Data protection instructions

1.   General information

When you visit our website, various personal data are processed depending on the type and scope of your visit. Personal data is information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person who can be identified directly or indirectly (e.g., by means of assignment to an online identifier) is considered identifiable. This includes information such as name, address, telephone number, date of birth or IP addresses.

With these data protection instructions, we inform you in accordance with Art. 12 ff. GDPR about which personal data is processed when you visit and use our website. In particular, below you will find information on what data we collect in connection with your visit to and use of our website, what we use the collected data for, and for what purposes the data is collected. In addition, you will find information about the rights you have in connection with the processing of your personal data.

We reserve the right to adapt these data protection instructions with effect for the future, in particular in the event of further development of our website, the use of new technologies or changes to the legal basis or the corresponding case law. This data protection information shall apply to all pages of our website (www.pendix.de). It does not extend to any linked websites or Internet presences of other providers.

2.   Controller

The controller in accordance with Art. 4 No. 7 GDPR is

Pendix GmbH
Innere Schneeberger Straße 20
08056 Zwickau, Germany
Tel.: +49 (0)375 270 667 10
E-mail: info(at)pendix.de

3.   Data protection officer

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer. You can reach our data protection officer at the e-mail address datenschutz(at)pendix.de or at the following postal address:

GP Data GmbH
Stephan Schuldt
Mädler Passage, Staircase B
Grimmaische Str. 2-4
04109 Leipzig

4.   Security

For security reasons and to protect your personal data during transmission to us, we use SSL or TLS encryption to protect your data against access by unauthorised data subjects. You can recognise an encrypted combination by the string https:// and the castle symbol in the address bar of your browser.

5.   Purposes and legal base of processing

5.1  Accessing and visiting our website - server log files

For the purpose of the technical deployment of our website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed and used in your browser. This information is automatically collected each time our website is accessed and stored in so-called “server log files”. The information transmitted by your browser and stored in the server log files is the following information:

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transferred
  • Website from which the access is made (referrer URL);
  • Browser type and version;
  • Operating system used

The storage of the aforementioned access data is necessary for the provision of our website and to ensure system security for technical reasons. This also applies to the storage of your IP address, which necessarily takes place and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the aforementioned purposes, we use server log files solely for the purpose of designing and optimising our internet offer in line with demand, purely for statistical purposes and without any inference to your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.

The access data collected in the course of using our website will be stored for the period of time for which this data is required to achieve the above purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.

Insofar as you visit our website to find out about our range of services or to use it, the basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for the performance of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.

5.2  Contact

5.2.1 Telephone, e-mail

 

If you contact us via the contact options provided on our website by e-mail or telephone, the content of your request, including all personal data resulting from it, insofar as it is relevant or required to answer your request, will be processed for the purpose of handling your request.

The processing of personal data provided by you in the context of your request shall be made on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the establishment or implementation of a contractual relationship. In all other cases, the processing is based on our legitimate interest in effectively handling the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where such consent has been obtained.

The data provided or transmitted by you as part of the request will be stored by us until you request erasure, withdraw your consent to storage or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.

5.2.2 Contact form

If you use the contact form provided on our website, we will process the data you provide in the contact form.

The processing of personal data provided by you via the contact form shall be made on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your request is related to the establishment or implementation of a contractual relationship. In all other cases, the processing is based on our legitimate interest in effectively handling the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), where such consent has been obtained.

The data provided by you via the contact form will be stored by us until you request erasure, withdraw your consent to storage or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.

5.3  Newsletter

With your consent, you can subscribe to our newsletter, which we will use to inform you regularly about the latest developments:

5.3.1 Registration to our newsletter

For the registration to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, your information will be blocked and automatically erased after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your data.

The only requirement for registration is that you provide your e-mail address. After confirming your registration, we store your e-mail address for the purpose of sending you the newsletter.

5.3.2 Sending our newsletter

Our newsletter will be sent on our behalf by the CleverReach service of CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can be used to organise and analyse the sending of newsletters. The e-mail address you provide to receive our newsletter is stored on CleverReach’s servers.

Our newsletter sent with the CleverReach service enables us to analyse the behaviour of the recipients of our newsletter. In particular, it is possible to analyse how many recipients have opened the newsletter and how often which link within the newsletter was clicked on. With the help of so-called “conversion tracking”, it is also possible to define whether a predefined action has taken place on our website after clicking on a link in the newsletter. Further information on data analysis in connection with the use of CleverReach can be found under the following link:

https://support.cleverreach.de/hc/de/sections/200838891-Reports-Analysen

The legal basis for the processing of your personal data in connection with the receipt of our newsletter is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking on the link provided in each newsletter, by sending an email to datenschutz(at)pendix.de or by sending a message to the contact details provided in this data protection declaration.

