Due to increased demand, current delivery times are longer than normal. Read more

Data Protection Statement of Canyon Bicycles GmbH

Data protection intro

Canyon Bicycles GmbH (hereinafter called CANYON) is pleased that you are visiting our website. Data protection and data safety while using our website are very important for us. Therefore, we would like to inform you at this point about which of your personal details we record at the time of your visit to our website and for what purposes these data are used.

Since changes in laws or changes in our internal company procedures may make amendments to this data protection statement necessary, we ask you to read through this data protection statement on a regular basis. The data protection statement can be called up on the data protection navigation area on our website, and it can be stored and printed out at any time.

§ 1 Responsible party and scope of validity.

The responsible party as defined in the EU General Data Protection Regulation (hereinafter GDPR) and other national data protection laws of the member states as well as other legal data protection specifications is:

Canyon Bicycles GmbH
Karl-Tesche-Straße 12
56073 Koblenz
Tel.: +49 261 9490 3000
E-Mail: privacy@canyon.com
Website: https://www.canyon.com

This data protection statement is valid for the Internet offer of Canyon Bicycles GmbH, which can be found at the domain www.canyon.com and www.career.canyon.com as well as the different sub-domains (hereinafter called ‘our website’).

§ 2 Data protection officer

The external data protection officer of the responsible party is:

Attorney Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln
Tel.: +49 (0)221 – 222 183 – 0
E-Mail: mail@kinast.eu
Website: http://www.kinast.eu

§ 3 Data processing principles

All items of information that refer to an identified or identifiable natural person constitute personal details. For example, this includes information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or the user behaviour. Information, with which we can make no reference (or only at disproportionately great expense) to your person, e.g. by anonymising the information, does not constitute personal data. The processing of personal data (for example, collecting, questioning, using, storing, or transmitting) always requires a legal basis or your consent. Processed personal data are erased as soon as the purpose of the processing has been achieved and legally stipulated retention obligations are no longer in effect. If we process your personal data for preparing specific offers, we will subsequently inform you about the specific procedures, the scope, and the purpose of the data processing, the legal basis for the processing and the respective storage duration.

§ 4 Individual processing procedures
1. Preparing and using the website

A. Type and scope of the data processing
Whenever you call up and use our website, we collect the personal data automatically. Your browser then transmits this to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which are technically necessary for us in order to display our website to you and to assure stability and reliability.

- IP address of the requesting computer,
- Date and time of the access,
- Name and URL of the requested file,
- Website, from which the access takes place (referrer URL),
- Browser used, terminal used, and, if appropriate, the operating system as well as the name of your access provider

B. Legal basis
Article 6, paragraph 1, (f) GDPR serves as the legal basis for the specified type of data processing. The processing of specified data is necessary for preparing a website and thus serves for supporting a justified interest of our company.

C. Storage duration
As soon as the specified data are no longer necessary for displaying the website, they are deleted. The recording of the data for preparing the website and the storage of the data in logfiles is absolutely required for the operation of the website. Consequently, there is no possibility of objection on the part of the user. Further storage can take place in individual cases, if this is legally stipulated.

2. Registration/User account

A. Type and scope of the data processing
On our website, we offer you the possibility of registeringThis involves you in providing us with your personal details.
We use the processed data to create a customised user account for you where you can create certain content and services including a wish list, order overview, list of preferred delivery addresses, message preferences etc. in partial self-administration. This way, you can use the content on our website.
We process your e-mail so that we can send you new login details in the event you forget them or the information required to create your account.
When you set your preferences in message settings and areas of interest, you consent to the e-mail address provided being used to send messages relevant to the information you provided. This consent can be withdrawn at any time by e-mailing privacy@canyon.com.
When you add products to your wish list, you consent that we send you e-mail reminders of the products saved on your wish list or information about them.
When you enable the reminder function for unavailable items, you consent that we send you e-mail reminders as soon as they become available again in our shop.
After initial registration, you must log in to your user account for future orders so that we can allocate your order to an existing account. You can of course place all your orders as guest orders, although you will not benefit from a range of services only available with user accounts.
The following overview shows the personal details we process during registration:

- Name
- e-mail address
- Date of birth (optional)
- Country and language
- IP address
- Gender

The following overview shows you the type of details we process from your information in a user account or via orders placed from a user account.

