will generally not be disclosed to third parties unless it is intended for disclosure. The messenger service provider has information about the above-mentioned data.

You can find more information about data processing by the messenger service provider at: https://www.whatsapp.com/privacy .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (a) (with regard to subsequent processing activities).

3.10 Social Listening

(a) Content, purpose, processing

As part of our social media activities, we also use “social listening” or “social monitoring” technologies (hereinafter collectively referred to as “social listening”) to get a picture of how our products and services are perceived and identify what we can do better. We do this by submitting a search request on a social network and then evaluating the presented comments and posts.

We can only view posts that have been made freely available to an unrestricted public by the users of the social network. The data collected as well as the scope of data processing is basically determined by the type and content of the search request and the posts. For example, we may collect a text-based post or an uploaded image file.

We generally only receive statistical data in response to our search requests. In isolated cases, however, the search results can also show us specific posts and comments that allow us to draw conclusions about individual users, for example, if the results contain a username that may also be that user’s real name. These kinds of posts solely serve as samples of public perceptions.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

4. Web crawler tool

(a) Content, purpose, processing

We use Dealfront SnapAddy and the D&B Hoovers Business Directory to identify companies and personal data.

These tools digitize data and/or discover and process digitally available data from public sources. The systems obtain and process data from online news, blogs, company websites, register databases and business social media networks, websites, business cards and email signatures.

You can find detailed information on this in the system operators’ privacy policies:

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).

5. Provadis Coach

(a) Content, purpose, processing

Provadis Coach is used for business purposes for a booked seminar, traineeship or employment relationship. Users can receive learning content as well as appointments through Provadis Coach. It is also used for internal communication among users and instructors/trainers. Users must register with their first and last name or email address and a password assigned by us that they have to change themselves after logging in for the first time.

When using our Provadis Coach, we store the personal data required for contract performance until the user’s account is permanently deleted at the end of training, continuing education or degree program. Furthermore, we store the user-provided data for as long as Provadis Coach is used unless the user has previously deleted it. Users can manage and change all the data in a protected customer area.

When Provadis Coach is used, the user’s personal data may become accessible to other Provadis Coach users. Non-registered members cannot receive any information about the users. All registered members can see the username regardless of its sharing status.

To prevent unauthorized access to personal data by third parties, the connection is encrypted using SSL technology.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95, GDPR Article 6(1) point (b) and GDPR Article 6(1) point (f) (with regard to subsequent processing activities in each case).

6. Video conferencing software in teaching

(a) Content, purpose, processing

(i) As part of our virtual and hybrid courses, we provide access to Zoom, a video conferencing software from Zoom Video Communications, Inc., located at 55 Almaden Blvd., Suite 600, San Jose, CA 95113, United States of America.

This service can generally be used in your browser without the need to set up a user account. In this case, the provider collects and stores the following data to technically establish the connection:

  • IP address of your end-user device
  • Date and time of use
  • Time zone difference from Greenwich Mean Time (GMT)
  • Access status/HTTP status code
  • Data volume transferred
  • Browser
  • Operating system and its interface
  • Browser language and version

You can find more information about data privacy at Zoom at https://explore.zoom.us/en/privacy/ .

(ii) Additional provisions regarding user accounts for teachers

When teachers use the service, the service provider will create a user account for them. In this case, the following data will be stored in addition to the usage data specified above:

  • Email address
  • Last and first name
  • Preferred language
  • User ID and password

The users consent to the use and storage of this additional personal data when they click the activation link in the invitation and create the user account. If they do not consent to the use, the personal data will be automatically deleted after 30 days. If they consent to the use, the account and related personal data will be deleted when they no longer teach for the Provadis Group.

(b) Legal basis (GDPR / TDDDG)

Regarding (i) The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b) (with regard to subsequent processing activities).

Regarding (ii) The legal bases are given in TDDDG § 25(1) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (a) (with regard to subsequent processing activities) and TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b) (with regard to subsequent processing activities).

