DATA PRIVACY POLICY

Thank you for visiting our homepage www.drive-consulting.de , we are very pleased that you are interested in our company. Data protection is of a particularly high priority for the management of DRIVE Consulting GmbH (hereinafter referred to as DRIVE). Our website can be used without providing personal data. However, if a data subject wishes to use our company's special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no other legal basis for such processing, we generally obtain the consent of the person concerned.

The processing of personal data, for example the name, address, email address or telephone number of a person concerned, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the DRIVE (e.g. Federal Data Protection Act, Telemedia Act). By means of this data protection notice we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection notice informs data subjects about their rights.

As the controller, the DRIVE has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone.

All of the terms used in this notice are not gender specific.

1. Definitions

The DRIVE data protection information is based on the terms used by the European legislator for directives and regulations when the General Data Protection Regulation (GDPR) was adopted. Our data protection information should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this data protection notice:

a) Personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) Data subject

Affected person is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

c) Processing

Processing is any process carried out with or without the help of automated processes or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

d) Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling

Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects that relate to a natural person, in particular aspects relating to work performance, economic situation, health, personal To analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

f) Pseudonymization

Pseudonymisation is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller

The person responsible or the person responsible for processing is the natural or legal person, public authority, agency or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

h) Processors

Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.

i) Recipient

The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation under Union law or the law of the member states are not considered recipients.

j) Third Party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

k) Consent

Consent is any voluntary, informed and unambiguous declaration of intent given by the person concerned for the specific case in the form of a declaration or some other unequivocal affirmative action with which the person concerned indicates that they consent to the processing of their personal data is.

2. Contact details of the data privacy officer

The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:

DRIVE Consulting GmbH

Bachstrasse 20

52066 Aachen

Germany

Tel: +49 241 51 88 65 10

info@drive-consulting.de

www.drive-consulting.de

The person responsible has appointed a data protection officer; this can be reached as follows:

DRIVE Consulting GmbH

Data protection officer

Stephan Viehoff

Bachstrasse 20

52066 Aachen

Germany

Tel: +49 241 51 88 65 10

datenschutz@drive-consulting.de

Any person concerned can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

3. Collection of general data and information when you visit our website

Our website records on the basis of Art. 6 Para. 1 lit. f DSGVO a series of general data and information with each call by a data subject or an automated system. These general data and information are temporarily stored in the server's log files. Can be captured

the operating system used by the accessing system and its interface,
the browser types used, including language and version of the browser software,
the website from which an accessing system reaches our website (so-called referrer),
the sub-web pages that are accessed via an accessing system on our website,
the date and time of access to the website (including the time zone difference to Universal Time Coordinated (UTC),
the amount of data transferred,
an internet protocol address (IP address),
the internet service provider of the accessing system
other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, the DRIVE does not draw any conclusions about the data subject. Rather, this information is needed to

deliver the content of our website correctly,
to optimize the content of our website and the advertising for it,
to ensure the long-term functionality of our information technology systems and the technology of our website,
To provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.

This anonymously collected data and information is therefore evaluated statistically and also with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

4. Provision of the online offer and web hosting

In order to be able to provide our online offer safely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we can use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

The data processed as part of the provision of the hosting offer can include all information relating to the users of our online offer that is generated in the context of use and communication. This regularly includes the IP address that is necessary in order to be able to deliver the content of online offers to browsers, and all entries made within our online offer or from websites.

E-mail dispatch and hosting: The web hosting services we use also include the dispatch, receipt and storage of e-mails. For these purposes, the addresses of the recipients and senders as well as other information relating to the sending of e-mails (e.g. the providers involved) and the content of the respective e-mails are processed. The aforementioned data can also be processed for the purpose of recognizing SPAM. Please note that emails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted on the transport route, but (if no so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We cannot therefore assume any responsibility for the transmission path of the e-mails between the sender and receipt on our server.

Processed data types: content data (e.g. text input, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses), inventory data (e.g. names, addresses), contact data (e.g. email, phone numbers).
Affected persons: users (e.g. website visitors, users of online services).
Purposes of processing: contractual services and service, range measurement (e.g. access statistics, recognition of returning visitors), tracking (e.g. interest / behavior-related profiling, use of cookies), visit action evaluation, server monitoring and error detection, contact requests and communication, remarketing, profiling (creation of user profiles ), Conversion measurement (measurement of the effectiveness of marketing measures).
Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Para. 1 S. 1 lit. a GDPR).

Used service and service provider:

Wix:
Service provider: Wix.com Ltd., Namal 40, 6350671 Tel Aviv, Israel; Headquarters in Europe: Wix.com Luxembourg Sarl, 5 Rue Guillaume Kroll, L - 1882 Luxembourg
Website: https://de.wix.com
Data protection declaration: https://de.wix.com/about/privacy .

