In compliance with the requirements of the General Data Protection Regulation (GDPR), we hereby provide you with information on how we handle the personal data (e.g. name, address, e-mail addresses, user behaviour) that you knowingly or unknowingly leave behind when you visit our website – including information on how long these data are stored and your rights as a data subject.

Controller

The controller pursuant to Art. 4(7) GDPR is:

Zoologischer Garten Berlin AG
Hardenbergplatz 8, 10787 Berlin

Tel.: +49 (0)30 25401-0
Fax: +49 (0)30 25401-255
E-mail: info@zoo-berlin.de

Data protection officer

You can contact our data protection officer at datenschutz@zoo-berlin.de or the above-mentioned postal address, making sure to add “Data protection officer” as the recipient.

Legal basis for the processing of personal data

In accordance with Article 13 of the GDPR, we hereby inform you of the legal bases for our data processing activities. Where the legal basis is not specifically stated in this privacy policy, the following applies:

The legal basis for obtaining consent is Article 6(1)(a) in conjunction with Article 7 of the GDPR.

The legal basis for processing to fulfil our services and carry out contractual measures, as well as to respond to enquiries, is Article 6(1)(b) of the GDPR.

The legal basis for processing to fulfil our legal obligations is Article 6(1)(c) of the GDPR.

If the processing of your data is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override that interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

Data erasure and retention period

We adhere to the principles of data minimisation in accordance with Article 5(1)(c) of the GDPR and storage limitation in accordance with Article 5(1)(e) of the GDPR. We store your personal data only for as long as is necessary to achieve the purposes stated here or as required by the retention periods prescribed by law. Once the relevant purpose no longer applies or these retention periods have expired, the relevant data will be deleted as soon as possible.

External links

This website may contain links to third-party websites or to other websites for which we are responsible. If you follow a link to a website for which we are not responsible, please note that these websites have their own privacy policies. We accept no responsibility or liability for these external websites or their privacy policies. You should therefore check whether you agree with the privacy policies on those websites before using them.

You can recognise external links either by the fact that they are displayed in a slightly different colour from the rest of the text or by the fact that they are underlined. Your cursor will display external links when you move it over them. Only when you click on an external link will your personal data be transferred to the link’s destination. The operator of the other website will then receive, in particular, your IP address, the time at which you clicked the link, the page on which you clicked the link, and further information that you will find in the privacy policy of the respective provider.

Please also note that individual links may lead to data being transferred outside the European Economic Area. This could result in foreign authorities gaining access to your data. You may not have any legal remedies against such access to your data. If you do not wish your personal data to be transferred to the link destination or, indeed, to be exposed to unwanted access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject within the meaning of the GDPR, you have the ability to exercise various rights. The data subjects’ rights resulting from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority (Article 77) and the right to data portability (Article 20).

Right to withdraw consent:

Some data processing operations may only take place with your explicit consent. You have the option to withdraw your consent at any time. However, this does not affect the lawfulness of the data processing carried out prior to the withdrawal.

Right to object:

Where processing is based on Article 6(1)(e) or (f) of the GDPR, you, as the data subject, may object at any time to the processing of your personal data on grounds relating to your particular situation.

You also have this right in the case of profiling based on these provisions as defined by Article 4(4) of the GDPR. Unless we can demonstrate a legitimate interest in processing your data that overrides your interests, rights and freedoms, or unless the processing is necessary for the establishment, exercise or defence of legal claims, we will cease processing your data following your objection.

If the processing of personal data is used for direct marketing purposes, you also have the right to object at any time. The same applies to profiling related to direct marketing. Here, too, we will no longer process your personal data once you have objected.

Right to lodge a complaint with a supervisory authority:

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Right to data portability:

If your data is processed automatically on the basis of consent or the performance of a contract, you have the right to receive this data in a structured, commonly used and machine-readable format. You also have the right to request the transmission and provision of the data to another controller, provided this is technically feasible.

Right of access, rectification and erasure:

You have the right to obtain information about your processed personal data regarding the purposes of the data processing, the categories, the recipients and the duration of storage. If you have any questions on this subject or on other matters relating to personal data, you are of course welcome to contact us using the contact details provided in our company information.

Right to restriction of processing:

You may at any time request the restriction of the processing of your personal data. To do so, you must meet one of the following criteria:

• If you contest the accuracy of the personal data, you have the right to request restriction of processing for the period of time it takes for its accuracy to be verified.
• If the processing is unlawful, you may request the restriction of the use of the data as an alternative to erasure.
• If we no longer require your personal data for the purposes of processing, but you require the data to establish, exercise or defend legal claims, you may request restriction of processing as an alternative to erasure.
• If you object to the processing in accordance with Article 21(1) of the GDPR, we will assess whose interests override the other. Until this assessment has been completed, you have the right to request the restriction of processing.

