Privacy Policy

Responsible Entity

The entity responsible for data protection laws, especially the EU General Data Protection Regulation (GDPR), is:

Atlas Optimization GmbH

Jemil Avers Butt

Naglerwiesenstrasse 50

8049 Zürich

Switzerland

Phone: +41 77 268 04 85

Email: je********@at***************.com

Website: https://www.atlasoptimization.com/

General Note

Based on Article 13 of the Swiss Federal Constitution and the data protection provisions of the Confederation (Data Protection Act, DPA), every person is entitled to protection of their privacy and protection against misuse of their personal data. The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

In cooperation with our hosting providers, we strive to protect the databases as much as possible from unauthorized access, loss, misuse, or forgery.

We would like to point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data from third-party access is not possible.

By using this website, you agree to the collection, processing, and use of data as described below. This website can generally be visited without registration. During such visits, data such as pages called up or the name of the retrieved file, date, and time are stored on the server for statistical purposes, without these data being directly related to your person. Personal data, particularly name, address, or email address, are collected as far as possible on a voluntary basis. Without your consent, this data will not be passed on to third parties.

Processing of Personal Data

Personal data is any information relating to an identified or identifiable natural person. A data subject is a person about whom personal data are processed. Processing includes any handling of personal data, regardless of the means and procedures used, in particular the storage, disclosure, acquisition, deletion, storage, alteration, destruction, and use of personal data.

We process personal data in accordance with Swiss data protection law. Insofar and insofar as the EU GDPR is applicable, we process personal data in accordance with the following legal bases in connection with Art. 6 para. 1 GDPR:

- **Consent** (Art. 6 para. 1 s. 1 lit. a. GDPR) — The data subject has given their consent to the processing of their personal data for one or more specific purposes.

- **Contract performance and pre-contractual inquiries** (Art. 6 para. 1 s. 1 lit. b. GDPR) — Processing is necessary for the performance of a contract to which the data subject is party, or for the performance of pre-contractual actions taken at the data subject’s request.

- **Legal obligation** (Art. 6 para. 1 s. 1 lit. c. GDPR) — Processing is necessary for compliance with a legal obligation to which the controller is subject.

- **Protection of vital interests** (Art. 6 para. 1 s. 1 lit. d. GDPR) — Processing is necessary to protect the vital interests of the data subject or another natural person.

- **Legitimate interests** (Art. 6 para. 1 s. 1 lit. f. GDPR) — Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

We process personal data for the duration necessary for the respective purpose or purposes. Where long-term retention obligations arise due to legal and other obligations to which we are subject, we restrict processing accordingly.

Significant Legal Bases

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not specified in the privacy policy, the following applies: The legal basis for obtaining consents is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures as well as responding to inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the case that vital interests of the data subject or another natural person require processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Security Measures

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access, input, disclosure, ensuring availability, and its separation. Furthermore, we have established procedures that ensure the exercise of data subjects’ rights, deletion of data, and responses to data endangerment. Moreover, we consider the protection of personal data already in the development or selection of hardware, software, and procedures, according to the principle of data protection, through technology design and data protection-friendly default settings.

Transmission of Personal Data

In the course of our processing of personal data, it happens that the data is transferred to other bodies, companies, legally independent organizational units, or persons. The recipients of this data may include, for example, payment institutions within the context of payment transactions, service providers commissioned with IT tasks, or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements, which serve the protection of your data, with the recipients of your data.

Processing of Data in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or disclosure or transmission of data to other persons, bodies or companies, this is only done in accordance with legal requirements.

Subject to express consent or contractually or legally required transmission, we process or let the data be processed in third countries only in the presence of the special conditions of Art. 44 ff. GDPR. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g., for the USA by the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Privacy Policy for Cookies

This website uses cookies. Cookies are text files that store data from visited websites or domains and are saved by a browser on the user’s computer. The main purpose of a cookie is to store information about a user during or after their visit within an online offer. Stored information may include language settings on a website, login status, a shopping cart, or the location where a video was watched. We also include other technologies that perform the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”)

The following types and functions of cookies are distinguished:

Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user leaves an online offer and closes his browser.