5. Security Measures

In accordance with the legal requirements, taking into account the state of the art, implementation costs, the type, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we take suitable technical and organizational measures to avoid the risk to ensure an appropriate level of protection.

The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as the access, input, transfer, securing of availability and their separation. Furthermore, we have set up procedures that ensure the exercise of data subject rights, the deletion of data and reactions to the threat to the data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings.

If it is possible for us or if it is not necessary to save the IP address, we will shorten or have your IP address shortened. If the IP address is shortened, also known as "IP masking", the last octet, i.e. the last two digits of an IP address, is deleted (the IP address in this context is an Internet connection through the online Access provider individually assigned identifier). The shortening of the IP address is intended to prevent or make it much more difficult to identify a person using their IP address.

In order to protect your data transmitted when you visit our website, we use TLS or SSL encryption. You can recognize such encrypted connections by the prefix “https: //” or the lock in the address line of your browser.

6. Transmission and disclosure of personal data

As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons, or they are disclosed to them. The recipients of this data can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data, which serve to protect your data.

7. Data processing in third countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies , this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transmission, we process or have the data processed only in third countries with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations ( Art. 44 to 49 GDPR). You can find more information on this on an information page of the EU Commission at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de .

Note on data transfer to the USA

Among other things, we have integrated tools from companies based in the USA on our website. When these tools are active, your personal data can be passed on to the US servers of the respective companies.

For a long time, the basis for the data transfer was an adequacy decision by the EU Commission based on the agreement on the EU-US Privacy Shield, to which many American companies have committed. However, in a judgment of 16 July 2020, the ECJ declared this agreement to be invalid (C-311/18).

We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to surrender personal data to security authorities without you as the person concerned being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. secret services) process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.

If we use the tools with your express consent, you have the option at any time to withdraw your consent to the processing of your personal data with effect for the future using our consent tool. Further information can be found in the respective chapters.

8. Cookies

We use cookies on our website. Cookies are small text files that are stored by us on your computer system via your Internet browser (e.g. Mozilla Firefox, Microsoft Explorer) when you visit our website and that may only be there for one session or for a longer period ("persistent"). ) get saved.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual internet browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

By using cookies, we can provide users of our website with more user-friendly services that would not be possible without the cookie setting.

A cookie can be used to optimize the information and offers on our website in the interests of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.

Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyzes. With the help of cookies we can, among other things, make our website more user-friendly and effective for you by, for example, tracking your use of our website and determining your preferred settings. If third parties process information via cookies, they collect the information directly via your Internet browser. Cookies do not cause any damage to your device. They cannot run programs or contain viruses.

Various cookies are used on our website, the type and function of which are explained in more detail below.

Types of cookies used:

Type 1: session or session cookies

Session cookies are used on our website, which are automatically deleted as soon as you close your internet browser. Cookies of this type are technically necessary to enable you to use our website.

Type 2: Persistent cookies or permanent cookies

Persistent cookies are also used on our website. Persistent cookies are cookies that, even if you close your internet browser, are also stored in your internet browser or on your computer system for a longer period of time. They are activated every time you visit the website that set the cookie or if it is recognized in another way, e.g. by an advertising network. The information stored in the persistent cookie is then transmitted to the website or the advertising network. The respective storage duration differs depending on the cookie. You can delete persistent cookies yourself via your browser settings.

Origin of cookies:

First party or first party cookies

First-party cookies are set by the operator of the website visited and cannot be read across websites.

Third party or third party cookies

A third-party cookie is not set by the operator of the website you are visiting, but by a third party who sets its own cookie via the operator's website. In this data protection notice, we point out if a third-party provider sets a cookie via our website.

Functions of cookies used:

Function 1: Required cookies

These cookies are required for technical reasons so that you can visit our website and use the functions we offer. This relates, for example, to cookies that ensure that a user-related configuration of functionalities set up by you on our website is retained across sessions. These cookies also help ensure that the website is used securely and in accordance with regulations.

Function 2: Performance-related cookies

With the help of these cookies it is possible for us to carry out an analysis of the website usage and to improve the performance and functionality of our website. For example, information is recorded on how our website is used by visitors, which pages of the website are accessed most frequently or whether error messages are displayed on certain pages.

Function 3: Cookies for Marketing:

Advertising cookies (third party providers) enable us to show you various offers that match your interests. These cookies can be used to record users' web activities over a longer period of time. You may recognize the cookies on different devices you use.

