Thank you for your interest in our website and the data processing involved. The following data protection information contains, among other things, information about which personal user data is processed when you visit our website, the legal basis on which this data processing is based and what rights you are entitled to as the data subject. By providing this information, we comply with our transparency obligations pursuant to Art. 12 and 13 of the European Data Protection Regulation (EU GDPR).
The person responsible for this website within the meaning of the GDPR, the Federal Data Protection Act (BDSG) and other data protection regulations is:
CHOCOTECH GmbH
Dornbergsweg 32
38855 Wernigerode
Phone: +493943 5506-0
E-Mail: datenschutz@chocotech.de
Further information about our company and contact details can be found in our Imprint.
We have appointed a data protection officer for our company. You can get in touch with our DPO using the following contact details:
Ms Antonia Schreiber
DATA 4.0 Gesellschaft für Datenschutz und Datensicherheit mbH
Dornbergsweg 2
38855 Wernigerode
E-Mail: a.schreiber@data40.de
Phone: +493943 5099490
Further information on data processing
Usercentrics A/S is responsible for further data processing. Further information on security and data protection at Usercentrics GmbH can be found via the following link https://www.cookiebot.com/de/privacy-policy/ .
Description and scope of data processing
We use "hCaptcha" to check whether the data entries on our website (e.g. in a contact form) are made by a human or abusively by an automated program. hCaptcha is used to check whether user actions on our website (e.g. submitting a contact form) meet our security requirements. To do this, hCaptcha analyses the behaviour of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website with activated hCaptcha. The provider of this service is Intuition Machines Inc, 350 Alabama St., San Francisco, CA 94110, USA (hereinafter referred to as "hCaptcha"). The following personal data may be processed:
Legal basis for data processing
The processing of your data is technically necessary for the execution of our security tool and therefore follows §25 para. 2 TDDDG. The processing of your data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to protect the website from abusive automated crawling, spam and other forms of misuse that may harm our website or other users of our website.
The transfer of data to hCaptcha servers in the USA, is based on the standard contractual clauses of the EU Commission. For further information, visit https://newassets.hcaptcha.com/dpa/IMI_Data_Processing_Addendum_4.20.2023.pdf
We have concluded an order processing contract with hCaptcha.
Purpose of data processing
The use of the Captcha service and the associated data processing serves our security interests, in particular to protect our web services from automated spying and spam.
Duration of storage
The aforementioned data will be deleted as soon as it is no longer required for the aforementioned purpose fulfilment.
Further information
You can view the hCaptcha data protection information at https://www.hcaptcha.com/privacy
Matomo
Description and scope of data processing
We use the web analysis service Matomo (formerly Piwik) on our website. Matomo is a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (hereinafter referred to as "Matomo"). Matomo uses text files, so-called "cookies", which are stored on your end device and enable us to obtain information about the use of this website. The cookies used are used to collect and analyse your personal data. We have taken into account the relevant data protection adjustments when integrating Matomo, e.g. your IP address is anonymised before it is saved. When you visit our website, the following data is forwarded to our server and processed there:
Legal basis for data processing
The legal basis for the use of Matomo and the associated storage of Matomo cookies is your consent to data processing and cookie storage in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with. §25 para. 1 TDDDG. You can withdraw this consent at any time. The legality of any data processing that took place prior to consent being revoked remains unaffected.
We have activated the "Do-not-track" support function.
Further information on how Matomo handles your data can be found at the following link https://matomo.org/privacy-policy/ .
Purpose of data processing
The web analysis service Matomo and the associated processing of your personal data help us to analyse the use of this website and for marketing purposes. This enables us to optimise our web presence and continuously improve the user-friendliness of the website.
Duration of storage
Your data will be stored for 12 months. If you do not delete the cookies, they will remain on the device you are using. You have the possibility to prevent the storage of Matomo cookies by means of a setting in your browser. Please refer to the help area of your web browser for this and follow the corresponding instructions. We would like to point out that in this case it will not be possible to use all the functions offered on the website to their full extent.
Possibility of objection
You have the option to object to the processing of your personal data when visiting this website. To do so, please click on the tick in the link below. An opt-out cookie is then stored in your browser, which prevents further data collection and transmission of your session data. If you delete the cookies stored in your browser, the opt-out cookie is also deleted and must be set again by you with a mouse click if necessary.