Your data processed for the purpose of receiving our newsletter will be stored by us or CleverReach until you unsubscribe from the newsletter and erased from our newsletter distribution list after you unsubscribe from the newsletter.

After unsubscribing from our newsletter, your e-mail address may be stored by us or CleverReach in a so-called “blacklist” in order to prevent you from receiving further e-mails after unsubscribing from our newsletter. The e-mail addresses stored in the blacklist will be used exclusively for this purpose and will not be merged with other data. The storage of your e-mail address within the blacklist serves both your interest and our interest in complying with the legal requirements when sending newsletters. The processing is therefore carried out on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

5.4  Online Shop

5.4.1  Customer account

In connection with the order process in our online store, you can voluntarily create a customer account in which you can store your data for future purchases in our online shop. When creating a customer account, the following data is collected:

  • Phone number
  • E-mail address
  • Salutation
  • First name
  • Last name
  • Street
  • House number
  • Postal code
  • Place
  • Country

In case of a different billing or shipping address, the following data will be collected additionally:

  • Company (optional)
  • Phone number
  • Salutation
  • First name
  • Last name
  • Street
  • House number
  • Postal code
  • Place
  • Country

The processing of the aforementioned data provided by you during the registration process is carried out for the purpose of implementing the user relationship established by the registration and, if applicable, for initiating further contracts (esp. purchase contracts) on the basis of Art. 6 para. 1 lit. b GDPR.

The e-mail address you provide during the ordering process may also be processed for direct advertising by e-mail for similar goods or services. In the case of processing for direct advertising purposes, the processing is based on Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest is to be able to inform you about similar goods and services. You can object to direct advertising by e-mail at any time (see Point 8).

The data collected during the registration of your user account will be stored by us as long as you are registered as a user in our online store and will subsequently be erased. The legal retention periods remain unaffected.

5.4.2  Purchasing

5.4.2.1 Data processing upon conclusion of contract

If you purchase something in our online shop, we collect and process your purchase data. Purchasing data may include, in particular, the following information:

  • Order number
  • Details of the purchased products (name, quantity, purchase price, etc.)
  • Details of the method of payment;
  • Delivery and billing address;
  • Messages and communications relating to the purchase (e.g., withdrawal notices, complaints, and messages to customer service);
  • Delivery and payment status, e.g. “paid” and “shipped”;
  • Details of service providers involved in the performance of the contract.

Your aforementioned personal data will be processed by us for the purpose of order processing on the basis of Art. 6 para. 1 lit. b GDPR. The personal data processed in connection with your order will be erased if storage is no longer necessary. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of 10 years. 2 years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

5.4.2.2 Data processing during the payment process

Within the framework of order processing, we pass on your payment data to payment service providers commissioned by us. The type and scope of the data passed on depend on the payment method selected by the user.

PayPal

If you wish to pay for an order in our online store - as far as possible - with PayPal, the amount to be paid by you together with your first and last name, delivery address, e-mail address, phone number and IP address will be transmitted to PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg) so that you can authorise the payment to us via PayPal. For this you need a PayPal account.

The legal basis for the data processing associated with this is Art. 6 para. 1 lit. b GDPR, as the processing of the aforementioned data is necessary for the payment with PayPal and thus for the performance of the contract.

The data transmitted to PayPal may be transmitted by PayPal to credit reporting agencies. The purpose of PayPal is to carry out an identity and credit check. PayPal may also share your data with third parties to the extent necessary to fulfil contractual obligations or to process the data on your behalf. The data protection regulations of PayPal are available under the following link:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full/

The legal basis for the data processing associated with this is Art. 6 para. 1 lit. f GDPR, based on our interest in offering you an effective and secure payment option and, in this context, preventing fraud.

GiroPay

If you wish to pay for an order in our online store - as far as possible - using GiroPay, the payment data you enter during the payment process will be transmitted to GiroPay GmbH, An der Welle 4, 60322 Frankfurt/Main.

The legal basis for the data processing associated with this is Art. 6 para. 1 lit. b GDPR, as the processing of the aforementioned data is necessary for the fulfilment of the agreement on the payment of your purchase via GiroPay.

EasyCredit installment purchase

If you choose “easyCredit installment purchase” to pay for your order in our online shop, we will forward the personal data collected from you during the ordering process to TeamBank AG, Beuthener Str. 25, 90471 Nuremberg, Germany (hereinafter “easyCredit”) for the purpose of payment processing.