Cookies according to functions 2 and 3 are only activated if you have given your consent. You can give your consent by actively clicking on "Accept" in the notice displayed (if necessary after selecting individual cookies or groups of cookies for which you are giving your consent). You can revoke your consent at any time, e.g. by calling up this consent banner again and changing your settings. Your revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Please note: If you make use of your right of revocation against the use of such a cookie, an opt-out cookie will be set in your Internet browser, which blocks further data collection by means of an advertising cookie by the operator of the website or a third party provider. If you delete this opt-out cookie, a new data collection will not be prevented. Please inform yourself about the lifespan of an opt-out cookie.

If you have given us your consent to the use of cookies on the basis of a notice given by us on the website ("cookie banner"), the legality of the use is based on Art. 6 Para. 1 S. 1 lit. a GDPR. The legal basis for technically necessary cookies, i.e. those that are necessary for the smooth functioning of our website, is Art. 6 Para. 1 lit. c GDPR.

Most internet browsers are preset to accept cookies by default. However, you can configure your respective internet browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may then no longer be able to use functions of our website and may instead receive warning or error messages if cookies are deactivated on our website by your browser settings.

You can also delete cookies that have already been saved in your internet browser in your browser settings. It is also possible to set your internet browser so that it notifies you before cookies are saved. Since the different internet browsers can differ in their respective functions, we ask you to use the respective help menu of your internet browser for the configuration options. You can find information on the most common Internet browsers here:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectlocale=de&redirectslug=cookies-loeschen-daten-von-websites-entfernen
Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: http://help.opera.com/Windows/10.20/de/cookies.html

If you want a comprehensive overview of all third-party access to your internet browser, we recommend installing specially developed plugins.

We recommend that you always log off completely after you have finished using a device that you share with other people and whose Internet browser is set to allow cookies.

9. Deployment and use of a cookie consent tool

This website uses a cookie consent tool to obtain effective user consent for cookies that require consent and cookie-based applications. By integrating a corresponding JavaScript code, users are shown a banner when they call up the page, in which consent for certain cookies and / or cookie-based applications can be given by ticking the box. Here, the tool blocks the setting of all cookies requiring consent until the respective user gives consent by ticking the box. This ensures that such cookies are only set on the respective end device of the user if consent has been given.

So that the cookie consent tool can clearly assign page views to individual users and individually record, log and save the consent settings made by the user for a session, certain user information (including the IP address) is saved when our website is called up. collected, transmitted to the server of the tool provider and stored there.

The legal basis for the data processing described is Art. 6 Para. 1 lit. c GDPR. As the person responsible, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user consent.

We use the consent tool from our host Wix.com (see Chapter 4 above), which the provider continuously adapts to legal requirements. We have concluded an order processing contract with the provider, with which we oblige him to protect the data of visitors to our website and not to pass them on to third parties.

10. Contact

You have the option of contacting us by post, telephone, fax, e-mail or via the Internet (e.g. contact forms, social media).

If you contact us by post, we can in particular process your address data (e.g. surname, first name, street, place of residence, zip code), the date and time of receipt of the mail as well as the data that result from your letter itself.

If you contact us, a secretariat service may also process your data and transfer it to us after you have contacted us. Depending on the data you provide here, we will contact you again by phone, fax or email and call you back or write to you if necessary.

If you contact us by phone, your telephone number and, if necessary, your name, email address, time of call and details of your request will be processed during the conversation.

If you contact us by fax, the fax number or the sender ID and the data resulting from the fax will be processed.

If you contact us by e-mail, your e-mail address, the time of the e-mail and the data that result from the message text (possibly also attachments) are processed.

The purpose of processing the above data is to process your contact request and to be able to get in touch with you to answer your request. The legal basis for the processing of personal data described here is the fulfillment of the contract and pre-contractual inquiries in accordance with. Art 6 para. 1 lit. b as well as our legitimate interest acc. Art. 6 para. 1 lit. f GDPR. It is our legitimate interest to offer you the opportunity to contact us at any time and to answer your inquiries.

The personal data is only processed for as long as is necessary to process the contact request.

11. Advertising communication by post, fax or telephone

We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax. In this context, we observe the legal requirements and obtain the necessary consents if communication is not permitted by law.

The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.

After revocation or objection, we can store the data required to prove consent for up to three years on the basis of our legitimate interests before we delete them. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time.

Processed data types: inventory data (e.g. names, addresses), contact details (e.g. e-mail, telephone numbers).
Affected persons: communication partner.
Purposes of processing: direct marketing (e.g. by email or post).
Legal bases: Consent (Art. 6 Para. 1 S. 1 lit. a GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

12. Contact options via the website

Due to legal regulations, the DRIVE website contains information that enables quick electronic contact to our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If you contact us by email or using a contact form, the personal data you have transmitted will be saved automatically. Such personal data that you provide to us on a voluntary basis will be stored for the purposes of processing or contacting you. This personal data is not passed on to third parties.

