Pri­va­cy Pol­i­cy

Daten­schutz

Pri­va­cy Pol­i­cy

As of June 2020

Table of con­tents

  1. Iden­ti­ty and con­tact details of the data con­troller
  2. Con­tact details of the data pro­tec­tion offi­cer
  3. Gen­er­al infor­ma­tion on data pro­cess­ing
  4. Rights of the data sub­ject
  5. Pro­vi­sion of web­site and cre­ation of log files
  6. Use of cook­ies
  7. Newslet­ter
  8. Con­tact via Email
  9. Appli­ca­tion via Email and appli­ca­tion form
  10. Cor­po­rate web appear­ances
  11. Use of cor­po­rate pres­ences in pro­fes­sion­al­ly ori­ent­ed net­works
  12. Host­ing
  13. Usage of Plu­g­ins
  14. Inte­gra­tion of plu­g­ins via exter­nal ser­vice providers
  1. Iden­ti­ty and con­tact details of the data con­troller

The data con­troller respon­si­ble in accor­dance with the pur­pos­es of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) of the Euro­pean Union and oth­er nation­al data pro­tec­tion laws of the Mem­ber States as well as oth­er data pro­tec­tion reg­u­la­tions is:

Carl­Nann GmbH

Am Sand­torkai 50

20457 Ham­burg

Ger­many

040-2881-0

info@carlnann.com

www.carlnann.com

  1. Con­tact details of the data pro­tec­tion offi­cer

The des­ig­nat­ed data pro­tec­tion offi­cer is:

Dat­a­Co GmbH Dachauer Straße 65

80335 München

Ger­many

+49 89 7400 45840

www.dataguard.de

  1. Gen­er­al infor­ma­tion on data pro­cess­ing
  1. 1. Scope of pro­cess­ing per­son­al data

In gen­er­al, we only process the per­son­al data of our users to the extent nec­es­sary in order to pro­vide a func­tion­ing web­site with our con­tent and ser­vices. The pro­cess­ing of per­son­al data reg­u­lar­ly only takes place with the con­sent of the user. Excep­tions include cas­es where pri­or con­sent tech­ni­cal­ly can­not be obtained and where the pro­cess­ing of the data is per­mit­ted by law.

  1. 2. Legal basis for data pro­cess­ing

Art. 6 para. 1 s. 1 lit. a GDPR serves as the legal basis to obtain the con­sent of the data sub­ject for the pro­cess­ing of their data. As for the pro­cess­ing of per­son­al data required for the per­for­mance of a con­tract of which the data sub­ject is par­ty, Art. 6 para. 1 s. 1 lit. b GDPR serves as the legal basis. This also applies to pro­cess­ing oper­a­tions required to car­ry out pre-con­trac­tu­al activ­i­ties. When it is nec­es­sary to process per­son­al data in order to ful­fil a legal oblig­a­tion to which our com­pa­ny is sub­ject, Art. 6 para. 1 s. 1 lit. c GDPR serves as the legal basis. If vital inter­ests of the data sub­ject or anoth­er nat­ur­al per­son require the pro­cess­ing of per­son­al data, Art. 6 para. 1 s. 1 lit. d GDPR serves as the legal basis.

If the pro­cess­ing of data is nec­es­sary to safe­guard the legit­i­mate inter­ests of our com­pa­ny or that of a third par­ty, and the fun­da­men­tal rights and free­doms of the data sub­ject do not out­weigh the inter­est of the for­mer, Art. 6 para. 1 s. 1 lit. f GDPR will serve as the legal basis for the pro­cess­ing of data.

  1. Data removal and stor­age dura­tion

The per­son­al data of the data sub­ject will be erased or restrict­ed as soon as the pur­pose of its stor­age has been accom­plished. Addi­tion­al stor­age may occur if it was pro­vid­ed for by the Euro­pean or nation­al leg­is­la­tor with­in the EU reg­u­la­tions, law, or oth­er rel­e­vant reg­u­la­tions to which the data con­troller is sub­ject. Restric­tion or era­sure of the data also takes place when the stor­age peri­od stip­u­lat­ed by the afore­men­tioned stan­dards expires, unless there is a need to pro­long the stor­age of the data for the pur­pose of con­clud­ing or ful­fill­ing the respec­tive con­tract.

  1. Rights of the data sub­ject

When your per­son­al data is processed, you are sub­se­quent­ly a data sub­ject in the sense of the GDPR and have the fol­low­ing rights:

  1. Right of infor­ma­tion

You may request from the data con­troller to con­firm whether your per­son­al data is processed by them.

If such pro­cess­ing is the case, you can request the fol­low­ing infor­ma­tion from the data con­troller

    1. The pur­pose for which the per­son­al data is processed;
    1. The cat­e­gories of per­son­al data being processed;
    1. The recip­i­ents or cat­e­gories of recip­i­ents to whom the per­son­al data relat­ing to you have been dis­closed or are still being dis­closed;
    1. The planned dura­tion of the stor­age of your per­son­al data or, if spe­cif­ic infor­ma­tion is not avail­able, cri­te­ria for deter­min­ing the dura­tion of stor­age;
    1. The exis­tence of a right to rec­ti­fi­ca­tion or era­sure of per­son­al data con­cern­ing you, a right to restric­tion of pro­cess­ing by the data con­troller or a right to object to such pro­cess­ing;
    1. The exis­tence of a right of appeal to a super­vi­so­ry author­i­ty;
    1. All avail­able infor­ma­tion on the source of the data if the per­son­al data is not col­lect­ed from the data sub­ject;
    1. The exis­tence of auto­mat­ed deci­sion-mak­ing includ­ing pro­fil­ing under Arti­cle 22 para. 1 and para. 4 GDPR and, in cer­tain cas­es, mean­ing­ful infor­ma­tion about the data pro­cess­ing sys­tem involved, and the scope and intend­ed result of such pro­cess­ing on the data sub­ject.

You have the right to request infor­ma­tion on whether your per­son­al data will be trans­mit­ted to a third coun­try or an inter­na­tion­al organ­i­sa­tion. In this con­text, you can then request for the appro­pri­ate guar­an­tees in accor­dance with Art. 46 GDPR in con­nec­tion with the trans­fer.