Restriction of processing means that, apart from storage, the personal data may only be processed with your consent or for the purpose of establishing, exercising or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

Website hosting

Our website is hosted by:

Planetary Networks GmbH

Our online shop is hosted by:

Hetzner Online GmbH

When you visit our website, we automatically collect and store information in what are known as server log files. Your browser automatically transmits this information to our server or to the server of our hosting provider.

This includes:

• The IP address of the website visitor’s device
• The device used
• The hostname of the accessing computer
• The visitor’s operating system
• The browser type and version
• The name of the file accessed
• The time of the server request
• The volume of data
• Information on whether the data was successfully retrieved

This data is not combined with other data sources.

Instead of hosting our websites on our own server, we may also have them hosted on the server of an external service provider (hosting company), which we have named above. The personal data collected by our websites is then stored on the hosting company’s servers. In addition to the data mentioned above, the web host also stores on our behalf, for example, contact enquiries, contact details, names, website access data, meta and communication data, contract data and other website-generated data.

The legal basis for the processing of this data is Article 6(1)(f) of the GDPR. Our legitimate interest is to ensure the website functions correctly and to optimise its performance. If the website is accessed for the purpose of entering into contract negotiations with us or concluding a contract, this serves as a further legal basis (Article 6(1)(b) of the GDPR). In the event that we have commissioned a hosting company, a data processing agreement exists with this service provider.

Use of local storage items, session storage items and cookies

Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored within the browser on your device. This data usually includes user preferences, such as a website’s “day” or “night” mode, and remains stored until you delete it manually. Session storage is very similar to local storage, except that the data is only stored for the duration of the current session, i.e. until the current tab is closed. After that, the session storage items are deleted from your device. Cookies are pieces of information that a web server (a server that provides web content) stores on your device in order to be able to identify that device. They are either stored temporarily for the duration of your visit and deleted when you leave a website (“session cookie”) or they are stored permanently on your device until you delete them yourself or they are automatically deleted by your web browser (“persistent cookie”).

These items may also be stored on your device by third-party companies when you visit our website (“third-party requests”). This enables us, as the operator of this website, and you, as a visitor to this website, to use certain third-party services installed on this website. Examples include the processing of payment services and the display of videos.

These mechanisms have a variety of uses. They can be used to improve the functionality of a website, to control shopping basket functions, to increase the security and usability of a website, and to carry out analyses of visitor flows and behaviour. Depending on their specific functions, the items must be classified in accordance with data protection law. If they are necessary for the operation of the website and the provision of certain functions (shopping basket function) or if they serve to optimise the website (e.g. cookies for measuring visitor behaviour), then their use is based on Article 6(1)(f) of the GDPR. As the website operator, we have a legitimate interest in storing local storage items, session storage items and cookies in order to ensure our services are provided in an optimal way and without any technical errors. In all other cases, the storage of local storage items, session storage items and cookies takes place only with your express consent (Article 6(1)(a) of the GDPR).

Wherever local storage items, session storage items or cookies are used by third-party companies or for analytics purposes, we will inform you about this separately within the scope of this privacy policy. We will ask for your necessary consent, which can be withdrawn at any time.

Use of external services

We use external services on our website. External services are third-party services that are integrated into our website. This may be done for various reasons, such as embedding videos or ensuring the security of the website. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in using these services, we will obtain your consent as a visitor to our website prior to their use. This consent may be withdrawn at any time (Article 6(1)(a) of the GDPR).

Online tickets

You have the option to purchase day tickets, annual passes and vouchers via the online shop on our website.

Further information regarding Article 13 of the GDPR as it relates to annual passes can be found here.

To complete your purchase, you must provide your first and last name, address and telephone number, and e-mail address.  

The processing of this data serves the performance of a contract in accordance with Article 6(1)(b) of the GDPR. In addition, there is a legal obligation to collect this data within in the meaning of Article 6(1)(c) of the GDPR. This obligation represents the fulfilment of tax law requirements pursuant to Section 14(4) of the German VAT Act (UstG).

Our online shop is provided by HKS Systeme GmbH, Friedrich-List-Str. 89, 33100 Paderborn. A processing contract has been concluded with HKS.

Payments can be made via credit card, giropay, paydirekt or PayPal. During the ordering process, you will be directed to the respective payment service. We only receive information from these external service providers once the payment process has been completed. We do not receive any further information (for example, account details).

The data will be deleted immediately upon expiry of the legal retention period of ten years, as stipulated in Article 17(3)(b) of the GDPR and Section 147(3) of the German Fiscal Code (AO). The period begins at the end of the calendar year in which the document was created.

You are required to provide your personal data for the fulfilment of the contract.

Donations and FundraisingBox

If you make a donation to Zoo Berlin, take on a sponsorship or include us in your will, we will use your contact and payment details to process the transaction.

The purpose of this data processing is to handle payments in connection with donations and sponsorships. The legal basis for this data processing is Article 6(1)(b) of the GDPR.

We use an external service provider, Wikando GmbH, Schießgrabenstr. 32, 86150 Augsburg, to process donations, and our donation forms are provided by FundraisingBox.