13. Routine deletion and blocking of personal data

We process and store your personal data only for the period that is necessary to achieve the storage purpose or if this has been provided for by the European directives and regulations or another legislator in laws or regulations to which we are subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

14. Rights of the data subject

a) Right to confirmation

Every person concerned has the right granted by the European directive and regulation giver to request confirmation from the person responsible for the processing as to whether personal data concerning them are being processed. If an affected person wishes to exercise this right to confirmation, they can contact an employee of the person responsible for processing at any time.

b) Right to information

Every person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to receive free information about the personal data stored about him and a copy of this information from the person responsible for the processing at any time. Furthermore, the European directives and regulations grant the data subject access to the following information:

the processing purposes
the categories of personal data that are processed
the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right to correction or deletion of personal data concerning you or to restriction of processing by the person responsible or a right to object to this processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: All available information on the origin of the data
the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission.

If a person concerned wishes to exercise this right to information, they can contact an employee of the person responsible for processing at any time.

c) Right to rectification

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to request the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data - including by means of a supplementary declaration.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the person responsible for processing at any time.

d) Right to deletion (right to be forgotten)

Every person affected by the processing of personal data has the right granted by the European directive and regulation giver to demand that the person responsible delete the personal data concerning them immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:

The personal data were collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject revokes their consent, on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Art. 21 Paragraph 2 GDPR.
The personal data was processed unlawfully.
The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
The personal data was collected in relation to the information society services offered in accordance with Article 8 (1) GDPR.

If one of the above reasons applies and a data subject wishes to have personal data stored at DRIVE deleted, they can contact an employee of the person responsible for processing at any time. The DRIVE employee will arrange for the deletion request to be fulfilled immediately.

If the personal data has been made public by the DRIVE and our company, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 (1) GDPR, the DRIVE will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs to inform other persons responsible for data processing who process the published personal data that the data subject has requested that these other persons responsible for data processing delete all links to this personal data or of copies or replications of this personal data, insofar as processing is not necessary. The DRIVE employee will arrange the necessary in individual cases.

e) Right to restriction of processing

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to require the controller to restrict processing if one of the following conditions is met:

The correctness of the personal data is contested by the data subject for a period of time that enables the person responsible to check the correctness of the personal data.
The processing is unlawful, the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted.
The person responsible no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
The person concerned has an objection to the processing in accordance with. Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the person concerned.

If one of the above conditions is met and a data subject would like to request the restriction of personal data stored at DRIVE, they can contact an employee of the person responsible for processing at any time. The DRIVE employee will arrange for the processing to be restricted.

f) Right to data portability

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to receive the personal data concerning them, which have been made available to a person responsible by the person concerned, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that the processing is based on consent in accordance with Art. 6 Para. 1 Letter a GDPR or Art. 9 Para. 2 Letter a GDPR or on a contract in accordance with Art. 6 Paragraph 1 Letter b GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or in the exercise of official authority, which has been assigned to the person responsible.

Furthermore, when exercising their right to data portability in accordance with Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one person responsible to another, insofar as this is technically feasible and if this is not the case the rights and freedoms of other persons are impaired.

In order to assert the right to data portability, the person concerned can contact an DRIVE employee at any time.

g) Right to object

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to object at any time to the processing of personal data relating to them, which is based on Art. 6 Para. 1 Letter e or f GDPR takes place, to object. This also applies to profiling based on these provisions.

In the event of an objection, the DRIVE will no longer process the personal data, unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend Legal claims.

If the DRIVE processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is related to such direct advertising. If the data subject objects to the DRIVE processing for direct marketing purposes, the DRIVE will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons that arise from his or her particular situation, to object to the processing of personal data concerning him or her that is carried out at DRIVE for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, To object, unless such processing is necessary to fulfill a task in the public interest.

To exercise the right to object, the data subject can contact any DRIVE employee or another employee directly. The data subject is also free, in connection with the use of information society services, regardless of Directive 2002/58 / EC, to exercise their right of objection by means of automated procedures in which technical specifications are used.

h) Automated decisions in individual cases including profiling

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations not to be subjected to a decision based solely on automated processing - including profiling - which has legal effects on them or which significantly affects them in a similar manner, provided the decision

is not necessary for the conclusion or performance of a contract between the data subject and the person responsible, or
is permissible on the basis of legal provisions of the Union or of the member states to which the person responsible is subject and these legal provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or
takes place with the express consent of the data subject.

Is the decision

necessary for the conclusion or performance of a contract between the data subject and the person responsible or
it takes place with the express consent of the data subject,

the DRIVE takes appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the person responsible, to express their own point of view and to contest the decision.