Permanent cookies: Permanent cookies remain saved even after the browser is closed. For example, the login status can be saved or preferred content can be shown directly when the user visits a website again. Likewise, the interests of users used for reach measurement or marketing purposes can be stored in such a cookie.

First-party cookies: First-party cookies are set by ourselves.

Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.

Necessary (also: essential or absolutely necessary) cookies: Cookies can be necessary for the operation of a website (e.g., to store logins or other user inputs or for reasons of security).

Statistic, marketing, and personalization cookies: Furthermore, cookies are generally also used within the scope of reach measurement as well as when the interests of a user or his behavior (e.g., viewing certain content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used to show users e.g., content that corresponds to their potential interests. This method is also referred to as “tracking”, i.e., tracking the potential interests of users. Provided we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or in the context of obtaining consent.

Notes on legal bases: On which legal basis we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is your declared consent. Otherwise, the data processed with cookies are processed on the basis of our legitimate interests (e.g., in a business operation of our online offer and its improvement) or, if the use of cookies is necessary to fulfill our contractual obligations.

Storage duration: Unless we provide you with explicit information about the storage duration of permanent cookies (e.g., within the scope of a so-called cookie opt-in), please assume that the storage duration can be up to two years.

General information on revocation and objection (opt-out): Depending on whether the processing is based on consent or legal permission, you always have the option to revoke a given consent or to object to the processing of your data by cookie technologies (summarily referred to as “opt-out”). You can initially declare your objection by means of the settings of your browser, e.g., by deactivating the use of cookies (which can also impair the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared by means of a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can receive further objection notices in the context of the information on the service providers and cookies used.

Processing of cookie data based on consent: We use a procedure for cookie consent management, in which the consents of the users into the use of cookies, or the processing and providers mentioned as part of the cookie consent management procedure are obtained and managed and revoked by the users. The consent declaration is saved so that it does not have to be repeated and the consent can be proven according to the legal obligation. The storage can take place server-side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies), in order to be able to assign the consent to a user, or his device. Subject to individual information about the providers of cookie management services, the following applies: The duration of the storage of consent can be up to two years. Here, a pseudonymous user identifier is formed and stored with the time of consent, details of the scope of the consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and used end device.

Processed data types: Usage data (e.g., visited websites, interest in content, access times), Meta/communication data (e.g., device information, IP addresses).

Affected persons: Users (e.g., website visitors, users of online services).

Legal bases: Consent (Art. 6 para. 1 s. 1 lit. a. GDPR), Legitimate interests (Art. 6 para. 1 s. 1 lit. f. GDPR).

Privacy Policy for SSL/TLS Encryption

This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries, which you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Data Transmission Security (without SSL)

Please note that data transmitted via an open network such as the internet or an email service without SSL encryption is visible to everyone. An unencrypted connection can be recognized by the fact that the address line of the browser shows “http://” and no lock symbol is displayed in your browser line. Information transmitted over the internet and online received content can potentially be transmitted via networks of third parties. We cannot guarantee the confidentiality of communications or documents transmitted via such open networks or networks of third parties.

If you disclose personal information through an open network or third-party networks, you should be aware that your data may be lost or third parties may potentially access this information and consequently collect and use the data without your consent. Although in many cases the individual data packets are encrypted during transmission, the names of the sender and the recipient are not. Even if the sender and recipient live in the same country, data transmission via such networks frequently occurs without controls also through third-party countries, i.e., also through countries that do not offer the same level of data protection as your country of domicile. We accept no responsibility for the security of your data during transmission via the internet and reject any liability for direct or indirect losses. We ask you to use other means of communication if you consider this necessary or reasonable for security reasons.

Despite extensive technical and organizational security measures, data may be lost or intercepted and/or manipulated by unauthorized persons. To the extent possible, we take appropriate technical and organizational security measures to prevent this within our systems. However, your computer is outside the security area controlled by us. It is your own responsibility as a user to inform yourself about the necessary security precautions and to take appropriate measures in this regard. As the website operator, we are in no way liable for any damage you may suffer as a result of data loss or manipulation.

Data which you enter into online forms may be passed on to third parties for order processing and viewed and possibly processed by them.