- Address
- Different delivery addresses, if applicable
- Order overview
- Message settings
- Wish list
- Height and leg length

To prevent any false data you provide from entering our system, we use an external service provider – loqate GBG – to validate the addresses, email addresses, and telephone numbers you submit. Further information about the processing of your data by external service providers can be found under § 6 of this data protection statement.

B. Legal basis
Processing the personal data provided (cf. section 4 2. a.) is based on Art. 6 paragraph 1 (b) GDPR.

C. Storage duration
As soon as the registration on our website is cancelled or modified, the data processed during the registration procedure are deleted. Further storage can take place in individual cases, if this is legally stipulated.

D. Cancelling registration
Users can cancel registration at any time. You can change your saved personal data at any time. To do this, proceed as follows: You can either make the changes yourself after logging into your customer account or e-mail privacy@canyon.com.
In the event the processed data are still required for contractual purposes or pre-contractual purposes, data can only be deleted early provided this is not prevented by any contractual or legal obligations.

3. Purchasing process

3.1 Goods purchase

A. Type and scope of the data processing
On our website, we offer users the possibility of purchasing goods with the specification of personal data, The data required for this are input into an input mask and transmitted to us and stored. Transfer of the data to third parties does not take place. The following data are collected within the framework of the ordering procedure:

- Form of address
- Name
- Address
- Telephone number
- e-mail address
- Payment information
- Type of shipping
- IP address

Your data are transferred to the shipping company in charge of the delivery, in so far as this is necessary for delivery of the goods. For transacting payments, we transfer your payment data to the financial institution entrusted with the payment. That company may only use your data for contract settlement and not for other purposes.
When you make a purchase on our website and therefore store your e-mail address, this address can be used by us to send you information on similar products or services. We are keen to maintain customer relations and we would like to send you information that we believe may be of interest to you.
If you need to interrupt the ordering process or cannot complete the purchase, we will send an e-mail to remind you of the items placed in your basket so that you can complete the process at a later date without having to collect all the items again. To do this, we use cookies. More information on using cookies can be found in section 7 (‘Using cookies’).

B. Legal basis
When processing your personal data (cf. section 4 3. a.) that are required for fulfilling a purchase agreement concluded with us, Art. 6, paragraph 1, (b) GDPR serves as the legal basis. This also applies for processing procedures that are required for carrying out pre-contractual measures.
The legal basis for sending information on similar goods or services as a result of the purchase of goods is section 7 paragraph 3 UWG [Act against unfair competition]. You can choose to stop receiving messages at any time by using the unsubscribe link at the end of the newsletter.

C. Storage duration
With complete settlement of the agreement and complete purchase price payment, your data are stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

3.2. Use of the 3D Secure 2.0 protocol for credit card payments

A. Type and scope of the data processing
When purchasing goods, you have the option of paying with your credit card. To guarantee enhanced security during payment processing, we now use the 3D Secure 2.0 protocol. With every transaction, data is transmitted to your credit card company. They can use this data to carry out a real-time risk assessment to identify you as the legitimate owner of the credit card. In order to process the credit card payment, we use the service provider Computop. Computop are contractually obliged to observe an appropriate standard of data protection – we have ensured this by means of an order processing contract. Your data will only be transferred to this service provider and will not be passed on to third parties.
When you pay with credit card, we collect the following data:

- Your credit card details.
- Transaction-related data, such as identification numbers required to assign transactions and merchants, as well as the purchase amount and currency.
- Browser data including information on the end device used and the location of the user. This includes IP address, screen resolution, and the browser language setting.
- The complete billing and delivery address of the order.
- Customer account data recorded from and about the customer’s existing account. This includes – but is not limited to – information about how long the account has existed, the number of transactions carried out within certain time intervals, and the frequency with which passwords and delivery addresses have been changed.
- Data on delivery details, such as shipping method, availability of the goods, the delivery time window, the email address (in the case of a shipment of digital goods) or the date of initial availability for products not yet published.