Further information can be found in the provider’s privacy policy at the following URL: https://www.fundraisingbox.com/datenschutz/.

You can find the latest information on the security procedures in place here: https://www.fundraisingbox.com/datensicherheit.

Donating via direct debit

If you make a donation using direct debit, we will submit the account details you provide to our principal bank in order to set up the direct debit.

Via PayPal

If you make a donation using PayPal, after you submit the form you will be taken directly to the PayPal website, where you can complete the transaction in the normal way. We do not receive any account information; we are only notified that your payment has been made. In this case, PayPal is responsible for data processing.

Via Sofortüberweisung bank transfer

If you make a donation using the Sofortüberweisung bank transfer method, after you submit the form you will be taken directly to the website of payment provider Sofort AG. We do not receive any account information; we are only notified that your payment has been successful. In this case, Sofort AG is responsible for data processing.

Your data will be deleted as soon as we no longer require it for the aforementioned purposes. However, we are legally required to retain the personal data provided in connection with your donation for ten years, including information about the donation amount, donation frequency, and donation purpose or project.

The provision of your personal data when making an online donation is based on a legal obligation to document donations.

We only use the information you provide in Zoo Berlin’s online forms to serve the aims of the association, for fundraising activities, and to send you more information about Zoo Berlin. You can quickly and easily withdraw your consent for further use of your data at any time, for instance by sending an e-mail to datenschutz@zoo-berlin.de with brief reference to the form you completed. However, forms normally contain separate data protection information including their own e-mail addresses for withdrawing consent to the use of personal data.

Newsletter

You have the option to subscribe to our newsletter.

We use our newsletter to inform you about us, our offers and our services.

We use the so-called double opt-in process when you subscribe to our newsletter. That means that after you subscribe, we will send an e-mail to the e-mail address provided in which we ask you to confirm that you do indeed wish to receive the newsletter. If we do not receive confirmation within the specified timeframe, the subscription process is not completed. We also store your IP addresses and the times of registration and confirmation. The purpose of this step is to prove that you have subscribed and to identify any possible misuse of your personal data.

The legal basis for this data processing is Article 6(1)(a) of the GDPR.

We have entered into a data processing agreement with our newsletter provider in accordance with Article 28 of the GDPR.

The data you provide (e-mail address) will be stored until you unsubscribe from our newsletter.

You can withdraw your consent to receive our newsletter at any time. You can declare your withdrawal by clicking on the link provided in every electronic newsletter, by sending an e-mail to datenschutz@zoo-berlin.de, or by sending a letter by post to the address provided above. Please note that this withdrawal of consent does not affect the lawfulness of the data processing conducted up until that point.

The provision of your personal data is voluntary and based solely on your consent. Without your consent, we are unfortunately unable to send you our newsletter.

Contact form

On our website, you have the option to contact us via a contact form. To contact us via this form, we require, in particular, your contact information.

If you give your consent, the legal basis is Article 6(1)(a) of the GDPR. This consent may be withdrawn at any time.

If you submit enquiries regarding our products, services or company, your data is processed for the purposes of performing a contract or taking steps prior to entering into a contract in accordance with Article 6(1)(b) of the GDPR. Furthermore, there may be a legitimate interest in maintaining business relationships or responding to your enquiry for other reasons. In this case, the legal basis for the processing of your data would be Article 6(1)(f) of the GDPR.

The data will be deleted once we have provided a final response to your enquiry and there are no other retention obligations that prevent this.

Contacting us via telephone or e-mail

In accordance with legal requirements, we have provided a telephone number and e-mail address on our website. We automatically store any data transmitted via these channels in order to process the relevant enquiries or to contact the person making the enquiry. We will not pass this data on to third parties without your consent.

If you contact us via telephone or our e-mail address for pre-contractual or contractual purposes, the legal basis for the processing of personal data is set out in Article 6(1)(b) of the GDPR. For all other forms of contact initiated by you, any personal data we process is based on our legitimate interest in accordance with Article 6(1)(f) of the GDPR.

Organising and planning events

Our website also gives you the option to register for events organised by us. For us to process your registration and run these events, we need to process your personal data. Specifically:

• Your first name and surname
• Your address
• Your e-mail address
• Your date of birth (if applicable)
• Your bank details (if applicable)

This data processing is necessary in order for us to plan and run the event and to enable your participation. (Article 6(1)(b) of the GDPR)

Where data processing is based on Article 6(1)(f) of the GDPR, our legitimate interest lies in the planning and running of the events.

In principle, we store the data until the event in question is completely over. After the event has taken place, we will transfer your data to our customer database. Legal retention periods may also apply – particularly with regard to invoice data.

Right to object:

If you do not wish to be included in our customer database, you can notify us of that immediately by sending an e-mail to datenschutz@zoo-berlin.de. Your data will then not be recorded.

