Privacy policy

www.ifpconsulting.de

A. General provisions on data processing

1. subject of this privacy policy

We, from IFP CONSULTING, appreciate your interest in our website.

The protection of your personal data is a great and very important concern for us. In the following, we would therefore like to inform you in detail about which data is collected when you visit our website, use our offers there and how this is processed or used by us in the following. Furthermore, we also inform you about the accompanying protective measures we have taken in technical and organizational terms.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the applicable data protection regulations. By means of this data protection declaration, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us and, insofar as you are affected by the data processing, to clarify this.

Although we, as the party responsible for processing personal data, have implemented numerous technical and organizational measures, Internet-based data transmission may in principle have security vulnerabilities, so that absolute protection cannot be guaranteed. We ask you to take this into account when using our Internet offer.

2. definitions

In this data protection declaration, terms are used which have been specified by the legislator in the basic data protection regulation (hereinafter also DSGVO). You could access the GDPR at the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE

The aim of our privacy policy is to inform you in a simple and understandable way about the processing of your personal data on our website.

3. name and address of the controller

The responsible person in the sense of data protection law is:

ifp – Prof. Dr.-Ing. Joachim Milberg Institut für Produktion und Logistik GmbH & Co. KG
– IFP CONSULTING –
Parkring 17
D-85748 Garching b. München

Represented by
Komplementärin
ifp Verwaltungs GmbH
Garching – Amtsgericht München – HRB 166480

Geschäftsführung
Dr.-Ing. Gerhard Nowak
Denise Pohlig

Contact
Tel. +49 (0)89 456727-0
Fax +49 (0)89 456727-33
info@ifpconsulting.de

4. deletion and blocking of personal data/ storage period

Unless otherwise specified for the respective processing of personal data in Chapter B. of this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data of the data subject are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data of the data subject that must be retained for reasons of commercial or tax law.

According to the legal requirements, the storage takes place for six years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) as well as for ten years pursuant to § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, etc.)

5. rights of the data subject

5.1. Right to confirmation

Every data subject has the right, granted by the European Directive and Regulation, to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact us at any time.

5.2. Right to information

Any person affected by the processing of personal data has the right to obtain from the controller, at any time and free of charge, information about the personal data stored about him or her and a copy of such information. Furthermore, the data subject is entitled to access the following information:

– the processing purposes
– the categories of personal data that are processed
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
– the existence of a right to obtain the rectification or erasure of personal data concerning them or to obtain the restriction of processing by the controller or a right to object to such processing
– the existence of a right of appeal to a supervisory authority
– if the personal data are not collected from the data subject: All available information about the origin of the data
– the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, he or she may contact us at any time.

5.3 Right to rectification

Any person concerned by the processing of personal data has the right to obtain the rectification without delay of inaccurate personal data concerning him or her. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data by means of a supplementary declaration.

If a data subject wishes to exercise this right of rectification, he or she may contact us at any time.

5.4 Right to deletion

Any person concerned by the processing of personal data has the right to obtain from the controller the erasure without delay of personal data concerning him or her, where one of the following grounds applies and insofar as the processing is not necessary:

– The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
– The data subject revokes the consent on which the processing is based pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2(a) GDPR and there is no other legal basis for the processing.
– The data subject shall, pursuant to Art. 21 para. 1 DSGVO, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(1) DSGVO. 2 DSGVO to object to the processing.
– The personal data have been processed unlawfully.
– The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
– The personal data was collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO collected.

If one of the aforementioned reasons applies, and a data subject wishes to arrange for the deletion of personal data stored by IFP CONSULTING, he or she may, at any time, contact us. We will arrange for the deletion request to be complied with immediately.

If the personal data of IFP CONSULTING has been made public and our company is responsible according to Art. 17 para. 1 DSGVO to erase personal data, IFP CONSULTING shall, taking into account the available technology and the cost of implementation, implement reasonable measures, including technical measures, to inform other data controllers which process the published personal data, that the data subject has requested from those other data controllers to erase all links to or copies or replications of the personal data, unless the processing is necessary. We will take the necessary steps in individual cases.