This data is collected by us solely to let credit card companies perform real-time risk assessments. If a transaction is classified as low-risk, you can authorise it directly, without the need for any further actions. However, if there is a suspicion of fraud, you will be asked to confirm your identity again by answering an additional security question. Data is processed in this way for two reasons. Firstly, to meet Strong Customer Authentication (SCA) protocol – guaranteeing better (and legally required) protection against fraud. And secondly, to simplify the purchase process.

B. Legal basis
The legal basis for this data processing is Article 6 (1), (C) and (F) of the General Data Protection Regulation. A legal obligation for data processing arises here from the EU Payment Services Directive (Directive (EU) 2015/2366), which requires Strong Customer Authentication. One way of fulfilling this obligation is to use the 3D Secure 2.0 process. In addition, we have a ‘legitimate interest’ in the form of an economic interest – the reduction of the purchase termination rate and the simplification of the ordering process. By means of case-by-case, data-based risk assessment, transactions can in most cases be released directly and without further buyer interaction, resulting in an improvement of the user experience.

C. Storage duration
With complete settlement of the agreement and complete purchase price payment, your data are stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

3.3 Financing Services Provider

A. Type and scope of the data processing
As part of the purchase of goods, we offer you the option of processing the purchase of goods via a payment services provider. The payment services provider used by us is BNP Paribas (for Germany, BNP Paribas S. A Branch Germany, Schwanthalerstrasse 31, 80336 Munich and for Austria, BNP Paribas Personal Finance S.A. Austria Branch, Ringstraßen-Galerien, Kärntner Ring 5-7, 4th Floor, 1010 Vienna).
The following data, inter alia, will be collected from you:

- First and last name
- Country, place and date of birth
- Nationality
- Address
- Telephone number
- E-mail address
- Budget data such as income

This data is collected by us exclusively for the fulfilment of the contractual relationship and passed on to the payment services provider for the processing of payments. The payment services provider may use your data solely for order processing and not for other purposes.

B. Legal basis
The legal basis for the processing of the above personal data (cf. Section 4 3.3. a.) is Article 6 (1)(b) GDBR, as this processing is necessary for the performance of the contract.

C. Storage duration
With complete settlement of the agreement and complete purchase price payment, your data is stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

4. Newsletter

A. Type and scope of the data processing
On our website, there is the possibility of subscribing to a free newsletter. In order to be able to send you the newsletter regularly, we need the following information from you:

- Name
- e-mail address

The following overview shows which additional processed information you can decide to share with us when registering for the newsletter. This information helps us optimise our newsletter and to share specific information with our newsletter subscribers.

- Form of address
- Name
- Date of birth
- Bicycle category of interest
- News category of interest

No transfer of your data to third parties takes place in connection with the sending of the newsletter.
We use the so-called double opt-in method for sending the newsletter, that is, we will send you the newsletter only if you confirm your request beforehand via a confirmation e-mail sent to you for this purpose per link contained therein. Thus, we want to make sure that only you can subscribe to the newsletter yourself as holder of the indicated e-mail address. Your confirmation concerning this must take place soon after receiving the confirmation e-mail, since otherwise your newsletter subscription is automatically erased from our database.

B. Legal basis
The processing of your e-mail address, form of address, your date of birth, and the bicycle and news category of interest for you for sending the newsletter is based on Article 6, paragraph 1, (a) GDPR on the consent statement issued by you on the basis of a double opt-in.

C. Storage duration
Your e-mail address is stored as long as you have subscribed to the newsletter. After cancellation of sending the newsletter, your e-mail address is erased. Further storage can take place in individual cases, if this is legally stipulated.

