Privacy policy
1. Data protection at a glance
General information
The following provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy below.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the ‘Information on the controller’ section of this privacy policy.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may include, for example, data that you enter into a contact form.
Other data is collected by our IT systems automatically or with your consent when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have with regard to your data?
You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to request this data be corrected or erased. If you have given your consent to the processing of your data, you may revoke this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the relevant supervisory authority.
You can contact us at any time if you have any questions about data protection.
Analytics tools and third-party tools
When you visit this website, your surfing behaviour may be statistically evaluated. This is primarily done with analysis programs.
Detailed information about these analysis programs can be found in the privacy policy.
2. Hosting
Strato
We host our website on Strato. The provider is Strato AG, Otto-Ostrowski-Strasse 7, 10249 Berlin (hereinafter referred to as ‘Strato’). When you visit our website, Strato collects various log files including your IP addresses.
For more information, please refer to Strato’s privacy policy: https://www.strato.de/datenschutz/.
Strato is used on the basis of Article 6 (1) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
3. General and mandatory information
Data protection
The operators of these sites take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. A variety of personal data is collected when you use this website. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this takes place. We would like to point out that data transmission over the internet (e.g. when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect the data from access by third parties.Information on the controller
The controller responsible for processing data on this website is: Steffen Jurtz Phone: +49 (0)30 8877 6888 Email: info@nextrail.com The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).Duration of storage
Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for erasure or revoke your consent to the processing of your data, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the erasure will occur once these reasons no longer apply.General information on the legal basis of data processing on this website
If you have consented to the processing of your data, we will process your personal data on the basis of Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, insofar as special categories of data are processed pursuant to Article 9 (1) GDPR. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. You may withdraw your consent at any time. If your data is required for the fulfilment of a contract or to take steps prior to entering into a contract, we process your data on the basis of Article 6 (1) (b) GDPR. Furthermore, we process your data insofar as it is necessary to fulfil a legal obligation on the basis of Article 6 (1) (c) GDPR. Data may also be processed on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR. The subsequent paragraphs of this privacy policy provide information on the relevant legal bases in each individual case.Data protection officer
We have appointed a data protection officer for our company. Dr Phillip Käser Phone: +49 (0)176 5555 9982 Email: p.kaeser@kaeser-consulting.deNote on data transfer to the United States and other third countries
Among other things, we use tools from companies based in the United States or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to and processed in those third countries. Please note that these countries cannot guarantee a level of data protection comparable to that of the EU. For example, US companies are obliged to disclose personal data to security authorities without you, as the data subject, being able to take legal action. Therefore, it cannot be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data stored on US servers for monitoring purposes. We have no control over these processing activities.Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out prior to the withdrawal of consent remains unaffected by the withdrawal of consent.Right to object to data collection in special cases and to direct marketing (Article 21 GDPR)
IF DATA ARE PROCESSED BASED ON ARTICLE 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. FOR MORE INFORMATION ON THE SPECIFIC LEGAL BASIS ON WHICH PROCESSING IS BASED, PLEASE REFER TO THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN PROVE COMPELLING, PROTECTIVE REASONS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21 (1) GDPR).IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT ADVERTISING, YOU HAVE THE RIGHT AT ANY TIME TO LODGE AN OBJECTION TO THE PROCESSING OF PERSONAL DATA AFFECTING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT CONCERNS SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER USED FOR DIRECT MARKETING PURPOSES (REVOCATION ACCORDING TO ARTICLE 21 (2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedies.Right to data portability
You have the right to have data that we process automatically on the basis of your consent or for the performance of a contract delivered to you or to a third party in a commonly used, machine-readable format. If you request the direct transmission of the data to another controller, this will only be done to the extent technically feasible.SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content such as orders or inquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol next to the address line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.Information, erasure and rectification
Within the framework of the applicable statutory provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients, the purpose of the data processing and, if necessary, the right to have this data corrected or erased. Please do not hesitate to contact us at any time if you have any further questions about personal data.Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do so. The right to restriction of processing exists in the following cases:- If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data has taken place unlawfully, you may request that the processing of your data be restricted instead of having the data erased.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request that the processing of your personal data be restricted instead of having the data erased.