For the purpose of credit assessment, EasyCredit transmits data to credit agencies and receives information from them as well as, if applicable, creditworthiness information on the basis of mathematical-statistical procedures, the calculation of which includes, among other things, address data (so-called scoring values). The credit agencies in question are

  • Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden
  • Creditreform Boniversum GmbH, Hellersbergstraße, 11, 41460 Neuss,
  • infoscore Consumer Data GmbH, Rheinstraße 99, 76532 Baden-Baden

EasyCredit bases its decision on the provision of the respective payment methods on the calculated scoring value. Further information on data processing by EasyCredit can be found in the data protection declaration of EasyCredit:

https://www.easycredit.de/Datenschutz.html

We will store the relevant data for the processing of the payment as long as it is necessary for the execution of the transaction. If the data is subject to legal retention obligations, it will be erased after expiry of the retention obligation. The duration of the storage of data by easyCredit can be found in the data protection declaration of easyCredit:

https://www.easycredit.de/Datenschutz.html

The legal basis for the aforementioned data processing is Art. 6 para. 1 lit. b GDPR, as the processing of the aforementioned data is necessary for the fulfilment of the agreement on the payment of your purchase via easyCredit.

Invoice, prepayment

If you wish to pay for an order in our online shop - as far as possible - in advance or by invoice, we will not receive any direct payment data from you via the online shop.

Credit card

If you wish to pay for an order in our online shop - as far as possible - with your credit card, we require the data marked with an (*) as required on the payment page, in particular credit card number, name of the credit card holder and the validity period of the credit card, in order to process the payment. We check the entered data together with the data of your order in order to be able to recognise a misuse of the credit card or the payment option with credit card at an early stage and use the data after a successful check to process the agreed payment by credit card.

The legal basis for the data processing associated with this is Art. 6 para. 1 lit. b GDPR, as the processing of the aforementioned data is necessary for the fulfilment of the agreement on the payment of your purchase by credit card.

The above data will be stored by us for a maximum period of 24 months in order to be able to compare it with other credit card payments for the purpose of combating fraud and abuse and will subsequently be erased. Payment by credit card is optional, we provide a number of other payment options.

5.4.2.3 Data transmission to transport service providers

For the purpose of delivery of goods that you have ordered through our online store, we work with logistics service providers/transport companies. For the purpose of delivery of goods that you have ordered through our online store, we work with logistics service providers/transport companies:

  • First name
  • Last name
  • Postal address

The legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

5.5  Referral program

We do not currently offer a referral programme in Belgium.

5.6  Use of cookies and related plugins/tools

5.6.1  Cookies

We use so-called “cookies” on our website. Cookies are small text files that are stored on the hard drive of the terminal device you use to access our website. Characteristic strings contained in the cookies can be used to identify the browser you are using when accessing our website. Cookies cannot execute programs or transmit viruses to the terminal device you are using. They are used for making our website more user-friendly, effective and secure and for enabling the provision of certain functionalities of our website.

Cookies may contain data that enable recognition of the terminal device you are using. Some cookies only contain information about certain settings (e.g. language settings), which are not personally identifiable.

You can refuse the use of cookies and also erase cookies at any time by making the appropriate settings on your device:

  • Most browsers are preset to accept cookies automatically. You can change this default setting by activating the “do not accept cookies” setting in your browser. For more information, contact your browser provider.
  • Already stored cookies can be erased at any time. For more information about erasing cookies, contact your browser provider.
  • Like the use of cookies, their rejection or erasure is tied to the device and browser used. You must therefore reject or erase cookies for each of your devices and, if you use multiple browsers, for each browser separately.

If you activate the “do not accept cookies” function in your browser, it is possible that not all functions of our website or individual functions will only be available to you to a limited extent.

A distinction is made between so-called “session cookies”, which are erased as soon as you close your browser, and so-called “permanent cookies”, which are stored beyond the individual session and are only erased after a defined period of time. We have divided the cookies used on our website into the following categories according to their functions:

  • Necessary cookies: These cookies are necessary for the proper functionality of our website and cannot be switched off in our system.
  • Marketing cookies: These cookies are used to collect statistical information about the use of our website. In addition, marketing cookies may be cookies from external advertising partners who use them to profile and track data across multiple websites.

5.6.2  Cookies used

Below you will find more information about the cookies used on our website:

Necessary Cookies:

Necessary cookies

Name

Provider

Category

Purpose of use

Storage duration

px_cookieconsent_status

Pendix

Necessary cookie

This cookie stores your cookie settings for this website. You can change this or withdraw your consent at any time.

1 month

px_cookieconsent_chatbot

Pendix

Necessary cookie

This cookie stores the granting/non-granting of your consent for the use of chatbot cookies. You can change this or withdraw your consent at any time.

1 month

Px_cookieconsent:analytics

Pendix

Necessary cookie

This cookie stores the granting/non-granting of your consent for the use of marketing cookies. You can change this or withdraw your consent at any time.

1 month

django_language

Pendix

Necessary cookie

It is used to save your language settings.

7 months

fe_typo_user

Pendix

Necessary cookie

The sites also use “fe_typo_user”. This cookie is set by the CMS (Content Management System) TYPO3 for the unmistakable identification of a user. It offers the user better operator guidance, e.g. saving search settings or form data.

end of the session

Marketing Cookies:

Marketing cookies

Name

Provider

Category

Purpose of use

Storage duration

_gat_*****

Google Ireland Limited

Marketing cookie

Set by Google Analytics to control the request rate.

