Contact

Data Privacy Statement

The protection of your personal data is a central concern of FAS AG (hereinafter: “we,” “us,” or “FAS”). By issuing this Data Protection Policy, we would like to inform you about the processing of your personal data when you use the web pages of FAS AG available at https://www.fas-ag.com/ (hereinafter “Website”) in accordance with the requirements of the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 – hereinafter “GDPR”):

1. Controller

FAS AG
Büchsenstr. 10
70173 Stuttgart
T. +49 (0) 711 6200749-0
F +49 (0) 711 6200749-99
info(at)fas.ag

FAS AG is represented by the Executive Board: Thomas Krug, Ingo Weber.

FAS AG operates the Website as sole controller. The Website also provides information about all companies belonging to the FAS Group and about FAS Lease AG.

2. Data Protection Officer

ETES GmbH
Data Protection Officer Ioannis Dimas
Talstr. 106
70188 Stuttgart
datenschutz(at)fas.ag

3. Categories of personal data that we process

We collect, process, and use the listed personal data or data categories from the following groups in order to fulfill the purposes stated below:

Clients and contacts at the clients:

  • Personal master data (first name, last name, form of address, academic title if applicable)
  • Communication data (phone, fax, and email data)
  • Address data (street, zip code/city or town, country)
  • If applicable, position and department within a company
  • If applicable, data on areas of interest
  • If applicable, link to XING or LinkedIn profile
  • Data on the content of the client relationship and consulting services including order and billing data

Prospective clients/non-clients/suppliers:

  • Personal master data (first name, last name, form of address, academic title if applicable)
  • Communication data (phone, fax, and email data)
  • Address data (street, zip code/city or town, country)
  • If applicable, position and department within a company
  • If applicable, data on areas of interest
  • If applicable, link to XING or LinkedIn profile
  • If applicable, bank details

Applicants:

  • Personal master data (first name, last name, form of address, gender, academic title if applicable, date of birth/age if applicable, marital status if applicable, nationality/citizenship and place of birth if applicable, immigration status if applicable (work permit requirement), copy of passport if applicable)
  • Communication data (phone, fax, and email data)
  • Address data (street, zip code/city or town, country)
  • If applicable, data on areas of interest
  • If applicable, link to XING or LinkedIn profile
  • If applicable, photo
  • If applicable, application data (resume, certificates, communication and evaluation if applicable, including information on training and career history)
  • If applicable, details on the contact for a reference
  • If applicable, information on diversity, including any racial or ethnic origin, religious affiliation or similar beliefs, and physical and mental health, including any information relating to disability
  • If applicable, details on any previous convictions
  • If applicable, information on current remuneration, pension and benefit arrangements
  • If applicable, further information that applicants provide on their own initiative 
  • If applicable, additional information that a contact for a reference provides on their own initiative with respect to an applicant
  • If applicable, other information we receive about the applicant from third parties, e.g. job portals, recruitment agencies, or social networks
  • If applicable, bank details

Employees:

  • The information sheet on the handling of personal data of employees is issued internally to the affected persons.

4. Sources of processed personal data

As a rule, we only collect personal data about you from yourself. 
In exceptional cases, personal data may also be collected through third parties (e.g. sharing/recommendation of contact data by third parties with which we are already in contact) and other restricted sources (e.g. online and offline media). 
We collect and store your personal data in our databases (MS Office applications and digital systems such as CMS, CRM, or applicant management system, as well as on our separate department-specific drives), so that we can contact you in connection with your request/application. Access to this data is based on a corresponding authorization and access concept.

5. Storage period 

The personal data received will only be stored for as long as necessary for the fulfillment of the respective purpose associated with the storage (e.g. performance of the contract). If this purpose has ceased to apply, we will generally erase the data or render it anonymous again, if and to the extent that there are no legitimate reasons or duties for retaining the data (e.g. in accordance with the provisions under tax or professional law). In the latter case, the data will only be processed to a limited extent, i.e. only to fulfill the reason for holding the data or the retention obligation, and otherwise only with consent, to establish, exercise or defend legal claims, to protect the rights of another natural person or legal entity, or for reasons related to an important public interest of the European Union (EU) or an EU Member State. In the event that there is a retention duty, we will erase or render the data anonymous after the retention obligation certainly no longer applies.

