Privacy policy

A. General provisions on data processing

1. subject of this privacy policy

We, from IFP CONSULTING, appreciate your interest in our website.
The protection of your personal data is a great and very important concern for us. In the following, we would therefore like to inform you in detail about which data is collected when you visit our website, use our offers there and how this is processed or used by us in the following. Furthermore, we also inform you about the accompanying protective measures we have taken in technical and organizational terms.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the applicable data protection regulations. By means of this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us and, insofar as you are affected by the data processing, to clarify this.
Although we, as the party responsible for processing personal data, have implemented numerous technical and organizational measures, Internet-based data transmission may in principle have security vulnerabilities, so that absolute protection cannot be guaranteed. We ask you to take this into account when using our Internet offer.

2. definitions

In this data protection declaration, terms are used which have been specified by the legislator in the basic data protection regulation (hereinafter also DSGVO). You could access the GDPR at the following link:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE
The aim of our privacy policy is to inform you in a simple and understandable way about the processing of your personal data on our website.

3. name and address of the controller

The responsible person in the sense of data protection law is:

ifp – Prof. Dr.-Ing. Joachim Milberg Institut für Produktion und Logistik GmbH & Co. KG
– IFP CONSULTING –
Parkring 17
D-85748 Garching b. München

Represented by
Komplementärin
ifp Verwaltungs GmbH
Garching – Amtsgericht München – HRB 166480

Geschäftsführung
Dr.-Ing. Gerhard Nowak
Denise Pohlig

Contact
Tel. +49 (0)89 456727-0
Fax +49 (0)89 456727-33
info@ifpconsulting.de

4. deletion and blocking of personal data/ storage period

Unless otherwise specified for the respective processing of personal data in Chapter B. of this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data of the data subject are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data of the data subject that must be retained for reasons of commercial or tax law.

According to the legal requirements, the storage takes place for six years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) as well as for ten years pursuant to § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, etc.)

5. rights of the data subject

5.1. Right to confirmation

Every data subject has the right, granted by the European Directive and Regulation, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact us at any time.

5.2. Right to information

Any person affected by the processing of personal data has the right to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of such information. Furthermore, the data subject is entitled to access the following information:

– the processing purposes
– the categories of personal data that are processed
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
– the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
– the existence of a right of appeal to a supervisory authority
– if the personal data are not collected from the data subject: All available information about the origin of the data
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, he or she may contact us at any time.

5.3 Right to rectification

Any person concerned by the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data by means of a supplementary declaration.
If a data subject wishes to exercise this right of rectification, he or she may contact us at any time.

5.4 Right to deletion

Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

– The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
– The data subject revokes the consent on which the processing is based pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2(a) GDPR and there is no other legal basis for the processing.
– The data subject shall, pursuant to Art. 21 para. 1 DSGVO, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(1) DSGVO. 2 DSGVO to object to the processing.
– The personal data have been processed unlawfully.
– The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO collected.

If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by IFP CONSULTING, he or she may, at any time, contact us. We will arrange for the deletion request to be complied with immediately.
If the personal data of IFP CONSULTING has been made public and our company is responsible according to Art. 17 para. 1 DSGVO to erase personal data, IFP CONSULTING shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including technical measures, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary. We will take the necessary steps in individual cases.

5.5 Right to restriction of processing

Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing where one of the following conditions is met:

– The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
– The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
– The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
– The data subject has objected to the processing pursuant to Art. 21 para. 1 DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the aforementioned cases applies, and a data subject wishes to request the restriction of personal data stored by IFP CONSULTING, he or she may, at any time, contact us. We will then arrange for the restriction of processing.

5.6 Right to data portability

Any person concerned by the processing of personal data has the right to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another controller without hindrance by the controller to whom the personal data were provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Art. 20 para. 1 GDPR the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject may contact us at any time.

5.7 Right of objection

Any person concerned by the processing of personal data has the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data relating to him or her which is carried out on the basis of Article 6(1) of the Data Protection Act. 1 letters e or f DSGVO. This also applies to profiling based on these provisions.