- If you have lodged an objection pursuant to Article 21 (1) GDPR, your interests must be weighed against our interests. Until it has been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
4. Data collection on this website
Cookies
Our websites use cookies. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
In some cases, cookies from third-party companies may also be stored on your device when you access our website (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you require (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Article 6 (1) (f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies that are necessary for the technically error-free and optimised provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out solely on the basis of this consent (Article 6 (1) (a) GDPR and section 25 (1) TTDSG); you may withdraw your consent at any time.
You can set your browser to inform you of the placement of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies in certain cases or in general, and to enable the automatic deletion of cookies when you close your browser. If cookies are deactivated, the functionality of this website may be restricted.
If third-party cookies are used or for analysis purposes, we will inform you of this separately in the context of this privacy policy and, if necessary, request your consent.
Consent using Borlabs Cookie
Our website uses the consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser or the use of certain technologies and to document them in accordance with data protection regulations. This technology is provided by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).
When you visit our website, a Borlabs cookie is stored in your browser which stores the opt-ins you have provided or the revocation of consent. This data will not be passed on to the provider of Borlabs Cookie.
The data collected will be stored until you ask us to delete it, you delete the Borlabs cookie itself or the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on the processing of data by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs Cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 (1) (c) GDPR.
Server log files
The provider of the website automatically collects and stores information in server log files, which your browser automatically transmits to us. The information is the following:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website: the server log files must be recorded for this purpose.
Contact form
If you send us enquiries via the contact form, we will store your details from the enquiry form, including the contact details you provide, for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR, insofar as your enquiry is related to the performance of a contract or is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in effectively processing the enquiries sent to us (Article 6 (1) (f) GDPR) or on your consent (Article 6 (1) (a) GDPR) if this has been requested; you may withdraw your consent at any time.
The data you enter in the contact form remains with us until you ask us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory statutory provisions – in particular, retention periods – remain unaffected.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, we will store and process your enquiry, including all personal data (name, enquiry), for the purpose of processing your enquiry. We will not pass on this data without your consent.
This data is processed on the basis of Article 6 (1) (b) GDPR, insofar as your enquiry is related to the performance of a contract or is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in effectively processing the enquiries sent to us (Article 6 (1) (f) GDPR) or on your consent (Article 6 (1) (a) GDPR) if this has been requested; you may withdraw your consent at any time.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory statutory provisions – in particular, statutory retention periods – remain unaffected.
Calendar
You can make appointments with us on our website. We use the Calendly tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter referred to as ‘Calendly’).
To book an appointment, enter the requested dates and the desired date in the form provided. The data entered will be used for planning, carrying out and, if necessary, for the follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy can be viewed here: https://calendly.com/de/pages/privacy.
The data you enter will remain with us until you ask us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
The legal basis for data processing is Article 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as straightforward as possible. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
The transfer of data to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://calendly.com/pages/dpa.
Data processing
We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Hubspot CRM
We use Hubspot CRM on this website. The provider is Hubspot Inc. 25 Street, Cambridge, MA 02141, USA (hereinafter referred to as Hubspot CRM).
Among other things, Hubspot CRM enables us to manage existing and potential customers and customer contacts. With the help of Hubspot CRM, we are able to capture, sort and analyse customer interactions via email, social media or telephone across different channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing activities (e.g. newsletter mailshots). With Hubspot CRM, we are also able to record and analyse the user behaviour of our contacts on our website.
Hubspot CRM is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in managing and communicating with customers as efficiently as possible. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
For details, please refer to Hubspot’s privacy policy: https://legal.hubspot.com/de/privacy-policy.
The transfer of data to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.hubspot.de/data-privacy/privacy-shield.