Analytics

We process the personal data of website visitors to analyse user behaviour. By evaluating the data obtained, we are able to compile information about use of the individual components of our website. This enables us to improve the user-friendliness of our website. The analytics tools we use allow us, for example, to create user profiles for the purpose of displaying targeted and interest-based advertising messages; recognise our website visitors the next time they visit our website; measure their click/scroll behaviour and their downloads; produce heat maps; track page views; measure visit duration and bounce rates; and trace the origin of website visitors (which country and city they come from and which page led them here).

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

Google Analytics

We use the Google Analytics service on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.

The service uses the following cookies on our website:

Name                                      Duration                  Type                                Purpose

DoubleClick

Besides the standard Google Analytics configuration, this website uses Google Analytics functions that support interest-based advertising and advertising based on users’ browsing habits.

Google Analytics uses a third-party cookie from DoubleClick to analyse data on user browsing behaviour across various websites. This data enables statistical conclusions to be drawn about the website users’ demographic data and areas of interest.

Some visitors to our website may see our advertising on other websites after they visit our site. This type of advertising is called “remarketing” or “retargeting”.

The legal basis for the use of Google Analytics is Article 6(1)(a) of the GDPR.

Insofar as personal data is transferred to Google servers in the United States and stored and processed there, we and Google have entered into the standard contractual clauses adopted by the European Commission, which permit the transfer of personal data to the United States in individual cases.

We can view the data processed by Google Analytics for 14 months.

We would like to emphasise that we cannot view any information about individual users, nor can we trace the statistical data we use back to specific users.

If you do not wish to see the adverts, we recommend you use one of the options described above that allow website users to disable website tracking. In addition, Google offers you the option to control advertising cookies for yourself: http://www.google.de/intl/de/policies/technologies/ads/.

Plausible Analytics

We use the Plausible Analytics service on our website. The provider of this service is Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Further information can be found in the provider’s privacy policy at the following URL: https://plausible.io/datapolicy.

Consent management

To comply with data protection requirements, we use a consent management tool on our website. We use this tool to obtain the necessary consent for the use of cookies or external services. This consent is stored.

This data processing is necessary for compliance with a legal obligation to which the controller (website operator) is subject. The legal basis for the processing is therefore Article 6(1)(c) of the GDPR.

Cookiebot

We use the Cookiebot service on our website. The provider of this service is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Further information can be found in the provider’s privacy policy at the following URL: https://www.cookiebot.com/de/privacy-policy/.

The service uses cookies on our website and stores data in the browser’s local or session storage:

Name                               Storage duration           Type                                Purpose

Interface software

Business processes run more cost-effectively, faster and with fewer errors when they are automated via interfaces using software, as this allows them to be efficiently integrated into company processes. We use interface software on our website to link different applications and to transfer personal data securely from one application to another.

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

Google Tag Manager

We use the Google Tag Manager service on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.

Software frameworks

Software frameworks facilitate interaction with a platform by providing a standardised interface to this platform. Frameworks are used to reduce the development effort involved in meeting recurring software requirements and to ensure the reusability of code and functions. Some software frameworks implement security features to prevent improper use of the website. Software frameworks can enhance functionality, accessibility, security and performance with minimal effort. Other areas of application can also be covered by software frameworks.

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

PHP.net

We use the PHP.net service on our website. The provider of this service is The PHP Group, 1400 Parkmoor Ave, Ste 100, San Jose, California, 95126, USA.

As this service is hosted locally on the web server, no data is transferred to third parties.

We base this data processing on a legitimate interest (Article 6(1)(f) of the GDPR).

This application is required to ensure the full functionality of our website.

The service uses the following cookies on our website:

Name                                      Duration                  Type                                Purpose

PHPSESSID                         Session                            First-party cookie                  This cookie was created by a PHP-based application. The purpose of this cookie is to recognise the user.

Fast Fonts

For the display of fonts, this website uses web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net). When you access a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly. To do so, the browser you use must connect to the fonts.com servers. As a result, fonts.com gains the information that our website was accessed from your IP address.

We use Fonts.com web fonts in the interest of providing a uniform and appealing presentation of our online offers. This constitutes a legitimate interest in the sense of Article 6(1)(f) of the GDPR.

Content delivery network

We use a content delivery network (CDN) to optimise the performance and availability of our website. The service provider that makes this network available processes your IP address and the information about when you visited our website. All further information about data processing by this service provider can be found in its own privacy policy.

We base this data processing on a legitimate interest (Article 6(1)(f) of the GDPR).

Our legitimate interest in using a content delivery network is to be able to display our website as quickly, securely and reliably as possible.

We use the CloudFlare service on our website. The provider of this service is Cloudflare Ltd. Its registered office is at 2nd Floor, 25 Lavington Street, London, SE1 0NZ, United Kingdom.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection: https://www.dataprivacyframework.gov/participant/5666. 

Further information can be found in the manufacturer’s privacy policy at the following URL: https://www.cloudflare.com/de-de/privacypolicy/.

