Privacy Policy

Preamble

With the following Privacy Policy, we would like to inform you about which types of your personal data (hereinafter also referred to briefly as "data") we process, for which purposes, and to what extent within the scope of providing our application.

The terms used are not gender-specific.

Last updated: 8 April 2026

Table of Contents

• Preamble
• Controller
• Contact Data Protection Officer
• Overview of Processing Activities
• Relevant Legal Bases
• Security Measures
• Transfer of Personal Data
• International Data Transfers
• General Information on Data Retention and Deletion
• Business Services
• Business Processes and Procedures
• Providers and Services Used in the Course of Business Activities
• Provision of the Online Offering and Web Hosting
• Processing of Data Within the Application (App)
• Registration, Login, and User Account
• Contact and Inquiry Management
• Video Conferences, Online Meetings, Webinars, and Screen Sharing
• Cloud Services
• Promotional Communication by Email, Mail, Fax, or Telephone
• Presences on Social Networks (Social Media)
• Management, Organisation, and Support Tools
• Processing of Data in the Context of Employment Relationships
• Application Procedures

Controller

Contact Data Protection Officer

For questions regarding data protection, please contact our data protection advisor:

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Relevant Legal Bases

Relevant legal bases under Swiss data protection law: If you are located in Switzerland, we process your data on the basis of the Swiss Federal Act on Data Protection ("Swiss FADP"). Unlike, for example, the GDPR, the Swiss FADP generally does not require that a legal basis for the processing of personal data be specified, and personal data is processed in good faith, lawfully, and in a proportionate manner (Art. 6 para. 1 and 2 Swiss FADP). In addition, we collect personal data only for a specific purpose that is recognizable to the data subject and process it only in a manner compatible with that purpose (Art. 6 para. 3 Swiss FADP).

Security Measures

In accordance with the legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, safeguarding of availability of, and segregation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Moreover, we take the protection of personal data into account as early as the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Securing online connections through TLS/SSL encryption technology (HTTPS): In order to protect the data of users transmitted via our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. If a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is transmitted securely and in encrypted form.

Transfer of Personal Data

In the course of our processing of personal data, it may occur that such data is transferred to other entities, companies, legally independent organisational units, or persons or disclosed to them. The recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements serving to protect your data with the recipients of your data.

International Data Transfers

Disclosure of personal data abroad: Under the Swiss FADP, we disclose personal data abroad only if an adequate level of protection for the data subjects is ensured (Art. 16 Swiss FADP). If the Swiss Federal Council has not determined that an adequate level of protection exists (list: https://www.bj.admin.ch/bj/de/home/staat/datenschutz/internationales/anerkennung-staaten.html), we implement alternative safeguards.

For data transfers to the United States, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of Switzerland dated 15 September 2024. In addition, we have entered into standard data protection clauses with the respective providers, which were approved by the Swiss Federal Data Protection and Information Commissioner (FDPIC) and establish contractual obligations to protect your data.

This dual protection ensures comprehensive protection of your data: the DPF forms the primary layer of protection, while the standard data protection clauses serve as additional security. Should there be any changes within the scope of the DPF, the standard data protection clauses act as a reliable fallback option. In this way, we ensure that your data remains adequately protected at all times, even in the event of political or legal changes.

For the individual service providers, we inform you whether they are certified under the DPF and whether standard data protection clauses are in place. The list of certified companies and further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding safeguards apply, including international treaties, specific guarantees, standard data protection clauses approved by the FDPIC, or internal data protection rules recognized in advance by the FDPIC or a competent data protection authority of another country.

General Information on Data Retention and Deletion

We delete personal data that we process in accordance with the legal provisions as soon as the underlying consents are withdrawn or no further legal bases for processing exist. This applies to cases in which the original processing purpose ceases to apply or the data is no longer required. Exceptions to this rule exist where legal obligations or special interests require longer retention or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal prosecution or for the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations.

If several retention periods or deletion deadlines are specified for a given date, the longest period shall always apply. Data that is no longer retained for the originally intended purpose but due to legal requirements or other reasons is processed exclusively for the reasons justifying its retention.