Privacy Policy for Server Log Files

The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version

Used operating system

Referrer URL

Host name of the accessing computer

Time of the server request

These data cannot be assigned to specific persons. A merge of this data with other data sources is not carried out. We reserve the right to check this data retrospectively if we become aware of specific indications for illegal use.

Services of Third Parties

This website may use Google Maps for embedding maps, Google Invisible reCAPTCHA for protection against bots and spam, and YouTube for embedding videos.

These services of the American Google LLC use, among other things, cookies and as a result, data may be transferred to Google in the USA, whereby we assume that in this context there is no personal tracking solely by using our website.

Google is committed to ensuring adequate data protection in accordance with the American-European and American-Swiss Privacy Shield.

Further information can be found in Google’s privacy policy.

Privacy Policy for Contact Form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored for the purpose of processing the inquiry and in case of follow-up questions. We do not share this data without your consent.

Privacy Policy for Newsletter Data

If you would like to receive the newsletter offered on this website, we need an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. Further data is not collected. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.

The consent given to the storage of the data, the email address, and their use for sending the newsletter can be revoked at any time, for example through the “unsubscribe” link in the newsletter.

Privacy Policy for the Comment Function on this Website

For the comment function on this page, in addition to your comment, information about the time of the creation of the comment, your email address, and, if you are not posting anonymously, the username you have chosen will be saved.

Storage of the IP address

Our comment function stores the IP addresses of users who write comments. Since we do not review comments on our site before activation, we need this data to be able to take action against the author in the case of infringements such as insults or propaganda.

Subscription to comments

As a user of the site, you can subscribe to comments after registering. You will receive a confirmation email to verify that you are the owner of the email address provided. You can unsubscribe from this function at any time via a link in the info mails.

Rights of the Data Subject

Right to Confirmation

Every data subject has the right to request confirmation as to whether data concerning them is being processed. If you wish to avail yourself of this right of confirmation, you may, at any time, contact our Data Protection Officer.

Right of Access

Every person affected by the processing of personal data has the right to receive free information about his or her stored personal data at any time and a copy of this information from the website operator. Furthermore, the European directives and regulations grant the data subject access to the following information:

the purposes of processing

the categories of personal data concerned

the recipients to whom the personal data have been or will be disclosed

if possible, the planned period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing

the right to lodge a complaint with a supervisory authority

if the personal data is not collected from the data subject: Any available information as to their source

Furthermore, the data subject has a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject also has the right to be informed of the appropriate safeguards relating to the transfer.

If you wish to avail yourself of this right of access, you may at any time contact our Data Protection Officer.

Right to Rectification

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain the immediate rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Officer.

Right to Erasure (Right to be Forgotten)

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.

The personal data have been unlawfully processed.

The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by the this website, he or she may at any time contact our Data Protection Officer. The Data Protection Officer of this website shall promptly ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. The Data Protection Officer of this website will arrange the necessary measures in individual cases.

Right to Restriction of Processing

Each data subject affected by the processing of personal data has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.

The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the this website, he or she may at any time contact our Data Protection Officer. The Data Protection Officer of this website will arrange the restriction of the processing.

Right to Data Portability

Each data subject affected by the processing of personal data has the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer designated by this website.

Right to Object

Each data subject affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The this website shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If the this website processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the this website to the processing for direct marketing purposes, the this website will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the this website for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may contact any employee of the this website. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

Right to Withdraw Data Protection Consent

Each data subject affected by the processing of personal data has the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact our Data Protection Officer.

Data Protection for Applications and the Application Procedures

The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents by e‑mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased two months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g., a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Data Protection Provisions About the Application and Use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal

Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data policy published by Facebook, which is available at https://www.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Data Protection Provisions About the Application and Use of Google+

On this website, the controller has integrated the Google+ button as a component. Google+ is a so-called social network. A social network is a social meeting point on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Google+ allows users of the social network to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043–1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Google+ button has been integrated, the Internet browser on the information technology system of the data subject automatically downloads a display of the corresponding Google+ button of Google through the respective Google+ button component. During the course of this technical procedure, Google is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Google+ is available under https://developers.google.com/+/.