Search engine

To make it easier to find content on our website, we have integrated a third-party search engine. Integrating this search engine into the website results in technical data, such as the IP address, being transmitted to the third-party provider.

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

Google

We use the Google service on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.

Advertising

Our website uses tools that facilitate or enable the placing of ads and that evaluate how effective those ads are. To this end, personal data is processed, in particular IP addresses, access times and device information.

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

Adform

On this website, we use the Adform tool provided by Adform A/S, Silkegade 3B, ST. & 1., 1113 Copenhagen, Denmark, which collects data for analysis, marketing and optimisation purposes, thereby helping us to improve our marketing activities and our website. Adform uses the data collected to link ad impressions and clicks on advertisements with subsequent visits to our website. This enables us to determine whether internet users who have seen our adverts visit our website and which products they are interested in, which helps us to use our advertising budget more efficiently. We may also use the data collected to deliver adverts based on your interests (e.g. products viewed). Pseudonymous online identification numbers (online IDs) such as cookie IDs, IP addresses, device IDs and advertising IDs/IDFAs (e.g. on Android or Apple smartphones) are used for data collection. No unique user-related data, such as name or address, is stored in this process. All IDs used by us merely enable the recognition of your device, your internet browser or the app used. The data collected will not be used to personally identify you as a user of our website or app without your specific consent. The legal basis for this data processing is Article 6(1)(a) of the GDPR. If you do not wish Adform to collect your data, you can proceed as follows:

The following links provide instructions on how to disable data collection on your computer or mobile device:

German version: https://site.adform.com/de/privacy-center/platform/widerrufsrecht/

English version: https://site.adform.com/privacy-center/platform-privacy/opt-out/

French version: https://site.adform.com/fr/privacy-center/le-site-web/

Trade Desk

We use the Trade Desk service on our website. The provider of this service is The Trade Desk, which has its headquarters at 42 N. Chestnut St., Ventura, California, 93001, USA.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://www.thetradedesk.com/de/privacy.

Meta Pixel and conversion tracking

On this website we use advertising tools provided by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as “Facebook”). By integrating the so-called “Meta Pixel” into our website, not only can we display our advertising (“Facebook ads”) to users of our website and the social network Facebook, we can also measure and evaluate how effective the advertising is (“conversion tracking”). This connection between Facebook and our website is technically implemented via the Meta Pixel. The legal basis for the processing of your data is Article 6(1)(a) of the GDPR, meaning the integration only takes place after your consent is given.

On the basis of the marketing tools used, your browser automatically establishes a direct connection with the Facebook server when you visit our website. We have no influence over the scope and further use of the data collected by Facebook through the use of this tool and therefore the following information is provided according to our current knowledge of the situation: By integrating the Meta Pixel, Facebook receives the information that you have called up the corresponding website of our internet presence, or that you have clicked on an ad from us. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider may obtain and store your IP address and other identifying information and use them to create a profile.

The information collected is stored on Facebook’s servers, including in the United States. For such cases, the provider has, according to its own information, imposed a standard on itself that corresponds to the former EU-US Privacy Shield agreement and has pledged to comply with relevant data protection laws when transferring data across international borders.

You may withdraw your consent at any time without this affecting the lawfulness of the processing conducted up until that point. The easiest way to withdraw your consent is via our Consent Manager or by clicking [here]. Logged-in users can also object via the provider’s online form, which can be found at the following link: www.facebook.com/settings/?tab=ads#_.

Further information on how Facebook processes data can be found in Facebook’s privacy policy: www.facebook.com/about/privacy.

We also employ the remarketing function Custom Audiences, which also uses the Meta Pixel, for the purpose of displaying interest-based ads when you visit our website or other websites that have integrated the Meta Pixel. This allows us to show you ads that may be of interest to you in order to make our website more appealing to you and to market our offers.

• Event data (Facebook): “Event data” refers to data that may be transmitted by us to Facebook, for example via the Meta Pixel (via apps or by other means), and which relates to individuals or their actions. This data includes, for example, information about website visits, interactions with content, features, app installations, product purchases, etc. Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences). Event data does not include the actual content (such as comments posted), login details or contact information (i.e. no names, e-mail addresses or telephone numbers). Event data is deleted by Facebook after a maximum of two years; the target groups created from it are deleted when our Facebook account is deleted.
• Contact information (Facebook): “Contact information” refers to data that (clearly) identifies data subjects, such as names, e-mail addresses and telephone numbers, which may be transmitted to Facebook, e.g. via the Meta Pixel or by upload, for matching purposes to create Custom Audiences. Following the matching process for the creation of target groups, the contact information is deleted.
• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)

Where we ask users for their consent to the use of third-party providers, the legal basis for processing user data is consent. Otherwise, user data is processed on the basis of our legitimate interest (i.e. our interest in efficient, economical, user-friendly services). In this context, please also note the information contained in this privacy policy on our use of cookies

Google Ads

We use the Google Ads service on our website. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.

