Privacy Policy

1. Data Protection at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any information that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Controller Information” in this privacy policy.

How do we collect your data?

Some of your data is collected when you provide it to us. This may include data you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter the website.

What do we use your data for?

Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right at any time to receive free information about the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can withdraw this consent at any time with effect for the future. Additionally, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this and other questions regarding data protection, you can contact us at any time.

Analytics Tools and Third-Party Tools

When you visit this website, your browsing behavior may be statistically analyzed. This happens primarily using so-called analytics programs.

You can find detailed information about these analytics programs in the following privacy policy.

2. Hosting

IONOS

We host our website with IONOS SE. The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter “IONOS”). When you visit our website, IONOS collects various log files including your IP address. For details, please refer to IONOS’s privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation of our website. If corresponding consent has been requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g., device fingerprinting) as defined by the TTDSG. Consent may be withdrawn at any time.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) with the above-mentioned provider. This is a legally required contract that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General Information and Mandatory Disclosures

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is any data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of the data from access by third parties is not possible.

Controller Information

The controller responsible for data processing on this website is:

Maier Hotels GmbH & Co. KG
Kranzhornstraße 6
85567 Grafing, Germany
www.hotel-praesident.de

Personally liable partner:
Maier Hotelverwaltungs GmbH
Managing Directors: Claudia Maier and Florian Maier
Phone: +49 89 24449990
Email: stay@maierprivathotels.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur after these reasons cease to apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Article 6(1)(a) GDPR or, if special categories of data are processed, Article 9(2)(a) GDPR. In the case of explicit consent to the transfer of personal data to third countries, processing is also based on Article 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing is additionally based on § 25(1) TTDSG. Consent may be withdrawn at any time.
If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Article 6(1)(b) GDPR.
If the data is required for the fulfillment of a legal obligation, we process it on the basis of Article 6(1)(c) GDPR.
Data processing may also be based on our legitimate interest according to Article 6(1)(f) GDPR. The specific legal basis applicable in each case is explained in the relevant sections of this privacy policy.

Data Protection Officer

We have appointed a Data Protection Officer.

Maier Hotels GmbH & Co. KG
Attn: Nadine Maier
Kranzhornstraße 6
85567 Grafing, Germany
Phone: +49 89 2 444 999 0
Email: stay@maierprivathotels.de
Notice Regarding Data Transfers to the USA and Other Third Countries

We use tools from companies based in the USA or other countries that are not considered secure under data protection law. When these tools are active, your personal data may be transferred to and processed in such third countries. Please note that these countries may not guarantee a level of data protection comparable to that of the EU. For example, US companies are obliged to hand over personal data to security authorities without any possibility for you, as the affected individual, to take legal action against this. Therefore, it cannot be ruled out that US authorities (e.g., intelligence agencies) may process, analyze, and store your data located on US servers for surveillance purposes. We have no control over these processing activities.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can withdraw any previously given consent at any time. The legality of data processing carried out prior to the withdrawal remains unaffected.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

IF DATA PROCESSING IS BASED ON ARTICLE 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE APPLICABLE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT ADVERTISING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ARTICLE 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place of the alleged infringement. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either yourself or to a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done where technically feasible.

Right to Access, Rectification, and Deletion

Within the framework of applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing. You may also have the right to request the correction or deletion of this data. For this and other questions regarding personal data, you can contact us at any time.

Right to Restrict Processing

You have the right to request the restriction of the processing of your personal data. You may contact us at any time to exercise this right. The right to restriction of processing applies in the following cases:

If you contest the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification process, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was or is unlawful, you may request the restriction of processing instead of deletion.

If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you may request the restriction of processing instead of deletion.

If you have objected pursuant to Article 21(1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock icon in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to Promotional Emails

We hereby object to the use of contact data published under the legal notice obligation for the purpose of sending unsolicited advertising and informational materials. The site operators expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website

Cookies

Our websites use so-called “cookies.” Cookies are small data packets that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies) on your device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain on your device until you delete them yourself or they are automatically removed by your web browser.

Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services provided by third-party companies within websites (e.g., cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g., shopping cart functionality or video display). Other cookies may be used to analyze user behavior or for advertising purposes.

Cookies necessary for carrying out electronic communications, providing certain functions requested by you (e.g., the shopping cart), or optimizing the website (e.g., cookies for measuring web traffic) are stored based on Article 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing is carried out solely on the basis of this consent (Article 6(1)(a) GDPR and § 25(1) TTDSG); consent can be revoked at any time.

You can configure your browser to notify you about the setting of cookies, to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with Osano

Our website uses Osano’s consent technology to obtain and document your consent to the storage of certain cookies on your device or the use of specific technologies in a manner compliant with data protection laws. The provider of this technology is Osano, Inc., 3800 North Lamar Blvd, Suite 200, Austin, Texas 78756, USA (hereinafter referred to as “Osano”).

