Data protection information

Description and scope of data processing

We use "hCaptcha" to check whether the data entries on our website (e.g. in a contact form) are made by a human or abusively by an automated program. hCaptcha is used to check whether user actions on our website (e.g. submitting a contact form) meet our security requirements. To do this, hCaptcha analyses the behaviour of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website with activated hCaptcha. The provider of this service is Intuition Machines Inc, 350 Alabama St., San Francisco, CA 94110, USA (hereinafter referred to as "hCaptcha"). The following personal data may be processed:

• IP address
• Time spent by the visitor on the website
• Browser type, internet service provider, platform type, device type, operating system, date and timestamp of access and other similar information
• Mouse movements made by the user, scroll position, keystroke events, touch events and similar information

Legal basis for data processing

The processing of your data is technically necessary for the execution of our security tool and therefore follows §25 para. 2 TTDSG. The processing of your data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to protect the website from abusive automated crawling, spam and other forms of misuse that may harm our website or other users of our website.

The transfer of data to hCaptcha servers in the USA, is based on the standard contractual clauses of the EU Commission. For further information, visit https://newassets.hcaptcha.com/dpa/IMI_Data_Processing_Addendum_4.20.2023.pdf

We have concluded an order processing contract with hCaptcha.

Purpose of data processing

The use of the Captcha service and the associated data processing serves our security interests, in particular to protect our web services from automated spying and spam.

Duration of storage

The aforementioned data will be deleted as soon as it is no longer required for the aforementioned purpose fulfilment.

Further information

You can view the hCaptcha data protection information at https://www.hcaptcha.com/privacy

Integration of MyFonts

Description and scope of data processing

We use MyFonts for the uniform display of fonts. The provider of this service is Monotype Imaging Holdings Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA (hereinafter "MyFonts"). When you visit our website, the required web fonts are loaded into your browser cache. This ensures the uniform presentation and display of our script. A web font tracking script or similar technology is embedded on our site to check compliance with the license terms and the number of monthly page views. According to the information provided by MyFonts, the IP address of website visitors is transmitted to servers outside the EU only in an anonymised form. No personal data is collected or processed.

Legal basis for data processing

The legal basis for the integration of MyFonts and consequently for the needs-based design of our website is our legitimate interest as website operator pursuant to Art. 6 para. 1 lit. f) GDPR.

More information on data processing

Further information on how MyFonts handles your data is available at https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy and at https: //www.monotype.com/legal/privacy-policy.

Integration of OpenStreetMap with consent

Description and scope of data processing

We integrate the maps from the service OpenStreetMap (https://www.openstreetmap.org) into our website. This service is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. OpenStreetMap is provided under the Open Data Commons Open Database License (ODbL). For correct display of the map material and short-term storage of the settings made, the IP address, information about the use of this website and user location data are forwarded to OpenStreetMap. 

Legal basis for data processing

If you have consented to the processing, your data will be processed on the basis of Art. 6 para. 1 lit. a) DSGVO in conjunction with § 25 para. 1 TTDSG. Your consent can be withdrawn at any time.

Additional information on data processing

OpenStreetMap is responsible for further data processing. For more information on data processing by OpenStreetMap, please see the data privacy policy https://wiki.openstreetmap.org/wiki/Privacy_Policy.

Provision of our website and log files

Description and scope of data processing

Our website is hosted by a service provider (external hosting). For this purpose, we use the technical services of Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter "Mittwald"). Each time you visit our website, the web server automatically collects the following information from your system and stores it:

• IP adress
• Date and time of request
• Time zone difference from GMT
• Content of the website
• Access status (HTTP status)
• Volume of data transferred
• Request website
• Web browser
• Operating system
• Browser language and version

Legal basis for data processing

The legal basis of the hosting and the temporary storage of the aforementioned data as well as their logging in log files is our legitimate interest as website operator per Art. 6 (1) lit. f GDPR in conjunction with. § 25 (2) no. 2 TTDSG [German telecommunications-telemedia data protection act] in optimising our online presence.

Insofar as consent has been requested, the processing is carried out in accordance with Art. 6 (1) lit. a GDPR in conjunction with. § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in your end device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw your consent at any time.

We have concluded an order processing agreement with Mittwald. In this respect, your data will only be processed to the extent necessary for the provision of the service.

Purpose of data processing

The temporary storage of your IP address by the web server is necessary to implement delivery of the website to your computer. To do so, your IP address must remain stored for the duration of your website visit.