If the data subject wishes to assert rights with regard to automated decisions, they can contact an employee of the controller at any time.

i) Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to revoke consent to the processing of personal data at any time.

If the person concerned wishes to assert their right to withdraw consent, they can contact an employee of the controller at any time.

j) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR.

The supervisory authority to which the complaint was submitted informs the complainant of the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.

Contact details of the responsible supervisory authority:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia

Helga Block

P.O. Box 20 04 44

40102 Düsseldorf

Kavalleriestraße 2-4

40213 Düsseldorf

Phone: 02 11/384 24-0

Fax: 02 11/384 24-10

Email: poststelle@ldi.nrw.de

Homepage: http://www.ldi.nrw.de

15. Data protection in applications and in the application process

We collect and process the personal data of applicants for the purpose of handling the application process. The processing can also be done electronically. This is especially the case if an applicant sends us the relevant application documents electronically, for example by email or using a web form on the website.

If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests on our part. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Processed data types: Applicant data (e.g. personal details, postal and contact addresses, the documents belonging to the application and the information contained therein, such as cover letter, curriculum vitae, certificates and other information about their person with regard to a specific position or voluntarily provided by applicants or qualification), inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses).
Affected persons: applicants, employees (e.g. employees, applicants, former employees).
Purposes of processing: application procedure (justification and possible subsequent implementation as well as possible subsequent termination of the employment relationship.).
Legal basis: Art. 9 Para. 1 S. 1 lit. b GDPR (application process as a pre-contractual or contractual relationship). Insofar as special categories of personal data within the meaning of Art. 9 Paragraph 1 GDPR (e.g. health data, such as severely disabled status or ethnic origin) are requested from applicants as part of the application process, so that the person responsible or the person concerned can understand him or her under labor law and to exercise rights arising from social security and social protection law and to meet his or her obligations in this regard, their processing takes place in accordance with Art. 9 Para. 2 lit. b GDPR, in the case of the protection of the vital interests of applicants or other persons acc. Art. 9 para. 2 lit. c GDPR or for health care or occupational medicine purposes, for assessing the employee's ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with. Art. 9 para. 2 lit. h GDPR. In the case of a notification of special categories of data based on voluntary consent, they are processed on the basis of Art. 9 Para. 2 lit. a GDPR.), fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR).

Applications can also reach us via recruiting platforms or external application service providers. We do not always have influence on which job advertisements are offered by the service providers. The following services and service providers are responsible for compliance with data protection regulations within their sphere of influence. In particular, we use the following providers:

Personio:
Service provider: Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, Tel .: +49 (89) 1250 1004, E-Mail: info@personio.de ;
Website: www.personio.de ;
Data protection declaration: https://www.personio.de/datenschutzerklaerung/

16. Use of social media plugins or links

We currently use the following social media plugins: Facebook, Instagram, LinkedIn. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plugin providers. You can identify the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the opportunity to communicate directly with the provider of the plug-in using the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offer. Further data is also transmitted. In the case of Facebook, according to the provider in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data will be transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular using cookies, we recommend that you delete all cookies using the security settings of your browser.

We have no influence on the data collected and the data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.

The plug-in provider saves the data collected about you as a user profile and uses this for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact the respective plug-in provider to exercise this. Via the plugins, we offer you the opportunity to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plugins is Art. 6 Para. 1 S. 1 lit. f GDPR.

The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plugin provider, your data collected by us will be assigned directly to your account with the plugin provider. If you press the activated button and z. If, for example, if you link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid being assigned to your profile with the plug-in provider.

If, alternatively, only links to the services are included, you will be forwarded to our respective page after clicking the link, ie only then will data be transferred to the corresponding service.

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection notices of these providers, which are provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection information:

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php ; Further information on data collection: https://www.facebook.com/help/186325668085084 , https://www.facebook.com/about/privacy/your-info-on-other#applications and https: //www.facebook .com / about / privacy / your-info # everyoneinfo .

Instagram: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland; https://help.instagram.com/155833707900388 ; https://www.instagram.com/about/legal/privacy/ .

LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; https://www.linkedin.com/legal/privacy-policy .

Note on data transfer to the USA: The service provider is based in the USA. In a judgment of July 16, 2020, the ECJ declared the agreement on the so-called EU-US Privacy Shield to be invalid (C-311/18).

17. Data protection information for our Facebook fan page

We operate a so-called Facebook fan page on the social media platform Facebook. Facebook Ireland Ltd (“Facebook”) provides us as the operator with “Facebook Insights”. These are various statistics that provide us with information about the use of our Facebook fan page by visitors. Further information can also be found at https://www.facebook.com/business/pages/manage#page_insights .