IFP CONSULTING shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

If IFP CONSULTING processes personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If the data subject objects to IFP CONSULTING to IFP CONSULTING to the processing for direct marketing purposes, IFP CONSULTING will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by IFP CONSULTING for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the German Data Protection Act. 1 DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact us directly. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications.

5.8 Automated decisions in individual cases including profiling

Any person concerned by the processing of personal data has the right, granted by the European Directive and the Regulation, not to be subject to a decision based solely on automated processing, including possible profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision

– is not necessary for the conclusion or performance of a contract between the data subject and the controller, or
– is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
– takes place with the express consent of the data subject.

Is the decision

– necessary for the conclusion or performance of a contract between the data subject and the controller, or
– If it takes place with the explicit consent of the data subject, IFP CONSULTING shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a data subject on the part of the responsible person, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact us.

5.9 Right to revoke consent under data protection law

Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may contact us at any time.
Any data subject may contact us directly at any time with any questions or suggestions regarding data protection.

5.10 Right of appeal to a data protection supervisory authority

Any person affected by the processing of personal data has the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

6. legal basis of the processing

Unless otherwise stated in the description of the respective data processing operation in the following chapter B. of this data protection declaration, the following regulations apply.

Art. 6 I lit. a DSGVO serves IFP CONSULTING as the legal basis for processing operations for which consent must be obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our services and products. If IFP CONSULTING is subject to a legal obligation by which a processing of personal data becomes necessary, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f DSGVO are based. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of IFP CONSULTING or a third party, unless such interest is overridden by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator (cf. recital 47 sentence 2 DSGVO).

7. consideration of legitimate interests

Unless otherwise regulated in the description of the respective data processing operation in Chapter B. of this data protection declaration and the processing of personal data is based on Article 6 I lit. f DSGVO, our legitimate interest is the performance of our business activities and the associated economic interest.

8. data protection when using our contact details

If you use the contact data provided on our website (such as our e-mail address or fax number) to contact us, the personal data you provide will only be processed for the purpose of contacting you.
If the reason for your contacting us is your interest in our services or products or the fulfillment of an existing or future contract with us, the legal basis is Art. 6 Para. 1 lit. b GDPR. In all other cases of contact, we have a legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to the data processing based on the communication initiated by you.

We store the data required for processing the contract until the expiry of the statutory warranty and, if applicable, contractual warranty periods. We retain the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. Section 257 HGB, Section 147 AO). The data processed to carry out pre-contractual measures will be deleted as soon as the measures have been carried out and there is no recognizable conclusion of a contract.

The personal data stored by us on the basis of a legitimate interest will be stored until the purpose pursued by the contact has been achieved. You have the right to object to data processing based on Art. 6 para. 1 f) DSGVO is carried out and is not for direct marketing purposes for reasons arising from your particular situation at any time. In the case of direct advertising, however, you may object to the processing at any time without giving reasons.

Recipients of the personal data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded a corresponding order processing agreement in accordance with Art. 28 DSGVO.

9. data protection during applications and the application process

We collect and process the personal data of applicants for the purpose of carrying out the application procedure and thus on the basis of a pre-contractual measure within the meaning of Art. 6 para. 1 lit. b DSGVO or our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to the employment of employees.
The processing may also take place electronically, e.g. if an applicant submits relevant application documents to us electronically, for example by e-mail or via our contact form. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller prevent such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Due to the digitalized recording of the applications received, the recipients of the processed personal data are our IT service providers (esp. hosters), with whom we have concluded corresponding order processing agreements within the meaning of Art. 28 DSGVO.

10. changes to this privacy policy

IFP CONSULTING reserves the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable privacy policy.
B. Special provisions for data processing on our website

1. informational use and collected data
The extent and type of collection and use of your data differs depending on whether you visit our website only to retrieve information or to make use of services offered by us, such as making a booking.

(1) In the case of mere informational use of the website, i.e. if you do not, for example, make a booking via our website or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

– IP address
– Date and time of the request
– Time zone difference from Greenwich Mean Time (GMT)
– Content of the request (concrete page)
– Access status/HTTP status code
– Data volume transferred in each case
– Web page from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.

(2) The persons appointed in accordance with par. 1 of this regulation are processed for the specified purposes for the duration max. stored for 30 days and then deleted. (Note: please check if this is correct!)