The service uses the following cookies on our website:

Name                                      Duration                  Type                                Purpose

Google AdSense

We use the Google AdSense service on our website. The provider of this service is Google Ireland Limited (GV), Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

Use of this service may result in data being transferred to a third country (USA). The provider is certified under the EU-US Data Privacy Framework and therefore offers an adequate level of data protection.

Further information can be found in the provider’s privacy policy at the following URL: https://business.safety.google/privacy.

The service uses the following cookies on our website:

Name                                      Duration                  Type                                Purpose

Social media

We use social media plugins to link our website to our social media channels. The integration of these plugins is intended to make it easier for visitors to our website to follow our social media channels, share content, like posts or leave comments. Some social media plugins enable the analysis of website visitors’ behaviour in relation to their activity on social networks. The use of plugins is intended to increase the visibility and number of followers of our channels.

The plugins also process personal data and transmit data to these social networks. This transmission takes place as soon as the website is accessed. Examples of the data processed include: name, address, e-mail address, telephone number, time of access, device information and IP address.

Data will only be processed if you consent to such processing (via our consent banner on the website). The legal basis for this processing is consent (Article 6(1)(a) of the GDPR). Without your consent, data will not be processed in the manner described above. If you withdraw your consent (e.g. via the consent banner or other options provided on this website), we will cease this data processing. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

Meta Platforms

Facebook/Instagram

We use the Facebook service on our website for the purpose of operating our Facebook and Instagram pages. The provider of this service is Meta Platforms Ireland Ltd. Its registered office is at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02x525, Republic of Ireland.

Use of this service may result in data being transferred to a third country (the USA).

Further information can be found in the provider’s privacy policy at the following URL: http://www.facebook.com/about/privacy.

Facebook Connect

We use the Facebook Connect service on our website. The provider of this service is Meta Platforms Ireland Ltd (Marketplace). Its registered office is at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.

Use of this service may result in data being transferred to a third country (the USA).

Further information can be found in the provider’s privacy policy at the following URL: de-de.facebook.com/policy.php.

As the operation of our Facebook pages constitutes a joint responsibility between Facebook and us under data protection law (Article 26 of the GDPR), we have concluded a corresponding agreement with Facebook Ireland Ltd. that you can view at the following link:  https://www.facebook.com/legal/terms/page_controller_addendum

Please note that you are individually responsible for using our Facebook and Instagram pages and their features. This applies in particular to the use their interactive features (such as commenting, sharing and reacting).

We receive anonymous statistics from Facebook and Instagram on the use and usage of our pages. Below are examples of the information they provide:

• Followers: Number of people who follow us, including growth and development over a defined period of time
• Reach: Number of people who see a specific post, and the number of interactions on a post. This allows us to determine, for example, which types of content are better received by users than others.
• Ad performance: How much does a click cost us? How many people have seen an ad?
• Demographics: Average age of visitors, gender, place of residence, language

Facebook provides more detailed information on this at the following link: https://www.facebook.com/business/a/page/page-insights; corresponding information from Instagram can be found at: https://help.instagram.com/788388387972460?helpref=related.

We use these statistics, from which we are not able to draw any conclusions about individual users, to continually improve our offerings on Facebook and Instagram and to better respond to the interests of our users. The legal basis for this data processing is Article 6(1)(f) of the GDPR.

We cannot associate this statistical data with the profile data of our followers. You can use your Facebook and Instagram settings to decide how targeted advertising is shown to you.

If you have an account with Facebook or Instagram, you can send us a message using the message feature. Such messages are not visible to other Facebook or Instagram users. We process the personal data contained in messages you send to us only in order to respond to your enquiry. The legal basis for this data processing is Article 6(1)(a) of the GDPR. Messages are deleted when your enquiry has been answered and when no other reason entitles or obliges us to keep your message.

Facebook and Instagram do not conclusively or clearly state, nor do we have any knowledge of, how they use data from visits to Facebook and Instagram pages for their own purposes, to what extent activity on Facebook and Instagram pages is associated with individual users, how long they store such data, or whether data from visits to Facebook and Instagram pages is passed on to third parties.

When you visit our pages, Facebook and Instagram collect, among other things, your IP address and other information that is sent to Facebook or Instagram via cookies on your device. This information is used, among other things, to provide us, as the operator of those Facebook and Instagram pages, with the aforementioned statistical information about how our pages are being used. Facebook provides more detailed information on this at the following link: https://www.facebook.com/business/a/page/page-insights. Facebook’s cookie policy can be found here: https://www.facebook.com/policies/cookies/. Information about how Instagram uses cookies can be found here: https://help.instagram.com/1896641480634370?ref=ig.

The data collected about you in this context will be processed by Facebook or Instagram, during which it may be transferred to countries outside the European Union. Facebook’s privacy policy describes which information it receives and how it uses that information. You can find Facebook’s privacy policy at this link: http://de-de.facebook.com/about/privacy. Instagram’s privacy policy can be found here: https://help.instagram.com/519522125107875.