Various information provided by you (including personal data) is processed by Facebook in order to create these statistics.

With regard to the processing of the Insights data, there is a joint responsibility between Facebook and us within the meaning of Art. 26 GDPR. For detailed regulation of the respective responsibility, Facebook has created an updated Page Insights supplement, which came into force on November 28, 2019 and will apply to the further use of Facebook pages from this date.

We make this information from Facebook available to you in the wording below in the course of the required transparency; You can also find this directly on Facebook at https://www.facebook.com/legal/terms/page_controller_addendum .

* * *

Information about page insights

When people use Facebook products such as pages, Facebook (also "we" or "us") collects information as described in the Facebook data policy under "What types of information do we collect?" (Information on how we use cookies and similar Use technologies, see our cookie policy ).

This includes information about how people use Facebook products, such as the types of content they view or interact with, or the actions they take (see “Things You and Others Do and Provide” below "In the Facebook data guideline ), as well as information about the devices used by you (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under" device information "in the Facebook data guideline ). The information Facebook actually collects depends on whether and how people use Facebook products .

As explained in the Facebook data policy under “How do we use this information?”, Facebook also collects and uses information to provide analysis services, so-called page insights , for website operators so that they can obtain information about how people use their pages and with interact with the content associated with them. The processing of personal data for Page Insights may be subject to the following agreement on joint responsibility (Page Insights supplement regarding the person responsible).

Data processing for page insights

Page insights are aggregated statistics that are created based on specific events that are logged by the Facebook servers when people interact with pages and the content associated with them.

Such events consist of different data points, which, depending on the respective event, include, for example, the following:

An act. This includes, for example, the following actions (you can see the actions available for your page in the Insights section of your page):
- View a page, post, video, story, or other content related to a page
- Interact with a story
- Subscribe or no longer subscribe to a page
- Mark a page or post with "Like" or "Dislike"
- Recommend a page in a post or comment
- Comment on, share, or respond to a page post (including how you respond)
- Hide a post or report it as spam
- Move the mouse over a link to a page or the name or profile picture of a page to preview the content of the page
- Click the website, phone number, "plan route" button, or any other button on a page
- See the event on a page, respond to an event (including the type of response), click an event ticket link
- Start a Messenger conversation with the site
- View or click on items in a side shop
Information about the action, the person who performed the action and the browser / app used for it. These are for example:
- Date and time of the action
- Country / City (estimated using the IP address or imported from the user profile for logged-in users)
- Language code (from the HTTP header of the browser and / or the language setting)
- Age / gender group (from the user profile, only for logged in users)
- Previously visited websites (from the browser's HTTP header)
- Whether the action was carried out on a computer or on a mobile device (from the browser user agent or from app attributes)
- Facebook user ID (only for logged in users)

We use cookies that we use in accordance with our cookie policy to determine whether the person is a logged-in Facebook user. Only a few events can be triggered by people who are not logged into Facebook. This includes visiting a page or clicking a photo or video in a post to view it.

Site operators do not have access to the personal data that is processed in the context of events, but only to the summarized page insights. Events that are used to create page insights do not save any IP addresses, cookie IDs or any other identifiers that are assigned to people or their devices, except for a Facebook user ID for people logged into Facebook.

The events that Facebook logs in order to create page insights are exclusively determined by Facebook and cannot be set up, changed or otherwise influenced by the website operator.

Page insights supplement regarding the person responsible

If an interaction of people with your Page and the content connected to it triggers the creation of a Page Insights event that contains personal data that you (and / or any third party for whom you create or manage the Page) the Determine the means and purposes of the processing together with Facebook Ireland Limited, you acknowledge in your own name (and as a representative for and on behalf of each such third party) and agree that this Page Insights supplement regarding the person responsible ("Page Insights supplement "):