6. Purposes for which the personal data is processed

We observe the principle of purpose-based use of personal data and process your personal data only for the purposes explained in this Data Protection Policy.

When you visit our Website, it is not necessary or required by law or contract for you to actively provide information about yourself. Nevertheless, we collect certain data anonymously or using pseudonyms in order to evaluate your usage behavior. In addition, so-called cookies and social plugins are used on our Website (see Section 8 for more in this regard).

We use the personal data provided by you for the following purposes:

  • Processing of your request(s) (e.g. through our contact form)
  • Direct marketing - including sending the respective publication(s) requested by you (FAS newsletter, other industry newsletters, FAS JOBletter) 
  • Sending invitations to specific events
  • Event registration and execution
  • Contacting for other purposes
  • Customer care
  • Decision on establishment of an employment relationship and, if necessary, also on the establishment, implementation and termination thereof.
  • After completing an application as part of our talent pool for future recruitment purposes
  • Company and/or corporate group management (e.g. budget planning and reporting)
  • Compliance with legal requirements (e.g. for the fulfilment of tax and commercial law duties and implementation of compliance management including compliance audits)
  • Data protection management and security management as well as security audits
  • Establishment, exercise, or defense of legal claims

7. Legal basis for processing

The processing of personal data is based on the GDPR, the German Federal Data Protection Act (BDSG), and other European and German regulations and laws.

a. Overview of the legal basis

The following list gives you a brief overview of the existing or used legal bases in accordance with the GDPR and the German Federal Data Protection Act, which we may refer to when processing your data:

Legal basis

Description/Grounds

Consent Art. 6 (1) (1) (a) GDPR

This legal basis applies if you have granted consent for us to process your data for one or more purposes (e.g. consent to the dispatch of publications).

Performance of the contract or implementation of precontractual measures Art. 6 (1) (1) (b) GDPR

If we have concluded a contract with you (e.g. the execution of an event) or if you have asked us to implement a pre-contractual measure (e.g. inquiry about an event), this legal basis allows us to process all data from you which is necessary to fulfill the contract or to perform the precontractual measure.

Compliance with a legal obligation Art. 6 (1) (1) (c) GDPR

This legal basis allows us to process your data if this is necessary to comply with a legal obligation (e.g. to comply with obligations under commercial, tax, or professional law).

Legitimate interests pursued by the controller or by a third party Art. 6 (1) (1) (f) GDPR

In some cases, we also base the processing of personal data on our legitimate interests or the legitimate interests of third parties. All interests of a legal, economic, and non-material nature that are not disapproved of by the legal system can be considered legitimate interests. Examples of our legitimate interests include:

  • Data processing for communication with you as our client’s contact
  • Direct marketing (if not already covered by Art. 6 (1) (1) (a) GDPR), e.g. to draw you or your company’s attention to events. You can object to direct advertising at any time with future effect, as explained in 11 g)
  • Data processing of contacts at contractual partners or interested parties, if not already covered by Art. 6 (1) (1) (a) or (b) GDPR.
 

Decision to establish an employment relationship Art. 88 GDPR in conjunction with Sec. 26 (1) (1) of the German Federal Data Protection Act

If you apply online through our Website, we also use your data to decide whether to establish an employment relationship with you and, if applicable, to establish, implement, and terminate it.

b. Details on the legal basis of the data processing

i. Consent-based dispatch of publications

Data to be provided

If you request publications (FAS newsletter, other specialist letters, FAS JOBletter) from us by email, you only need to state your form of address, your first and last name, your email address and, if applicable, your company. When requesting publications by mail, your address data must be provided as well.

In both cases (sending by mail and email), we will only process further data provided by you in this context if you communicate this to us additionally and shall only do so for the aforesaid purposes. 