Integration of MyFonts
Description and scope of data processing
We use MyFonts for the uniform display of fonts. The provider of this service is Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (hereinafter "MyFonts"). When you visit our website, the required web fonts are loaded into your browser cache. This ensures the uniform presentation and display of our script. A web font tracking script or similar technology is embedded on our site to check compliance with the license terms and the number of monthly page views. According to the information provided by MyFonts, the IP address of website visitors is transmitted to servers outside the EU only in an anonymised form. No personal data is collected or processed.
Legal basis for data processing
The legal basis for the integration of MyFonts and consequently for the needs-based design of our website is our legitimate interest as website operator pursuant to Art. 6 para. 1 lit. f) GDPR.
More information on data processing
Further information on how MyFonts handles your data is available at https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy and at https: //www.monotype.com/legal/privacy-policy.
Integration of OpenStreetMap with consent
Description and scope of data processing
We integrate the maps from the service OpenStreetMap (https://www.openstreetmap.org) into our website. This service is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. OpenStreetMap is provided under the Open Data Commons Open Database License (ODbL). For correct display of the map material and short-term storage of the settings made, the IP address, information about the use of this website and user location data are forwarded to OpenStreetMap.
Legal basis for data processing
If you have consented to the processing, your data will be processed on the basis of Art. 6 para. 1 lit. a) DSGVO in conjunction with § 25 para. 1 TDDDG. Your consent can be withdrawn at any time.
Additional information on data processing
OpenStreetMap is responsible for further data processing. For more information on data processing by OpenStreetMap, please see the data privacy policy https://wiki.openstreetmap.org/wiki/Privacy_Policy.
Description and scope of data processing
Our website is hosted by a service provider (external hosting). For this purpose, we use the technical services of Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter "Mittwald"). Each time you visit our website, the web server automatically collects the following information from your system and stores it:
Legal basis for data processing
The legal basis of the hosting and the temporary storage of the aforementioned data as well as their logging in log files is our legitimate interest as website operator per Art. 6 (1) lit. f GDPR in conjunction with. § 25 (2) no. 2 TDDDG [Telecommunications Digital Services Data Protection Act] in optimising our online presence.
Insofar as consent has been requested, the processing is carried out in accordance with Art. 6 (1) lit. a GDPR in conjunction with. § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in your end device (e.g. device fingerprinting) within the meaning of the TDDDG. You can withdraw your consent at any time.
We have concluded an order processing agreement with Mittwald. In this respect, your data will only be processed to the extent necessary for the provision of the service.
Purpose of data processing
The temporary storage of your IP address by the web server is necessary to implement delivery of the website to your computer. To do so, your IP address must remain stored for the duration of your website visit.
The storage of data in log files enables us to ensure the functionality of our website. Furthermore, they enable us to optimise our website and to ensure the security of our information technology systems (e.g. for attack detection). This data is not evaluated for marketing purposes.
Duration of storage
The aforementioned data will be deleted as soon as it is no longer required for the aforementioned purpose fulfilment. For data processing used for the provision of the website, this is the case after you have finished visiting the website.
Data stored in log files is deleted after 7 days at the latest. Storage beyond this can take place. In this case, your IP address is deleted or anonymised so that it is no longer possible to make a personal reference to your system.
Description and volume of data processing
Whenever there is a requirement, we publish job advertisements on our website. Applications can be submitted by post or electronically. When you submit your application data by e-mail or using our online form, we record and store all the personal data which you disclose. Your data is not forwarded to third parties.
Legal basis for data processing
We process your application data in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest of filling vacant positions within our company in a task-oriented and qualified manner.
If an appointment is made as a result of your application, the processing of your application data must be legally recognised as per Article 6(1)(b) GDPR as the implementation of contractual measures.
If you submit your application to us electronically, or use the online form to submit your application, you agree to the processing of your personal data as per Article 6(1)(a) GDPR.
Purpose of data processing
Using your application data, it is possible for us to select applicants for vacant positions.
Duration of storage
We store your data until the application process is completed. If your application does not lead to an appointment, we delete, i.e. destroy, your data, taking into account the legally defined objection periods, once rejection has been communicated.
If you have consented to additional data storage, the respective defined storage period applies.
Right to revocation
If you have provided us with your consent for additional storage of your application data, you have the right to revoke it at any time without the requirement to state reasons. To do so, please contact us by post or send your revocation to the following address: datenschutz@chocotech.de.