The storage of data in log files enables us to ensure the functionality of our website. Furthermore, they enable us to optimise our website and to ensure the security of our information technology systems (e.g. for attack detection). This data is not evaluated for marketing purposes.

Duration of storage

The aforementioned data will be deleted as soon as it is no longer required for the aforementioned purpose fulfilment. For data processing used for the provision of the website, this is the case after you have finished visiting the website.

Data stored in log files is deleted after 7 days at the latest. Storage beyond this can take place. In this case, your IP address is deleted or anonymised so that it is no longer possible to make a personal reference to your system.

Description and volume of data processing

Whenever there is a requirement, we publish job advertisements on our website. Applications can be submitted by post or electronically. When you submit your application data by e-mail or using our online form, we record and store all the personal data which you disclose. Your data is not forwarded to third parties.

Legal basis for data processing

We process your application data in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest of filling vacant positions within our company in a task-oriented and qualified manner.

If an appointment is made as a result of your application, the processing of your application data must be legally recognised as per Article 6(1)(b) GDPR as the implementation of contractual measures.

If you submit your application to us electronically, or use the online form to submit your application, you agree to the processing of your personal data as per Article 6(1)(a) GDPR.

Purpose of data processing

Using your application data, it is possible for us to select applicants for vacant positions.

Duration of storage

We store your data until the application process is completed. If your application does not lead to an appointment, we delete, i.e. destroy, your data, taking into account the legally defined objection periods, once rejection has been communicated.

If you have consented to additional data storage, the respective defined storage period applies.

Right to revocation

If you have provided us with your consent for additional storage of your application data, you have the right to revoke it at any time without the requirement to state reasons. To do so, please contact us by post or send your revocation to the following address: datenschutz@chocotech.de.

Description and volume of data processing

We maintain profiles on social networks. For this purpose, we draw on the technical infrastructure of the respective platform operator. The operators of social networks generally provide their customers with comprehensive analyses on profile visitors, and also use the personal data for their own purposes, e.g. advertising. The data processing processes are not always transparent and comprehensible, but comprise at least the following processing actions in relation to data protection:

• Processing of interests and visited profiles (in particular if you are signed in on the social network with your own profile)
• Capture of your IP address and further information which is stored on your terminal, e.g. using cookies
• Information on your terminal and, if applicable, your location

The operators of social networks use this data, for instance, to supply you with advertising relating to your interests, and collect comprehensive data on visitors and users. Please refer to the regulations for data processing and use of the respective platform operator for further information on data processing processes and conditions of use.

Legal basis for data processing

The legal basis for use of social networks is our legitimate interest as the website owner in the clear depiction of our company and our range of products and services as per Article 6(1)(f) GDPR.

Joint responsibility and data subject rights

We hold joint responsibility, together with the operator of the respective social network, for the processing of your personal data as per Article 26 GDPR. You can assert your data subject rights both to the platform operator and us. We expressly point out that we can offer no guarantees that you will be able to assert your data subject rights with the service provider of the social network.

Duration of storage

If you do not delete cookies, they remain on the terminal you use. You have the option of preventing the storage of cookies by making the appropriate setting in your browser. For this purpose, please use the help area of your web browser, and follow the respective instructions. We expressly point out that in this case, it is possible that no all the offered functions of the website will work to their full extent. 

The data of yours captured by our profiles on social networks is deleted once the purpose has been fulfilled or you request the deletion of your data. If you have provided us with your consent for data processing, you have the right to revoke it at any time. In such cases, we also delete your data. The legal storage periods remain unaffected in the process.

LinkedIn

We operate a company profile on LinkedIn. For this purpose, we draw on the technical services of the operator LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Republic of Ireland (referred to hereinafter as "LinkedIn").

We have made an agreement with LinkedIn on joint responsibility (Page Insights Joint Controller Addendum ("Addendum")). You can find the agreement at https://legal.linkedin.com/pages-joint-controller-addendum.

We expressly point out that LinkedIn has its registered office in the USA. Your personal data is stored and processed on servers in the USA. The European Court of Justice (ECJ) has decided that the USA is not a safe third country in the spirit of GDPR, and there is a different level of data protection than in the EU. The US service providers are obliged to reveal personal data, e.g. to the security authorities, without the consent of the data subject. We expressly point out that it is therefore impossible to rule out the possibility that the data of yours on the US servers will be processed, analysed and permanently stored for surveillance purposes or other purposes.

We have no influence on the contents transmitted or the data processing of LinkedIn. If you do not want data to be associated with your user account, please sign out from your own LinkedIn profile before your visit our LinkedIn profile.