5.5 Right to restriction of processing

Any person concerned by the processing of personal data has the right to obtain from the controller the restriction of processing where one of the following conditions is met:

– The accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
– The processing is unlawful, the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
– The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defense of legal claims.
– The data subject has objected to the processing pursuant to Art. 21 para. 1 DSGVO and it is not yet clear whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the aforementioned cases applies, and a data subject wishes to request the restriction of personal data stored by IFP CONSULTING, he or she may, at any time, contact us. We will then arrange for the restriction of processing.

5.6 Right to data portability

Any person concerned by the processing of personal data has the right to receive the personal data concerning him or her, which has been provided by the data subject to a controller, in a structured, commonly used and machine-readable format. The data subject shall also have the right to transmit such data to another controller without hindrance by the controller to whom the personal data were provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1(b) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Art. 20 para. 1 GDPR the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject may contact us at any time.

5.7 Right of objection

Any person concerned by the processing of personal data has the right, on grounds relating to his or her particular situation, to object at any time to processing of personal data relating to him or her which is carried out on the basis of Article 6(1) of the Data Protection Act. 1 letters e or f DSGVO. This also applies to profiling based on these provisions.

IFP CONSULTING shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defense of legal claims.

If IFP CONSULTING processes personal data for the purpose of direct marketing, the data subject shall have the right to object at any time to processing of personal data processed for such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If the data subject objects to IFP CONSULTING to IFP CONSULTING to the processing for direct marketing purposes, IFP CONSULTING will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out by IFP CONSULTING for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the German Data Protection Act. 1 DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact us directly. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise his or her right to object by means of automated procedures using technical specifications.

5.8 Automated decisions in individual cases including profiling

Any person concerned by the processing of personal data has the right, granted by the European Directive and the Regulation, not to be subject to a decision based solely on automated processing, including possible profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision

– is not necessary for the conclusion or performance of a contract between the data subject and the controller, or
– is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
– takes place with the express consent of the data subject.

Is the decision

– necessary for the conclusion or performance of a contract between the data subject and the controller, or
– If it takes place with the explicit consent of the data subject, IFP CONSULTING shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which include at least the right to obtain the intervention of a data subject on the part of the responsible person, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact us.

5.9 Right to revoke consent under data protection law

Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise the right to withdraw consent, he or she may contact us at any time.

Any data subject may contact us directly at any time with any questions or suggestions regarding data protection.

5.10 Right of appeal to a data protection supervisory authority

Any person affected by the processing of personal data has the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

6. legal basis of the processing

Unless otherwise stated in the description of the respective data processing operation in the following chapter B. of this data protection declaration, the following regulations apply.

Art. 6 I lit. a DSGVO serves IFP CONSULTING as the legal basis for processing operations for which consent must be obtained for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our services and products. If IFP CONSULTING is subject to a legal obligation by which a processing of personal data becomes necessary, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f DSGVO are based. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of IFP CONSULTING or a third party, unless such interest is overridden by the interests, fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator (cf. recital 47 sentence 2 DSGVO).

7. consideration of legitimate interests

Unless otherwise regulated in the description of the respective data processing operation in Chapter B. of this data protection declaration and the processing of personal data is based on Article 6 I lit. f DSGVO, our legitimate interest is the performance of our business activities and the associated economic interest.

8. data protection when using our contact details

If you use the contact data provided on our website (such as our e-mail address or fax number) to contact us, the personal data you provide will only be processed for the purpose of contacting you.

If the reason for your contacting us is your interest in our services or products or the fulfillment of an existing or future contract with us, the legal basis is Art. 6 Para. 1 lit. b GDPR. In all other cases of contact, we have a legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to the data processing based on the communication initiated by you.

We store the data required for processing the contract until the expiry of the statutory warranty and, if applicable, contractual warranty periods. We retain the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. Section 257 HGB, Section 147 AO). The data processed to carry out pre-contractual measures will be deleted as soon as the measures have been carried out and there is no recognizable conclusion of a contract.

