Privacy Policy

The controller within the meaning of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

redi-Group GmbH
Katzbergstraße 3a | 40764 Langenfeld | Germany

 

Your Data Subject Rights

You can exercise the following rights at any time using the contact details of our Data Protection Officer:

• Right to information about your data stored with us and its processing (Art. 15 GDPR),
• Rectification of inaccurate personal data (Art. 16 GDPR),
• Erasure of your data stored with us (Art. 17 GDPR),
• Restriction of data processing, if we are not yet permitted to delete your data due to legal obligations (Art. 18 GDPR),
• Objection to the processing of your data by us (Art. 21 GDPR) and
• Data portability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us consent, you can revoke it at any time with effect for the future.

You can lodge a complaint with a supervisory authority at any time, e.g., with the competent supervisory authority of the federal state of your residence or with the authority responsible for us as the controller.

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-999
Email: poststelle@ldi.nrwde

Collection of General Information when Visiting our Website

Type and Purpose of Processing:
When you access our website, i.e., if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address, and similar data.
They are processed in particular for the following purposes:

• Ensuring a smooth connection to the website,
• Ensuring smooth use of our website,
• Evaluation of system security and stability, as well as
• for further administrative purposes.

We do not use this data to draw conclusions about your person. For this reason, the IP address on our server is immediately anonymized, i.e., it is replaced by a random number.
The above-mentioned information is evaluated by us purely statistically to optimize our website and the underlying technology.

Legal Basis:
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.

Recipients:
Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website.

Storage Duration:
The data will be deleted as soon as it is no longer required for the purpose of its collection. For data used to provide the website, this is generally the case when the respective session ends.

Provision required or necessary:
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the initial IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason, an objection is excluded.

Cookies

Type and Purpose of Processing:
This website uses its own privacy-friendly web analytics service. The website operator only receives various data within the website, such as usage time, page views, and dwell time.

This service does not use any personal data. No data is read or stored on the website visitor’s device. Any existing cookies that are technically necessary are also not used.

The IP address of the website visitor is anonymized, i.e., it is replaced by a random value and not stored beyond the session. Re-identification of the website visitor beyond the website is thus excluded.

Storage Duration and Cookies Used:
Depending on the respective settings in the browser used, cookies may be allowed and used:

• Session Cookies

Use of Borlabs Cookie

Our website uses the consent management tool “Borlabs Cookie”, a product of Borlabs GmbH, Hamburg. The tool sets a technically necessary cookie to store your cookie preferences. The following information is stored in this cookie: your consent(s) or the withdrawal of such consent(s), the cookie’s duration, the website’s domain and path, as well as a randomly generated ID. No data is transmitted to third parties.

The storage is carried out to implement your chosen cookie preferences and to fulfill legally required documentation obligations. The legal basis is Art. 6 para. 1 lit. c GDPR in conjunction with Art. 7 GDPR, as well as § 25 para. 2 no. 2 TTDSG.

You can withdraw or change your consent at any time with effect for the future by revisiting the cookie settings via the corresponding link in the footer of our website and adjusting your selection.

Contact Form

Type and Purpose of Processing:
The data you enter is stored for the purpose of individual communication with you. For this, a valid email address and your name are required. This serves to assign the inquiry and subsequently answer it. The provision of further data is optional.

Legal Basis:
The processing of the data entered into the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR). By providing the contact form, we want to enable you to contact us easily. The information you provide will be stored for the purpose of processing the inquiry and for possible follow-up questions.
If you contact us to request an offer, the data entered into the contact form will be processed for the performance of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Recipients:
Recipients of the data may be processors.

Storage Duration:
Data will be deleted no later than 6 months after processing the inquiry. If a contractual relationship arises, we are subject to the statutory retention periods under the German Commercial Code (HGB) and will delete your data after these periods expire.

Provision required or necessary:
The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, email address, and the reason for the inquiry.

Data Protection for Applications and in the Application Process

The legal basis for processing your personal data in this application process is primarily Section 26 (1) sentence 1 of the BDSG, namely with the decision on the establishment of an employment relationship.