2. use of cookies and similar technologies

In addition to the previously mentioned data, cookies or similar technologies (e.g. pixel tags, web beacons) are stored on your computer when you use our website. In the following, these cookies and similar technologies are referred to as “cookies”. Cookies are small files that usually consist of letters and numbers. These files are placed on your computer, tablet, cell phone or similar device when you use the device to visit a website.

Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective. The cookies used on our website can be divided into two categories: technically necessary cookies (item 2.1), functional cookies (item 2.2) and cookies for marketing and analysis purposes (item 2.2). In the following, you have the option of determining yourself whether or not you wish to permit the use of cookies for the purposes specified in each case. You can change your settings at any time. Please note that blocking certain types of cookies may impair your use of our website.

2.1 Technically required cookies

(1) Technically necessary cookies are used on this website. The use of technically necessary cookies serves to ensure the proper and secure operation of our website and its functionalities. These cookies are set, for example, to enable basic functions of the website, to store the setting of your privacy preferences, to provide secure authentication that allows you to log in to your user account, to match the technical requirements of your terminal device, and to allow you to fill out forms.
(2) Data processing by means of technically necessary cookies is carried out either on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to the functionality of our website. Or the use is based on Art. 6 para. 1 lit. c to obtain and manage the consents required by law for the use of cookies, as is the case with the setting of cookies by User.
The user data collected through technically required cookies, are not used to create user profiles.
(3) The technically necessary cookies are deleted when the browser is closed.
(4) If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your Internet browser. However, this may result in a functional restriction of our website. You can also delete permanently stored cookies at any time via your browser.
(5) Recipients of the data processed in accordance with the above paragraphs are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

2.1.1 Word Press modular system

We use the website construction system of WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter referred to only as “Word Press”).

WordPress also processes data from you in the USA, among other places. We would like to point out that due to the case law of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA.

As a basis for data processing for recipients located in third countries (such as the USA) or a data transfer there, WordPress uses so-called standard contractual clauses of the EU Commission. These are intended to ensure that your personal data comply with the European level of data protection if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission, which you can read incl. of the standard contractual clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

To learn more about the data processed through the use of WordPress.com, please see the Privacy Policy at https://automattic.com/de/privacy/.

2.1.2 Compliance GDPR/CCPA

On our website, we use the cookie consent tool from “Complianz GDPR/CCPA Cookie Consent” to obtain your consent to store certain cookies in your browser and to document this in a data protection compliant manner. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter Complianz).

When you visit our website, a cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.

The collected data is stored until you request us to delete it or delete the cookie yourself, or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Complianz’s data processing can be found at https://complianz.io/privacy-statement.

The use of Complianz cookie consent technology is done in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

2.2 Functional cookies

(1) So-called functional cookies are used on this website. These enable us to provide you with certain information (such as map sections for directions to the airport or videos about our services), and we use third-party services to do so.
(2) The data processing by means of functional cookies is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. In the cookie settings of our website, you have the option in each case to give your consent to the use of functional cookies individually or generally and to revoke this at any time for the future. If you do not wish the use of certain cookies or cookies in general, you can instead also prevent their storage on your terminal device by making the appropriate settings on your terminal device and/or Internet browser. You can select “do not accept cookies” in your Internet browser settings. For the procedures for managing and deleting cookies in the settings of your Internet browser, please refer to the help function provided for this purpose in your Internet browser. You can also disable all cookies using free Internet browser add-ons.
(3) You can delete stored cookies at any time in the system settings of your terminal device and/or Internet browser. You can also activate the “Do-Not-Track function” in your terminal device. If this function is activated, your terminal tells the respective service that they no longer want to be recorded by it.
(4) Recipients of the data processed in accordance with the above paragraphs are IT service providers (esp. hosters) and the respective service provider with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.
(5) Please note that the functionality and range of functions of our website may be limited according to your cookie settings. Information on the services we use that employ functional cookies, as well as further options for deactivating them, can be found in the following notes.