Processing
We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
5. Analysis tools and advertising
Google Tag Manager
We use Google Tag Manager. It is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.Google Tag Manager is a tool that enables us to integrate tracking or statistics tools and other technologies with our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out independent analyses. It merely serves to manage and display the tools integrated via it. However, Google Tag Manager collects your IP address, which can also be transferred to Google’s parent company in the United States.
Google Tag Manager is used on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in the fast and straightforward integration and administration of various tools on its website. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
Google Analytics
This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.
Furthermore, we can use Google Analytics to record your mouse movements, scrolling movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to supplement the collected data sets and uses machine learning technologies to analyse the data.
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the United States and stored there.
This service is used on the basis of your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) TTDSG. You may withdraw your consent at any time.
The transfer of data to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Browser plug-in
You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. For more information on how Google Analytics handles user data, please refer to Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Google-Signals
We use Google Signals. When you visit our website, Google Analytics collects information such as your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google Signal. If you have a Google account, Google Signal’s visitor data is linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the user behaviour of our users.
Data Processing
We have entered into a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Google Analytics e-commerce measurement
This website uses the e-commerce measurement feature of Google Analytics. With the help of e-commerce measurement, the website operator can analyse the buying behaviour of website visitors in order to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data may be grouped by Google under a transaction ID associated with the respective user or their device.
WP Statistics
This website uses the WP Statistics analysis tool to statistically evaluate visitor access. The provider is Veronalabs, ARENCO Tower, 27th Floor, Dubai Media City, Dubai, Dubai 23816, UAE (https://veronalabs.com).WP Statistics enables us to analyse the use of our website. WP Statistics collects, among other things, log files (IP address, referrer, browsers used, origin of the user, search engine used) and actions that website visitors have carried out on the site (e.g. clicks and views).
The data collected with WP Statistics is stored exclusively on our own server.
This analysis tool is used on the basis of Article 6 (1) (f) GDPR. We have a legitimate interest in the anonymised analysis of user behaviour in order to optimise both our website and our advertising. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
IP anonymisation
We use WP Statistics with anonymised IP. Your IP address is truncated so that it can no longer be assigned to you directly.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.With the help of Google conversion tracking, we and Google can identify whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked and how often, and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have carried out. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
This service is used on the basis of your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) TTDSG. You may withdraw your consent at any time.
Google itself uses cookies or comparable recognition technologies for identification purposes. https://policies.google.com/privacy?hl=de.
LinkedIn Insight Tag
This website uses the LinkedIn Insight tag. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.Data processing by LinkedIn Insight Tag
Using the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered on LinkedIn, we can analyse key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. In addition, we can use LinkedIn Insight Tags to measure whether visitors to our websites are making a purchase or taking any other action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). The LinkedIn Insight Tag also offers a retargeting function that allows us to show visitors to our website targeted advertising outside the website, although LinkedIn does not identify the advertising addressee.
LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties, and time of access). The IP addresses are truncated or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the United States and use it for its own advertising activities. Details can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.
Legal basis
If consent has been obtained, the aforementioned service is used solely on the basis of Article 6 (1) (a) GDPR and Section 25 TTDSG. You may withdraw your consent at any time. Unless consent has been obtained, this service is used on the basis of Article 6 (1) (f) GDPR; the website operator has a legitimate interest in effective advertising measures, including social media.
The transfer of data to the United States is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Objection to the use of LinkedIn Insight Tag
Object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Members of LinkedIn can also control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website with your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Data Processing
We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
6. Newsletter
Newsletter data
If you wish to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.The data entered in the newsletter registration form is processed solely on the basis of your consent (Article 6 (1) (a) GDPR). You may revoke your consent to the storage of your data, your email address and their use to send the newsletter at any time – for example, via the ‘Unsubscribe’ link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the withdrawal of consent.
The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter or when the purpose is no longer applicable. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Article 6 (1) (f) GDPR.
Data stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, we or the newsletter service provider may store your email address in a blacklist if this is necessary to prevent future mailshots. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Article 6 (1) (f) GDPR). Storage in the blacklist is for an indefinite period. You may object to storage if your interests outweigh our legitimate interest.