Description and volume of data processing
We maintain profiles on social networks. For this purpose, we draw on the technical infrastructure of the respective platform operator. The operators of social networks generally provide their customers with comprehensive analyses on profile visitors, and also use the personal data for their own purposes, e.g. advertising. The data processing processes are not always transparent and comprehensible, but comprise at least the following processing actions in relation to data protection:
The operators of social networks use this data, for instance, to supply you with advertising relating to your interests, and collect comprehensive data on visitors and users. Please refer to the regulations for data processing and use of the respective platform operator for further information on data processing processes and conditions of use.
Legal basis for data processing
The legal basis for use of social networks is our legitimate interest as the website owner in the clear depiction of our company and our range of products and services as per Article 6(1)(f) GDPR.
Joint responsibility and data subject rights
We hold joint responsibility, together with the operator of the respective social network, for the processing of your personal data as per Article 26 GDPR. You can assert your data subject rights both to the platform operator and us. We expressly point out that we can offer no guarantees that you will be able to assert your data subject rights with the service provider of the social network.
Duration of storage
If you do not delete cookies, they remain on the terminal you use. You have the option of preventing the storage of cookies by making the appropriate setting in your browser. For this purpose, please use the help area of your web browser, and follow the respective instructions. We expressly point out that in this case, it is possible that no all the offered functions of the website will work to their full extent.
The data of yours captured by our profiles on social networks is deleted once the purpose has been fulfilled or you request the deletion of your data. If you have provided us with your consent for data processing, you have the right to revoke it at any time. In such cases, we also delete your data. The legal storage periods remain unaffected in the process.
We operate a company profile on LinkedIn. For this purpose, we draw on the technical services of the operator LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Republic of Ireland (referred to hereinafter as "LinkedIn").
We have made an agreement with LinkedIn on joint responsibility (Page Insights Joint Controller Addendum ("Addendum")). You can find the agreement at https://legal.linkedin.com/pages-joint-controller-addendum.
We expressly point out that LinkedIn has its registered office in the USA. Your personal data is stored and processed on servers in the USA. The European Court of Justice (ECJ) has decided that the USA is not a safe third country in the spirit of GDPR, and there is a different level of data protection than in the EU. The US service providers are obliged to reveal personal data, e.g. to the security authorities, without the consent of the data subject. We expressly point out that it is therefore impossible to rule out the possibility that the data of yours on the US servers will be processed, analysed and permanently stored for surveillance purposes or other purposes.
We have no influence on the contents transmitted or the data processing of LinkedIn. If you do not want data to be associated with your user account, please sign out from your own LinkedIn profile before your visit our LinkedIn profile.
LinkedIn is responsible for the further processing of your personal data. Please refer to the LinkedIn data protection policy for further information on data processing by the social network LinkedIn https://www.linkedin.com/legal/privacy-policy.
YouTube
We operate a channel on the social video network YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland (referred to hereinafter as "Google"). When you visit our channel or play our videos, your personal data is processed. These include, e.g.:
We expressly point out that, if you are connected to your YouTube account while you call up the videos on our page, the information will be linked to your user account.
The transfer of data to the Google servers in the USA are subject to the standard contract clauses of the EU Commission. You will find further information on the subject at https://privacy.google.com/businesses/processorterms/mccs/.
Google Ireland Limited is responsible for further data processing. You will find information on the handling of your data by YouTube and Google at https://policies.google.com/privacy
Instagram & Facebook
We use company accounts on the social networks ‘Instagram’ and ‘Facebook’. The operator of both platforms is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as ‘Meta’). When you visit and interact with our profiles on social networks, your personal data is processed by us and also by Meta. This includes, for example:Ihr verwendetes Gerät inkl. Informationen über eingesetzte Software (z.B. Desktop-Computer, Smartphone, Tablet, intelligente Lautsprecher):
If you have your own ‘Instagram’ or ‘Facebook’ account and are logged in there while you visit our company profiles, this information will be linked to your user account. The information can be used to provide you with personalised advertising and products. Your data is collected across all Meta products and all devices used. Meta shares your data with other Meta companies. We have no influence on data processing by Meta. We recommend that you check your browser or account settings with regard to the processing of your data and restrict it if necessary.
The transfer of data to the meta servers outside the European Economic Area, in particular to the USA, is based on the standard contractual clauses of the EU Commission. Further information on this can be found at: https://de-de.facebook.com/help/instagram/272603474673152/?helpref=uf_share.
The EU Commission has decided that the ‘EU-US Data Privacy Framework’ (‘DPF’) ensures an adequate level of protection for the transfer of personal data from the EU to the USA. Meta is a company certified under the EU-US Data Privacy Framework (DPF).