2.3 Cookies for marketing purposes and for analyzing reach and performance

(1) Cookies for marketing purposes (also called “marketing cookies”) are used to enable us to provide you with interest-based content and commercial advertising regarding our offerings and to provide more accurate campaign performance reports. These cookies are partly set by third-party providers, i.e. marketing and social media partners selected by us. As a result, they receive information about your use of our website and may combine this information with other data they may have received from you elsewhere.

Cookies for analyzing reach and performance (also called “analytics cookies”) are intended to enable an evaluation of the use of our website. These cookies are partially set by third-party providers. Through the use of such cookies, we can, for example, count the visits to our websites and track from which other websites a redirection to our website took place. This enables us to find out, for example, which parts of our website are accessed particularly frequently and how you move around our website. This allows us to determine the overall performance of our website and improve it as well as optimize content.

(2) The data processing by means of marketing and analysis cookies is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. In the cookie settings of our website, you have the option in each case to give your consent to the use of functional cookies individually or generally and to revoke this at any time for the future. If you do not wish the use of certain cookies or cookies in general, you can instead also prevent their storage on your terminal device by making the appropriate settings on your terminal device and/or Internet browser. You can select “do not accept cookies” in your Internet browser settings. For the procedures for managing and deleting cookies in the settings of your Internet browser, please refer to the help function provided for this purpose in your Internet browser. You can also disable all cookies using free Internet browser add-ons.

(3) You can delete stored cookies at any time in the system settings of your terminal device and/or Internet browser. You can also activate the “Do-Not-Track function” in your terminal device. If this function is activated, your terminal tells the respective service that they no longer want to be recorded by it.

(4) Recipients of the data processed in accordance with the above paragraphs are, in addition to the operators of the respective services, our IT service providers (esp. hosters) and the respective service provider with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

(5) Please note that the functionality and range of functions of our website may be limited according to your cookie settings. Information on the services we use that employ functional cookies, as well as further options for deactivating them, can be found in the following notes.

2.3.1 Google Analytics 4

On our website, we use the web analytics service Google Analytics 4, which is operated for citizens within the EU by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

We integrate Google Analytics 4 via Google Tag Manager. If you have not consented to the use of the analytics tools, your data will not be collected as part of Google Analytics 4.

Google Analytics 4 uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. This is used to analyze your usage behavior and to improve our website. The access data is compiled by Google on our behalf into pseudonymous usage profiles and transmitted to a Google server in the USA. We will process the information obtained to evaluate your use of the website and to compile reports on website activities.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of the data. For example, Google Analytics models 4 conversions to the extent that there is not enough data to optimize analysis and reports. For information on this, see the related Google documentation. The data evaluations are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria. More about this can be found in the related Google documentation.

The data collected as part of the usage analysis of Google Analytics 4 is enriched with data from the Google Search Console and linked with data from Google Ads, in particular to measure the success of our advertising campaigns (so-called conversions).

Processed data: The following data can be processed by Google Analytics 4:

– IP address;
– User ID and device ID;
– Referrer URL (previously visited page);
– Pages viewed (date, time, URL, title, duration of visit);
– downloaded files;
– clicked links to other websites;
– Achievement of specific goals (conversions);
– technical information (operating system; browser type, version and language; device type, brand, model and resolution);
– approximate location (country, region and city, if applicable, based on anonymized IP address).

Privacy settings: We have made the following privacy settings for Google Analytics 4:

– Anonymization of the IP address;
– deactivated advertising function;
– disabled personalized advertising;
– deactivated remarketing;
– Retention period of 2 months (and no reset of retention period on new activity);
– disabled cross-device and cross-page tracking (Google Signals);
– disabled data shares (especially Google Products and Services, Benchmarking, Technical Support, Account Specialist).

Cookies used: Google Analytics 4 sets the following cookies for the specified purpose with the respective storage period:
– “_ga” (400 days) and “_gid” (24 hours): Recognition and differentiation of visitors by a user ID;
– “_ga_0VDMXS9QWE” (400 days): Retention of the information of the current session.

We have concluded an order processing agreement with Google Ireland Limited for the use of Google Analytics 4. In the event that personal data is transferred by Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) pursuant to Art. 46 para. 2 lit. c DSGVO concluded. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

For more information about Google Analytics 4, please see Google’s privacy policy and the Google Analytics privacy statement. You can also find more information about the cookies used by Google Analytics 4 in Google’s documentation.