1 minute

_ga

Google Ireland Limited

Marketing cookie

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.

2 years

_gid

Google Ireland Limited

Marketing cookie

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.

1 day

_ga_********

Google Ireland Limited

Marketing cookie

This cookie stores a unique ID for a website visitor and tracks how the visitor uses the website. The data is used for statistics.

 

_gat_gtag_*********

Google Ireland Limited

Marketing cookie

Cookie of the analysis service Google Analytics to restrict requests.

1 minute

IDE

Google Ireland Limited

Marketing cookie

Used by Google DoubleClick to record and report the user’s actions on the website after viewing or clicking on one of the provider’s ads, with the purpose of measuring the effectiveness of an advertisement and displaying targeted advertisements to the user.

1 year

_gcl_au

Google Ireland Limited

Marketing cookie

Used by Google AdSense to experiment with advertising efficiency on websites that use their services.

3 months

NID

Google Ireland Limited

Marketing cookie

The NID cookie contains a unique ID that Google uses to store your preferred settings and other information.

6 months

NID, 1P_JAR, DV, CONSENT

Google Ireland Limited

Marketing cookie

These cookies track how you use our website to show you advertisements that may be of interest to you.

Max. 2 years

YSC

Google Ireland Limited

Marketing cookie

Registers a unique ID to store statistics about which videos from YouTube the user has watched.

session

OGPC

Google Ireland Limited

Marketing cookie

This cookie is used to provide the functionality of Google Maps.

1 years

OGP

Google Ireland Limited

Marketing cookie

This cookie is used to provide the functionality of Google Maps.

1 years

_fbp

Meta Ireland Limited

Marketing cookie

This cookie is used to enable ad placement or retargeting.

3 months

Innkeepr

Innkeepr UG

Marketing cookie

Registers a unique ID for a website visitor that logs how the visitor uses the website. The data is used for statistics.

2 years

trustbadge

Trusted Shops GmbH

Marketing cookie

The Trustbadge is used to display and activate the purchase protection via Trusted Shops.

 

MUID

Microsoft Ireland

Marketing cookie

This is a Microsoft cookie that contains a GUID assigned to your browser. It is set when you interact with a Microsoft property, including a UET beacon call or a visit to a Microsoft property via the browser.

2 years

_uetmsclkid

Microsoft Ireland

Marketing cookie

This is Microsoft’s click ID, which is intended to improve the accuracy of completion tracking. Instructions: UET sets a first-party cookie in the domain of your website for this parameter. If the automatic marking of the click ID is activated by Microsoft, the information about the ad click is generated at the time of the ad click and appended to the URL of the target page.

3 months

_uetsid

Microsoft Ireland

Marketing cookie

This contains the session ID for a unique session on the website. Instructions: As of July 2023, _uetsid has been updated with the following additional parameters: insights_sessionId, timestamp, pagenumber, upgrade, upload.

1 day

_uetvid

Microsoft Ireland

Marketing cookie

UET assigns this unique, anonymised visitor ID, which represents a unique visitor. UET stores this data in a first-party cookie. Instructions: As of July 2023, _uetvid has been updated with the following additional parameters: insights_userId, cookieVersion, expiryTime, consent, cookie_creation_time.

2 years

The legal basis for the storage of necessary cookies is Art. 25 para. 2 no. 2 TTDSG (German Telecommunications Telemedia Data Protection Act). We store marketing cookies exclusively on the basis of your express and active consent in accordance with Art. 25 para. 1 TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR.

5.6.3  Cookie management

If your consent is required for the storage of cookies on your terminal device, a cookie consent tool is used on this website to obtain your consent and document it in accordance with data protection regulations.

In connection with the use of the cookie consent tool, cookies (px_cookieconsent_status, Px_cookieconsent:analytics) are stored in your browser in order to store the consents you have given or the revocation of these consents.

If you wish to withdraw the consent you have given or change your selection, simply delete the information stored in your browser’s local memory. As soon as you visit our website again, you will be asked again for your cookie selection (consent). Alternatively, you can withdraw your consent or change your selection by clicking on the button below:

[Customise cookie settings]

The legal basis for storing information on your terminal device and accessing it in connection with the use of the cookie consent tool is Art. 25 para. 2 No. 2 TTDSG.

5.6.4  Google Analytics

If you have given your consent, this website uses the Google Analytics 4 service, which is provided for the European area by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

Google Analytics 4 uses JavaScript and Pixel to read information from your terminal device and cookies to store information on your terminal device. The following data is processed in connection with the use of Google Analytics 4:

  • IP address
  • User ID and device ID
  • Referrer URL (previously visited page)
  • Accessed pages (date, time, URL, title, duration of visit)
  • Downloaded files
  • Clicked links to other websites
  • Achievement of specific goals (conversions)
  • Technical information (operating system, browser type, version and language, device type, brand, model and resolution)
  • Approximate location (country, region and, if applicable, city, based on the anonymised IP address)

The IP address is shortened by the last two digits by default. The IP address is truncated on servers within the European Union.