Business Services

We process personal data of our contractual and business partners, such as customers, clients, prospective customers, suppliers, and other cooperation partners (collectively referred to as "contractual partners"), for the initiation, performance, and handling of contractual relationships as well as comparable legal relationships. This also includes pre-contractual measures taken upon request, as well as communication in connection with the respective contractual relationship.

The processing serves in particular to fulfill our primary and ancillary contractual obligations. This includes providing the agreed services, any update and information obligations, processing warranty and other service disruptions, handling revocations, terminations of continuing obligations, reversals, reimbursements, as well as handling other contract-related declarations and inquiries. Both one-off contracts and ongoing contractual relationships are covered.

In particular, we process master data such as name, address and, where applicable, company name, contact data such as email address and telephone number, contract and service data such as subject matter of the contract, contract duration, order or transaction number, usage and performance data, payment and billing data, as well as communication content and histories. Where necessary, we also process data disclosed or transmitted to us in the course of carrying out an assignment.

In addition, we process the data to safeguard our rights and to fulfill legal obligations. This includes in particular retention obligations under commercial and tax law, documentation obligations, and, where applicable, duties of proof and accountability. Processing is also carried out on the basis of our legitimate interests in proper business management, internal administration, risk management, and IT security, as well as in protecting our business operations and our contractual partners against misuse, risks to data, secrets, and other legal interests. This may also include engaging external service providers such as IT and telecommunications providers, transport and logistics companies, payment service providers, banks, tax and legal advisors, or other agents, insofar as this is necessary for the performance of the contract or to fulfill legal obligations.

Personal data is disclosed to third parties exclusively to the extent necessary for the performance of the contract, the implementation of pre-contractual measures, the safeguarding of legitimate interests, or the fulfillment of legal obligations. We provide separate information on any further processing, particularly for marketing purposes, within this Privacy Policy.

We inform contractual partners of which data is required in the individual case at the time of data collection, for example in online forms by means of appropriate markings or in personal contact.

The data is deleted as soon as it is no longer required for the aforementioned purposes and no statutory retention obligations prevent deletion. Statutory retention periods, in particular under commercial and tax law, may require longer storage. Data transmitted in connection with a specific assignment is deleted by us after completion of the assignment and expiry of any retention periods, unless further statutory or contractual obligations to retain the data exist.

The legal basis for processing is Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures and the performance of the respective contractual relationship, as well as Art. 6 para. 1 lit. c GDPR for the fulfillment of legal obligations. Insofar as the processing is based on legitimate interests, it is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Where processing is based on Art. 6 para. 1 lit. f GDPR, it is carried out to safeguard our legitimate interests in proper and efficient business organisation, internal administration and documentation of business transactions, the enforcement and defense of legal claims, ensuring IT and data security, preventing misuse and fraud, and the economic management and further development of our business operations. These interests exist in particular in ensuring secure and legally compliant business operations and preserving our entrepreneurial freedom to act.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); payment data (e.g. bank account details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers). Contract data (e.g. subject matter of the contract, duration, customer category).
• Data subjects: Recipients of services and clients; prospective customers. Business and contractual partners.
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; communication; office and organisational procedures; organisational and administrative procedures. Business processes and business management procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Business Processes and Procedures

Personal data of recipients of services and clients - including customers, clients, or in special cases, mandate clients, patients, or business partners, as well as other third parties - is processed in the context of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business operations in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data serves to fulfill contractual obligations and to organise operational processes efficiently. This includes handling business transactions, managing customer relationships, optimising sales strategies, and ensuring internal invoicing and financial processes. In addition, the data supports safeguarding the controller's rights and promotes administrative tasks and the organisation of the company.