LinkedIn is responsible for the further processing of your personal data. Please refer to the LinkedIn data protection policy for further information on data processing by the social network LinkedIn https://www.linkedin.com/legal/privacy-policy.

YouTube

We operate a channel on the social video network YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Republic of Ireland (referred to hereinafter as "Google"). When you visit our channel or play our videos, your personal data is processed. These include, e.g.:

• The terminal used (e.g. desktop computer, smartphone, tablet, intelligent speaker)
• You IP address
• Access date and time
• Your browser and browser type and any settings made
• Website from which you wish to view the video
• Videos which you view

We expressly point out that, if you are connected to your YouTube account while you call up the videos on our page, the information will be linked to your user account.

The transfer of data to the Google servers in the USA are subject to the standard contract clauses of the EU Commission. You will find further information on the subject at https://privacy.google.com/businesses/processorterms/mccs/.

Google Ireland Limited is responsible for further data processing. You will find information on the handling of your data by YouTube and Google at https://policies.google.com/privacy  

If personal data is processed by you as a user, you are considered a data subject in accordance with the GDPR. Data subjects have the following rights vis-à-vis the controller:

• Right of access (Art. 15 GDPR)
• Right to correction or erasure of personal data (Art. 16, 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to communication in connection with the correction or erasure of your personal data or the restriction of processing (Art. 19 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to revoke consent given. The lawfulness of the data processing carried out until the revocation remains unaffected due to the consent valid up to that point. (Art. 7 (3) GDPR)
• Right to complain to the supervisory authority (Art. 77 GDPR)
• Right to object to the collection of data in special cases (Art. 21 (1) GDPR): If the data processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. If you register an objection, we will no longer process your personal data unless we can verify compelling legitimate grounds for the processing, that outweigh your interests, rights and freedoms, or if the processing serves the assertion, exercising or defence of legal claims.
• Right to object to direct marketing (Art. 21 (2) of the GDPR): If your personal data is processed for the purpose of direct marketing, you have the right to object to this processing at any time. After an objection has been issued, your personal data will no longer be used for the purpose of direct marketing.

External links

Our website may contain links to websites of third parties subject to data protection law. If you access these links and you thereby enable third parties to process your personal data (e.g. your IP address), we have no influence on this processing and can therefore accept no responsibility for it.

We indicate the forwarding to other telemedia providers at the appropriate places symbolically or by textual design.

Safety

The protection of your privacy is a serious concern for us. We therefore take appropriate technical and organisational measures to protect your personal data from misuse, alteration and loss.

Your data is protected during transmission on our website by means of an SSL or TLS certificate. You can recognise that such a certificate is in use by the web address as https:// or a closed lock symbol next to the web address.

Despite carefully selected security precautions, we would like to point out that, especially when transmitting via e-mail or our web forms, one hundred percent protection cannot be guaranteed. When transmitting confidential information, please send it by post to the address provided in our legal note.

Advertising by e-mail pursuant to § 7 (3) of the UWG [unfair competition act] and your right to object

Within the scope of the legal permission per § 7 (3) UWG, we are entitled to use the e-mail address that you have given us when purchasing a service or product subject to a charge for direct advertising for our own similar products or services. If you no longer wish to receive advertising for similar products or services, you can object to the corresponding use of your e-mail address at any time. To do so, you can unsubscribe by clicking on the unsubscribe link included in each mailing or by contacting datenschutz@sollich.com with your email address.

RIGHT TO OBJECT TO THE COLLECTION OF DATA IN SPECIAL CASES AND TO DIRECT MARKETING (ART. 21 DSGVO)

IF DATA PROCESSING IS CARRIED OUT PURSUANT TO. ART. 6 PARA. 1 LIT. E) OR F) DSGVO, YOU MAY OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS RELATING TO YOUR PARTICULAR SITUATION. THIS ALSO APPLIES TO PROFILING. PLEASE REFER TO THE DATA PROTECTION PROVISIONS FOR THE RESPECTIVE LEGAL GROUNDS ON WHICH PROCESSING IS BASED. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21 PARA. 1) DSGVO).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING, TO THE EXTENT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION ACCORDING TO ART. 21 PARA. 2 DSGVO).

Objection to advertising e-mails

We hereby object to the use of published contact data in our imprint for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

Our data protection information is always up to date

Our website is subject to advances in technology that are associated with the operation and possible uses of web services. Therefore, we reserve the right to adapt our data protection information in accordance with changes to our security and data protection measures and any possible further data processing and to make this information available to you here in the version that is currently valid.