Google processes the collected data on our behalf in order to analyse the use of our website and to compile reports on the activities on our website. We use the information provided by Google to evaluate the use of our website and to improve our website.

The data collected may be transferred by Google to a Google server in the USA for analysis and stored there.

The storage of cookies in connection with the use of Google Analytics is based on your consent in accordance with Art. 25 para. 1 TTDSG. The legal basis for the processing of your data in connection with the use of Google Analytics is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section (“Cookie management”) in these data protection instructions.

We have concluded an order processing agreement with Google Ireland Limited in connection with the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

5.6.5  Google Tag Manager

This website uses the Google Tag Manager. Google Tag Manager is a solution for managing website tags. The “Tag Manager” tool is a cookieless domain and does not collect any personal data. The tool takes care of resolving other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

5.6.6  Google Fonts

We use so-called “web fonts” on this site to ensure a uniform display of fonts, which are provided for the European area by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

No login or registration is required to use Google fonts. No cookies are stored in your browser in connection with the use of Google Fonts. The information required to display the fonts is requested via the domains “fonts.googleapis.com” and “fonts.gstatic.com” provided by Google. According to Google, the request for fonts is completely separate from all other Google services, which is why, according to Google, no Google account data is transmitted to Google in connection with the use of Google Fonts.

We use Google Web Fonts to ensure a uniform display of fonts within our digital Passenger Magazine without having to upload them to our web server. All fonts provided by Google are optimised for use on websites, which in particular enables faster loading times.

When you visit our digital Passenger Magazine, a connection is established to the domains “fonts.googleapis.com” and “fonts.gstatic.com” provided by Google in order to load the fonts required for the correct display of our digital Passenger Magazine. This will transmit (personal) data to Google. The data transmitted to Google is, in particular, your IP address, which enables Google to recognise that you have used our digital Passenger Magazine. Google also stores information about which fonts are accessed and how often. The results are published by Google on internal analysis pages such as Google Analytics.

In addition, information such as language settings, IP address, browser version, browser screen resolution and browser name are automatically transmitted to Google in connection with the use of Google Fonts. Whether this data is stored by Google cannot be clearly determined and is not clearly communicated by Google.

Requests are stored by Google for one day on servers operated by Google, which are mainly located outside the European Union. The accessed “font files” are stored by Google for one year. Google’s aim here is to improve the loading times of websites.

If you have given your consent to the use of Google Fonts, the processing and transmission of your personal data is based on your consent, Art. 6 para. 1 lit. a GDPR. You can withdraw your given consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section (“Cookie management”) in this data protection information.

In addition, we have a legitimate interest in using Google Fonts to improve our online service, Art. 6 para. 1 lit. f GDPR. Nevertheless, we only use Google Fonts if you have given us your consent to do so.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s data protection information:

https://www.google.com/policies/privacy/

We have concluded an order processing agreement with Google Ireland Limited in connection with the use of Google Fonts. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

5.6.7  Google Maps

If you have given your consent, this website uses the Google Maps service to display interactive maps, which is provided for the European area by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

By using Google Maps, information about the use of our website, including your IP address and the data entered within the map (e.g. start address) can be transmitted to Google. Your data will only be forwarded if you have given us your consent in accordance with Art. 6 para. 1 lit. a GDPR for the transfer. If you do not give your consent to the transmission when you call up the website, Google Maps will only be displayed to you if you consent to the data processing by clicking on the information window. The storage of cookies in connection with the use of Google Maps also takes place exclusively on the basis of your consent in accordance with Art. 25 para. 1 TTDSG. You can withdraw your given consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section “Cookie management” in this data protection information.

You can find more information about data processing by Google in the data protection information of Google:

https://policies.google.com/privacy?hl=de

We have concluded an order processing agreement with Google Ireland Limited in connection with the use of Google Maps. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

5.6.8  YouTube

We use videos from YouTube and YouTube plug-ins on our website. YouTube is a service provided for the European area by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

The integration of YouTube shall be carried out by embedding the service on our website by means of a so-called “iFrame”. Here, we use the “enhanced data protection mode” option provided by YouTube. When you visit a page that has an embedded video, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser. According to YouTube's information, your data - in particular which of our web pages you have visited as well as device-specific information including the IP address - is only transmitted to YouTube in “extended data protection mode” when you watch the video. Independently of a playback of the embedded videos, a connection to the Google network “DoubleClick” is established each time our website is called up, which may trigger further data processing operations without our influence.