You and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook Ireland”, “we” or “us”; together the “parties”) acknowledge and agree to be jointly responsible according to Article 26 DSGVO for the processing of this personal data in events for page insights ("Insights data"). The joint responsibility includes the creation of these events and their consolidation in page insights, which are then made available to the page operators. The parties agree that Facebook Ireland and, if applicable, you, will remain independent and responsible for any other processing of personal data in connection with a page and / or the content connected to it, for which no joint decision is made on the purposes and means .
The processing of the Insights data is subject to the provisions of this Page Insights Supplement. These apply to all activities in the course of which Facebook Ireland, its employees or its processor (s) process Insights data.
With regard to the fulfillment of the obligations under the GDPR by Facebook Ireland and you with regard to the processing of Insights data, the following is stipulated:
- Facebook Ireland: Facebook Ireland ensures that it has data Insights a legal basis for the processing of that in the data directive set out by Facebook Ireland (see "What is our legal basis for the processing of data?"). Unless otherwise stated in this page insights supplement, Facebook Ireland assumes the fulfillment of the obligations under the GDPR for the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR) . Facebook Ireland takes appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure the security of processing. This includes the measures listed in the annex below (this will be updated from time to time to take into account, for example, technological developments). All Facebook Ireland employees involved in processing the Insights data are obliged to maintain the confidentiality of the Insights data by means of suitable agreements.
- Site operator: You should make sure that you also have a legal basis for processing the Insights data. In addition to the information that Facebook Ireland provides to the data subjects via the information on page insights , you should provide your own legal basis, if applicable including the legitimate interests you are pursuing, the responsible person (s) on your page, including his / her your contact details, as well as the contact details of the data protection officer (Article 13 Paragraph 1 lit. a - d GDPR), if relevant.
Facebook Ireland provides the data subjects with the essentials of this page insights supplement (Article 26 (2) GDPR). This is currently done using the information on Page Insights data, which can be accessed from all pages.
Facebook Ireland will determine, in its sole discretion, how to perform its obligations under this Page Insights Addendum. You acknowledge and agree that only Facebook Ireland is authorized to implement decisions regarding the processing of Insights data. You also acknowledge and agree that the Irish Data Protection Commission is the lead supervisory authority for the joint processing (without prejudice to Article 55 (2) GDPR, as applicable).
This Page Insights supplement does not grant you the right to request the disclosure of personal data processed in connection with Facebook products from Facebook users. This applies in particular to the page insights that we provide to you.
The parties specify the contact options specified in the information on Page Insights data or in a subsequent document as a contact point for data subjects.
If data subjects assert their rights against you according to the GDPR with regard to the processing of Insights data (Article 26 Paragraph 3 GDPR) or a supervisory authority contacts you with regard to the processing of Insights data (each a "request"), you are obliged to forward all relevant information about such inquiries to us immediately, but at the latest within seven calendar days. For this purpose you can submit this form . Facebook Ireland undertakes to answer inquiries from data subjects in accordance with the obligations incumbent on us under this Page Insights Supplement. You agree to use all reasonable endeavors in a timely manner to cooperate with us in responding to any such request. You are not authorized to act or respond on behalf of Facebook Ireland.
By using any site, you agree that any claim, claim, or dispute you may have against us that arises out of or is related to this Site Insights Supplement shall be resolved solely by the courts of Ireland, that you will irrevocably submit to the jurisdiction of the Irish courts in any litigation regarding any such claim and that this Page Insights Supplement will be governed by Irish law, regardless of any conflict of laws provisions. If you are a consumer with permanent residence in a member state of the European Union, only section 4.4 of our Terms of Use applies.
We may update this Page Insights Supplement from time to time. By continuing to use the Pages after any notification of an update to this Page Insights Supplement, you consent to be bound by it. If you do not agree to the updated Page Insights Supplement, please stop using any of the Pages. If you are a consumer with permanent residence in a member state of the European Union, only Section 4.1 of our Terms of Use applies.
If any part of this Page Insights Supplement is found to be unenforceable, the remaining provisions will remain in full force and effect. Failure on our part to enforce any part of this Page Insights Supplement does not constitute a waiver of rights. Any change or waiver of these Terms of Use that you request must be made in writing and signed by us.
This page insights supplement only applies to the processing of personal data within the scope of Regulation (EU) 2016/679 ("GDPR"). "Personal data", "processing", "controller", "processor", "supervisory authority" and "data subject" have the meanings assigned to them in the GDPR in this Page Insights supplement.

Appendix: Security

"Covered Products" includes Facebook Pages and Page Insights.