Overall, you can always provide the following data (“Complete Data”) when requesting publications:

Form of address 
Title 
First name 
Last name 
Company 
Position
Phone 
Address 
Zip code 
City/Town 
Email address

Declaration of consent

We will only send publications (FAS newsletter, other specialized letters, FAS JOBletter) on the basis of granted consent. If you have given us your consent for the use of your data for dispatch of publications (electronically and/or by mail), the consent text reads as follows:

I hereby agree that the personal data I provide when registering for an email newsletter or any other publication may be processed for the dispatch of the publications I have selected. I can revoke this consent at any time for the future and thus cancel the respective publication. For this purpose, it is sufficient, for example, to send an email to the email address specified under Section 1 of this Data Protection Policy. Alternatively, it is also possible to unsubscribe using the unsubscribe link at the end of an email newsletter or other publication. This does not affect the lawfulness of the processing up to this revocation. I have taken note of the exact details of the processing of my data as well as my rights regarding data processing as explained in the Data Protection Policy.

ii. Consent-based sending of invitations to specific events

Data to be provided

If you would like us to invite you to events for specific topics by email, you only need to provide your form of address, your first and last name, your email address and, if applicable, your company. Optionally, you can also provide the Complete Data specified under Section 7 (b) (i).

Declaration of consent

Invitations to specific events will only be sent on the basis of consent given. If you have given us your consent for the use of your data for electronic dispatch of event invitations, you agree to the processing of your data for this purpose as follows:

I hereby agree that the personal data provided by me when ordering invitations to specific events may be processed for the dispatch of the event invitations I have selected. I can revoke this consent at any time with future effect and thus cancel the respective invitation. For this purpose, it is sufficient, for example, to send an email to the email address specified under Section 2 of this Data Protection Policy. Alternatively, it is also possible to unsubscribe using the unsubscribe link at the end of an electronic invitation. This does not affect the lawfulness of the processing up to this revocation. I have taken note of the exact details of the processing of my data as well as my rights regarding data processing as explained in the Data Protection Policy.

iii. Event registration

If you register for an event, we will use the data provided in this context as mandatory information only to register for and execute the event. We process this data on the basis of Article 6 (1) (b) GDPR. In this respect, we do not require your consent. It is not possible to register for an event without this information. If and to the extent that you provide the data identified as voluntary information when registering for the event, we will also process this data exclusively in order to register you for the respective event and to execute it. 

If and to the extent that you give us your consent, we will also use your data to send you presentation documents, for example, by email after your participation in the event.

Data to be provided

If you register on our Website to participate in an event, all data identified as mandatory information is required for registration for and execution of the respective event. Depending on the design of the event, it may be possible to provide additional data as an option. Please refer to the corresponding registration form on our Website for more details in this regard.

Declaration of consent 

If and to the extent that you have given us your consent to send you appropriate presentation documents by email after participation in an event, you agree to the processing of your data for this purpose as follows:

I hereby agree that my personal data provided in the context of registration for an event may also be processed in order to send me appropriate presentation documents by email after participation in the aforesaid event. I can revoke this consent at any time for the future. For this purpose, it is sufficient to send an email to the email address specified under Section 2 of this Data Protection Policy. This does not affect the lawfulness of the processing up to this revocation. I have taken note of the exact details of the processing of my data as well as my rights regarding data processing as explained in the Data Protection Policy.

iv. Consent-based processing and use of your data to contact you for other purposes

If you have given us your consent in this regard, we will also use the data collected for the purposes explained in Sections 7 (b) (i) to 7 (b) (iii) for contacting you in other exceptional cases with regard to technical topics. This means that we store your data for information purposes and use it, for example, in the event of repeated contact or an incipient business relationship, in order to be able to respond to your concerns in the best possible way.

If you have given us your consent for the use of your data to contact you for other purposes, you agree to the processing of your data for this purpose as follows:

I hereby agree that the data provided by me may also be processed and used by FAS AG to contact me for other purposes. I can revoke my consent in this regard at any time, effective for the future. For this purpose, it is sufficient to send an email to the email address specified under Section 12 of this Data Protection Policy. This does not affect the lawfulness of the processing up to this revocation. I have taken note of the exact details of the processing of my data as well as my rights regarding data processing with respect to me as explained in the Data Protection Policy.

c. Application button “Apply with XING”