If you are logged in to YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

The storage of cookies in connection with the use of YouTube is based on your consent in accordance with Art. 25 para. 1 TTDSG. The legal basis for the processing of your data in connection with the use of YouTube is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section (“Cookie management”) in these data protection instructions.

We have no knowledge of the storage period at YouTube and no possibility to influence it.

For more information on data protection in connection with YouTube, please refer to the data protection regulations of Google:

https://policies.google.com/privacy?hl=de&gl=de

We have concluded an order processing agreement with Google Ireland Limited in connection with the use of YouTube. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

5.6.9  Meta Pixel

We use the so-called Meta Pixel on our website, which is provided for the European area by Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

We are jointly responsible with Meta for the processing of your personal data that takes place as a result of the integration of the Meta Pixel. We have concluded an agreement with Meta on the joint processing of personal data, in which the respective responsibilities are defined. The agreement concluded between us and Meta can be viewed under the following link:

https://www.facebook.com/legal/controller_addendum

According to the agreement, we are responsible in particular for fulfilling the information obligations in accordance with Art. 13, 14 GDPR, for compliance with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the Meta Pixel and for compliance with the obligations in accordance with Art. 33, 34 GDPR, insofar as a data protection breach occurs in connection with the use of the Meta Pixel. According to the agreement concluded, Meta is responsible in particular for guaranteeing the rights of data subjects in accordance with Art. 15 - 20 GDPR and the security of the Meta Pixel in accordance with Art. 32 GDPR.

The Meta Pixel enables us to target visitors to our website with interest-based advertising on the Facebook social network. After successful integration on our website, the Meta Pixel logs when a user performs an action on our website (e.g. adding an item to the shopping cart). The Meta Pixel records these actions (so-called “events”) and transmits them to Meta. The events recorded by the Meta Pixel can be viewed and used by us to target users of our website with Facebook ads (e.g. if users have placed an item in the shopping cart but have not purchased it).

The storage of cookies in connection with the use of Meta Pixel is based on your consent in accordance with Art. 25 para. 1 TTDSG. The legal basis for the processing of your data in connection with the use of Meta Pixel is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section “Cookie management” in these data protection instructions.

We have concluded an order processing agreement with Meta Ireland Limited in connection with the use of Meta Pixel. In the event that personal data is transferred from Meta Ireland Limited to the USA, Meta Ireland Limited and Meta Platforms, Inc. have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Meta Plattforms Inc. is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

5.6.10  Trusted Shops

Trusted Shops widgets are integrated on this website to display Trusted Shops services (e.g. seal of quality, collected reviews) and to offer Trusted Shops products to buyers after an order.

This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in optimal marketing by enabling secure purchasing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The Trustbadge and the services advertised with it are an offer from Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, with whom we are jointly responsible under the data protection law in accordance with Art. 26 GDPR. As part of these data protection instructions, we inform you below about the essential contents of the contract in accordance with Art. 26 para. 2 GDPR.

The Trustbadge is provided by a US CDN provider (Content Delivery Network) as part of a shared responsibility. An appropriate level of data protection is ensured by standard data protection clauses and other contractual measures. You can find further information on data protection from Trusted Shops GmbH in their data protection declaration.

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. The IP address is anonymised immediately after collection so that the stored data cannot be assigned to your person. The anonymised data is used in particular for statistical purposes and for error analysis.

After completing your order, your e-mail address, which has been hashed using the cryptographic one-way function, will be transmitted to Trusted Shops GmbH. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. This serves to check whether you are already registered for services with Trusted Shops GmbH and is therefore necessary for the fulfilment of our and Trusted Shops’ overriding legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If this is the case, further processing will take place in accordance with the contractual agreement concluded between you and Trusted Shops. If you have not yet registered for the services, you will then be given the opportunity to do so for the first time. Further processing after registration is also governed by the contractual agreement with Trusted Shops GmbH. If you do not register, all transmitted data will be automatically deleted by Trusted Shops GmbH and a personal reference is then no longer possible.

Trusted Shops uses service providers in the areas of hosting, monitoring and logging. The legal basis is Art. 6 para. 1 lit. f GDPR for the purpose of ensuring failure-free operation. Processing may take place in third countries (USA and Israel). An adequate level of data protection is ensured in the case of the USA by standard data protection clauses and other contractual measures and in the case of Israel by an adequacy decision.

Within the framework of the joint responsibility existing between us and Trusted Shops GmbH, please contact Trusted Shops GmbH for data protection issues and to assert your rights using the contact options provided in the data protection information linked above. Irrespective of this, you can always contact the controller of your choice. If necessary, your request will then be forwarded to the other controller for response.

5.6.11  Innkeepr

Insofar as you have given consent to the use of advertising / tracking cookies, this website uses Innkeepr, a web analytics service provided by Innkeepr UG. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user’s activities across devices.