Should this data be required for legal prosecution after the conclusion of the application process, data processing may take place on the basis of the requirements of Art. 6 GDPR, in particular for the protection of legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR, namely in our interest in asserting or defending claims.

Data of applicants will be deleted by us no later than 6 months after the conclusion of the selection process in the event of a rejection.

Should your data still be of interest to us, despite a failed hiring or a rejection, you will be explicitly asked by us for your consent to storage in our candidate pool before the conclusion of the application process.

If you have given documented consent to this storage, you will be informed again in text form. Your data will be stored for a period of 12 months after consent. If the data is no longer used, it will be deleted.

Furthermore, we process personal data on the basis of data processing agreements in accordance with Art. 28 GDPR, this applies in particular to providers of applicant management systems. However, no personal data is transferred to third parties if there is no relation to applicant management.

For data protection-compliant transmission and processing of your data, please preferably send personal application data via the online portal. If you send us your application unencrypted by email, please note that confidential transmission is not guaranteed with a standard email and is therefore at your own risk.

SSL Encryption

To protect the security of your data during transmission, we use encryption methods corresponding to the current state of the art (e.g., SSL) via HTTPS.

Processors Used

The following organizations, companies, or persons have been commissioned by the operator of this website to process data:

• Hetzner Online GmbH, Industriestr. 25 , 91710 Gunzenhausen

These are only activated when using the contact form.

Plugins and Tools

SalesViewer

We have integrated SalesViewer on this website. The provider is SalesViewer / SalesViewer GmbH, Hueststr. 30, 44787 Bochum (hereinafter referred to as “SalesViewer”).

SalesViewer enables us to record visits from employees of other companies to our website. For this purpose, the website visitor’s IP address is matched with the company IP addresses stored in SalesViewer’s company database. If it is a company’s IP address, this visit and user behavior are recorded. IP addresses that are not present in the SalesViewer database are immediately deleted, so that website visits by private individuals are ignored by SalesViewer.

SalesViewer offers an opt-out procedure to improve data protection. Further details can be found at the provider’s following link: https://www.salesviewer.com/de/opt-out/.

The use of SalesViewer is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in recording company visits to our website and their user behavior. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details can be found in the provider’s privacy policy at https://www.salesviewer.com/de/plattform/datenschutz/.

Processor Agreement
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Facebook / Facebook Business Manager

redi-Group GmbH uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, for the information service offered.

We would like to point out that you use the Facebook page and its functions at your own risk. This applies in particular to the interactive functions (for example, commenting, sharing, rating). Facebook processes personal data related to your account, your IP address, as well as your devices used; cookies are used for data collection. These are small files that are stored on your devices. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage policies. There you will also find information about contact options for Facebook, the possibilities to object, and the settings for advertisements.

The data usage policies are available at the following link: http://de-de.facebook.com/about/privacy

The complete data policies of Facebook can be found here: https://de-de.facebook.com/full_data_use_policy

The information can be used by Facebook to provide us, as operators of the Facebook pages, with statistical information such as gender and age distribution regarding the use of the Facebook page. Furthermore, Facebook can display further information or advertisements to you according to your preferences.

Facebook provides further information on this at the following link: http://de-de.facebook.com/help/pages/insights.

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. If you visit one of our presences on social media (e.g., Facebook), you trigger the processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 GDPR, provided that we actually make a joint decision with the operator of the social network regarding data processing and also exert influence on the data processing. Where possible, we have concluded agreements on joint controllership with the operators of the social networks in accordance with Art. 26 GDPR, in particular the Page Controller Addendum from Facebook Ireland Ltd..

Your rights (right of access according to Art. 15 GDPR, right to rectification according to Art. 16 GDPR, right to erasure according to Art. 17 GDPR, right to restriction of processing according to Art. 18 GDPR, right to data portability according to Art. 20 GDPR, and right to lodge a complaint according to Art. 77 GDPR) can generally be asserted both against us and against the operator of the respective social network (e.g., Facebook).