When you access our website, a connection is established with Osano’s servers to obtain your consents and other declarations regarding cookie usage. Osano then stores a cookie in your browser to associate the given consents or their withdrawal with you. The collected data is retained until you request its deletion, delete the Osano cookie yourself, or the purpose for data storage ceases to apply. Mandatory statutory retention obligations remain unaffected.

According to Osano, data from European website visitors is processed exclusively on regional servers within the EU.

The use of Osano is intended to obtain the legally required consents for the use of cookies. The legal basis for this is Article 6(1)(c) GDPR.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This is a legally required agreement that ensures the provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Contact Form

If you send us inquiries via the contact form, the information you provide in the form, including the contact details you enter, will be stored by us for the purpose of processing your inquiry and for follow-up questions. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR, provided your inquiry is related to the performance of a contract or is necessary for carrying out pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if it was obtained; consent may be withdrawn at any time.

The data you enter in the contact form will remain with us until you request deletion, withdraw your consent to storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory legal requirements – especially retention periods – remain unaffected.

Inquiry by Email, Phone, or Fax

If you contact us via email, telephone, or fax, your inquiry, including all resulting personal data (e.g., name, request), will be stored and processed by us for the purpose of handling your concern. We do not share this data without your consent.

The processing of this data is based on Article 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), if it has been requested; consent can be withdrawn at any time.

The data you send to us via contact inquiries remains with us until you request deletion, withdraw your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions – especially legal retention periods – remain unaffected.

Use of Chatbots

We use chatbots to communicate with you. Chatbots are capable of responding to your inquiries and other inputs without human assistance. To do so, the chatbots analyze your inputs and additional data (e.g., names, email addresses, other contact data, customer numbers, other identifiers, orders, and chat history) to provide appropriate responses. Furthermore, chatbots may collect your IP address, log files, location data, and other metadata. This data is stored on the chatbot provider’s servers.

Based on the collected data, user profiles may be created. The data may also be used to display interest-based advertising, provided the necessary legal requirements (especially consent) are met. Chatbots may be linked with analytics and advertising tools for this purpose.

The collected data may also be used to improve our chatbots and their responses through machine learning.

The data you enter during communication will remain with us or the chatbot operator until you request deletion, withdraw your consent to storage, or the purpose for data storage ceases to apply (e.g., after your request has been processed). Mandatory legal requirements – particularly retention periods – remain unaffected.

The legal basis for the use of chatbots is Article 6(1)(b) GDPR if the chatbot is used to initiate or fulfill a contract. Where consent has been obtained, processing is based exclusively on Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent may be withdrawn at any time. In all other cases, use is based on our legitimate interest in effective customer communication (Article 6(1)(f) GDPR).

5. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform any independent analyses. It merely serves to manage and deploy the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and administration of various tools on their website. If the appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent can be withdrawn at any time.

Google Analytics

This website uses features of the Google Analytics web analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user’s origin. This data is assigned to the respective user’s device. A direct assignment to a user ID does not occur.

Additionally, Google Analytics can record mouse and scroll movements and clicks. Google Analytics also uses modeling techniques to supplement the collected data and applies machine learning technologies for data analysis.

Google Analytics uses technologies that allow user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and § 25(1) TTDSG. You may withdraw your consent at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated IP anonymization on this website. This means that Google shortens your IP address within the member states of the European Union or in other states party to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Data Processing Agreement

We have entered into a Data Processing Agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter certain search terms (keyword targeting). Additionally, targeted ads can be shown based on the user data available to Google (e.g., location data and interests) (audience targeting). As the website operator, we can analyze this data quantitatively, such as determining which search terms led to the display of our ads and how many resulted in clicks.

The use of this service is based on your consent in accordance with Article 6(1)(a) GDPR and § 25(1) TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

6. Newsletter

Newsletter Data

If you would like to receive the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the email address provided and that you consent to receiving the newsletter. No additional data is collected or only on a voluntary basis. We use newsletter service providers as described below to manage our newsletters.

Brevo

This website uses Brevo for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service that enables us to organize and analyze newsletter distribution. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue GmbH’s servers in Germany.

Data Analysis by Brevo

With Brevo, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This allows us to identify which links are particularly popular.

We can also determine whether certain pre-defined actions were taken after opening or clicking the newsletter (conversion rate), such as whether you made a purchase after clicking on the newsletter.

Brevo also allows us to segment newsletter recipients into various categories (so-called “clustering”), such as by age, gender, or location. This enables us to tailor newsletters more effectively to specific target groups.

If you do not want your data to be analyzed by Brevo, you must unsubscribe from the newsletter. We provide a corresponding unsubscribe link in every newsletter message.

For more information about Brevo’s features, please visit: https://www.brevo.com/en/newsletter-software/.

Legal Basis

The processing of your data is based on your consent (Article 6(1)(a) GDPR). You can revoke this consent at any time. The legality of any data processing that has already occurred remains unaffected by the revocation.