Innkeepr uses cookies, which are stored on your computer and which allow an analysis of your use of our website. We store the information collected in this way exclusively on our server in Germany. We use Innkeepr without the collection of IP addresses. A direct personal reference of collected data is therefore excluded.

The legal basis for the use of Innkeepr is your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the “Cookies” section of this data protection declaration.

5.6.12  Bing Ads

If you have given your consent, this website uses the Bing Ads service of Microsoft Corporation, One Microsoft Way, 98052, Redmond, Washington, USA, which is provided for the European region by Microsoft Ireland, South County Business Park, One Microsoft Place, Carmanhall and Leopardstown, Dublin, P521, Ireland (hereinafter “Microsoft”).

In connection with the use of Bing Ads, cookies are stored on the device you use to access our website in order to enable an analysis of the use of our website. The prerequisite for this is that you have reached our website via an advertisement from Bing Ads. In this way, Microsoft and we can recognise that someone has clicked on an ad, has been redirected to our online offer and has reached a previously determined target page. We only find out the total number of users who clicked on a Bing Ad and were then forwarded to the target page (conversions). No IP addresses are stored.

The storage of cookies in connection with the use of Bing Ads is based on your consent in accordance with Art. 25 para. 1 TTDSG. The legal basis for the processing of your data in connection with the use of Bing Ads is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. For more information on withdrawing your consent, please refer to the section “Cookie management” in these data protection instructions.

In addition, Microsoft may be able to track your usage behaviour across several of your electronic devices through so-called cross-device tracking and is thus able to display personalised advertising on or in Microsoft websites and apps. You can deactivate this behaviour under http://choice.microsoft.com/de-de/opt-out.

You can find more information about Bing's analytics services on the website of Bing Ads (https://help.bingads.microsoft.com/#apex/3/de/53056/2). You can find more information on data protection at Microsoft and Bing in the data protection provisions of Microsoft (https://privacy.microsoft.com/de-de/privacystatement).

We have concluded an order processing agreement with Microsoft in connection with the use of YouTube. In the event that personal data is processed in the USA in connection with the use of Bing Ads, we have concluded the standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) with Microsoft in accordance with Art. 46 para. 2 lit. c GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR. The agreement concluded between us and Microsoft can be viewed under the following link:

https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?lang=14

In addition, on July 10, 2023, the European Commission adopted an adequacy decision in accordance with Art. 45 GDPR for the USA, the so-called EU-U.S. Data Privacy Framework. Accordingly, companies that are certified in accordance with the EU-U.S. Data Privacy Framework offer an appropriate level of data protection.

Microsoft is certified in accordance with the EU-U.S. Data Privacy Framework:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000KzNaAAK&status=Active

5.7  Application

We provide the opportunity to apply for open positions in our company on our website. In order to carry out the application process, you as an applicant must provide us with more detailed information about yourself. The personal data required to carry out the application process can be found in the application form for the respective job advertisement. This relates in particular to the following personal data:

  • First name, last name
  • E-mail address
  • Phone number

You also have the option of uploading informative documents such as a cover letter, your resume and references. This may contain further personal data such as date of birth, address, etc.

In addition to the data provided by you, we may process further information about you that we obtain during the application process. These may be findings from a job interview conducted with you as well as findings that we have legitimately obtained from publicly accessible sources (e.g. professional networks).

We process your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act, insofar as this is necessary for the decision to establish an employment relationship. The legal basis for this is Article 88 of the GDPR in conjunction with Art. 26 BDSG (German Federal Data Protection Act) and, if applicable, Article 6 para. 1 lit. b of the GDPR for the initiation or implementation of contractual relationships.

Furthermore, your personal data may be processed to the extent necessary to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend asserted legal claims. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest results, among other things, from the duty of proof in proceedings under the General Equal Treatment Act (AGG). If you have given your express consent to the processing of personal data for specific purposes, the lawfulness of the processing follows from the consent you have given. Any consent given can be withdrawn at any time with effect for the future.

If an employment relationship arises between you and us or between you and a company affiliated with us, the personal data provided by you as part of the application process may be further processed in accordance with Art. 88 GDPR in conjunction with Art. 26 BDSG, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective bargaining contract, a works or service agreement (collective agreement).

Your data will be stored for a period of 90 days after the end of the application process. This is usually done to fulfil legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are obliged to erase or anonymise your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).

If you give your consent after the application process has been completed, we will store the personal data collected during the application process in our “talent pool” for a period of 180 days after the application process has ended. This gives us the opportunity to consider you for filling an open position in the future. You have the right to withdraw your consent at any time with effect for the future. Once you have withdrawn your consent or 180 days after the application process has ended, your data will no longer be used for the application process and will be erased from our “talent pool”.

If you receive an offer of employment with us during the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

5.8  Hosting

Our website is hosted by an external service provider, Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen. The data collected when using our website is stored on the servers of our hoster. This data includes, in particular, IP addresses, contact requests, meta and communication data, contact details, website accesses and other data that is generated in the course of using a website.