In the “Career” section of our Website, you have the opportunity to apply for a job offer by using your personal XING profile. By clicking on the “Application with XING” button, you are connected to the XING platform, forwarded to it, and at this point you leave our Website. After entering your XING login data, if you are not already logged in to XING anyway, a contact request is automatically sent from your profile to the FAS Human Resources team with reference to the job offer you selected. After sending the XING contact request, our Human Resources team will contact you.

d. Contact for other purposes

You can also use our general contact form or send us a message about our tool solutions and webinar offers on our Website. This requires you to enter your form of address, your full name, your company and your email address so that we can contact you. If you have given us your consent to this, we will also use the data you have entered through the contact form for contacting you in other exceptional cases and for customer support, as explained in more detail under Section 7 (b) (iv). The processing of your data provided in this context takes place exclusively in order to answer your inquiry on the basis of Article 6 (1) (f) GDPR.

e. Use of email marketing service provider “CleverReach”

Email newsletters or other electronic publications or event registrations are sent via “CleverReach,” a service offered by the email marketing service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. 

The email address you provide when registering for our email newsletter will be stored on CleverReach’s servers in Germany. CleverReach uses this information for sending and evaluating the email newsletters exclusively on our behalf and according to our instructions. Furthermore, CleverReach can use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of email newsletters. [CleverReach does not use your email address to contact you itself or to share it with third parties.]

You can view CleverReach’s data protection policy here (https://www.cleverreach.com/en/privacy-policy/).

8. Data collection on our Website

a. Use of cookies

Cookies are small data packets generated by our web server and stored on your computer’s hard drive when your computer communicates with the web server.

b. General right of objection

You may exercise your right to refuse cookies at any time. If you wish, you can set your browser accordingly, without affecting the other options for objection described below. Please refer to your browser’s help function for details.

If you do not accept cookies, you may not be able to use the full range of our website functions.

c. Types of cookies

The following types of cookies are used on our Website:
Session cookies
To improve Website presentation and navigation; these lose their validity after leaving our Website. 

d. Server log files

The provider of our Website automatically collects and stores information in so-called server log files, which your browser automatically transfers to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with other data sources.

The basis for data processing is Article 6 (1) (b) GDPR, which permits the processing of data for the fulfilment of a contract or precontractual measures.

Google Analytics cookies

Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), uses cookies to analyze your use of websites.

The information generated by the cookie about your use of our Website is transferred to a Google server in the United States and stored there. Prior to the transfer, your IP address will be reduced by the last octet in the European Union or the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. Google will use this information on our behalf to evaluate your use of our Website to compile reports on Website activities and to provide FAS with other services relating to Website use and internet use.

The (shortened) IP address transferred by your browser through the use of Google Analytics is not combined with other Google data.

You can prevent Google from collecting the data generated by the cookie and related to your use of the Website (including your IP address) and from having this data processed by Google if you download and install the browser plugin available under the following external link: https://tools.google.com/dlpage/gaoptout?hl=en 

You will find more information on the terms of use and data protection at the following external links: https://www.google.com/analytics/terms/us.html

Please note that you are leaving the Website of FAS when you click on these links. We do not process the data in question.

e. Types of social media plugins

Currently we are linking to social media providers with following social buttons:

  • Facebook
  • Twitter
  • LinkedIn
  • XING
  • YouTube

We use the Shariff component on our website for the privacy-conform usage provided by the social buttons. The computer magazine c´t has developed and published Shariff via GitHub Inc.

Usually, the button solutions provided by the social networks transfer the personalized data of the website visitor as soon as they visit the website on which the social media buttons are integrated. The Shariff component only transmits data to social media networks when the website visitor actively activates a social media button. Shariff makes it possible to protect the personalized data of website visitor and integrating social media buttons on the website at the same time.

Additional information and GitHub´s applicable privacy policy can be found at https://help.github.com/articles/github-privacy-policy/

On the respective pages of the named social networks, usage and possibly user data of visitors can be collected. We have no control over the personal data collected and the processes used to collect such data, nor are we aware of the full extent of the collection of personalized and other data, the purpose of the processing and the retention periods of the data on social media sites. We also have no information on the deletion of the data collected by the plug-in provider.

We therefore inform you according to our level of knowledge: Only when you open up the corresponding social media page, may your browser make direct connection with the servers of the social media provider. This means, that the information that you have visited our website is forwarded indirectly to these services.