Personal data may be disclosed to third parties if this is necessary to fulfill the stated purposes or legal obligations. After expiry of statutory retention periods or if the purpose of processing ceases to apply, the data is deleted. This also includes data that must be stored for longer due to obligations to provide evidence under tax law and other statutory requirements.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); payment data (e.g. bank account details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved); log data (e.g. log files regarding logins or the retrieval of data or access times). Employment data (information on employees and other persons in an employment relationship).
• Data subjects: Recipients of services and clients; prospective customers; communication partners; business and contractual partners; customers; third parties; mandate clients. Employees (e.g. staff, applicants, temporary workers, and other employees).
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; office and organisational procedures; business processes and business management procedures; security measures; provision of our online offering and user-friendliness; communication; financial and payment management; information technology infrastructure (operation and provision of information systems and technical equipment such as computers and servers); marketing. Sales promotion.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Providers and Services Used in the Course of Business Activities

In the course of our business activities, we use additional services, platforms, interfaces, or plugins from third-party providers (collectively referred to as "services") in compliance with the legal requirements. Their use is based on our interests in the proper, lawful, and economical management of our business operations and our internal organisation.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); payment data (e.g. bank account details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); contract data (e.g. subject matter of the contract, duration, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved).
• Data subjects: Recipients of services and clients; prospective customers. Business and contractual partners.
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; office and organisational procedures. Business processes and business management procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Provision of the Online Offering and Web Hosting

We process users' data in order to be able to provide them with our online services. For this purpose, we process the user's IP address, which is necessary in order to transmit the content and functions of our online services to the users' browser or end device.

• Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved). Log data (e.g. log files regarding logins or the retrieval of data or access times).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of our online offering and user-friendliness. Information technology infrastructure (operation and provision of information systems and technical equipment such as computers and servers).
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Processing of Data Within the Application (App)

We process the data of users of our application insofar as this is necessary in order to provide users with the application and its functionalities, monitor its security, and further develop it. We may also contact users in compliance with the legal requirements if the communication is necessary for purposes of administration or use of the application. Otherwise, with regard to the processing of user data, we refer to the privacy notices in this Privacy Policy.

Legal bases: The processing of data that is required for providing the functionalities of the application serves the fulfillment of contractual obligations. This also applies if the provision of the functions requires authorization from the users (e.g. permissions for device functions). If the processing of data is not necessary for providing the functionalities of the application but serves the security of the application or our business interests (e.g. collection of data for the purposes of optimizing the application or for security purposes), it is carried out on the basis of our legitimate interests. If users are expressly asked for their consent to the processing of their data, the data covered by the consent is processed on the basis of that consent.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved); payment data (e.g. bank account details, invoices, payment history); contract data (e.g. subject matter of the contract, duration, customer category). Location data (information on the geographical position of a device or a person).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; security measures. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Registration, Login, and User Account

Users may create a user account. In the context of registration, users are informed of the required mandatory information, and this information is processed for the purpose of providing the user account on the basis of contractual performance. The processed data includes, in particular, login information (username, password, and an email address).

In the course of using our registration and login functions as well as the user account, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests and those of the users in protection against misuse and other unauthorized use. This data is generally not disclosed to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so.

Users may be informed by email about processes relevant to their user account, such as technical changes.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Log data (e.g. log files regarding logins or the retrieval of data or access times).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; security measures; organisational and administrative procedures. Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion". Deletion after termination.

Contact and Inquiry Management

When contacting us (e.g. by post, contact form, email, telephone, or via social media), as well as in the context of existing user and business relationships, the details of the requesting persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

• Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation). Meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved).
• Data subjects: Communication partners.
• Purposes of processing and legitimate interests: Communication; organisational and administrative procedures; feedback (e.g. collecting feedback via online form). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (collectively referred to hereinafter as "conference"). When selecting the conference platforms and their services, we observe the legal requirements.

Data processed by conference platforms: In the course of participating in a conference, the conference platforms process the personal data of participants listed below. The scope of processing depends, on the one hand, on which data is requested in the context of a specific conference (e.g. provision of access data or real names) and which optional details are provided by the participants. In addition to processing for the purpose of conducting the conference, participant data may also be processed by the conference platforms for security purposes or service optimisation. The processed data includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional role/function, the IP address of the internet access, information on participants' end devices, their operating systems, the browser and its technical and language settings, information on the content-related communication processes, i.e. chat entries and audio and video data, as well as the use of other available functions (e.g. surveys). Content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

Logging and recordings: If text inputs, participation results (e.g. from surveys), as well as video or audio recordings are logged, participants will be transparently informed in advance and, where required, asked for their consent.