  1. Right to rec­ti­fi­ca­tion

You have a right to rec­ti­fi­ca­tion and/or com­ple­tion of the data con­troller, if your processed per­son­al data is incor­rect or incom­plete. The data con­troller must cor­rect the data with­out delay

  1. Right to the restric­tion of pro­cess­ing

You may request the restric­tion of the pro­cess­ing of your per­son­al data under the fol­low­ing con­di­tions:

    • If you chal­lenge the cor­rect­ness of your per­son­al data for a peri­od of time that enables the data con­troller to ver­i­fy the accu­ra­cy of your per­son­al data;
    • The pro­cess­ing is unlaw­ful, and you refuse the era­sure of the per­son­al data and instead demand the restric­tion of the use of the per­son­al data;
    • The rep­re­sen­ta­tive no longer needs the per­son­al data for the pur­pose of pro­cess­ing, but you need it to assert, exer­cise or defend legal claims; or
    • If you have object­ed to the pro­cess­ing pur­suant to Art. 21 para. 1 GDPR and it is not yet cer­tain whether the legit­i­mate rea­sons of the data con­troller out­weigh your rea­sons.

If the pro­cess­ing of per­son­al data con­cern­ing you has been restrict­ed, this data may – with the excep­tion of data stor­age – only be used with your con­sent or for the pur­pose of assert­ing, exer­cis­ing or defend­ing legal claims or pro­tect­ing the rights of anoth­er nat­ur­al or legal per­son or for rea­sons of impor­tant pub­lic inter­est, inter­est to the Union, or a Mem­ber State.

If the pro­cess­ing has been restrict­ed accord­ing to the before­men­tioned con­di­tions, you will be informed by the data con­troller before the restric­tion is lift­ed

  1. Right to era­sure
  2. a) Oblig­a­tion to erase

If you request from the data con­troller to delete your per­son­al data with imme­di­ate effect, they are required to do so imme­di­ate­ly giv­en that one of the fol­low­ing applies:

    1. Per­son­al data con­cern­ing you is no longer nec­es­sary for the pur­pos­es for which they were col­lect­ed or processed.
    1. You revoke your con­sent, to which the pro­cess­ing is allowed pur­suant to Art. 6 para. 1 s. 1 lit. a oder Art. 9 para. 2 lit. a GDPR and there is no oth­er legal basis for pro­cess­ing the data
    1. Accord­ing to Art. 21 para. 1 GDPR you object to the pro­cess­ing of the data giv­en that the pro­cess­ing of the data is jus­ti­fied by a legit­i­mate inter­est, or you object pur­suant to Art. 21 para. 2 GDPR
    1. Your per­son­al data has been processed unlaw­ful­ly
    1. The act of delet­ing your per­son­al data will invoke a legal oblig­a­tion under the Union law or the law of the Mem­ber States to which the data con­troller is sub­ject
    1. Your per­son­al data was col­lect­ed in rela­tion to infor­ma­tion busi­ness ser­vices offered pur­suant to Art. 8 para. 1 GDPR.
  1. b) Infor­ma­tion to third par­ties

If the data con­troller has made your per­son­al data pub­lic and has to delete the data pur­suant to Art. 17 para. 1 GDPR, they shall take appro­pri­ate mea­sures, includ­ing tech­ni­cal means, to inform data proces­sors who process the per­son­al data, that a request has been made to delete all links to such per­son­al data or copies or repli­ca­tions of the per­son­al data, tak­ing into account avail­able tech­nol­o­gy and imple­men­ta­tion costs to exe­cute the process.

  1. c) Excep­tions

The right to dele­tion does not exist if the pro­cess­ing is nec­es­sary

    1. to exer­cise the right to free­dom of speech and infor­ma­tion;
    1. to ful­fill a legal oblig­a­tion required by the law of the Union or of the Mem­ber States to which the rep­re­sen­ta­tive is sub­ject, or to per­form a task of pub­lic inter­est or in the exer­cise of pub­lic author­i­ty del­e­gat­ed to the rep­re­sen­ta­tive;
    1. for rea­sons of pub­lic inter­est in the field of pub­lic health pur­suant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR
    1. for archival pur­pos­es of pub­lic inter­est, sci­en­tif­ic or his­tor­i­cal research pur­pos­es or for sta­tis­ti­cal pur­pos­es pur­suant to Art. 89 para. 1 GDPR, to the extent that the law referred to in sub­para­graph (a) is like­ly to ren­der impos­si­ble or seri­ous­ly affect the achieve­ment of the objec­tives of that pro­cess­ing, or
    1. to enforce, exer­cise or defend legal claims.
  1. Right to infor­ma­tion

If you have the right of rec­ti­fi­ca­tion, era­sure or restric­tion of pro­cess­ing over the data con­troller, they are oblig­ed to noti­fy all recip­i­ents to whom your per­son­al data have been dis­closed of the cor­rec­tion or era­sure of the data or restric­tion of pro­cess­ing, unless this proves to be impos­si­ble or involves a dis­pro­por­tion­ate effort.

You reserve the right to be informed about the recip­i­ents of your data by the data con­troller.