Data will be deleted from our systems after your request has been dealt with. If you interact with us publicly, for example by leaving a comment or liking a post, this data will remain publicly accessible on the site until it is deleted by us or you. If we are legally required to retain data for a longer period, your data will only be retained for this purpose and will be locked for other purposes.

Under the GDPR, Facebook assumes primary responsibility for the processing of Insights data and will comply with all of the GDPR’s requirements with respect to processing Insights data (including Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR and Articles 32 to 34 of the GDPR). In addition, Facebook will provide data subjects with the essential findings from its Page Insights supplement (available at https://www.facebook.com/legal/terms/page_controller_addendum).

The provision of your data is voluntary. However, it is not possible to visit our profile without having us and Facebook or Instagram process personal data, for which we and Facebook or Instagram are jointly responsible.

Facebook Social Plugins

We use the Facebook Social Plugins service on our website. The provider of this service is Meta Platforms Ireland Limited (Marketplace). Its registered office is at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.

Use of this service may result in data being transferred to a third country (the USA).

Further information can be found in the provider’s privacy policy at the following URL: de-de.facebook.com/policy.php.

Presence on Facebook

Social media platforms process a significant amount of their users’ personal data. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to link IP addresses to individual users. We have no influence over this data processing. Please note that you use our social media profiles and their features at your own risk. For details on data processing, please refer to the operator’s privacy policy.

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.

For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

The purpose of our profiles on social media platforms is to increase our online presence and thereby raise our profile. The legal basis is therefore legitimate interest in accordance with Article 6(1)(f) of the GDPR. Regarding the processing activities carried out by social media platforms, please note that these are based on their own legal grounds (e.g. consent in accordance with Article 6(1)(a) of the GDPR), which you can find in the relevant privacy policy.

In principle, we share joint responsibility with the social media platform for the data processing operations triggered when you visit our profile. You may therefore exercise your data subject rights under Article 15 et seq. of the GDPR both vis-à-vis the social media platform and vis-à-vis us. We would, however, point out that we have no influence over the data processing carried out by the social media platform.

Presence on Instagram

Social media platforms process a significant amount of their users’ personal data. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to link IP addresses to individual users. We have no influence over this data processing. Please note that you use our social media profiles and their features at your own risk. For details on data processing, please refer to the operator’s privacy policy.

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Republic of Ireland.

You can find detailed information on how Instagram handles personal data in its privacy policy: https://help.instagram.com/519522125107875.

The purpose of our profiles on social media platforms is to increase our online presence and thereby raise our profile. The legal basis is therefore legitimate interest in accordance with Article 6(1)(f) of the GDPR. Regarding the processing activities carried out by social media platforms, please note that these are based on their own legal grounds (e.g. consent in accordance with Article 6(1)(a) of the GDPR), which you can find in the relevant privacy policy.

In principle, we share joint responsibility with the social media platform for the data processing operations triggered when you visit our profile. You may therefore exercise your data subject rights under Article 15 et seq. of the GDPR both vis-à-vis the social media platform and vis-à-vis us. We would, however, point out that we have no influence over the data processing carried out by the social media platform.

Presence on LinkedIn

Social media platforms process a significant amount of their users’ personal data. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to link IP addresses to individual users. We have no influence over this data processing. Please note that you use our social media profiles and their features at your own risk. For details on data processing, please refer to the operator’s privacy policy.

We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Republic of Ireland. LinkedIn uses advertising cookies.

You can find detailed information on how LinkedIn handles personal data in its privacy policy: https://www.linkedin.com/legal/privacy-policy.

The purpose of our profiles on social media platforms is to increase our online presence and thereby raise our profile. The legal basis is therefore legitimate interest in accordance with Article 6(1)(f) of the GDPR. Regarding the processing activities carried out by social media platforms, please note that these are based on their own legal grounds (e.g. consent in accordance with Article 6(1)(a) of the GDPR), which you can find in the relevant privacy policy.

In principle, we share joint responsibility with the social media platform for the data processing operations triggered when you visit our profile. You may therefore exercise your data subject rights under Article 15 et seq. of the GDPR both vis-à-vis the social media platform and vis-à-vis us. We would, however, point out that we have no influence over the data processing carried out by the social media platform.

Presence on TikTok

Social media platforms process a significant amount of their users’ personal data. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to link IP addresses to individual users. We have no influence over this data processing. Please note that you use our social media profiles and their features at your own risk. For details on data processing, please refer to the operator’s privacy policy.

We have a profile on TikTok. The provider of this service is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Republic of Ireland.

You can find detailed information on how TikTok handles personal data in its privacy policy: https://www.tiktok.com/legal/privacy-policy?lang=de.

The purpose of our profiles on social media platforms is to increase our online presence and thereby raise our profile. The legal basis is therefore legitimate interest in accordance with Article 6(1)(f) of the GDPR. Regarding the processing activities carried out by social media platforms, please note that these are based on their own legal grounds (e.g. consent in accordance with Article 6(1)(a) of the GDPR), which you can find in the relevant privacy policy.