5. Contact form, including for Crash-Replacement guarantee, return and repair enquiries, chat and concerning our career section

A. Type and scope of the data processing
On our website we invite you to get in contact with us via a prepared form and Chat module. Within the framework of the procedure of sending your inquiries via the contact or Pre-Chat form, reference is made to this data protection statement for obtaining your consent. If you make use of the contact form or Chat module, the following personal data from you are processed via the contact form.

- Form of address
- Name
- e-mail address
- Telephone number
- the country of residence
- your customer number (for returns, repairs or CRP enquiries)
- your order number (for returns, repairs or CRP enquiries)
- model of your bike (for returns, repairs or CRP enquiries)
- your address (for returns or CRP enquiries)
- Photos and details to describe the problem (for repairs or CRP enquiries)

The specification of your e-mail address and the country of residence is so that your enquiry can be associated with you and that you can be answered. The above details are used to help us process your enquiry and relevant services. If the contact form is used, your personal data will not be transferred to third parties.

B. Legal basis
The previously (cf. section 4 5. a.) described data processing for the purpose of making contact takes place according to Article 6, paragraph 1, (b), (f) GDPR.

C. Storage duration
As soon as the enquiry made by you has been dealt with, and the matter concerned is finally clarified, your personal data processed via the contact form will be erased. Further storage can take place in individual cases, if this is legally stipulated.

6. Canyon Careers Section

A. Type and scope of the data processing
On our website we offer you the opportunity to apply online for our job vacancies and to become part of the Canyon family. If you apply online, the following data will be collected and processed in the context of the application process:

- your career stage,
- your name,
- your e-mail address,
- your phone number,
- your address,
- when you can be contacted,
- your application documents (letter of application, CV, testimonials, diplomas etc),
- links to your online profiles at XING and LinkedIn, if applicable
- your possible start date,
- your salary expectations
- and any other remarks you may have about the application process, if applicable.

The data entered online shall be collected and processed solely for the purpose of filling job vacancies at Canyon Bicycles GmbH. Only the departments and officers responsible in-house for the application process shall obtain access to your data. More extensive usage or the passing on of your application data to third parties shall not take place.

B. Legal basis
The legal basis for the processing of your personal data in the context of a job application is provided by Article 6, paragraph 1, (a) GDPR.

C. Storage duration
Your application data shall always be erased automatically six months after conclusion of the application process. This does not apply if legislative provisions countermand such erasure or if ongoing storage is required for evidence purposes. This can also apply for example if we are not currently able to offer a suitable vacancy, but find your profile of potential interest for possible future job openings. In particular when you apply on your own initiative, we can store and use your data in this way if you have specifically consented to this. This consent can be revoked at any time via the contact form in the careers section.
From a technical and organisational viewpoint, we have taken various precautions to protect your data. Any onward transmission of your online application is in encrypted format. Your data are saved to a database that is separate from all other systems, to which only the people responsible for this on the HR team have access.

7. Shipment tracking

A. Type and scope of the data processing
Orders can be tracked via our website. We require the following details from you for database enquiries:

- e-mail address
- Order number

No data are sent to third parties during shipment tracking.

B. Legal basis
The previously (cf. section 4 6. a.) described data processing for the purpose of tracking your order takes place according to Art. 6 section 1 (b) DSGVO.

C. Storage duration
With complete settlement of the agreement and complete purchase price payment, your data are stored for further use and erased after expiry of the legal tax and commercial law retention periods, if you have not expressly agreed to the further use of your data. Further storage can take place in individual cases, if this is legally stipulated.

§ 5 Transfer of data to third parties

We transfer your personal data to third parties only if:

- You have granted your express consent for this in accordance with Article 6, paragraph 1, sentence 1, (a) GDPR,
- this is legally permissible and required for fulfilling a contractual relationship with you in accordance with Article 6, paragraph 1, sentence 1, (b) GDPR,
- if there is a legal obligation for the transfer in accordance with Article 6, paragraph 1, sentence 1, (c) GDPR,
- the transfer is required in accordance with Article 6, paragraph 1, sentence 1, (f) GDPR for supporting justified company interests as well as for enforcing, exercising, or defending legal claims and there is no basis for the assumption that you have an overwhelming interest in non-transfer of your data that is worthy of protection.