  1. Right to data porta­bil­i­ty

You have the right to receive your per­son­al data giv­en to the data con­troller in a struc­tured, stan­dard and machine-read­able for­mat. In addi­tion, you have the right to trans­fer this data to anoth­er per­son with­out hin­drance by the data con­troller who was ini­tial­ly giv­en the data, giv­en that

on or exe­cu­tion of a con­tract between you and the
data con­troller,
• is per­mit­ted by the Union or Mem­ber State leg­is­la­tion to which the data
con­troller is sub­ject, and where such leg­is­la­tion con­tains appro­pri­ate mea­sures
to safe­guard your rights and free­doms and legit­i­mate inter­ests, or
• with your expressed con­sent.
How­ev­er, these deci­sions must not be based on spe­cial cat­e­gories of per­son­al data
under Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and rea­son­able
mea­sures have been tak­en to pro­tect the rights and free­doms as well as your
legit­i­mate inter­ests.
With regard to the cas­es referred to in (1) and (3), the data con­troller shall take
appro­pri­ate mea­sures to uphold your rights and free­doms as well as your legit­i­mate
inter­ests, includ­ing the right to obtain assis­tance from the data con­troller or their
rep­re­sen­ta­tive, to express your opin­ion on the mat­ter, and to con­test the deci­sion.
10. Right to com­plain to a super­vi­so­ry author­i­ty
With­out prej­u­dice to any oth­er admin­is­tra­tive or judi­cial rem­e­dy, you shall have the
right to com­plain to a super­vi­so­ry author­i­ty, in the Mem­ber State of their res­i­dence,
place of work or place of alleged infringe­ment, if you believe that the pro­cess­ing of
the per­son­al data con­cern­ing you vio­lates the GDPR.
The super­vi­so­ry author­i­ty to which the com­plaint has been sub­mit­ted shall inform the
com­plainant of the sta­tus and results of the com­plaint, includ­ing the pos­si­bil­i­ty of a
judi­cial rem­e­dy pur­suant to Art. 78 GDPR.
V. Pro­vi­sion of web­site and cre­ation of log files
1. Descrip­tion and scope of data pro­cess­ing
Each time our web­site is accessed, our sys­tem auto­mat­i­cal­ly col­lects data and rel­e­vant
infor­ma­tion from the com­put­er sys­tem of the call­ing device.
The fol­low­ing data is col­lect­ed:
• Brows­er type and ver­sion used
• The user’s oper­at­ing sys­tem
• The user’s inter­net ser­vice provider
• The IP address of the user
• Date and time of access
• Web pages from which the user’s sys­tem accessed our web­site
• Web pages accessed by the user’s sys­tem through our web­site
This data is stored in the log files of our sys­tem. This data is not stored togeth­er with
oth­er per­son­al data of the user.
2. Pur­pose of data pro­cess­ing
The tem­po­rary stor­age of the IP address by the sys­tem is nec­es­sary for the deliv­ery of
the web­site to the com­put­er of the user. For this pur­pose, the user’s IP address must
be kept for the dura­tion of the ses­sion.
The stor­age in log­files is done to ensure the func­tion­al­i­ty of the web­site. The data is
also used to opti­mise the web­site and to ensure the secu­ri­ty of our IT sys­tems. An
analy­sis of the data for mar­ket­ing pur­pos­es does not take place.
For the afore­men­tioned pur­pos­es, our legit­i­mate inter­est lies in the pro­cess­ing of data
in com­pli­ance with Art. 6 para. 1 s. 1 lit. f GDPR.
3. Legal basis for data pro­cess­ing
The legal basis for the tem­po­rary stor­age of data and log­files is Art. 6 para. 1 s. 1 lit. f
GDPR.
4. Dura­tion of stor­age
The data will be delet­ed as soon as it is no longer nec­es­sary for the pur­pose of its
col­lec­tion. The ses­sion is com­plete when the col­lec­tion of data for the pro­vi­sion of the
web­site is accom­plished.
If the data is stored in log files, this is the case after sev­en days at the lat­est. Stor­age
beyond this is pos­si­ble. In this case, the IP address­es of the users are delet­ed or
alien­at­ed so that an assign­ment of the call­ing client is not pos­si­ble.
5. Objec­tion and removal
The data sub­ject hast he opor­tu­ni­ty to get his data removed at any time via e-mail to
info@carlnann.com.
VI. Use of cook­ies
1. Descrip­tion and scope of data pro­cess­ing
Our web­site uses cook­ies. Cook­ies are text files that are stored in the inter­net brows­er
or the inter­net brows­er on the user’s com­put­er sys­tem. If a user calls up a web­site, a
cook­ie can be stored on the user’s oper­a­tion sys­tem. These cook­ies con­tain a string of
char­ac­ters that allows the brows­er to be unique­ly iden­ti­fied when the web­site is
reopened.
We use cook­ies to make our web­site more user-friend­ly. Some ele­ments of our
web­site require the call­ing brows­er to be iden­ti­fied even after a page break.
The fol­low­ing data is stored and trans­mit­ted in the cook­ies:
• Lan­guage set­tings
We also use cook­ies on our web­site, which enable us to analyse the brows­ing
behav­iour of our users.
As a result, the fol­low­ing data will be trans­mit­ted:
• Fre­quen­cy of page views
• Use of web­site func­tion­al­i­ties
The user data col­lect­ed in this man­ner is pseu­do­nymised by tech­ni­cal mea­sures. It is
there­fore not pos­si­ble to assign the data to the user access­ing the site. The data is not
stored togeth­er with oth­er per­son­al data of the users.
2. Pur­pose of data pro­cess­ing
The pur­pose of using tech­ni­cal cook­ies is to sim­pli­fy the use of web­sites for users.
Some func­tions of our web­site can­not be offered with­out the use of cook­ies. These
require that the brows­er is recog­nised even after a page change.
We need cook­ies for the fol­low­ing appli­ca­tions:
• Apply­ing lan­guage set­tings
The user data col­lect­ed by tech­ni­cal cook­ies are not used to cre­ate user pro­files.