The personal data stored by us on the basis of a legitimate interest will be stored until the purpose pursued by the contact has been achieved. You have the right to object to data processing based on Art. 6 para. 1 f) DSGVO is carried out and is not for direct marketing purposes for reasons arising from your particular situation at any time. In the case of direct advertising, however, you may object to the processing at any time without giving reasons.

Recipients of the personal data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded a corresponding order processing agreement in accordance with Art. 28 DSGVO.

9. data protection during applications and the application process

We collect and process the personal data of applicants for the purpose of carrying out the application procedure and thus on the basis of a pre-contractual measure within the meaning of Art. 6 para. 1 lit. b DSGVO or our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to the employment of employees.

The processing may also take place electronically, e.g. if an applicant submits relevant application documents to us electronically, for example by e-mail or via our contact form. If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interests of the controller prevent such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Due to the digitalized recording of the applications received, the recipients of the processed personal data are our IT service providers (esp. hosters), with whom we have concluded corresponding order processing agreements within the meaning of Art. 28 DSGVO.

10. changes to this privacy policy

IFP CONSULTING reserves the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly and inform yourself about the applicable privacy policy.

B. Special provisions for data processing on our website

1. informational use and collected data

The extent and type of collection and use of your data differs depending on whether you visit our website only to retrieve information or to make use of services offered by us, such as making a booking.

(1) In the case of mere informational use of the website, i.e. if you do not, for example, make a booking via our website or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request comes
Browser
Operating system and its interface
Language and version of the browser software.
(2) The persons appointed in accordance with par. 1 of this regulation are processed for the specified purposes for the duration max. stored for 30 days and then deleted.

2. use of cookies and similar technologies

In addition to the aforementioned data, cookies or similar technologies (e.g. pixel tags, web beacons) will be stored on your computer when you use our website. In the following, these cookies and similar technologies are referred to as “cookies”. Cookies are small files that usually consist of letters and numbers. These files are placed on your computer, tablet, cell phone or similar device when you use the device to visit a website.

Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective. The cookies used on our website can be divided into two categories: technically necessary cookies (item 2.1), functional cookies (item 2.2) and cookies for marketing and analysis purposes (item 2.2). In the following, you have the option of determining yourself whether or not you wish to permit the use of cookies for the purposes specified in each case. You can change your settings at any time. Please note that blocking certain types of cookies may impair your use of our website.

2.1 Technically required cookies

(1) Technically necessary cookies are used on this website. The use of technically necessary cookies serves to ensure the proper and secure operation of our website and its functionalities. These cookies are set, for example, to enable basic functions of the website, to store the setting of your privacy preferences, to provide secure authentication that allows you to log in to your user account, to match the technical requirements of your terminal device, and to allow you to fill out forms.

(2) Data processing by means of technically necessary cookies is carried out either on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to the functionality of our website. Or the use is based on Art. 6 para. 1 lit. c to obtain and manage the consents required by law for the use of cookies, as is the case with the setting of cookies by User.

The user data collected through technically required cookies, are not used to create user profiles.

(3) The technically necessary cookies are deleted when the browser is closed.

(4) If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your Internet browser. However, this may result in a functional restriction of our website. You can also delete permanently stored cookies at any time via your browser.

(5) Recipients of the data processed in accordance with the above paragraphs are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

2.1.1 Word Press modular system

We use the website construction system of WordPress.com for our website. The service provider is the American company Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter referred to only as “Word Press”).

WordPress also processes data from you in the USA, among other places. We would like to point out that due to the case law of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA.

As a basis for data processing for recipients located in third countries (such as the USA) or a data transfer there, WordPress uses so-called standard contractual clauses of the EU Commission. These are intended to ensure that your personal data comply with the European level of data protection if they are transferred to third countries (such as the USA) and stored there. Through these clauses, WordPress undertakes to comply with European data protection standards when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission, which you can read incl. of the standard contractual clauses can be found here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de .