§ 6 Transferring data to external service providers

In order to provide services and process your data on our services and products, we utilise service providers. The service providers process the data exclusively according to our instructions and are obliged to comply with valid data protection provisions. All data processers were carefully selected and can only access your data for the circumstances and for the time period required to provide you with the services and/or in the circumstances whereby you have consented to data processing and use. Service providers from countries including the USA or countries outside the European Economic Area subject to data protection which does not protect general personal data to the same extent as in European Union member states. If your data is processed in a country which does not have a recognised level of data protection as high as the European Union, we ensure that your personal details are protected using other contractual regulations or recognised instruments. Recipients of this data may include, for example, payment institutions as part of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website.

§ 7 Use of cookies

A. Type and scope of the data processing
We use cookies on our website. Cookies are small files, which are sent by us to the browser of your terminal and stored there within the framework of your visit to our website. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies allow us to perform different analyses. For example, cookies are capable of re-recognising the browser used by you in case of another visit to our website and to transmit different information to us. By means of cookies we can, among other things, configure our internet offering for you in a more user-friendly and effective way, for example, by understanding your use of our website and determining your preferred settings (for example, country and language settings). Insofar as third parties process information via cookies, they acquire the information directly via your browser. Cookies cause no damage to your terminal. They cannot execute any programs and contain no viruses.
Transient cookies, which are automatically erased as soon as you close your browser, are used on our website. This kind of cookies makes it possible to determine your session ID. In this way, different requests from your browser can be associated with a common session and it is possible for us to re-recognise your terminal at the time of later website visits. Session cookies are deleted when you log off or close your browser.
In addition, persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage duration differs from cookie to cookie. You can erase persistent cookies independently via your browser settings.

B. Legal basis
The legal basis for the processing of so-called technically necessary cookies is our legitimate interest in the processing of personal data pursuant to Article 6 (1)(f) GDPR. Personal data will be deleted if it is no longer necessary for this purpose, especially if cookies are deactivated. We require your consent for cookies that are not technically necessary or so-called third-party cookies. If you have granted us your consent for the use of cookies based on information (cookie banner) granted by us on the website, the legality of the use is also guided by Article 6 (1)(1)(a) GDPR. As soon as the data transmitted to us via cookies for achieving the purposes described above is no longer necessary, this information is erased. Further storage can take place in individual cases, if this is legally stipulated.

C. Configuration of the browser settings
Most browsers are preadjusted so that they accept cookies as a standard procedure. However, you can configure your respective browser so that it only accepts certain cookies or even no longer accepts cookies. However, we inform you that you possibly can no longer use all functions of our website if cookies are deactivated by your browser settings on our website. You can also erase cookies already stored in your browser via your browser settings. Furthermore, it is also possible to adjust your browser so that it informs you before cookies are stored. Since the different browsers can differ in their respective modes of functioning, please take advantage of the respective help menu of your browser for the configuration possibilities. If you wish to have a comprehensive overview of all access by third parties to your internet browser, we recommend that you install plug-ins specially developed for this.

§ 8 Tracking and analysis tools (performance cookies)

We use tracking and analysis tools in order to assure continuous optimisation and demand-oriented configuration of our website. By means of tracking measures it is also possible for us to statistically record the use of our website by visitors and to further develop our online offering for you by means of the knowledge obtained in this way. If you have granted us your consent for the use of performance cookies based on information (cookie banner) granted by us on the website, the legality of the use is also guided by Article 6 (1)(1)(a) GDPR. As soon as the data transmitted to us via cookies for achieving the purposes described above is no longer necessary, this information is erased. Further storage can take place in individual cases, if this is legally stipulated.