The analy­sis cook­ies are used for the pur­pose of improv­ing the qual­i­ty of our web­site
and its con­tent. Through the analy­sis cook­ies, we learn how the web­site is used and
thus can con­stant­ly opti­mise our offer.
We use those cook­ies for the imple­men­ta­tion of Google Ana­lyt­ics.
3. Legal basis for data pro­cess­ing
The legal basis for the pro­cess­ing of per­son­al data using cook­ies is Art. 6 para. 1 s. 1
lit. a GDPR.
The legal basis for the pro­cess­ing of per­son­al data using tech­ni­cal cook­ies is Art. 6
Para. 1 S. 1 lit. f GDPR.
4. Dura­tion of stor­age and pos­si­bil­i­ty of objec­tion and removal
Cook­ies are stored on the user’s device and trans­mit­ted to our site by the user.
There­fore, you as a user also have full con­trol over the use of cook­ies. You can
deac­ti­vate or restrict the trans­mis­sion of cook­ies by chang­ing the set­tings in your
Inter­net brows­er. Cook­ies that have already been saved can be delet­ed at any time.
This can also be done auto­mat­i­cal­ly. If cook­ies are deac­ti­vat­ed for our web­site, it is
pos­si­ble that not all func­tions of the web­site can be used to their full extent.
If you use the Safari brows­er ver­sion 12.1 or high­er, cook­ies will be auto­mat­i­cal­ly
delet­ed after sev­en days. This also applies to opt-out cook­ies, which are used to
pre­vent the use of track­ing mech­a­nisms.
VII. Newslet­ter
1. Descrip­tion and scope of data pro­cess­ing
You can sub­scribe to a newslet­ter on our web­site free of charge. When sub­scrib­ing for
the newslet­ter, the data from the input mask is trans­mit­ted to us.
• Email address
• Last name
• First name
• Date and time of reg­is­tra­tion
No data will be passed on to third par­ties in con­nec­tion with data pro­cess­ing for the
dis­patch of newslet­ters. The data will be used exclu­sive­ly for send­ing the newslet­ter.
2. Pur­pose of data pro­cess­ing
The col­lec­tion of the user’s Email address serves the pur­pose to deliv­er the newslet­ter
to the recip­i­ent.
The col­lec­tion of addi­tion­al per­son­al data as part of the reg­is­tra­tion process serves
the pur­pose to pre­vent mis­use of the ser­vices or the Email address used.
3. Legal basis for data pro­cess­ing
The legal basis for the pro­cess­ing of data by the user after reg­is­tra­tion for the
newslet­ter is Art. 6 para. 1 S. 1 lit. a GDPR if the user has giv­en his con­sent.
4. Dura­tion of stor­age
The data will be delet­ed as soon as it is no longer nec­es­sary to achieve the pur­pose
for which it was col­lect­ed. The user’s Email address will there­fore be stored as long as
the newslet­ter sub­scrip­tion is active.
The oth­er per­son­al data col­lect­ed in the course of the reg­is­tra­tion process is gen­er­al­ly
delet­ed after a peri­od of sev­en days.
5. Objec­tion and removal
The sub­scrip­tion for the newslet­ter can be can­celled by the data sub­ject at any time.
For this pur­pose every newslet­ter con­tains an opt-out link.
Through this, it is also pos­si­ble to revoke the con­sent to the stor­age of per­son­al data
col­lect­ed dur­ing the reg­is­tra­tion process.
VIII. Con­tact via Email
1. Descrip­tion and scope of data pro­cess­ing
You can con­tact us via the Email address pro­vid­ed on our web­site. In this case the
per­son­al data of the user trans­mit­ted with the Email will be stored.
The data will be used exclu­sive­ly for the pro­cess­ing of the con­ver­sa­tion.
2. Pur­pose of data pro­cess­ing
If you con­tact us via Email, this also con­sti­tutes the nec­es­sary legit­i­mate inter­est in the
pro­cess­ing of the data.
3. Legal basis for data pro­cess­ing
If the user has giv­en con­sent, the legal basis for pro­cess­ing the data is Art. 6 para. 1
lit. a GDPR.
The legal basis for the pro­cess­ing of data trans­mit­ted in the course of send­ing an
Email is Art. 6 para. 1 lit. f GDPR. If the pur­pose of the Email con­tact is to con­clude a
con­tract, the addi­tion­al legal basis for the pro­cess­ing is Art. 6 para. 1 lit. b GDPR.
4. Dura­tion of stor­age
The data will be delet­ed as soon as it is no longer nec­es­sary to achieve the pur­pose
for which it was col­lect­ed. For per­son­al data sent by Email, this is the case when the
respec­tive con­ver­sa­tion with the user has end­ed. The con­ver­sa­tion ends when it can
be con­clud­ed from the cir­cum­stances that the mat­ter in ques­tion has been
con­clu­sive­ly resolved.
The addi­tion­al per­son­al data col­lect­ed dur­ing the send­ing process will be delet­ed
after a peri­od of sev­en days at the lat­est.
5. Objec­tion and removal
The user has the pos­si­bil­i­ty to revoke the con­sent to the pro­cess­ing of their per­son­al
data at any time. If the user con­tacts us by Email to info@carlnann.com, he can object
to the stor­age of his per­son­al data at any time. In such a case, the con­ver­sa­tion
can­not be con­tin­ued.
In this case, all per­son­al data stored in the course of estab­lish­ing con­tact will be
delet­ed.
IX. Con­tact form
1. Descrip­tion and scope of data pro­cess­ing
A Con­tact form is avail­able on our web­site, which can be used for elec­tron­ic con­tact. If
a user makes use of this option, the data entered in the input mask will be trans­mit­ted
to us and stored.
When send­ing the mes­sage the fol­low­ing data will also be stored:
• Email address
• Last name
• First name
• Date and time of con­tact
As part of the send­ing process, your con­sent will be obtained for the pro­cess­ing of
your data and ref­er­ence will be made to this pri­va­cy pol­i­cy.
Alter­na­tive­ly, you can con­tact us via the Email address pro­vid­ed. In this case the
per­son­al data of the user trans­mit­ted with the Email will be stored.