Data protection measures for participants: Please note the details of the processing of your data by the conference platforms in their privacy notices and select the security and data protection settings most suitable for you within the conference platform settings. Furthermore, for the duration of a video conference, please ensure data protection and the protection of personality rights in the background of your recording (e.g. by informing cohabitants, locking doors, and using, where technically possible, the function to blur the background). Links to conference rooms and access data must not be passed on to unauthorized third parties.

Notes on legal bases: If, in addition to the conference platforms, we also process user data and ask users for their consent to the use of the conference platforms or certain functions (e.g. consent to recording conferences), the legal basis for processing is that consent. Furthermore, our processing may be necessary for the fulfillment of our contractual obligations (e.g. in participant lists, in the event of processing meeting results, etc.). Otherwise, user data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g. photographs or video recordings of a person); audio recordings. Log data (e.g. log files regarding logins or the retrieval of data or access times).
• Data subjects: Communication partners; users (e.g. website visitors, users of online services). Depicted persons.
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations; communication. Office and organisational procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Cloud Services

We use software services accessible via the internet and operated on the servers of their providers (so-called "cloud services," also referred to as "Software as a Service") for the storage and management of content (e.g. document storage and management, exchange of documents, content, and information with specific recipients, or publication of content and information).

In this context, personal data may be processed and stored on the providers' servers insofar as this data forms part of communication processes with us or is otherwise processed by us as set out in this Privacy Policy. This data may include, in particular, users' master data and contact data, data on transactions, contracts, other processes, and their content. The providers of cloud services also process usage data and metadata used by them for security purposes and service optimisation.

If, with the help of the cloud services, we provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on users' devices for web analysis purposes or to remember user settings (e.g. in the case of media control).

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved).
• Data subjects: Prospective customers; communication partners; business and contractual partners. Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Office and organisational procedures; information technology infrastructure (operation and provision of information systems and technical equipment such as computers and servers). Provision of our online offering and user-friendliness.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Promotional Communication by Email, Mail, Fax, or Telephone

We process personal data for purposes of promotional communication, which may take place via various channels such as email, telephone, mail, or fax in accordance with the legal requirements.

Recipients have the right to withdraw consent given at any time or to object to promotional communication at any time free of charge using the contact options mentioned above.

After withdrawal or objection, we store the data required to prove the previous authorization for contact or dispatch for up to three years after the end of the year of withdrawal or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of defending against possible claims. On the basis of the legitimate interest in permanently observing the withdrawal or objection of users, we also store the data required to avoid renewed contact (e.g. depending on the communication channel, the email address, telephone number, or name).

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation).
• Data subjects: Communication partners.
• Purposes of processing and legitimate interests: Direct marketing (e.g. by email or post); marketing. Sales promotion.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Presences on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to offer information about us.

We point out that user data may be processed outside the European Union. This may result in risks for users because, for example, the enforcement of user rights may be made more difficult.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created on the basis of usage behavior and resulting user interests. These usage profiles may in turn be used, for example, to place advertisements within and outside the networks that are presumed to correspond to the interests of the users. For these purposes, cookies are generally stored on users' computers in which usage behavior and user interests are stored. In addition, data may also be stored in the usage profiles independently of the devices used by users (in particular, if they are members of the respective platforms and are logged into them).

For a detailed presentation of the respective forms of processing and the objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be exercised most effectively with the providers. Only the providers have access to the user data and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

• Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Communication; feedback (e.g. collecting feedback via online form). Public relations.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Management, Organisation, and Support Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for purposes of organisation, administration, planning, and provision of our services. When selecting the third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. Various types of data that we process in accordance with this Privacy Policy may be affected. This may include, in particular, users' master data and contact data, data relating to transactions, contracts, other processes, and their content.

If users are referred to the third-party providers or their software or platforms in the context of communication or business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimisation, or marketing purposes. We therefore ask that you observe the privacy notices of the respective third-party providers.