7 Eye-Able® Audit, Report and Assist

(a) Content, purpose, processing

We use Eye-Able® software from Web Inclusion GmbH to ensure that everyone has low-barrier access to information on the internet. The necessary files, such as JavaScript, style sheets and images, are loaded locally from our websites. When functions are activated, Eye-Able® uses the browser’s local storage to save the settings. Settings are only saved locally and are not transferred elsewhere. You can find more information about Eye-Able® in the privacy policy at https://eye-able.com/privacy-policy/ .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b) (with regard to subsequent processing activities).

III. Processing activities by third parties

Listed below are the processing activities that we carry out using third parties.

1. Third-party booking tools

(a) Content, purpose, processing

Whenever users wish to book individual appointments on our website, this is usually done using third-party booking tools. The information required for booking the appointment is highlighted; the other information is voluntary. We process the user-provided data to manage the booking. The data is stored for a maximum period of one year from the end of the appointment.

The following additionally applies for booking individual appointments at the Industrial Clinic of Infraserv GmbH & Co. Höchst KG: When appointments are booked, data is collected only to the extent necessary to clearly associate the person with the selected appointment and match this data to the Industrial Clinic’s medical database. This data matching is done manually at the Industrial Clinic and by the Industrial Clinic’s own staff. There is no IT interface with the Industrial Clinic’s system. Individual appointments at the Industrial Clinic are stored at the Industrial Clinic for 120 days from the end of the appointment.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG§ 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (b).

2 Using the PayPal payment function

(a) Content, purpose, processing

We offer the option of completing payments using PayPal, a payment service provider (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), for our seminar registrations, among other things. Participants are redirected to PayPal solely for the purpose of processing their payment for our seminars. The process does not involve the forwarding of any personal data to PayPal. All payments are processed directly through PayPal.

Any information you provide about your PayPal account will be stored until the payment has been processed. This includes the time needed for processing refunds, collecting debts and preventing fraud. We are subject to a statutory retention period in accordance with German Fiscal Code (AO) § 147 and German Commercial Code (HGB) § 257.

PayPal is solely responsible for the processing of payment data. You can find more information about data processing by PayPal in PayPal’s privacy statement at PayPal privacy statement .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) points (b), (f). The data is processed based on GDPR Article 6(1) point (b) because it is necessary for the performance of a contract. We also have a legitimate interest in offering a secure and efficient payment method (GDPR Article 6(1) point (f)). The interests or fundamental rights and freedoms of the data subject do not override our interest in this case.

3 Using the Telecash payment function

(a) Content, purpose, processing

We offer the option of completing payments using a payment service provider, First Data GmbH (Marienbader Platz 1, 61348 Bad Homburg v. d. Höhe, Germany), for our seminar registrations, among other things. Participants are redirected to First Data GmbH solely for the purpose of processing their payment for our seminars. The process will not involve the forwarding of any personal data to First Data GmbH. All payments are processed directly through First Data GmbH. Once payment has been made, First Data GmbH only provides us with the name provided during the payment process and the last four digits of the card used.

Any information you provide about your Telecash account will be stored until the payment has been processed. This includes the time needed for processing refunds, collecting debts and preventing fraud. We are subject to a statutory retention period in accordance with German Fiscal Code (AO) § 147 and German Commercial Code (HGB) § 257.

First Data GmbH is solely responsible for the processing of payment data. You can find more information about data processing by First Data GmbH in First Data GmbH’s privacy policy at TeleCash privacy policy (in German only) .

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) points (b), (f). The data is processed based on GDPR Article 6(1) point (b) because it is necessary for the performance of a contract. We also have a legitimate interest in offering a secure and efficient payment method (GDPR Article 6(1) point (f). The interests or fundamental rights and freedoms of the data subject do not override our interest in this case.

4. Other websites of third parties

(a) Content, purpose, processing

Our website links to other websites so that users can receive interesting and related information. Our website also uses or links to third-party apps. These websites or mobile apps operated by third parties outside of our website or apps are not under our control and are not covered by this privacy policy. When users access other websites or use mobile apps by clicking the available links, the website or mobile app operator can collect the users’ personal data. Users are responsible for the disclosure of personal data. We are not responsible, legally or otherwise, for what third parties do.

(b) Legal basis (GDPR / TDDDG)

The legal bases are given in TDDDG § 25(2)(2) (with regard to storage and readout) in conjunction with GDPR Article 95 and GDPR Article 6(1) point (f) (with regard to subsequent processing activities).