The data will be used exclu­sive­ly for the pro­cess­ing of the con­ver­sa­tion.
2. Pur­pose of data pro­cess­ing
The pro­cess­ing of the per­son­al data from the input mask serves us exclu­sive­ly for the
pur­pose of estab­lish­ing con­tact. If you con­tact us by Email, this also con­sti­tutes our
nec­es­sary legit­i­mate inter­est in the pro­cess­ing of the data.
The oth­er per­son­al data processed dur­ing the send­ing process serve to pre­vent
mis­use of the Con­tact form and to ensure the secu­ri­ty of our infor­ma­tion tech­nol­o­gy
sys­tems.
3. Legal basis for data pro­cess­ing
The legal basis for the pro­cess­ing of the data is Art. 6 para. 1 s. 1 lit. a GDPR if the user
has giv­en his con­sent.
The legal basis for the pro­cess­ing of data trans­mit­ted in the course of send­ing an
Email is Art. 6 Para. 1 S. 1 lit. f GDPR. If the pur­pose of the Email con­tact is to con­clude
a con­tract, the addi­tion­al legal basis for the pro­cess­ing is Art. 6 para. 1 sen­tence 1 lit.
b GDPR.
4. Dura­tion of stor­age
The data will be delet­ed as soon as they are no longer nec­es­sary to achieve the
pur­pose for which they were col­lect­ed. For the per­son­al data from the input mask of
the Con­tact form and those sent by Email, this is the case when the respec­tive
con­ver­sa­tion with the user has end­ed. The con­ver­sa­tion ends when it can be inferred
from the cir­cum­stances that the facts in ques­tion have been con­clu­sive­ly clar­i­fied.
The addi­tion­al per­son­al data col­lect­ed dur­ing the send­ing process will be delet­ed
after a peri­od of sev­en days at the lat­est.
5. Objec­tion and removal
The user has the pos­si­bil­i­ty to revoke the con­sent to the pro­cess­ing of their per­son­al
data at any time. If the user con­tacts us by Email to info@carlnann.com, he can object
to the stor­age of his per­son­al data at any time. In such a case, the con­ver­sa­tion
can­not be con­tin­ued.
In this case, all per­son­al data stored in the course of estab­lish­ing con­tact will be
delet­ed.
X. Appli­ca­tion via Email and appli­ca­tion form
1. Scope of pro­cess­ing per­son­al data
There is an appli­ca­tion form on our web­site which can be used for elec­tron­ic
appli­ca­tions. If an appli­cant makes use of this pos­si­bil­i­ty, the data entered in the input
mask will be trans­mit­ted to us and stored. The data is:
• First name
• Last name
• Email address
Your con­sent will be obtained for the pro­cess­ing of your data as part of the send­ing
process and ref­er­ence will be made to this pri­va­cy pol­i­cy.
Alter­na­tive­ly, you can send us your appli­ca­tion by email. In this case, we col­lect your
email address and the infor­ma­tion you pro­vide in the email.
After send­ing your appli­ca­tion, you will receive con­fir­ma­tion of receipt of your
appli­ca­tion doc­u­ments from us by email.
Your data will not be passed on to third par­ties. The data will be used exclu­sive­ly for
pro­cess­ing your appli­ca­tion.
2. Pur­pose of data pro­cess­ing
The pro­cess­ing of per­son­al data from the appli­ca­tion form serves us sole­ly to process
your appli­ca­tion. If you con­tact us by email, this also con­sti­tutes the nec­es­sary
legit­i­mate inter­est in the pro­cess­ing of the data.
The oth­er per­son­al data processed dur­ing the send­ing process serve to pre­vent
mis­use of the appli­ca­tion form and to ensure the secu­ri­ty of our infor­ma­tion
tech­nol­o­gy sys­tems.
3. Legal basis for data pro­cess­ing
The legal basis for the pro­cess­ing of the data is the ini­ti­a­tion of the con­trac­tu­al
rela­tion­ship at the request of the data sub­ject, Art. 6 Para. 1 S.1 lit. b Alt. 1 GDPR and §
26 para. 1 s. 1 BDSG.
4. Dura­tion of stor­age
After com­ple­tion of the appli­ca­tion pro­ce­dure, the data will be stored for up to six
months. Your data will be delet­ed after six months at the lat­est. In the event of a legal
oblig­a­tion, the data will be stored with­in the frame­work of the applic­a­ble pro­vi­sions.
The addi­tion­al per­son­al data col­lect­ed dur­ing the send­ing process will be delet­ed
after a peri­od of sev­en days at the lat­est.
5. Objec­tion and removal
The appli­cant has the pos­si­bil­i­ty to object to the pro­cess­ing of per­son­al data at any
time. If the appli­cant con­tacts us by email, he can object to the stor­age of his per­son­al
data at any time. In such a case, your appli­ca­tion will no longer be con­sid­ered.
The appli­cant has the pos­si­bil­i­ty at any time to request us by email to change or
delete his data.
All per­son­al data stored in the course of elec­tron­ic appli­ca­tions will be delet­ed in this
case.
XI. Cor­po­rate web appear­ances
Use of cor­po­rate pres­ences on social net­works
Insta­gram:
Insta­gram, Part of Face­book Ire­land Ltd., 4 Grand Canal Square Grand Canal Har­bour,
Dublin 2 Ire­land
On our com­pa­ny web­site we pro­vide infor­ma­tion and offer Insta­gram users the
pos­si­bil­i­ty of com­mu­ni­ca­tion. If you car­ry out an action on our Insta­gram com­pa­ny
web­site (e.g. com­ments, con­tri­bu­tions, likes etc.), you may make per­son­al data (e.g.
clear name or pho­to of your user pro­file) pub­lic. How­ev­er, as we gen­er­al­ly or to a
large extent have no influ­ence on the pro­cess­ing of your per­son­al data by Insta­gram,
the com­pa­ny joint­ly respon­si­ble for the [name of the cus­tomer] – com­pa­ny
appear­ance, we can­not make any bind­ing state­ments regard­ing the pur­pose and
scope of the pro­cess­ing of your data.
Our cor­po­rate pres­ence in social net­works is used for com­mu­ni­ca­tion and infor­ma­tion
exchange with (poten­tial) cus­tomers. In par­tic­u­lar, we use the company’s pres­ence for:
Pub­lic image of the com­pa­ny and dis­play of job vacan­cies
Pub­li­ca­tions on the com­pa­ny appear­ance can con­tain the fol­low­ing con­tent:
• Infor­ma­tion about ser­vices
• job vacan­cies
Every user is free to pub­lish per­son­al data through activ­i­ties.
The legal basis for data pro­cess­ing is Art. 6 para. 1 S.1 lit. a GDPR.
The data gen­er­at­ed on the com­pa­ny appear­ance are not stored in our own sys­tems.
Insta­gram has signed and is cer­ti­fied under the Pri­va­cy Shield Agree­ment signed
between the Euro­pean Union and the Unit­ed States. This ensures Instagram’s
com­mit­ment to com­ply with the stan­dards and reg­u­la­tions of Euro­pean data
pro­tec­tion law. Fur­ther infor­ma­tion can be found in the fol­low­ing linked
entry: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=A
ctive
You can object at any time to the pro­cess­ing of your per­son­al data that we col­lect
with­in the frame­work of your use of our Insta­gram cor­po­rate web pres­ence and assert
your rights as a data sub­ject men­tioned under IV. of this pri­va­cy pol­i­cy. Please send us
an infor­mal Email to E-Mail to info@carlnann.com. For fur­ther infor­ma­tion on the
pro­cess­ing of your per­son­al data by Insta­gram and the cor­re­spond­ing objec­tion
options, please click here:
Insta­gram: https://help.instagram.com/519522125107875
XII. Use of cor­po­rate pres­ences in pro­fes­sion­al­ly ori­ent­ed net­works
1. Scope of data pro­cess­ing
We use cor­po­rate pres­ences on pro­fes­sion­al­ly ori­ent­ed net­works. We main­tain a
cor­po­rate pres­ence on the fol­low­ing pro­fes­sion­al­ly ori­ent­ed net­works:
LinkedIn:
LinkedIn, Unlim­it­ed Com­pa­ny Wilton Place, Dublin 2, Irle­and
XING:
XING SE, Damm­torstrasse 30, 20354 Ham­burg, Ger­many
On our site we pro­vide infor­ma­tion and offer users the pos­si­bil­i­ty of com­mu­ni­ca­tion.
The cor­po­rate pres­ence is used for job appli­ca­tions, information/PR and active
sourc­ing.
We do not have any infor­ma­tion on the pro­cess­ing of your per­son­al data by the
com­pa­nies joint­ly respon­si­ble for the cor­po­rate pres­ence. Fur­ther infor­ma­tion can be
found in the pri­va­cy pol­i­cy of:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/de/datenschutzerklaerung
If you car­ry out an action on our com­pa­ny web­site (e.g. com­ments, con­tri­bu­tions, likes
etc.), you may make per­son­al data (e.g. clear name or pho­to of your user pro­file)
pub­lic.
2. Legal basis for data pro­cess­ing
The legal basis for the pro­cess­ing of your data in con­nec­tion with the use of our
cor­po­rate web pres­ence is Art. 6 Para. 1 S.1 lit.f GDPR.
3. Pur­pose of the data pro­cess­ing
Our cor­po­rate web pres­ence serves to inform users about our ser­vices. Every user is
free to pub­lish per­son­al data through activ­i­ties.
4. Dura­tion of stor­age
We store your activ­i­ties and per­son­al data pub­lished via our cor­po­rate web pres­ence
until you revoke your con­sent. In addi­tion, we com­ply with the statu­to­ry reten­tion
peri­ods.
5. Objec­tion and removal
You can object at any time to the pro­cess­ing of your per­son­al data which we col­lect
with­in the scope of your use of our cor­po­rate web pres­ence and assert your rights as
a data sub­ject men­tioned under IV. of this pri­va­cy pol­i­cy. Please send us an infor­mal
Email to the Email address stat­ed in this pri­va­cy pol­i­cy.
LinkedIn has also signed and is cer­ti­fied under the Pri­va­cy Shield Agree­ment between
the Euro­pean Union and the Unit­ed States. LinkedIn com­mits itself to com­ply with the
stan­dards and reg­u­la­tions of the Euro­pean data pro­tec­tion law. Fur­ther infor­ma­tion
can be found in the fol­low­ing linked
entry: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Ac
tive
You can find fur­ther infor­ma­tion on objec­tion and removal options here:
LinkedIn:
https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
XING:
https://privacy.xing.com/de/datenschutzerklaerung
XIII. Host­ing
The web­site is host­ed on servers of a ser­vice provider com­mis­sioned by us.
Our ser­vice provider is:
1&1 IONOS SE, Elgen­dor­fer Str. 57, 56410 Montabaur, Ger­many
The servers auto­mat­i­cal­ly col­lect and store infor­ma­tion in so-called serv­er log files,
which your brows­er auto­mat­i­cal­ly trans­mits when you vis­it the web­site. The stored
infor­ma­tion are:
• Brows­er type and ver­sion
• Used oper­at­ing sys­tem
• Refer­rer URL
• Host­name of the access­ing com­put­er
• Time and date of the serv­er request
• IP address of the user’s device
This data will not be merged with oth­er data sources. The data is col­lect­ed on the
basis of Art. 6 para. 1 lit. f GDPR. The web­site oper­a­tor has a legit­i­mate inter­est in the
tech­ni­cal­ly error-free pre­sen­ta­tion and opti­miza­tion of his web­site – for this the serv­er
log files must be record­ed.
The serv­er of the web­site is geo­graph­i­cal­ly locat­ed in Ger­many.
XIV. Usage of Plu­g­ins
We use plu­g­ins for var­i­ous pur­pos­es. The plu­g­ins used are list­ed below:
Use of Google Ana­lyt­ics
1. Scope of pro­cess­ing of per­son­al data
We use Google Ana­lyt­ics, a web analy­sis ser­vice pro­vid­ed by Google LLC, 1600
Amphithe­atre Park­way, Moun­tain View, CA 94043, USA and its rep­re­sen­ta­tive in the
Union Google Ire­land Ltd., Gor­don House, Bar­row Street, D04 E5W5, Dublin, Ire­land
(Here­inafter referred to as Google). Google Ana­lyt­ics exam­ines, among oth­er things,
the ori­gin of vis­i­tors, their length of stay on indi­vid­ual pages and the use of search
engines, thus allow­ing bet­ter mon­i­tor­ing of the suc­cess of adver­tis­ing cam­paigns.
Google places a cook­ie on your com­put­er. This allows per­son­al data to be stored and