If you are already logged in to the social media provider on your personal account while visiting our website, you can usually “share” the document by clicking the social media button as well as leaving a comment, etc. We discourage you clicking on social media buttons, if you do not want such data transmissions.

Scope, purpose of the data collection by the social media providers and the further processing and use of your data as well as your respective rights and setting options for the protection of your privacy, please refer to the privacy policy of these services.

9. Recipients or categories of recipients of personal data

We may share your personal data with the following categories of people in a variety of ways and for a variety of purposes, as appropriate and in accordance with local laws and regulations:

  • Public bodies to which the data must be transferred by law (e.g. fiscal tax authorities, supervisory authorities)
  • Internal bodies involved in the execution of the respective tasks (mainly: Marketing, Human Resources, IT & Security, Business Development, internal responsible parties within the departments of FAS AG, including affiliated companies of FAS AG and the parent company WTS Group AG, which are involved in the selection process related to an application.)
  • External contractors (service providers such as lettershops, IT service providers, recruitment agencies, etc.), which work for FAS in accordance with instructions and which we have obligated in accordance with Article 28 GDPR.
  • Other external bodies to the extent that the data subject has given their written consent or the transfer is permissible for reasons of overriding legitimate interest.
  • All affiliated companies of FAS AG and companies in the WTS Group.
  • If FAS merges with or is acquired by another company or entity in the future (or there are meaningful discussions about such a possibility), we may share your personal data with the (future) new owners of the company or entity.

10. Transfer of personal data to third countries

We do not generally transmit personal data that we collect through this Website to countries outside of the European Union or the European Economic Area (third countries). If data is transferred to third countries as required for the performance of the contract, for internal communication or administration within FAS or, for example, due to the registered office of a service provider being in a third country, this always takes place after a detailed examination and evaluation by our data protection officer. It also only takes place if the body in the third country has an adequate level of data protection or if there are suitable guarantees to ensure an adequate level of data protection in this country (Article 45 et seq. GDPR) or if, exceptionally, neither a decision on appropriateness nor suitable guarantees are required (Article 49 (1) (1) GDPR). If and to the extent that you would like to receive additional information on the guarantees in an individual case, you are welcome to contact our data protection officer indicated under Section 2.

11. Your rights with regard to data processing

With respect to us, you have the rights laid out in more detail below and based on Articles 15 to 21 GDPR, the right to revoke your consent at any time, and the right of appeal to the relevant supervisory authority. You can assert your rights against us in an informal manner, either directly by using the contact data indicated under Section 1 or by contacting our data protection officer, whose contact data you will find under Section 2. With the exception of any transfer or connection fees, you will not incur any costs.

a. Right of access (Article 15 GDPR)

You have the right to request confirmation from us regarding whether and what personal data relating to you are being processed and, in relation to such data, to obtain information in particular on the purposes and the legal basis of the processing (Sections 6, 7, and 8), the categories of data that we process (Section 3), the categories of recipients (Section 9), and our intention to transmit the data to recipients in a third country (Section 10). The right to access also includes information about the origin of the data, unless it was collected from you yourself. You also have the right to request a copy of the personal data that is the subject of the processing if such does not affect the rights and freedoms of other people with regard to their personal data.

b. Right to rectification (Article 16 GDPR)

You have the right to request that we immediately rectify any inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to request to have incomplete personal data completed, including by means of providing a supplementary statement.

c. Right to erasure (Article 17 GDPR)

You have the right to request that we immediately erase your personal data where one of the following grounds applies and none of the subsequently explained exceptions are applicable:

  • The data processed from you is no longer necessary for the purposes explained in this Data Protection Policy
  • You have revoked your consent (see Section 11 (i) in this regard), and we have no other legal basis for processing your data
  • The data was processed unlawfully, or
  • The erasure is necessary to comply with a legal obligation under European Union or the laws of a Member State to which we are subject. 
  • You have raised an objection to the processing of your data with us (see Section 11 (g) in this regard), and we have no overriding legitimate grounds for processing your data.