7. Plug-ins and tools
YouTube with enhanced data protection
This website incorporates videos from YouTube. The website is operated by Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.We use YouTube in privacy-enhanced mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by privacy-enhanced mode. This allows YouTube to connect to the Google DoubleClick network regardless of whether you are watching a video.
As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your device after a video is started or use comparable recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness and prevent attempted fraud.
Further data processing operations may be initiated after the start of a YouTube video over which we have no control.
YouTube is used in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
You can find more information about data protection at YouTube in its privacy policy here: https://policies.google.com/privacy?hl=de.
Vimeo without tracking (Do Not Track)
This website uses plug-ins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.When you visit one of our sites featuring Vimeo videos, a connection to the Vimeo servers is established. The Vimeo server is informed which of our pages you have visited. Vimeo also obtains your IP address. However, we have configured Vimeo so that Vimeo will not track your user activity and will not set cookies. Vimeo is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR; you may withdraw your consent at any time.
The transfer of data to the United States is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on ‘legitimate business interests’. Details can be found here: https://vimeo.com/privacy.
Further information on how user data is handled can be found in Vimeo’s privacy policy here: https://vimeo.com/privacy.
Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the United States and stored there. The provider of this website has no influence on this data transmission. If Google Maps is enabled, Google may use Google Web Fonts for the purpose of uniform presentation of fonts. When you access Google Maps, your browser loads the required web fonts to your browser cache in order to display text and fonts correctly.
Google Maps is used in the interest of presenting our online offers in an appealing way and making it easy to find the places we specify on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) (f) GDPR. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
Data transmission to the United States is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on how user data is handled, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Google reCAPTCHA
We use Google reCAPTCHA (hereinafter ‘reCAPTCHA’) on this website. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the purposes of analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analysed on the basis of Article 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its website from improper automated spying and spam. If corresponding consent has been requested, processing is carried out solely on the basis of Article 6 (1) (a) GDPR and Section 25 (1) of the German telecommunications and telemedia data protection act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You may withdraw your consent at any time.
Further information about Google reCAPTCHA can be found in Google’s privacy policy and Google’s terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
8. Audio and video conferences
Data processingWe use online conferencing tools, among others, to communicate with our customers. The specific tools we use are listed below. When you communicate with us via video or audio conferencing over the internet, your personal data will be collected and processed by us and the provider of the respective conferencing tool.
The conferencing tools collect all data that you provide/use to use the tools (email address and/or your telephone number). Furthermore, the conferencing tools process the duration of the conference, the beginning and end (time) of participation in the conference, the number of participants and other context information in connection with the communication process (metadata).
Furthermore, the provider of the tool processes all technical data required to process online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
If content is exchanged, uploaded or otherwise provided within the tool, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemail, uploaded photos and videos, files, whiteboards and other information shared during use of the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the company policy of the respective provider. Further information on data processing by the conferencing tools can be found in the privacy statements of the tools used, which we have listed below.
Purpose and legal basis
The conferencing tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Article 6 (1) (b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Article 6 (1) (f) GDPR). If consent has been requested, the tools in question are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.
Duration of storage
The data collected directly by us via the video and conferencing tools is erased by our systems as soon as you ask us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected.
We have no control over the storage period of your data, which is stored by the operators of the conferencing tools for their own purposes. For details, please contact the operators of the conferencing tools directly.
Conferencing tools used
We use the following conferencing tools:
Skype for Business
We use Skype for Business. The provider is Skype Communications SARL, 23–29 Rives de Clausen, L-2165 Luxembourg Details on data processing can be found in Skype’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement/.Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Details on data processing can be found in the Microsoft Teams privacy policy: https://privacy.microsoft.com/de-de/privacystatement.Data Processing
We have entered into a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
9. Own services
Handling applicant data
We offer you the opportunity to apply to work with us (e.g. by email, by post or via the online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in the strictest confidence.
Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes during job interviews, etc.) to the extent necessary to decide whether to establish an employment relationship. The legal basis for this is section 26 of the German Federal Data Protection Act (BDSG) (initiation of an employment relationship), Article 6 (1) (b) GDPR (general initiation of contracts) and – if you have given your consent – Article 6 (1) (a) GDPR. You may withdraw your consent at any time. Within our company, your personal data will only be passed on to persons who are involved in processing your application.
If the application is successful, the data you submit will be stored in our data processing systems for the purpose of implementing the employment relationship on the basis of section 26 BDSG and Article 6 (1) (b) GDPR.
Data retention period
If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you provide on the basis of our legitimate interests (Article 6 (1) (f) GDPR) for up to six months from the end of the application process (refusal or withdrawal of the application). The data is then deleted and the physical application documents destroyed. In particular, this data is stored for evidentiary purposes in the event of a legal dispute. If it is evident that the data will be necessary after the expiry of the six-month period (e.g. due to an impending or pending legal dispute), it will only be deleted if the purpose for the further storage no longer applies.
It may also be stored for a longer period if you have given your consent (Article 6 (1) (a) GDPR) or if statutory retention obligations prevent deletion.
Inclusion in the applicant pool
If we do not offer you a job, you may have the option of being added to our applicant pool. If you are accepted, all documents and information from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
You will only be added to the applicant pool on the basis of your express consent (Article 6 (1) (a) GDPR). The granting of consent is voluntary and has no bearing on the ongoing application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are statutory reasons for retention.
Data from the applicant pool shall be irrevocably deleted no later than two years after consent has been granted.
10. Personio GmbH
Controller
The controller within the meaning of data protection law is:
Personio GmbH
Rundfunkplatz 4
80335 Munich
Tel.: +49 (0)89 1250 1005
Entry in the commercial register
Registration number: HRB 213189
Register court: Munich district court
Data protection officer: datenschutz@personio.de
Â
Access protocols (‘server logs’)
Every time you access this recruiting page, general log data, known as server logs, is automatically collected. These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. Without this data, it would be technically impossible to deliver and display the content of the software. In addition, the processing of this data is absolutely necessary for security reasons, in particular for access, input, transfer and storage control. In addition, the anonymous information may be used for statistical purposes as well as for the optimisation of the offer and technology. In addition, the log files can be subsequently checked and evaluated if unlawful use of the software is suspected. In general, data such as the domain name of the website, the web browser, the web browser version, the operating system, the IP address and the time stamp of access to the software are collected. The scope of this logging does not exceed the usual scope of any other website on the internet. These access logs are stored for up to seven days. There is no right to object to the logging of this information.
Â
Error logs
Error logs are created for the purpose of identifying and rectifying errors. This is absolutely necessary in order to be able to react as quickly as possible to possible problems with the presentation and implementation of content (legitimate interest). These data are usually pseudonyms and therefore do not allow any conclusions to be drawn about a natural person. When an error message occurs, general data such as the domain name of the website, the web browser, the web browser version, the operating system, the IP address and the time stamp when the corresponding error message/specification occurs are collected. These error logs can be stored for up to seven days. There is no right to object to the logging of this information.
Â
Use of cookies
Cookies are sometimes used on this recruiting page. These are small text files that are stored on the device you use to access this recruiting page. Basically, cookies are used to ensure security when visiting a website (‘absolutely necessary’), to implement certain functionalities such as default language settings (‘functional’), to improve the user experience or performance on the website (‘performance’) or to display target-group-based advertising (‘marketing’). This recruiting page only uses strictly necessary functional and performance cookies – in particular, to implement certain presets such as language – to identify the application channel or to analyse the performance of a job advertisement via which a user accessed this recruiting page. The use of cookies is absolutely necessary for the provision of our services and thus for the fulfilment of the contract (Article (1) (b) GDPR). Duration of storage: Up to one month or until the end of the browser session Right to object: You can use your browser settings to determine whether you want to allow cookies or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocking the functionality of this recruiting page.