Please note that despite the joint controllership according to Art. 26 GDPR with the operators of social networks, we do not have full influence over the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our possibilities. In the event of asserting data subject rights, we could only forward these requests to the operator of the social network.

How Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data, and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly specified by Facebook and is not known to us.
When accessing a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about its users’ devices (for example, as part of the “Login Notification” function); if necessary, Facebook can thus assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is located on your device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Through Facebook buttons embedded in websites, Facebook can record your visits to these websites and assign them to your Facebook profile. Based on this data, content or advertising tailored to you can be offered. If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies present on your device, and close and restart your browser. In this way, Facebook information through which you can be directly identified will be deleted. This allows you to use our Facebook page without your Facebook ID being revealed. If you access interactive functions of the page (Like, Comment, Share, Messages, etc.), a Facebook login mask appears. After any login, you will again be recognizable to Facebook as a specific user. Alternatively, you can use a different browser than usual to visit our Facebook page.

Information on how you can manage or delete information about you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy#

As providers of the information service, we do not collect or process any further data from your use of our service. This privacy policy can be found in its currently valid version under the item “Data Policy” on our Facebook page.

Data Protection Information on the Use of X (Formerly Twitter)

The redi-Group GmbH uses the platform and services of X Corp., San Francisco, USA, for its contributions. For users outside the USA, X International Unlimited Company, Dublin, Ireland, is responsible.

The use of X is at your own risk. What data X collects and how it is processed can be found in the privacy policy: https://help.x.com/en/privacy

X regularly transfers and stores data in the USA. This is based on standard contractual clauses. redi-Group GmbH has no influence on the scope, type, or disclosure of the data.

Data processed by X may include:

• voluntarily entered data (name, username, email, phone number, contacts)
• shared content and interest profiles
• direct messages
• location data (GPS, Wi-Fi, IP address)
• technical log data (IP, browser, operating system, device data, search terms, cookies)

X may also use analytics tools over which redi-Group GmbH has no influence. We only have access to anonymous usage statistics.

Even without an account, X can collect data via embedded buttons, widgets, or cookies and evaluate your usage behavior for content and advertising. Since X is based outside the EU, German data protection laws apply only to a limited extent.

Setting options:

• In the X account under “Privacy & Security”
• On mobile devices via operating system settings (e.g., access to contacts, photos, location)

More information:

• Privacy Policy: https://help.x.com/en/privacy
• View your own data: https://x.com/settings?lang=en
• Data or archive requests: via X’s Help Center

Processing by redi-Group GmbH: We do not collect any personal data ourselves via X. However, content that you post publicly on X (e.g., posts, username) may be picked up, responded to, or redistributed by us and thus made accessible to our followers.

LinkedIn

For the information service offered, redi-Group GmbH uses the technical platform and services of LinkedIn Ireland Unlimited Community, Wilton Place, Dublin 2, Ireland. We would like to point out that you use this LinkedIn page and its functions at your own risk. This applies in particular to the use of interactive functions (for example, commenting or rating). Information on what data is processed by LinkedIn and for what purposes it is used can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

When you visit our LinkedIn company page, LinkedIn collects, among other things, your IP address and other information present on your PC in the form of cookies. This information is used to provide us, as operators of the LinkedIn pages, with statistical information about the use of the LinkedIn page.

The data collected about you in this context is processed by LinkedIn Ireland Unlimited Community and may be transferred to countries outside the European Union (https://www.linkedin.com/help/linkedin/answer/62533). LinkedIn describes in general terms what information it receives and how it uses it in its privacy policy. There you will also find information about how to contact LinkedIn.

The manner in which LinkedIn uses data from visits to LinkedIn pages for its own purposes, the extent to which activities on the LinkedIn page are assigned to individual users, how long LinkedIn stores this data, and whether data from a visit to the LinkedIn page is passed on to third parties is not definitively and clearly stated by LinkedIn and is not known to us.

As providers of a LinkedIn company page, we do not collect or process any additional data from your use of our service.