2.3.2 Google Tag Manager

On our website we use the Google Tag Manager of the company Google Inc. The provider within the EU is Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland). The legal basis for the processing of your personal data by means of the use of Google Tag Manager is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Furthermore, there is a legitimate interest iSd Art. 6 para. 1 lit. f DSGVO to use Google Tag Manager Tracking to optimize our online service and marketing activities. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.

By means of the Tag Manager, we can centrally incorporate and manage code sections from various tracking tools that we use on our website.

The Google Tag Manager is an organizational tool that allows website tags to be integrated and managed centrally and via a user interface. Tags are small sections of code that, for example, record your activity on our website. For this purpose, JavaScript code sections are inserted into the source code of our page. The tags often come from Google Ads or Google Analytics, but tags from other companies, such as Meta (Facebook) or Microsoft, can also be included and managed via the manager. Such tags can, for example, collect browser data, feed marketing tools with data, embed buttons, set cookies and also track users across multiple websites.

In order to make our website effective for internet users who are interested in our offers, we use various tracking tools such as Google Analytics 4. In order for the tracking to work, appropriate JavaScript codes must be embedded in our website. By means of the Google Tag Manager, we can incorporate the necessary scripts of the respective tracking tool relatively easily and manage them centrally. Tag Manager, on the other hand, is simply a domain that does not set cookies or store data. It is only a management tool regarding the implemented tags. With regard to the embedded tags of the various web analytics tools, such as Google Analytics 4, depending on the analytics tool, various data about your web behavior is usually collected, stored and processed by means of cookies. You can find more information about the associated processing of your personal data on the respective analysis tool, which is listed in this privacy policy.

In the Tag Manager account settings, we have given Google permission to receive anonymized data from us. However, this is only the use and usage of our tag manager and not personal data of the visitors of our website. We thus consent to the anonymous disclosure of our website data. We do not know exactly which summarized and anonymous data is forwarded. However, Google deletes all info that could identify our website in the process. Google combines this data with other anonymous website data and, as part of benchmarking measures, creates corresponding results in order to be able to compare itself with other websites.

If Google stores data, then this data is stored on Google’s own servers, whereby a large part of the servers are located outside the EU, namely in the USA in particular.

You can find out exactly where Google servers are located at https://www.google.com/about/datacenters/locations/?hl=de.

You can find out how long the individual tracking tools store data from you in our privacy policy for the individual tools.

Please note that when using this tool, data from you may also be stored and processed outside the EU. Most third countries (including the USA) are not considered secure under current European data protection law. So data may not simply be transferred to, stored in, and processed in insecure third countries unless there are appropriate safeguards (such as EU standard contractual clauses) between us and the non-European service provider.

Google also processes data from you in the USA, among other places. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.

Google uses so-called standard contractual clauses as the basis for data processing for recipients located in third countries or a data transfer there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Google Ads Data Processing Terms, which reference the standard contractual clauses, can be found at:
https://business.safety.google/intl/de/adsprocessorterms/

For more information about Google Tag Manager, please visit: https://support.google.com/tagmanager/?hl=de#topic=3441530.

You can find out what data Google basically collects and what this data is used for at https://policies.google.com/privacy?hl=de .

2.3.3 Google Ads

We use the Google Ads tool to advertise our offers. The legal basis for the processing of your personal data by means of the use of Google Ads conversion tracking is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Furthermore, there is a legitimate interest iSd Art. 6 para. 1 lit. f DSGVO to use Google Ads Conversion Tracking to optimize our online service and marketing activities. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland.

By means of conversion tracking from Google Ads, we want to gain an accurate overview of the cost-benefit factor of our advertising campaigns. With the Google Ads conversion tracking tool, we record what happens after a user clicks on our Google Ads ad, e.g. whether products are purchased. We also see which keywords, ads, ad groups and campaigns lead to the desired customer actions. This data enables us to measure the success of individual advertising measures and optimize our online marketing activities. We can also use the data obtained to make our website more interesting for you and adapt our advertising offer to your needs.