The Data Processing Agreements, which correspond to the standard contractual clauses, can be found at https://wordpress.com/support/data-processing-agreements/.

To learn more about the data processed through the use of WordPress.com, please see the Privacy Policy at https://automattic.com/de/privacy/.

2.1.2 Compliance GDPR/CCPA

On our website, we use the cookie consent tool from “Complianz GDPR/CCPA Cookie Consent” to obtain or display your consent to the storage of certain cookies in your browser and to document this in a data protection-compliant manner. The provider of this technology is Complianz B.V., Atoomweg 6b, 9743 AK Groningen, Netherlands (hereinafter Complianz).

When you visit our website, a cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored.

The collected data is stored until you request us to delete it or delete the cookie yourself, or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Complianz’s data processing can be found at https://complianz.io/privacy-statement.

The use of Complianz cookie consent technology is done in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

2.2 Functional cookies

(1) Functional cookies may also be used on this website. These enable us to provide you with certain information (such as map sections for directions to the airport or videos about our services), and we use third-party services to do so.

(2) The data processing by means of functional cookies is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. In the cookie settings of our website, you have the option in each case to give your consent to the use of functional cookies individually or generally and to revoke this at any time for the future. If you do not wish the use of certain cookies or cookies in general, you can instead also prevent their storage on your terminal device by making the appropriate settings on your terminal device and/or Internet browser. You can select “do not accept cookies” in your Internet browser settings. For the procedures for managing and deleting cookies in the settings of your Internet browser, please refer to the help function provided for this purpose in your Internet browser. You can also disable all cookies using free Internet browser add-ons.

(3) You can delete stored cookies at any time in the system settings of your terminal device and/or Internet browser. You can also activate the “Do-Not-Track function” in your terminal device. If this function is activated, your terminal tells the respective service that they no longer want to be recorded by it.

(4) Recipients of the data processed in accordance with the above paragraphs are IT service providers (esp. hosters) and the respective service provider with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

(5) Please note that the functionality and range of functions of our website may be limited according to your cookie settings. Information on the services we use that employ functional cookies, as well as further options for deactivating them, can be found in the following notes.

2.3 Cookies for marketing purposes and for analyzing reach and performance

(1) Cookies for marketing purposes (also called “marketing cookies”) are used to enable us to provide you with interest-based content and commercial advertising regarding our offerings and to provide more accurate campaign performance reports. These cookies are partly set by third-party providers, i.e. marketing and social media partners selected by us. As a result, they receive information about your use of our website and may combine this information with other data they may have received from you elsewhere.

Cookies for analyzing reach and performance (also called “analytics cookies”) are intended to enable an evaluation of the use of our website. These cookies are partially set by third-party providers. Through the use of such cookies, we can, for example, count the visits to our websites and track from which other websites a redirection to our website took place. This enables us to find out, for example, which parts of our website are accessed particularly frequently and how you move around our website. This allows us to determine the overall performance of our website and improve it as well as optimize content.

(2) The data processing by means of marketing and analysis cookies is carried out exclusively on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. In the cookie settings of our website, you have the option in each case to give your consent to the use of functional cookies individually or generally and to revoke this at any time for the future. If you do not wish the use of certain cookies or cookies in general, you can instead also prevent their storage on your terminal device by making the appropriate settings on your terminal device and/or Internet browser. You can select “do not accept cookies” in your Internet browser settings. For the procedures for managing and deleting cookies in the settings of your Internet browser, please refer to the help function provided for this purpose in your Internet browser. You can also disable all cookies using free Internet browser add-ons.

(3) You can delete stored cookies at any time in the system settings of your terminal device and/or Internet browser. You can also activate the “Do-Not-Track function” in your terminal device. If this function is activated, your terminal tells the respective service that they no longer want to be recorded by it.

(4) Recipients of the data processed in accordance with the above paragraphs are, in addition to the operators of the respective services, our IT service providers (esp. hosters) and the respective service provider with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

(5) Please note that the functionality and range of functions of our website may be limited according to your cookie settings. Information on the services we use that employ functional cookies, as well as further options for deactivating them, can be found in the following notes.