eval­u­at­ed, in par­tic­u­lar the user’s activ­i­ty (in par­tic­u­lar which pages have been vis­it­ed
and which ele­ments have been clicked on), device and brows­er infor­ma­tion (in
par­tic­u­lar the IP address and the oper­at­ing sys­tem), data on the adver­tise­ments
dis­played (in par­tic­u­lar which adver­tise­ments have been dis­played and whether the
user has clicked on them) and also data on adver­tis­ing part­ners (in par­tic­u­lar
pseu­do­nymised user IDs). The infor­ma­tion gen­er­at­ed by the cook­ie about your use of
this web­site will be trans­mit­ted to and stored by Google on servers in the Unit­ed
States. How­ev­er, if IP anonymiza­tion is enabled on this online pres­ence, Google will
pre­vi­ous­ly trun­cate your IP address with­in mem­ber states of the Euro­pean Union or
oth­er sig­na­to­ry states to the Agree­ment on the Euro­pean Eco­nom­ic Area. Only in
excep­tion­al cas­es is the full IP address trans­mit­ted to a Google serv­er in the USA and
short­ened there.
Google has signed and is cer­ti­fied under the Pri­va­cy Shield Agree­ment between the
Euro­pean Union and the Unit­ed States. By doing so, Google is com­mit­ted to
com­ply­ing with the stan­dards and reg­u­la­tions of Euro­pean data pro­tec­tion law. More
infor­ma­tion can be found in the fol­low­ing linked entry:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
IP anonymiza­tion is active on this online pres­ence. On behalf of the oper­a­tor of this
online pres­ence, Google will use this infor­ma­tion to eval­u­ate your use of the online
pres­ence, to com­pile reports on the activ­i­ties of the online pres­ence and to pro­vide
fur­ther ser­vices asso­ci­at­ed with the use of the online pres­ence and the Inter­net use to
the oper­a­tor of the online pres­ence. The IP address trans­mit­ted by your brows­er as
part of Google Ana­lyt­ics is not com­bined with oth­er data from Google. You may
refuse the use of cook­ies by select­ing the appro­pri­ate set­tings on your brows­er,
how­ev­er please note that if you do this you may not be able to use the full
func­tion­al­i­ty of our website.\Further infor­ma­tion on the col­lec­tion and stor­age of data
by Google can be found here:
https://policies.google.com/privacy?gl=EN&hl=en
2. Pur­pose of data pro­cess­ing
The pur­pose of pro­cess­ing per­son­al data is to specif­i­cal­ly address a tar­get group that
has already expressed an ini­tial inter­est by vis­it­ing the site.
3. Legal basis for the pro­cess­ing of per­son­al data
The legal basis for the pro­cess­ing of per­son­al data is the user’s giv­en con­sent in
accor­dance with Art. 6 para. 1 S.1 lit. a GDPR.
4. Dura­tion of stor­age
Your per­son­al infor­ma­tion will be stored for as long as is nec­es­sary to ful­fill the
pur­pos­es described in this Pri­va­cy Pol­i­cy or as required by law. Adver­tis­ing data in
serv­er logs is anonymized by Google’s own state­ments to delete parts of the IP
address and cook­ie infor­ma­tion after 9 and 18 months respec­tive­ly.
5. Pos­si­bil­i­ty of revo­ca­tion of con­sent and removal
You have the right to revoke your dec­la­ra­tion of con­sent under data pro­tec­tion law at
any time. The revo­ca­tion of the con­sent does not affect the law­ful­ness of the
pro­cess­ing car­ried out on the basis of the con­sent up to the revo­ca­tion.
You may pre­vent the col­lec­tion and pro­cess­ing of your per­son­al data by Google by
pre­vent­ing the stor­age of cook­ies by third par­ties on your com­put­er, by using the “Do
Not Track” func­tion of a sup­port­ing brows­er, by deac­ti­vat­ing the exe­cu­tion of script
code in your brows­er or by installing a script block­er such as NoScript
(https://noscript.net/) or Ghostery (https://www.ghostery.com) in your brows­er. your
IP address) to Google and to pre­vent the pro­cess­ing of this data by Google by
down­load­ing and installing the brows­er plug-in avail­able under the fol­low­ing link:
https://tools.google.com/dlpage/gaoptout?hl=en
With the fol­low­ing link you can deac­ti­vate the use of your per­son­al data by Google:
https://adssettings.google.de\Further infor­ma­tion on objec­tion and removal options
against Google can be found at:
https://policies.google.com/privacy?gl=EN&hl=en
Use of WPML
1. Scope of pro­cess­ing of per­son­al data
We use WPML of OnTheGoSys­tems Lim­it­ed, 22/F 3 Lock­hart Road, Wan­chai, Hong
Kong (Here­inafter referred to as WPML). WPML is a mul­ti­lin­gual plu­g­in for Word­Press.
We use WPML to present our online pres­ence in dif­fer­ent lan­guages. When you vis­it
our online pres­ence, WPML stores a cook­ie on your device to store the lan­guage
set­ting you have select­ed. This allows per­son­al data to be stored and eval­u­at­ed, in
par­tic­u­lar the user’s activ­i­ty (in par­tic­u­lar which pages have been vis­it­ed and which
ele­ments have been clicked on) as well as device and brows­er infor­ma­tion (in
par­tic­u­lar the IP address and the oper­at­ing sys­tem). \Fur­ther infor­ma­tion on the
col­lec­tion and stor­age of data by WPML can be found here:
https://wpml.org/documentation/privacy-policy-and-GDPR-compliance
Pur­pose of the data pro­cess­ing of per­son­al data
The use of WPML serves to be able to rep­re­sent our online pres­ence mul­ti­lin­gual­ly.
3. Legal basis for the pro­cess­ing of per­son­al data
The legal basis for data pro­cess­ing is Art. 6 para. 1 S.1 lit. f GDPR. Our legit­i­mate
inter­est lies in address­ing vis­i­tors to our online pres­ence in their native lan­guage.
4. Dura­tion of stor­age
WPML stores cook­ies on your ter­mi­nal. You can find infor­ma­tion on the stor­age
dura­tion of cook­ies at: https://wpml.org/documentation/privacy-policy-and-GDPRcompliance