We have included a conversion tracking tag or code snippet on our website to better analyze certain visitor actions. When you click on one of our Google Ads ads, the “Conversion” cookie from a Google domain is stored on your computer (usually in the browser) or mobile device.

As soon as you complete an action on our website, Google recognizes the cookie and saves the action you performed as a so-called conversion. As long as you surf our website and the cookie has not yet expired, Google and we recognize that you have come to our website via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. It is also possible that other cookies are used to measure conversions. For ads that Google displays in various locations on the web, cookies named “__gads” or “_gac” may be set under our domain. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We only receive a report with statistical evaluations from Google. For example, we learn the total number of users who clicked on our ad and we see which advertising measures were well received.

Google also processes data from you in the USA, among other places. We would like to point out that, according to the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may be accompanied by various risks to the lawfulness and security of data processing.

Google uses so-called standard contractual clauses as the basis for data processing for recipients located in third countries or a data transfer there. Through these clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Based on Google’s information, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named “Conversion” and “_gac” (which is used in conjunction with Google Analytics) have an expiration date of 3 months.

You have the option to disable the conversion tracking of Google Ads. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time.

If you do not want cookies to be used, you can configure your browser so that it always informs you when a cookie is to be set. Thus, for each individual cookie, you can decide whether you want to allow the cookie or not. Downloading and installing this browser plug-in on https://support.google.com/ads/answer/7395996 will also disable all “advertising cookies”. Note, however, that disabling these cookies does not prevent the ads, only the personalized ads.

The Google Ads data processing terms and conditions can be found at https://business.safety.google/intl/de/adsprocessorterms/.
For more information about Google’s privacy policy, please refer to Google’s general privacy policy: https://policies.google.com/privacy?hl=de.

2.3.4 Google Ads Remarketing

We use the functions of Google Ads Remarketing on this website in addition to Google Ads. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google’s cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://www.google.com/settings/ads/onweb/.

For more information and the privacy policy, please see Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

2.3.5 Google Conversion Tracking

We use Google Conversion Tracking in addition to Google Ads on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

Google conversion tracking allows Google and us to recognize whether the user has taken certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took.

We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

For more information on Google conversion tracking, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de.

2.3.6 Meta Custom Audiences/ Conversions – Meta Pixel

Our website uses the so-called “Meta Pixel” and the Conversions API of the social network “Facebook” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

We use the Meta Pixel and the Conversions API for remarketing purposes in order to display interest-based advertisements (“Facebook Ads”) to visitors to our website when they visit the social network “Facebook” or other websites that also use the method. Our interest in doing so is to display advertising that is of interest to you in order to make our website or offers more interesting for you. Furthermore, with the help of the Meta Pixel and the Conversions API, we want to make sure that our Facebook ads match the potential interest of visitors to our website. With the help of the meta pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether visitors were redirected to our website after clicking on a Facebook ad (so-called “conversion”).
Due to the marketing tools used (Meta Pixel and Conversions API), your browser automatically establishes a connection with Facebook’s server as soon as you have agreed to the use of cookies requiring consent. Through the integration of the MetaPixel and the use of the Conversions API, Meta receives the information that you have called up the corresponding web page of our website or clicked on one of our ads. If you are registered with a Facebook service, Facebook can assign the visit to your account.
The processing of the data by Facebook takes place within the framework of Facebook’s data use policy, for this see

www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 .

Specific information and details about the meta pixel and conversions API and how it works can be found here:

www.facebook.com/business/help/742478679120153?id=1205376682832142

We are jointly responsible with Meta Platforms Ireland Limited. of 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transfer of data as part of this process. This applies for the following purposes:

– The creation of individualized or suitable ads, as well as for their optimization
– Delivery of commercial and transactional messages (e.g. via Messenger)

Thus, the following data processing operations are not covered by joint processing:

– The processing that takes place after the collection and transmission is the sole responsibility of Meta.
– The preparation of reports and analyses in aggregated and anonymized form is carried out within the framework of commissioned processing and is thus our responsibility.
–
For shared responsibility, we have entered into a corresponding agreement with Facebook, which you can view here: https://www.facebook.com/legal/controller_addendum.