In principle, we share joint responsibility with the social media platform for the data processing operations triggered when you visit our profile. You may therefore exercise your data subject rights under Article 15 et seq. of the GDPR both vis-à-vis the social media platform and vis-à-vis us. We would, however, point out that we have no influence over the data processing carried out by the social media platform.

Presence on YouTube

Social media platforms process a significant amount of their users’ personal data. When you visit our profiles, your IP address and other information about the devices you use are processed, which makes it possible to link IP addresses to individual users. We have no influence over this data processing. Please note that you use our social media profiles and their features at your own risk. For details on data processing, please refer to the operator’s privacy policy.

We have a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland.

You can find detailed information on how YouTube handles personal data in its privacy policy: https://policies.google.com/privacy?hl=de.

The purpose of our profiles on social media platforms is to increase our online presence and thereby raise our profile. The legal basis is therefore legitimate interest in accordance with Article 6(1)(f) of the GDPR. Regarding the processing activities carried out by social media platforms, please note that these are based on their own legal grounds (e.g. consent in accordance with Article 6(1)(a) of the GDPR), which you can find in the relevant privacy policy.

In principle, we share joint responsibility with the social media platform for the data processing operations triggered when you visit our profile. You may therefore exercise your data subject rights under Article 15 et seq. of the GDPR both vis-à-vis the social media platform and vis-à-vis us. We would, however, point out that we have no influence over the data processing carried out by the social media platform.

Google also transfers data to and processes data in the United States. At present, there is no adequate level of protection for data transfers to the United States. For this reason, there are risks associated with the processing of data. WhatsApp uses standard contractual clauses and is part of the Data Privacy Framework, under which Google undertakes to ensure an adequate level of data protection.

Google Maps

To better display our locations geographically and to make it easier for you to find them, we have integrated map material from the Google Maps service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Republic of Ireland (hereinafter referred to as “Google”) in our website via an API. When you visit a page on our website with such map material, it tells Google that you have accessed that material. In particular, your IP address is sent to a Google server. This happens regardless of whether you are signed into your Google account or whether you even have a Google account. If you are signed into Google, your data will be directly associated with your account. If you do not wish your data to be associated with your Google profile, you must sign out of your Google account after using the relevant Google service. Google stores your data in usage profiles and uses them for advertising, market research, and/or to make its website more user-friendly. Such analysis is performed, in particular (even for users who are not signed in), to provide appropriate advertising and to inform other users in its social network about your activity on our website.

Further information on how Google processes data can be found in Google’s privacy policy.

The legal basis for this data processing is Article 6(1)(a) of the GDPR.

Insofar as personal data is transferred to Google servers in the United States and stored and processed there, Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Republic of Ireland and the Google companies based in the United States have concluded the standard data protection clauses adopted by the European Commission, which permit the transfer of personal data to the United States in individual cases.

We do not store any personal data via our integration of Google Maps.

Further information on how long Google stores data can be found in Google’s privacy policy.

The provision of your data is voluntary. Of course, you can also view our website without Google Maps.

Please note that certain features on our website may not work if you have disabled scripts – such as the one used by Google Maps.

Handling of applicant data

You have the option of sending us an application (e.g. by post, via the online application form or by e-mail). We store and process the personal data received in this way for the purposes of the application process.

The legal basis for this processing is Article 6(1)(b) of the GDPR and Article 6(1)(a) of the GDPR, provided that consent has been given. You may withdraw your consent at any time. The lawfulness of the processing carried out prior to withdrawal remains unaffected.

If the application results in an employment relationship, the data collected will be stored for the purposes of managing the

employment relationship on the basis of Article 6(1)(b) of the GDPR. If no employment relationship is established, the data will be stored on the basis of Article 6(1)(f) of the GDPR for the duration of any statutory claims, in particular those arising from discrimination in the application process. This is necessary to defend against any potential legal action or allegations. If consent has been given, the data will be stored for a longer period on the basis of Article 6(1)(a) of the GDPR. You may withdraw your consent at any time. The lawfulness of the processing carried out prior to withdrawal remains unaffected.

Applicant pool

If no employment relationship is established, the applicant may be added to our applicant pool. In this case, all details from the application will be stored so that we can contact the applicant in the event that suitable job vacancies arise.

Data is stored in the applicant pool only with your consent, in accordance with Article 6(1)(a) of the GDPR. This consent may be withdrawn at any time, whereupon the relevant data will be deleted, provided there are no legal grounds for retention. Deletion will take place no later than two years after consent is given. The lawfulness of the processing carried out up to the point of withdrawal remains unaffected.

We reserve the right to adjust this data protection statement so that it always complies with the latest legal requirements and in order to implement changes to our services in the data protection statement, such as when we introduce new services. In such cases, the new data protection statement will apply during your next visit.

Last updated: 27 April 2026