XING

XING is a social network operated by XING SE, based in Hamburg. Members can primarily manage their professional, but also private, contacts and establish new ones. Organizations can set up a page with a logo and short profile, post news, and initiate discussion groups there.

A personal profile with administrator rights must be assigned to the company profile. Dialogue in groups can only take place via the personal profile of a natural person.

To use the network functions, one must be registered as a user. There is a free basic version and a paid version with additional features. Unlike other social networks, XING is more strongly based on the combination of personal and electronic contact, is less commercial, and less visually oriented. The focus is on professional exchange on specialist topics with people who have similar professional interests. In addition, XING is often used by companies and other organizations for recruiting personnel and presenting themselves as an attractive employer. For this purpose, XING is linked to the employer rating platform kununu.

XING provides further information: https://corporate.xing.com/de/unternehmen/

You can read the current information on data protection at https://privacy.xing.com/de/datenschutzerklaerung.

redi-Group GmbH does not collect or process any personal data via XING.

Use of YouTube

On our website, we embed videos from the YouTube platform or link to content provided there. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Legal Basis
The integration is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in an appealing presentation and the user-friendly provision of our online content. If corresponding consent is requested (e.g., via a cookie banner), processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

Data Transfer
When you access a page with an embedded YouTube video, a connection to YouTube’s servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube or Google account, this information can be assigned to your respective user account. You can prevent this by logging out before using our website.

Cookies and Similar Technologies
YouTube may store cookies or comparable recognition technologies (e.g., device fingerprinting) on your device. These serve, among other things, to collect video statistics, prevent abuse, and improve user-friendliness. We have no influence on the specific data processing by YouTube.

Transfer to Third Countries
Processing may also be carried out by Google LLC in the USA. There is no adequacy decision by the EU Commission for the USA. For data transfers, Google relies on standard contractual clauses pursuant to Art. 46 GDPR, which are intended to ensure a comparable level of protection for your data.

Further Information
Details on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy

Calendly

On our website, you have the option to schedule appointments with us. For appointment booking, we use the tool “Calendly”. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

For the purpose of booking an appointment, please enter the requested data and your preferred date/time into the designated form. The entered data will be used for planning, conducting, and, if necessary, for the follow-up of the appointment. The appointment data is stored for us on Calendly’s servers, whose privacy policy you can view here: https://calendly.com/privacy.

The data you enter will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage ceases to apply. Mandatory legal provisions – especially retention periods – remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in facilitating the simplest possible appointment scheduling with interested parties and customers. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

The company holds a certification under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider via the following link: https://www.dataprivacyframework.gov/participant/6050.

Data Processing Agreement

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is processed only according to our instructions and in compliance with the GDPR.

Google Analytics 4

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics 4 allows us to analyze the behavior of visitors on our website and optimize our content and offerings.

Google Analytics 4 uses cookies by default to collect information about website usage. In addition, other technologies such as device fingerprinting or local storage techniques may also be used. The data collected includes, in particular:

• IP address (in abbreviated form),
• information about the device used, operating system, and browser,
• time of access, source (referrer URL), and interactions on the website.

The information collected by Google is usually stored on Google’s servers, including in the USA. For data transfer to the USA, Google relies on standard contractual clauses of the EU Commission.

We have activated IP anonymization so that your IP address is truncated within the EU or EEA. Only in exceptional cases will the full IP address be transmitted to Google servers in the USA and truncated there. According to Google, your data will not be merged with other Google services.

The legal basis for the use of Google Analytics 4 is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via our cookie settings with effect for the future.

Further information on data processing by Google can be found in Google’s privacy policy: https://policies.google.com/privacy

Changes to our Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g., when introducing new services. The new privacy policy will then apply to your renewed visit.

Questions to the Data Protection Officer

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization directly:

HBSN GmbH | Berliner Straße 52 F | 38104 Braunschweig
T +49 30 408173352 | F +49 5334 948624 | datenschutz@hbsn-gruppe.de
hbsn-gruppe.de