Storage Duration

The data you provide to subscribe to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored for other purposes remains unaffected.

After you unsubscribe from the newsletter, your email address may be stored in a blacklist by us or the newsletter service provider, if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest under Article 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more information, please refer to Brevo’s privacy policies at:
https://www.brevo.com/en/privacy-overview/ and https://www.brevo.com/en/legal/privacypolicy/.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This legally required agreement ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

7. Plugins and Tools

YouTube with Enhanced Privacy

This website embeds videos from the YouTube platform. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website unless they watch the video. However, data sharing with YouTube partners is not necessarily excluded by the enhanced privacy mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, YouTube can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

Additionally, once a video starts, YouTube may store cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. These data are used, among other things, to compile video statistics, improve user experience, and prevent fraud.

Further data processing operations may be triggered after the start of a YouTube video, over which we have no control.

The use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. Where consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent may be revoked at any time.

For more information on YouTube’s data privacy, please refer to their privacy policy at: https://policies.google.com/privacy?hl=en.

Google Fonts (Local Hosting)

This site uses Google Fonts for uniform font display, provided by Google. The Google Fonts are installed locally, and there is no connection to Google’s servers.

For more information about Google Fonts, see https://developers.google.com/fonts/faq and Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the features of Google Maps, it is necessary to store your IP address. This information is typically transferred to a Google server in the United States and stored there. The provider of this site has no control over this data transfer. When Google Maps is activated, Google may use Google Fonts to ensure uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

The use of Google Maps is in the interest of presenting our online offerings attractively and making the locations specified on the website easy to find. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under TTDSG. Consent may be revoked at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

For more information on how Google handles user data, please see Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to determine whether data entered on this website (e.g., via a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the visitor accesses the website. reCAPTCHA evaluates various data (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analysis runs completely in the background. Website visitors are not notified that an analysis is taking place.

Data storage and analysis are based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated surveillance and spam. If consent was requested, processing is carried out exclusively based on Article 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

For more information about Google reCAPTCHA, please see Google’s privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

Wordfence

We have integrated Wordfence on this website. The provider is Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence is used to protect our website against unauthorized access and malicious cyberattacks. For this purpose, our website maintains a continuous connection to Wordfence’s servers, so that Wordfence can compare its databases with the access attempts made on our site and potentially block them.

The use of Wordfence is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the most effective protection possible of its website from cyber threats. If consent was requested, processing is based solely on Article 6(1)(a) GDPR and § 25(1) TTDSG, provided the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent may be withdrawn at any time.

Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details are available at: https://www.wordfence.com/help/general-data-protection-regulation/.

Data Processing Agreement

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This legally required agreement ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

8. eCommerce and Payment Providers

Processing of Customer and Contract Data

We collect, process, and use personal customer and contract data to establish, define the content of, and amend our contractual relationships. We collect, process, and use personal data relating to the use of this website (usage data) only to the extent necessary to enable the user to utilize the service or to bill them for it. The legal basis for this is Article 6(1)(b) GDPR.

The collected customer data will be deleted after the completion of the order or the termination of the business relationship and after the expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.

9. Our Own Services

Handling Applicant Data

We offer you the opportunity to apply to us (e.g., by email, postal mail, or via an online application form). Below, we inform you about the scope, purpose, and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data complies with applicable data protection laws and all other legal provisions, and that your data is treated with strict confidentiality.

Scope and Purpose of Data Collection

When you submit an application to us, we process your associated personal data (e.g., contact and communication details, application documents, notes from interviews, etc.), to the extent necessary for the decision on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Article 6(1)(b) GDPR (general contract initiation), and – if you have given consent – Article 6(1)(a) GDPR. Consent may be withdrawn at any time. Your personal data is shared within our company only with persons involved in processing your application.

If your application is successful, the data you submitted will be stored in our data processing systems based on § 26 BDSG and Article 6(1)(b) GDPR for the purpose of carrying out the employment relationship.

Data Retention Period

If we are unable to offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you submitted for up to six months after the conclusion of the application process (rejection or withdrawal of the application) based on our legitimate interests (Article 6(1)(f) GDPR). The data will then be deleted, and any physical application documents will be destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be needed beyond the six-month period (e.g., due to a pending or threatened legal dispute), deletion will take place only when the purpose for further storage no longer applies.

Longer retention may also occur if you have given your explicit consent (Article 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

Inclusion in the Applicant Pool

If we do not offer you a position, there may be an opportunity to include you in our applicant pool. In this case, all documents and information from the application will be transferred to the applicant pool to contact you in the event of suitable vacancies.

Inclusion in the applicant pool occurs exclusively based on your explicit consent (Article 6(1)(a) GDPR). Giving consent is voluntary and unrelated to the ongoing application process. You can revoke your consent at any time. In that case, the data will be permanently deleted from the applicant pool, provided there are no legal reasons for retention.

Data in the applicant pool will be permanently deleted no later than two years after consent is granted.