1. Google Analytics 360

This site uses Google Analytics, a web analysis service from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (‘Google‘). Google Analytics uses so-called ‘cookies’, text files, which are stored on their computer, and which enable an analysis of your use of the website.
The information generated by these cookies, for example concerning time, place, and frequency of your use of this website, are as a rule transmitted to a server of Google in the USA and stored there. In using Google Analytics, it is not excluded that the cookies set by Google Analytics can also record additional personal data in addition to the IP address. We point out to you that Google possibly will transmit this information to third parties, if this is legally stipulated or insofar as third parties process these data on behalf of Google.
The information generated by cookies is used by Google on behalf of the operator of this website in order to evaluate your use of the website, in order to compile reports concerning the website activities, and to furnish the website operator with further data services connected with the website use and the internet use. The IP address transmitted from your browser within the framework of Google Analytics is not transmitted by Google, according to Google’s own information, along with the other data from Google.
You can generally block storage of cookies by a corresponding setting of your browser software; however, we inform you that in this case you may not be able to use all functions of this website in their full scope.
It is not excluded that the cookies set by Google Analytics can record additional personal data in addition to the IP address. In order to prevent information concerning your use of the website from being recorded by Google Analytics and transmitted to Google Analytics, you can download and install a plug-in for your browser under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. This plug-in prevents information concerning your visit to the website from being transmitted to Google Analytics. Another analysis is not prevented by this plug-in.
We inform you that you cannot use the browser plug-in described above in case of a visit to our website via the browser of a mobile device (smartphone or tablet). In case of using a mobile device, you can prevent the recording of your use data by Google Analytics by clicking on the following link: deactivate Google Analytics
By clicking on this link, a so-called opt-out cookie is set in your browser. This prevents information concerning your visit to the website from being transmitted to Google Analytics. Please note that the opt-out cookie is valid only for this browser and only for this domain. If you erase the cookies in this browser, the opt-out cookie also is erased. Furthermore, in order to prevent the recording by Google Analytics, you must click on the link again. The use of the opt-out cookie is also possible as an alternative to the above plug-in in the case of using the browser on your computer.
In order to provide the best possible protection of your personal data, Google Analytics was expanded on this website by the code ‘anonymizeIP’. This code causes the last 8 bits of the IP address to be erased and thus your IP address is recorded anonymised (so-called IP masking). In this way, your IP address is basically shortened and thus anonymised by Google already before the transmission within member states of the European Union or in other contracting countries of the Agreement concerning the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a server by Google in the USA and shortened there.

2. Google Ads

We use the ‘Google Ads’ technology and, in this case, especially the conversion tracking. Google Conversion Tracking is an analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA („Google“). If you click on a display placed by Google, a cookie for the conversion tracking is stored on your PC. The cookies have a validity of 30 days and are not used for personal identification. If you visit certain pages of our website, and if the cookie has not yet expired, Google and we can detect that you have clicked on a specific display and were passed on to this page. In each case, Google Ads customers obtain another cookie. Thus, it is not possible to track cookies via the websites of Google Ads customers.
The data obtained by means of the conversion cookie serve for creating conversion statistics for Google Ads customers that use the conversion tracking. In this way the customers obtain the number of users that have clicked on their display and thereupon were passed on to a page provided with a conversion tracking tag. Of course, they obtain no information, with which the user can be personally identified. If you do not want to participate in the conversion tracking, you can prevent this by a corresponding setting in your browser, e.g. in a form that will always prevent cookies from being installed. You can also deactivate cookies for the conversion tracking by setting your browser so that only cookies from the web address ‘googleadcervices.com’ are blocked.