Â
Rights of data subjects
If personal data is processed by Personio GmbH as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right to information (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR) and the right to object (Article 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Article 7 (III) GDPR. To assert your rights as a data subject with regard to the data processed for the operation of this recruitment page, please contact Personio GmbH’s data protection officer (see section B.).
Â
Final provisions
Personio reserves the right to amend this privacy policy at any time to ensure that it always complies with current legal requirements or to implement changes to the services in the privacy policy – for example, when introducing new services. If you visit this recruitment page again or apply again, the new data protection declaration will then apply.
Â
Personal data as part of the application process
Personal data is information about the personal or material circumstances of an identified or identifiable natural person. This includes information such as your name, address, telephone number and date of birth, as well as information about your specific career development etc. that can be attributed to a specific person with reasonable effort. Information that is not (directly) associated with your real identity, by contrast, is not personal data.
Â
Basics and purposes of processing personal data for applications and during the application process
If you apply to us electronically – that is, by email or via our web form – we will collect and process your personal data for the purpose of processing the application process and taking steps prior to entering into a contract. By submitting an application on our recruiting page, you are expressing your interest in taking up employment with us. In this context, you provide us with personal data that we use and store exclusively for the purpose of your job search/application In particular, the following data is collected:
- Name (first name and surname)
- Email address
- Telephone number
- Channels where you found out about us
You can also upload meaningful documents such as a cover letter, your CV and references. This may contain other personal data such as date of birth, address, etc. Your data may only be accessed by authorised personnel or employees involved in the application process. Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied. Your data will be stored for a period of 90 days after the end of the application process. This is usually done to comply with legal obligations or to defend against any claims arising from statutory provisions. We are then obliged to delete or anonymise your data. In this case, the data is only available to us as metadata without any direct reference to a person for statistical analysis (e.g. the proportion of women or men in applications, the number of applications per period, etc.). In addition, we reserve the right to store your data for inclusion in our talent pool for 90 days after the end of the application process in order to identify any other positions of interest to you. This also applies, for example, to applications for an apprenticeship or internship. By accepting the privacy policy, you consent to any further storage of your data and inclusion in our talent pool. If you receive and accept an offer for
employment with us during the application process, we will store the personal data collected during the application process for at least the duration of the employment relationship.
Â
Disclosure of data to third parties
The data transmitted as part of your application will be transmitted using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). In this context, Personio is our processor in accordance with Article 28 GDPR. The basis for processing is a data processing agreement between us, as the controller, and Personio.
Â
Rights of data subjects
If personal data is processed by us as the controller, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and purpose of the processing, in particular the right to information (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to data portability (Article 20 GDPR) and the right to object (Article 21 GDPR). If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Article 7 (III) GDPR. To assert your rights as a data subject with regard to the data processed in this online application process, please contact our data protection officer (see section 2.).
Â
Final provisions
We reserve the right to amend this privacy policy at any time to ensure that it always meets current legal requirements or to reflect changes in the application process or similar. If you visit this recruitment page again or apply again, the new data protection declaration will then apply. In addition to this privacy policy, you can view our general privacy policy here: https://nextrail.com/datenschutz.
Processing of (personal) data by the operator of the recruiting page
General
This recruitment page is operated by Personio GmbH, a company based in Germany that offers personnel administration and applicant management software (https://www.personio.de/impressum/). The data transmitted as part of your application will be transmitted by TLS encryption and stored in a database. The company conducting this online application process is solely responsible for this data within the meaning of Article 24 GDPR. Personio is merely the operator of the software and this recruiting website and, in this context, a processor within the meaning of Article 28 GDPR. The basis for processing by Personio is a data processing agreement between the controller and Personio. Personio GmbH also processes other data, some of which may also be personal data, in order to provide its services – in particular, for operating this recruitment website. This is discussed in more detail below.
Â
© 2022 eRecht24 GmbH & Co. KG
This data protection information was created using the eRecht24 generator. https://www.e-recht24.de/muster-datenschutzerklaerung.html