If the data subject is logged in at the same time to Google+, Google recognizes with each call-up to our website by the data subject and for the entire duration of his or her stay on our Internet site which specific sub-pages of our Internet page were visited by the data subject. This information is collected through the Google+ button and Google matches this with the respective Google+ account associated with the data subject.

If the data subject clicks on the Google+ button integrated on our website and thus gives a Google+ 1 recommendation, then Google assigns this information to the personal Google+ user account of the data subject and stores the personal data. Google stores the Google+ 1 recommendation of the data subject, making it publicly available in accordance with the terms and conditions accepted by the data subject during this regard. Subsequently, a Google+ 1 recommendation made by the data subject on this website together with other personal data, such as the Google+ account name used by the data subject and the stored photo, is stored and processed on other Google services, such as search-engine results of the Google search engine, the Google account of the data subject, or other places, e.g. on Internet pages, or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information with the purpose of improving or optimizing the various Google services.

Through the Google+ button, Google receives information that the data subject visited our website, if the data subject at the time of the call to our website is logged in to Google+. This occurs regardless of whether the person clicks or doesn’t click on the Google+ button.

If the data subject does not wish to transmit personal data to Google, he or she may prevent such transmission by logging out of his Google+ account before calling up our website.

Further information and the data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/. More references from Google about the Google+ 1 button can be found under https://developers.google.com/+/web/buttons-policy.

Data Protection Provisions About the Application and Use of LinkedIn

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Every time a person accesses our website, which is equipped with a LinkedIn component (LinkedIn plug-in), the component causes the browser used by the individual to download an appropriate representation of the LinkedIn component. Further information about the LinkedIn plug-ins can be retrieved under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the person.

If the data subject is logged in at LinkedIn at the time of the call to our website, LinkedIn detects which specific sub-page of our website was visited by the data subject, and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and associated with the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores the personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in at LinkedIn at the time of the call to our website; this occurs regardless of whether the person clicks on the LinkedIn component or not. If such a transmission of information to LinkedIn is not desirable for the data subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn offers under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e‑mail messages, SMS messages, and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. The setting of such cookies may be denied under https://www.linkedin.com/legal/cookie-policy. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

Data Protection Provisions About the Application and Use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 280 characters. These short messages are available to everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links, or retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the data subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the data subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the data subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Twitter component and associated with the respective Twitter account of the data subject. If the data subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the data subject and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our website, provided that the data subject is logged in on Twitter at the time of the call to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the data subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy.

Data Protection Provisions About the Application and Use of Xing

On this website, the controller has integrated components of XING. XING is an Internet-based social network that allows users to connect with existing business contacts and to add new business contacts. The individual users can create a personal profile of themselves at XING. Companies may, e.g., create company profiles or publish jobs on XING.

The operating company of XING is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a XING component (XING plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding XING component of XING. Further information about the XING plug-ins can be retrieved under https://dev.xing.com/plugins. During the course of this technical procedure, XING gains knowledge of what specific sub

-page of our website was visited by the data subject.

If the data subject is logged in at the same time on XING, XING detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the XING component and associated with the respective XING account of the data subject. If the data subject clicks on one of the XING buttons integrated on our website, e.g. the “Share” button, then XING assigns this information to the personal XING user account of the data subject and stores the personal data.

XING always receives information via the XING component that the data subject has visited our website if the data subject is logged in at XING at the time of the call to our website; this occurs regardless of whether the person clicks on the XING component or not. If such a transmission of information to XING is not desirable for the data subject, then he or she can prevent this by logging off from their XING account before a call-up to our website is made.

The data protection provisions published by XING, which are available under https://www.xing.com/privacy, provide insight into the collection, processing, and use of personal data by XING. In addition, XING has published privacy notices for the XING share button under https://www.xing.com/app/share?op=data_protection.

Data Protection Provisions About the Application and Use of YouTube

This website integrates components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review, and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043–1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google will receive information through the YouTube component that the data subject has visited our website if the data subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.

YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing, and use of personal data by YouTube and Google.

Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the above-mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This Privacy Policy has been generated by the Privacy Policy Generator of the External Data Protection Officers that was developed in cooperation with the Media Law Lawyers from WBS-LAW.