2.3.1 Meta Custom Audiences/ Conversions – Meta Pixel

Our website uses the so-called “Meta Pixel” and the Conversions API of the social network “Facebook” of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the following purposes:

We use the Meta Pixel and the Conversions API for remarketing purposes in order to display interest-based advertisements (“Facebook Ads”) to visitors to our website when they visit the social network “Facebook” or other websites that also use the method. Our interest in doing so is to display advertising that is of interest to you in order to make our website or offers more interesting for you. Furthermore, with the help of the Meta Pixel and the Conversions API, we want to make sure that our Facebook ads match the potential interest of visitors to our website. With the help of the meta pixel, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether visitors were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

Due to the marketing tools used (Meta Pixel and Conversions API), your browser automatically establishes a connection with Facebook’s server as soon as you have agreed to the use of cookies requiring consent. Through the integration of the MetaPixel and the use of the Conversions API, Meta receives the information that you have called up the corresponding web page of our website or clicked on one of our ads. If you are registered with a Facebook service, Facebook can assign the visit to your account.

The processing of the data by Facebook takes place within the framework of Facebook’s data use policy, for this see

www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Specific information and details about the meta pixel and conversions API and how it works can be found here:

www.facebook.com/business/help/742478679120153?id=1205376682832142

We are jointly responsible with Meta Platforms Ireland Limited. of 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transfer of data as part of this process. This applies for the following purposes:

– The creation of individualized or suitable ads, as well as for their optimization

– Delivery of commercial and transactional messages (e.g. via Messenger)

Thus, the following data processing operations are not covered by joint processing:

– The processing that takes place after the collection and transmission is the sole responsibility of Meta.

– The preparation of reports and analyses in aggregated and anonymized form is carried out within the framework of commissioned processing and is thus our responsibility.

For shared responsibility, we have entered into a corresponding agreement with Facebook, which you can view here: https://www.facebook.com/legal/controller_addendum.

The contact details of the company responsible, as well as Meta’s data protection officer, can be found here: https://www.facebook.com/about/privacy

We have agreed with Meta that Meta can be used as a contact point for the exercise of data subject rights (see section 1.3.). This is without prejudice to the competence of the rights of the data subjects.

More information on how Meta processes personal data, including its legal basis and further information on data subject rights can be found here:

https://www.facebook.com/about/privacy.

We transmit the data within the scope of joint responsibility on the basis of legitimate interest according to. Art. 6 (1) f DSGVO. The cookies set for this purpose via our website are stored for up to 180 days after the last interaction.

Information on the data security conditions can be found here: https://www.facebook.com/legal/terms/data_security_terms and on the processing operations based on standard contractual clauses can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

You can disable the tool via the cookie settings and for logged in visitors at https://www.facebook.com/settings/?tab=ads#.

2.3.2 LinkedIn (Insight tag)

With your consent, we activate a cookie from LinkedIn when you visit our website (LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland).
The tag reports to LinkedIn what actions you have taken on our website and potentially identifies you.

With the data, LinkedIn can recognize that you have visited our website, what you have clicked on and if you have clicked on a link on LinkedIn that connects you to our website. This allows LinkedIn to show you interest-based content. LinkedIn may associate this data with your user account and use it for its own purposes. The processing of your data by LinkedIn is explained in the data protection information at https://www.linkedin.com/legal/privacy-policy.

We do not receive any data about you or other users from LinkedIn, but only statistics that show us, aggregated for all users in a given period, how they have used our offers and ads on other LinkedIn platforms. This helps us analyze which of our ads were successful and which were not.

2.3.3 Note on the basis for data processing using US tools

On July 10, 2023, the European Commission certified that the successor to the Privacy Shield provides an adequate level of protection. With the new adequacy decision, personal data from the EU to the U.S. can start flowing again immediately, without the need for further transfer instruments or additional measures. However, this only applies if the organization to which they are transferred is also certified under the EU-U.S. Data Privacy Framework.