• Types of data processed: Content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time details, identification numbers, persons involved).
• Data subjects: Communication partners. Users (e.g. website visitors, users of online services).
• Purposes of processing and legitimate interests: Provision of contractual services and fulfillment of contractual obligations. Office and organisational procedures.
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".

Processing of Data in the Context of Employment Relationships

In the context of employment relationships, personal data is processed with the aim of effectively organising the establishment, implementation, and termination of such relationships. This data processing supports various operational and administrative functions required for managing employee relationships.

The data processing encompasses various aspects ranging from contract initiation to contract termination. This includes organising and managing daily working hours, managing access rights and permissions, and handling personnel development measures and employee discussions. The processing also serves payroll and salary administration, which are critical aspects of contract performance.

In addition, the data processing takes into account legitimate interests of the responsible employer, such as ensuring workplace safety or recording performance data for the evaluation and optimisation of operational processes. Furthermore, the data processing includes the disclosure of employment data in the context of external communication and publication processes where this is necessary for operational or legal purposes.

Such data processing always takes place in compliance with the applicable legal framework, with the goal of creating and maintaining a fair and efficient working environment. This also includes consideration of the data protection of the employees concerned, the anonymisation or deletion of data after the processing purpose has been fulfilled or in accordance with statutory retention periods.

• Types of data processed: Employment data (information on employees and other persons in an employment relationship).
• Data subjects: Employees (e.g. staff, applicants, temporary workers, and other employees).
• Purposes of processing and legitimate interests: Establishment and performance of employment relationships (processing of employee data in the context of the establishment and performance of employment relationships). Business processes and business management procedures.

Application Procedures

The application procedure requires that applicants provide us with the data necessary for their assessment and selection. Which information is required can be derived from the job description or, in the case of online forms, from the details provided there.

As a rule, the required information includes personal details such as name, address, a means of contact, and proof of the qualifications necessary for a position. Upon request, we are also happy to inform you which details are required.

Where available, applicants may submit their applications via our online form, which is encrypted in accordance with the latest state of the art. Alternatively, applications may also be sent to us by email. However, we would like to point out that emails on the internet are generally not sent in encrypted form. Although emails are generally encrypted during transmission, this is not the case on the servers from which they are sent and received. We can therefore assume no responsibility for the security of the application on its transmission path between the sender and our server.

For purposes of searching for applicants, submitting applications, and selecting applicants, we may, in compliance with the legal requirements, make use of applicant management or recruitment software and platforms and services of third-party providers.

Applicants are welcome to contact us regarding the type of submission of their application or to send us their application by post.

Processing of special categories of data: Insofar as special categories of personal data (Art. 9 para. 1 GDPR, e.g. health data such as severe disability status or ethnic origin) are requested from applicants or communicated by them in the context of the application procedure, such data is processed so that the controller or the data subject can exercise the rights arising from labor law and the law of social security and social protection and comply with related obligations, in the case of protection of the vital interests of the applicants or other persons, or for purposes of preventive healthcare or occupational medicine, for the assessment of the working capacity of the employee, for medical diagnostics, care or treatment in the health or social sector, or for the administration of systems and services in the health or social sector.

Deletion of data: The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants' data is deleted. Applicants' data is also deleted if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified revocation by the applicants, deletion takes place no later than after the expiry of a period of six months so that we can answer any follow-up questions regarding the application and comply with our obligations to provide evidence under the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.

Inclusion in an applicant pool: Inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application procedure, and that they may revoke their consent for the future at any time.

• Types of data processed: Master data (e.g. full name, residential address, contact details, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions and information relating to them, such as details of authorship or time of creation). Applicant data (e.g. information on the person, postal and contact addresses, the documents belonging to the application and the information contained in them, such as cover letter, CV, certificates, as well as further information voluntarily communicated by applicants regarding their person or qualification in relation to a specific position).
• Data subjects: Applicants.
• Purposes of processing and legitimate interests: Application procedures (establishment and any later performance as well as possible later termination of the employment relationship).
• Retention and deletion: Deletion in accordance with the information in the section "General Information on Data Retention and Deletion".