5. Pos­si­bil­i­ty of objec­tion and removal
You can pre­vent WPML from col­lect­ing and pro­cess­ing your per­son­al data by
pre­vent­ing the stor­age of third-par­ty cook­ies on your com­put­er, by using the “Do Not
Track” func­tion of a sup­port­ing brows­er, by deac­ti­vat­ing the exe­cu­tion of script code
in your brows­er, or by installing a script block­er such as NoScript
(https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.\You
can find fur­ther infor­ma­tion on objec­tion and removal options against WPML at:
https://wpml.org/documentation/privacy-policy-and-GDPR-compliance
Use of MailChimp
1. Scope of pro­cess­ing of per­son­al data
We use the ser­vice provider MailChimp of The Rock­et Sci­ence Group, LLC, 512 Means
Street, Suite 404, Atlanta, GA 30318, USA (Here­inafter referred to as MailChimp) to
send our newslet­ter. MailChimp is a provider for email mar­ket­ing and enables us to
com­mu­ni­cate direct­ly with poten­tial cus­tomers via email newslet­ters. If you reg­is­ter
for the newslet­ter, the data you enter when reg­is­ter­ing for the newslet­ter will be
trans­ferred to MailChimp and stored there. This allows fur­ther per­son­al data to be
stored and eval­u­at­ed, in par­tic­u­lar the user’s activ­i­ty (in par­tic­u­lar which pages have
been vis­it­ed and which ele­ments have been clicked) and device and brows­er
infor­ma­tion (in par­tic­u­lar the IP address and oper­at­ing sys­tem). MailChimp has signed
the Pri­va­cy-Shield-Agree­ment between the Euro­pean Union and the USA and is
cer­ti­fied. MailChimp com­mits itself to com­ply with the stan­dards and reg­u­la­tions of
the Euro­pean data pro­tec­tion law. Fur­ther infor­ma­tion can be found in the fol­low­ing
linked entry:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active
There­fore your data will also be stored by MailChimp. Your data will not be passed on
to third par­ties to receive the newslet­ter and MailChimp does not have the right to
pass on your data. After reg­is­tra­tion MailChimp will send you an email to con­firm
your reg­is­tra­tion. In addi­tion, MailChimp offers var­i­ous analy­sis options on how the
sent newslet­ters are opened and used, e.g. how many users an email was sent to,
whether emails were reject­ed and whether users unsub­scribed from the list after
receiv­ing an email. \Fur­ther infor­ma­tion on the col­lec­tion and stor­age of data by
MailChimp can be found here:
https://MailChimp.com/legal/privacy/
2. Pur­pose of data pro­cess­ing
The per­son­al data col­lect­ed dur­ing reg­is­tra­tion for the newslet­ter will be used
exclu­sive­ly for send­ing our newslet­ter, pos­si­bly for invi­ta­tions to events and, if you are
already our cus­tomer, for our cus­tomer e-mail. Fur­ther­more, sub­scribers to the
newslet­ter could be informed by e-mail if this is nec­es­sary for the oper­a­tion of the
newslet­ter ser­vice or reg­is­tra­tion in this respect, as might be the case in the event of
changes to the newslet­ter offer­ing or changes to the tech­ni­cal con­di­tions.
3. Legal basis for the pro­cess­ing of per­son­al data
The legal basis for the pro­cess­ing of per­son­al data is the user’s giv­en con­sent in
accor­dance with Art. 6 para. 1 S.1 lit. a GDPR.
4. Dura­tion of stor­age
Your per­son­al infor­ma­tion will be stored for as long as is nec­es­sary to ful­fill the
pur­pos­es described in this Pri­va­cy Pol­i­cy or as required by law. In addi­tion, you can
con­tact MailChimp and request the dele­tion of your data.
5. Pos­si­bil­i­ty of revo­ca­tion of con­sent and removal
You have the right to revoke your dec­la­ra­tion of con­sent under data pro­tec­tion law at
any time. The revo­ca­tion of the con­sent does not affect the law­ful­ness of the
pro­cess­ing car­ried out on the basis of the con­sent up to the revo­ca­tion.
Your con­sent to the stor­age of the data, as well as their use for the dis­patch of the
newslet­ter by MailChimp can be revoked at any time. You can exer­cise your right of
with­draw­al at any time by send­ing an email to MailChimp or by click­ing on the link
pro­vid­ed in each newsletter.\Further infor­ma­tion on objec­tion and removal options
against MailChimp can be found at:
https://MailChimp.com/legal/privacy/
XV. Inte­gra­tion of plu­g­ins via exter­nal ser­vice providers
1. Descrip­tion and scope of data pro­cess­ing
We inte­grate cer­tain plu­g­ins on our web­site via exter­nal ser­vice providers in the form
of con­tent deliv­ery net­works. When you access our web­site, a con­nec­tion is
estab­lished to the servers of the providers used by us to retrieve con­tent and store it
in the cache of the user’s brows­er. This allows per­son­al data to be stored and
eval­u­at­ed in serv­er log files, in par­tic­u­lar device and brows­er infor­ma­tion (e.g. IP
address and oper­at­ing sys­tem). We use the fol­low­ing ser­vices:
o Per­so­nio
2. Pur­pose of data pro­cess­ing
The use of the func­tions of these ser­vices serves the deliv­ery and accel­er­a­tion of
online appli­ca­tions and con­tent.
3. Legal basis for data pro­cess­ing
This data is col­lect­ed on the basis of Art. 6 para. 1 lit. f GDPR. The web­site oper­a­tor
has a jus­ti­fied inter­est in the tech­ni­cal­ly cor­rect pre­sen­ta­tion and opti­miza­tion of the
web­site.
4. Dura­tion of stor­age
Your per­son­al infor­ma­tion will be retained for as long as nec­es­sary to ful­fill the
pur­pos­es described in this Pri­va­cy Pol­i­cy or as required by law.
This pri­va­cy pol­i­cy has been cre­at­ed with the assis­tance of Data­Guard.

d

Lorem ipsum dolor sit amet, con­sectetuer adip­isc­ing elit. Aenean com­mo­do ligu­la eget dolor. Aenean mas­sa. Cum soci­is ultricies nec

0