The extent to which the providers we use have meanwhile certified themselves for this purpose can be found on the website of the U.S. Department of Commerce, which is updated regularly: https://www.dataprivacyframework.gov/s/participant-search.

2.3.4 Matomo On-Premise (without cookies)

(1) We use Matomo On-Premise as an analysis tool on our website without the use of cookies. When using this tool, Matomo is installed on our own server. All data is therefore stored and processed directly by us and not by a third-party provider. The provider of the analysis tool is InnoCraft Ltd, 7 Waterloo Quay PO 625, 6140 Wellington, New Zealand.

(2) Matomo On-Premise is a web analysis platform that provides us with statistics about your behavior on our website. We also use IP anonymization for your IP address when you visit our website, and all cookies have been deactivated.

(3) Due to the aforementioned settings, information about your visitor behavior is stored by us, but this is not personal data, but information such as the number of visitors, page views, length of stay or search terms used. It also includes technical data such as browser type, the operating system you are using and your screen resolution. Information can also be collected about which website a visitor came to us from. This data is stored exclusively by us and is not passed on to a third-party provider.

(4) The data is stored exclusively on our own server. This is located in Germany, so no data is processed in third countries, i.e. countries outside the GDPR. This data is only stored for as long as is necessary for our business purposes.

(5) Furthermore, you have the option to object to data processing at any time:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

(6) The processing of the aforementioned data is based on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR to analyze the behavior of website visitors and to operate our website technically and economically.

Further information on Matomo’s terms of use and data protection regulations can be found at: https://matomo.org/privacy/

3. use of offers on our website

Insofar as you make use of certain features on our website, it may be necessary for you to provide further personal data for this purpose. Details can be found in the following regulations.

3.1 Contact forms

(1) When voluntarily using our contact forms, you will be asked to provide your first name, name, e-mail address, telephone number, if applicable, and the reason for your inquiry/contact (message). Mandatory information for your request is only your e-mail address. The information is collected and stored exclusively for the purpose of responding to your inquiry.

(2) The legal basis for the processing of your personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to respond to your inquiry about our services or offers and to prove a possible misuse of the e-mail address used for this purpose.

(3) We store the information you provide via the contact form until the purpose of your inquiry has been fulfilled. The additional amounts due pursuant to para. 1 we store personal data for a maximum of one month after receipt of the confirmation.

(4) Recipients of the data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

3.2 Newsletter

(1) With your consent and by providing your e-mail address, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods or services are named in the declaration of consent. The only mandatory data for sending the newsletter is your e-mail address.

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. After your confirmation of the newsletter order, we store the information you have provided in accordance with para. 2 for the purpose of sending the newsletter and proof of possible misuse of your e-mail address in accordance with para. 2.

(3) The legal basis for the processing of your personal data is the consent expressly given by you pursuant to Art. 6 para. 1 lit. a GDPR and with regard to the data collected pursuant to para. 2 processed data is our legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO to proof of possible misuse of the e-mail address used for this purpose.

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each e-mail newsletter or by sending an e-mail to newsletter@dortmund-airport.de or by sending a message to the contact details provided in the imprint.

(5) Your e-mail address will be stored for the newsletter dispatch only for the duration of the desired registration. The other persons appointed in accordance with par. 1 stored data will be deleted by us after max. deleted one month after you unsubscribe.

(6) Recipients of the data processed in accordance with this provision are IT service providers (esp. hosters) with whom we have concluded corresponding order processing agreements in accordance with Art. 28 DSGVO.

4. social plugins

We have not installed any social media plugins, so no personal data is processed via our site. Only when you click on the respective link to one of the following services and are redirected to the corresponding social media presence, corresponding data is processed. Further information on data processing can be found in the corresponding data protection statements.

Facebook

Instagram

Youtube

LinkedIn

Xing

5. security measures

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection law are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures include, in particular, the encrypted transmission of data between your browser and our server.

Status: October 28, 2023