However, we must or may not implement your request for erasure if one of the following grounds applies:

  • Processing is necessary to exercise the right to freedom of speech and information,
  • Processing is necessary in order to fulfill a legal obligation incumbent on us under the law of the European Union or a Member State (e.g. legal storage obligations),
  • Processing is necessary for establishing, exercising or defending legal claims, or
  • Processing is necessary for reasons of public interest in the area of public health.

d. Right to restriction of processing (Article 18 GDPR)

You have the right to request that the processing of your personal data be restricted. In particular, you are entitled to this right on account of one of the following grounds:

  • You contest the accuracy of your personal data,
  • The processing of the data is unlawful, and you oppose the erasure of the data,
  • We no longer need your data, but you need it to establish, exercise or defend legal claims, or
  • You have objected to the processing (see Section 11 (g) in this regard), and we are still verifying whether our legitimate grounds for processing override your legitimate grounds for objecting.

e. Right to notification (Article 19 GDPR)

If you have exercised your right to rectification, erasure, or restriction of the processing, we are obligated to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right, with respect to us, to be informed about these recipients.

f. Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you in a structured, commonly-used, and machine-readable format, and to transmit it to another controller or have it transmitted by us to such if you have provided this data to us on the basis of consent or a contract, and the data is processed using an automated procedure. You have the right to have the data transmitted by us directly to the new controller if this is technically feasible and does not impair the rights and freedoms of other people.

g. Right to object (Article 21 GDPR)

You have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation, if the processing of such data is not necessary to safeguard our legitimate interests or the legitimate interests of a third party or for the handling of a task that is in the public interest.

You can object to the processing of your data for marketing purposes at any time in the future. We will always obey such objections. Please remember, however, that we cannot rule out the possibility that we may not be able to recall marketing material in individual cases if your objection reaches us at a time when we have already unstoppably initiated a given marketing campaign. In such a case, however, we will naturally exclude you from any future marketing.

h. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Furthermore, you can lodge a complaint at any time with the competent data protection authority, for example, at your place of residence or at the place of the alleged infringement. 

The following regional data protection supervisory authority is responsible for FAS AG:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Postfach 10 29 32
70025 Stuttgart
T +49 (0) 711 615541-0
F +49 (0) 711 615541-15
poststelle(at)lfdi.bwl.de

You can also lodge a complaint at any time with any other competent data protection authority. Please find all contact details here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

i. Right to revoke consent

If and to the extent that you have given us a declaration of consent to process your data, you have the right to revoke this consent at any time with future effect. The revocation shall not affect the lawfulness of processing carried out on the basis of the consent until the time of revocation, but may only affect the lawfulness of future processing.

12. No need for you to provide data

There is no legal duty according to which you would be obligated to provide us with your personal data.

Should you, e.g. technically, prevent us from receiving the data necessary for the use of our Website, it is possible that you may not be able to use our services or only to a limited extent.

The provision of personal data in the context of ordering publications and informational material is voluntary and is not required either by contract or by law. Failure to provide the necessary data may mean that we cannot send you any publications or informational material.

However, the provision of personal data within the framework of event registration is necessary for the conclusion of a contract and for its performance. Failure to provide this information may prevent us from concluding a contract with you regarding participation in an event.

The provision of your data in the context of contacting us through our contact form is also voluntary. However, it is not possible for us to respond to your request without the necessary information, in particular a contact option.

The provision of your personal data in the context of an application is necessary for the decision to establish an employment relationship with you. Failure to provide this information may prevent us from making a (positive) decision about your employment.

13. Automated decisions, including profiling, within the meaning of Article 22 GDPR

Your personal data will not be used for automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR. If it is used, we will inform you in detail about the logic as well as the scope and intended effects of such processing for the person concerned.

14. Data security

We take technical and organizational security measures to protect your personal data against unintentional or unlawful erasure, alteration or loss and against unauthorized disclosure or access.

15. Validity of and amendments to this Data Protection Policy

This Data Protection Policy is valid as of the date indicated below. We reserve the right to amend this Data Protection Policy. We would therefore ask you to review the Data Protection Policy on an ongoing basis so that you can inform yourself about any changes.

Last updated: May 2018

Contact
 Ingo Weber Member of the board