The use of our hoster is performed for the purpose of contract fulfilment towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data insofar as this is necessary for the fulfilment of its contractually assumed service obligations. For further information, please refer to the data protection declaration of Hetzner Online GmbH at:

https://www.hetzner.de/datenschutzhinweis/

In order to ensure data protection-compliant processing, we have concluded an order processing agreement with the hoster we use.

5.9  Other processing purposes

5.9.1 Compliance with the legal provisions

We also process your personal data moreover to fulfil other legal obligations we may have in connection with our business. This includes, in particular, retention periods under commercial, trade or tax law. In doing so, we process your personal data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR in order to fulfil a legal obligation to which we are subject.

5.9.2 Legal enforcement

We also process your personal data in order to be able to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or prosecute criminal offenses. We process your personal data in this context to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal acts (legitimate interest).

6.   Recipient of the data

Within our company, access to your data is granted to those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents used by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. In this respect, we limit the transfer of your personal data to what is necessary, taking into account the data protection requirements. In some cases, the recipients receive your personal data as processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are also obliged to comply with the requirements of the GDPR and other data protection regulations.

Finally, in individual cases we transmit personal data to our consultants in legal or tax matters, whereby these recipients are obligated to special confidentiality and confidentiality due to their professional status.

7.   Duration of data storage

We initially process and store your personal data for the duration of the respective purpose of use (see above for the individual processing purposes). This may also include the periods during which a contract is initiated (pre-contractual legal relationship) and during the performance of a contract. On this basis, personal data is regularly deleted as part of the fulfilment of our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

  • Fulfilment of legal obligations to retain data, which arise, for example, from the German Commercial Code (Art. 238, 257 para. 4 HGB) and the German Fiscal Code (Art. 147 para. 3, 4 AO). The periods specified there for storage and documentation are up to ten years.
  • Preservation of evidence in compliance with the prescription rules. According to Art.194 et seq. of the German Civil Code (BGB), these prescription periods can be up to 30 years, with the regular prescription period being three years.

8.   Your rights

As a person affected by the processing, you are entitled to the following rights under the legal conditions:

8.1  Right to information

You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to receive information about this personal data and certain other information (in particular, processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data. The restrictions of Art. 34 BDSG apply.

8.2 Right to rectification

In accordance with Article 16 of the GDPR, you are entitled to demand that we correct personal data stored about you if it is inaccurate or incorrect.

8.3 Right to erasure

You are entitled, under the conditions of Art. 17 GDPR, to demand that we erase personal data relating to you without delay. The right to erasure does not exist, among other things, if the processing of your personal data is necessary, e.g. to fulfil a legal obligation (e.g. legal retention obligations) or to assert, exercise or defend legal claims. In addition, the restrictions of Art. 35 BDSG apply.

8.4 Right to restriction of processing

You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.

8.5 Right to data portability

You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over the personal data concerning you that you have provided to us in a structured, common and machine-readable format.

8.6 Right of withdrawal

You can withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, i.e. before May 25, 2018. Please observe that the withdrawal is only effective for the future. Processing that took place before the withdrawal is not affected by the withdrawal of consent. An informal communication, e.g. by e-mail to us, is sufficient to declare the withdrawal.

8.7 Right to object

You are entitled to object to the processing of your personal data under the conditions of Art. 21 GDPR, so that we must stop processing your personal data. The right to object exists only within the limits provided for in Art. 21 GDPR. Moreover, our interests may conflict with the termination of the processing, so that we are entitled to process your personal data despite your objection. We will consider an objection to any direct marketing measures immediately and without further balancing of the existing interests.

Information about your right to object according to Art. 21 DSGVO

You have the right to object at any time to the processing of your data that is carried out on the basis of Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balance of interests) or Art. 7 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) if there are grounds for doing so that arise from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

The objection can be made form-free and should preferably be addressed to:

Pendix GmbH
Innere Schneeberger Straße 20
08056 Zwickau, Germany
Tel.: +49 (0)375 270 667 10
E-mail: info(at)pendix.de

8.8  Right of complaint to a supervisory authority

Under the conditions of Art. 77 GDPR, you have a right of complaint to a competent supervisory authority. In particular, you can submit a complaint to the supervisory authority responsible for us (Saxon Data Protection and Transparency Commissioner; https://www.datenschutz.sachsen.de/kontakt.html) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found in the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

8.9  Other concerns

For further data protection questions and concerns, please contact our data protection officer using the contact details provided above.

9.   Obligation to provide data

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with unrestricted access to our website or respond to your requests to us. Personal data that we do not absolutely require for the above-mentioned processing purposes are marked accordingly as voluntary information.

10.   Automated decision making/profiling

We do not use automated decision making or profiling (an automated analysis of your personal circumstances).