3. Google Remarketing and ‘Similar Audiences’

We use the ‘Google Remarketing’ technology and ‘Similar Audiences’ function from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA („Google“). Google Remarketing and the ‘Similar Audiences’ function places displays for users that have already visited out web pages and online services and have been interested in a specific offer. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays on our page in this way. Google Remarketing and/or ‘Similar Audiences’ use cookies for this analysis. In this way our visitors can be recognised again as soon as they call up web pages within the Google advertising network. Within the Google advertising network, it is possible to place targeted and interest-based advertising displays that are based on the web pages of the Google advertising network (which also use Google’s remarketing function) previously visited by the visitor.
If you do not want to have targeted, interest-based advertising displayed, you can deactivate the use of cookies by Google for these purposes via the link: https://www.google.com/settings/ads.

4. Hotjar

We use Hotjar to gain a better understanding of our users’ needs and optimise our site. Hotjar technology provides us with a better understanding of our users’ experiences (e.g. how long users stay on our website, which links they click, what they like and what they don’t like etc.) and this helps us adapt our offer to user feedback. Hotjar uses cookies and other technologies to collect information on user behaviour and their devices (IP address of their device in particular [recorded and saved anonymously only], screen size, device type [Unique Device Identifiers], information on browser used, location [country only], to display the preferred language on our site). Hotjar saves this information in a pseudonymised user profile. Neither Hotjar nor we use the information to identify individual users or add it to other data on individual users. More information can be found in Hotjar’s data protection statement here.

5. Facebook Custom Audiences

Our online presence includes the use of the ‘Facebook Pixel’ from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland (‘Facebook’). This way, user behaviour can be tracked after they have visited or clicked on a Facebook advert. This process is used to evaluate the effectiveness of Facebook adverts for statistical and market research purposes and can therefore help optimise advertising campaigns.
The acquired data remain anonymous for us and therefore make revealing user identity impossible. However, Facebook data are saved and processed so that a connection can be made to the relevant user profile and Facebook can use the data for their own advertising purposes, in accordance with Facebook data usage guidelines. You can override adverts on Facebook and its partners in an outside Facebook. A cookie can be stored on the computer for this purpose. In order to object to all cookies on your computer, you can set up your web browser to prevent any cookies from being stored on your computer in the future and to delete any previously stored cookies. However, refusing all cookies can prevent certain functions on our website from working.
We have a legitimate interest in the aforementioned data processing and its use. Article 6, paragraph 1, (f) GDPR serves as the legal basis for data processing.
The Facebook data protection instructions contain further information on protecting your privacy: https://www.facebook.com/about/privacy/.
You can also disable the ‘Custom Audiences’ remarketing function in advertisement settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. This requires logging on to Facebook.
If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

§ 9 Buttons und Plug-Ins
1. Facebook, Google+, Twitter, Instagram, Xing, LinkedIn, Kununu and Watchado

Our website features buttons from social networks. These buttons can be identified by the logo on this website. When visiting our website the buttons provide a direct link between your browser and the provider’s server. This way, the social network receives the information that you have visited this website with your IP address. We point out that we, as the supplier of the pages, obtain no knowledge of the content of the transmitted data as well as the use thereof by the social network. As long as you remain logged in with your network user account during your visits to this type of website, this network can assign the visit to this account. Details on data collection (purpose, scope, further processing, use) and your rights and preference options can be found in the social network’s data protection instructions.

a) Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland



b) Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland


c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA


d) Instagram LLC, 1601 Willow Road, Menlo Park, California 94025, USA


e) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA


f) XING SE, Dammtorstraße 30, 20354 Hamburg Germany



g) Kununu GmbH Neutorgasse 4-8, Top 3.02, 1010 Wien, AT


h) Watchado GmbH, Möllwaldplatz 4/39, 1040 Wien, AT


2. YouTube

On our website we use, among others, the supplier YouTube for the integration of videos etc. YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland („YouTube“)
On part of our website, we use plug-ins of the supplier YouTube. If you call up the website of our website that have such a plug-in, a connection to the YouTube Servers is produced and, in this way, the plug-in is presented. In this way, information about which pages of our website you have visited is transmitted to the YouTube server If you are logged into YouTube as a member, YouTube associates this information with your personal user account. In case of using the plug-in such as, for example, clicking on the start button of a video, this information is also associated with your user account. You can prevent this association by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. and erasing the corresponding cookies of the companies before using our website.
You will find further information concerning data processing and information protection by YouTube (Google) at https://policies.google.com/privacy