Meta Platforms Ireland Limited is responsible for further data processing. Information on how Meta handles your data can be found at https://privacycenter.instagram.com/policy/ .
If personal data is processed by you as a user, you are considered a data subject in accordance with the GDPR. Data subjects have the following rights vis-à-vis the controller:
Our website may contain links to websites of third parties subject to data protection law. If you access these links and you thereby enable third parties to process your personal data (e.g. your IP address), we have no influence on this processing and can therefore accept no responsibility for it.
We indicate the forwarding to other telemedia providers at the appropriate places symbolically or by textual design.
The protection of your privacy is a serious concern for us. We therefore take appropriate technical and organisational measures to protect your personal data from misuse, alteration and loss.
Your data is protected during transmission on our website by means of an SSL or TLS certificate. You can recognise that such a certificate is in use by the web address as https:// or a closed lock symbol next to the web address.
Despite carefully selected security precautions, we would like to point out that, especially when transmitting via e-mail or our web forms, one hundred percent protection cannot be guaranteed. When transmitting confidential information, please send it by post to the address provided in our legal note.
Within the scope of the legal permission per § 7 (3) UWG, we are entitled to use the e-mail address that you have given us when purchasing a service or product subject to a charge for direct advertising for our own similar products or services. If you no longer wish to receive advertising for similar products or services, you can object to the corresponding use of your e-mail address at any time. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailing or by contacting datenschutz@sollich.com with your email address.
IF DATA PROCESSING IS CARRIED OUT PURSUANT TO. ART. 6 PARA. 1 LIT. E) OR F) DSGVO, YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING. PLEASE REFER TO THE DATA PROTECTION PROVISIONS FOR THE RESPECTIVE LEGAL GROUNDS ON WHICH PROCESSING IS BASED. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1) DSGVO).
IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING, TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PARA. 2 DSGVO).
Objection to advertising e-mails
We hereby object to the use of published contact data in our imprint for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.
Our data protection information is always up to date
Our website is subject to advances in technology that are associated with the operation and possible uses of web services. Therefore, we reserve the right to adapt our data protection information in accordance with changes to our security and data protection measures and any possible further data processing and to make this information available to you here in the version that is currently valid.
Cookies
Description and scope of data processing
We use cookies on our website. Cookies are text files that are stored on your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit. Permanent cookies remain on your end device until you delete them yourself or until they are automatically deleted by your web browser. A distinction is made between technically necessary cookies and cookies from possible third-party providers.
Legal basis for data processing
The legal basis for the use of functionally necessary cookies is our legitimate interest as website operator per Art. 6 (1) lit. f GDPR in conjunction with. §25 (2) no. 2 TDDDG.
The legal basis for setting third-party cookies, which are not subject to any technical necessity, but serve our analysis and marketing interests, is based on the consent you granted per Art. 6 (1) lit. a GDPR in conjunction with. §25 (1) TDDDG [German telecommunications and telemedia data protection act]. You can withdraw this consent at any time. The legality of any data processing that took place prior to consent being revoked remains unaffected.
Purpose of data processing
Technically necessary cookies enable us to provide the website in an error-free, secure and user-friendly manner.
The use of cookies for marketing and analysis purposes enables us to continuously improve the user experience of the website and to generate individual offers.
Duration of storage and opportunity to object
Please refer to the Cookie settings for the storage period of the individual cookies.
You can delete stored cookies at any time in your browser settings or via the settings in the cookie consent area. In addition, you can set individual preferences in your browser by generally objecting to the setting of cookies by websites or third-party providers. We would like to point out that by excluding cookies you may not be able to use our website to its full extent.
Cookie consent with "Cookiebot by Usercentrics"
Description and scope of data processing
This website uses the cookie consent technology "Cookiebot by Usercentrics" to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection regulations. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen (hereinafter referred to as "Usercentrics"). The following personal data is processed:
Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or to revoke them. The data collected in this way is stored for 12 months.
Legal basis for data processing
Usercentrics is used to obtain the legally required consent for the use of cookies. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with §25 para. 1 TTDSG. You can withdraw this consent at any time. The legality of any data processing that took place prior to consent being revoked remains unaffected.
We have concluded an order processing contract with Usercentrics.
Further information on data processing
Usercentrics A/S is responsible for further data processing. Further information on security and data protection at Usercentrics GmbH can be found via the following link https://www.cookiebot.com/de/privacy-policy/ .