The contact details of the company responsible, as well as Meta’s data protection officer, can be found here: https://www.facebook.com/about/privacy

We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see section 1.3.). This is without prejudice to the competence of the rights of the data subjects.

More information on how Meta processes personal data, including its legal basis and further information on data subject rights can be found here:

https://www.facebook.com/about/privacy.

We transmit the data within the scope of joint responsibility on the basis of legitimate interest according to. Art. 6 (1) f DSGVO. The cookies set for this purpose via our website are stored for up to 180 days after the last interaction.

Information on the data security conditions can be found here: https://www.facebook.com/legal/terms/data_security_terms and on the processing operations based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

You can disable the tool via the cookie settings and for logged in visitors at https://www.facebook.com/settings/?tab=ads#.

2.3.7 LinkedIn (Insight tag)

With your consent, we activate a cookie from LinkedIn when you visit our website (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland).
The tag reports to LinkedIn what actions you have taken on our website and potentially identifies you.

With the data, LinkedIn can recognize that you have visited our website, what you have clicked on and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn may associate this data with your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the data protection information at https://www.linkedin.com/legal/privacy-policy.

We do not receive any data about you or other users from LinkedIn, but only statistics that show us, aggregated for all users in a given period, how they have used our offers and ads on other LinkedIn platforms. This helps us analyze which of our ads were successful and which were not.

2.3.8 Note on Basis for Data Processing Using U.S. Tools

On July 10, 2023, the European Commission certified that the successor to the Privacy Shield provides an adequate level of protection. With the new adequacy decision, personal data from the EU to the U.S. can start flowing again immediately, without the need for further transfer instruments or additional measures. However, this only applies if the organization to which they are transferred is also certified under the EU-U.S. Data Privacy Framework.

The extent to which the providers we use have meanwhile certified themselves for this purpose can be found on the website of the U.S. Department of Commerce, which is updated regularly: https://www.dataprivacyframework.gov/s/participant-search.

3. use of offers on our website

Insofar as you make use of certain features on our website, it may be necessary for you to provide further personal data for this purpose. Details can be found in the following regulations.

3.1 Contact forms

(1) When voluntarily using our contact forms, you will be asked to provide your first name, name, e-mail address, telephone number, if applicable, and the reason for your inquiry/contact (message). Mandatory information for your request is only your e-mail address. The information is collected and stored exclusively for the purpose of responding to your inquiry.

(2) The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to respond to your inquiry about our services or offers and to prove a possible misuse of the e-mail address used for this purpose.

(3) We store the information you provide via the contact form until the purpose of your inquiry has been fulfilled. The additional amounts due pursuant to para. 1 we store personal data for a maximum of one month after receipt of the confirmation.

(4) Recipients of the data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

3.2 Newsletter

(1) With your consent and by providing your e-mail address, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods or services are named in the declaration of consent. The only mandatory data for sending the newsletter is your e-mail address.

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. After your confirmation of the newsletter order, we store the information you have provided in accordance with para. 2 for the purpose of sending the newsletter and proof of possible misuse of your e-mail address in accordance with para. 2.

(3) The legal basis for the processing of your personal data is the consent expressly given by you pursuant to Art. 6 para. 1 lit. a GDPR and with regard to the data collected pursuant to para. 2 processed data is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to proof of possible misuse of the e-mail address used for this purpose.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each e-mail newsletter or by sending an e-mail to newsletter@dortmund-airport.de or by sending a message to the contact details provided in the imprint.

(5) Your e-mail address will be stored for the newsletter dispatch only for the duration of the desired registration. The other persons appointed in accordance with par. 1 stored data will be deleted by us after max. deleted one month after you unsubscribe.

(6) Recipients of the data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

4. social plugins

We have not installed any social media plugins, so no personal data is processed via our site. Only when you click on the respective link to one of the following services and are redirected to the corresponding social media presence, corresponding data is processed. Further information on data processing can be found in the corresponding data protection statements. (Note: do you already have corresponding privacy statements for the respective social media presence? We will be happy to assist you in this regard).

Facebook

Instagram

Youtube

LinkedIn

Xing

5. security measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection law are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include, in particular, the encrypted transmission of data between your browser and our server.

Status: October 20, 2023