3. Vimeo

On our website, we integrate videos using Vimeo (as well as other services). Vimeo is operated by Vimeo Inc., with headquarters at 555 West 18th Street New York, New York 10011, USA.
When you access any of our web pages that contain such an integration, a connection will be established to the Vimeo servers and the video will be displayed. This will tell the Vimeo server which of our web pages you have visited. If you are logged in as a member of Vimeo, Vimeo can assign this information to your personal user account. Further interactions, such as clicking the start button of a video, are also assigned to your user account. You can prevent this from happening by logging out of your Vimeo account and deleting cookies before using our website.
For more information about Vimeo's data processing and privacy practices, please visit https://vimeo.com/privacy.

§ 10 Hyperlinks

On our website, there are hyperlinks to websites of other suppliers. Upon clicking on these hyperlinks, you are passed from our website directly onto the website of the other suppliers. You recognise this, among other things, by the change of the URL. We can assume no responsibility for the confidential treatment of your data on these websites of third parties, since we have no influence over whether these companies adhere to data protection provisions. Please learn about the treatment of your personal data by these companies directly on these websites.

§ 11 Rights of affected persons

Pursuant to the GDPR, you have the following rights as a person affected by the processing of personal data:

- According to Article 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of the personal data, the categories of recipients, to whom your data were or are being disclosed, the planned storage duration, the existence of a right to correction, erasure, limitation of the processing, or objection, the existence of a right of complaint, the origin of your data, if the latter were not collected by us, concerning the transmission to third countries or to international organisations as well as concerning the existence of an automated decision-making including profiling and possibly meaningful information concerning the details thereof.
- According to Article 16 GDPR, you can immediately request the correction of your incorrect personal data or completion of your personal data stored with us.
- According to Article 17 GDPR, you can request the erasure of your personal data stored with us, if the processing is not necessary for the exercise of the right to free expression of opinion and information, for fulfilling a legal obligation, for reasons of public interest, or for assertion, exercise, or defence of legal claims.
- According to Article 18 GDPR, you can request the limitation of the processing of your personal data, if you contest the correctness of the data, the processing is illegal, we no longer need the data, and you deny the erasure thereof because you need these for assertion, exercise, or defence of legal claims. The right pursuant to Article 18 GDPR is also available to you if you have lodged an objection to the processing according to Article 21 GDPR.
- According to Article 20 GDPR, you can request to obtain your personal data, which you have provided to us, in a structured, regular, and machine-readable format or you can request the transmission to another controller.
- According to Article 7 paragraph 3 GDPR, you can revoke the consent that you once granted to us at any time. The result of this is that, in the future, we may no longer continue the data processing based on such consent.
- According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your work place, or your company headquarters for this.

§ 12 Right to object

In the case of the processing of your personal data on the basis of justified interests according to Article 6, paragraph 1, sentence 1, (f) GDPR you have the right, according to Article 21 GDPR, to lodge an objection against the processing of your personal data, if there are grounds for this, which result from your particular situation or the objection is directed against direct advertising. In the case of direct advertising, you have a general right to object, which shall be implemented by us without indication of a particular situation.

§ 13 Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent a manipulation or a loss or misuse of your data stored with us, we take extensive technical and organisational security precautions, which are regularly checked and adapted for technological advances. This includes, among other things, the use of recognised encryption methods (SSL or TLS). However, we point out that because of the structure of the internet, it is possible that the rules of data protection and the above-mentioned security measures to be disregarded by other persons or institutions that are not in our area of responsibility. In particular, unencrypted exposed data – e.g. when this takes place via e-mail – can be read by third parties. We have technically no influence on this. It is in the area of responsibility of the user to protect the data made available by them, by means of encryption or in another way, against misuse.

Content is loading