Organization of information security
Facebook has a dedicated security officer who has overall responsibility for security in the organization. Facebook has staff responsible for monitoring the safety of the products it covers.
Physical and environmental security
The security measures from Facebook include controls to be in place to ensure an appropriate manner that the physical access to the data processing devices only to authorized personnel only and that environmental controls are set up to detect damage due to environment-related hazards, to prevent and control them. The controls include:
1. Logging and checking of physical access to the data processing facility by employees and service providers;
2. Camera surveillance systems on the respective data processing device;
3. Systems that monitor and control temperature and humidity for the computer systems in the data processing facility;
4. Power supply and emergency power generators in the data processing device;
5. Procedures for the secure deletion and destruction of data in accordance with the terms of use for the products covered; and
6. Procedures that require ID cards to enter all Facebook premises for all persons who work on the products covered.
staff
1. Training. Facebook ensures that all personnel with access to Insights data complete security training.
2. Screening and background checks. Facebook is holding proceedings
  1. Verifying the identity of those who have access to Insight data, and
  2. To the extent permitted by law, to conduct background checks in accordance with Facebook standards for staff working on or assisting aspects of the Covered Products.
3. Violation of safety by employees. In the event of unauthorized access to Insights data by Facebook staff, Facebook will take disciplinary action, from sanctions to termination, as far as this is legally permissible.
Security tests
Facebook regularly conducts security and vulnerability tests to assess whether key controls are properly implemented and effective.
Access controls
1. Password management. Facebook has developed password management procedures for its staff to ensure that passwords are tied to the respective person and inaccessible to unauthorized persons. These procedures include at least the following:
  1. Provision of passwords, including procedures for verifying the identity of the user before a new, replacement or temporary password is issued;
  2. cryptographic protection of passwords when stored on computer systems or during transmission over the network;
  3. Change of all default third party passwords;
  4. strong passwords relative to their intended use; and
  5. Best practice training on passwords.
2. Access management. In addition, Facebook uses the following measures to control and monitor access to its systems by its staff:
  1. Procedure for the immediate change and revocation of access rights and user IDs;
  2. Procedure for reporting and revoking compromised credentials (passwords, access tokens, etc.);
  3. Keeping suitable security logs, if necessary with user ID and time stamp;
  4. Synchronization of clocks using NTP; and
  5. Logging of at least the following events in user access management:
    - Changes to authorization;
    - Failed and successful authentication and access attempts; and
    - Reads and writes.
Communication security
1. Network security
  1. Facebook uses technologies that meet industry standards for separating networks.
  2. Remote network access to Facebook systems requires the use of encrypted communication via secure protocols and the use of multi-level authentication.
2. Protection of data during transmission. Facebook enforces the use of suitable protocols to protect the confidentiality of data when it is transmitted over public networks.
Vulnerability management
Facebook has a vulnerability management program that also includes the products it covers. This also includes defining roles and responsibilities for monitoring vulnerabilities, risk assessing vulnerabilities, and deploying patches.
Security Incident Management
1. Facebook maintains a security incident response plan with which it monitors, detects and processes possible security incidents that affect Insights data. The response plan for security incidents includes at least the definition of roles and responsibilities, communication and post-mortem reviews, including root cause analyzes and remediation plans.
2. Facebook monitors its systems for possible security breaches and malicious activities affecting Insights data.

* * *

Below you will find the essential information of the agreement concluded between Facebook and us in accordance with. Art. 26 GDPR.

For the processing are jointly responsible

Facebook Ireland Ltd
4 Grand Canal Square
Dublin 2
Ireland

and

DRIVE Consulting GmbH

Bachstrasse 20

52066 Aachen

Germany

Tel: +49 241 51 88 65 10

info@drive-consulting.de

www.drive-consulting.de

Facebook has assumed primary responsibility for all obligations under the GDPR for data processing. This means in particular:

Facebook takes on the necessary information obligations (e.g. in accordance with Art. 13 GDPR),
Affected rights can be asserted against Facebook (e.g. right to information or deletion, objection to data processing or revocation of a given consent),
Ensuring the technical and organizational measures for data processing.

Facebook provides detailed information about data processing at https://www.facebook.com/ (Art. 13 GDPR). In order to provide you with an overview of the essential information, we also refer to the content provided and the links provided by Facebook in this data protection notice.

Regardless of Facebook's primary responsibility, you can exercise your rights in accordance with You can also assert GDPR directly against us. We will then forward your request to Facebook using a form provided for this purpose.

The legal bases and the purposes of processing by Facebook can be found at https://www.facebook.com/about/privacy/legal_bases and https://de-de.facebook.com/policy.php .

We have a legitimate interest in being able to understand user behavior on our Facebook fan page; accordingly, the legal basis for processing the data is Art. 6 Para. 1 lit. f GDPR. In this way, it is possible for us to record the range and effectiveness of our activities such as campaigns and postings using prepared statistics. So we can - which also according to GDPR represents the purpose of processing - continuously optimize our website and our offer as required.

In particular, Facebook can process the following data:

User interaction, such as click behavior, postings, likes, viewing videos, page views, etc.
Cookies
Demographic characteristics such as age, gender, state, etc.
IP address
System and device information (browser type, operating system, etc.)

When you visit our Facebook fan page, the exact processing of your data depends on whether you have a Facebook account or not. If you have a Facebook account, Facebook can permanently assign the data to your account in order to find out more about you.

But even if you don't have a Facebook account, Facebook can save your data. This can be done through the use of cookies. This allows Facebook to save and process information about you, even without you having a Facebook account. You can find more information about Facebook cookies at https://de-de.facebook.com/policies/cookies/ .

We only receive anonymized statistics from Facebook about the use of our fan page. We can only see how many users have carried out which interactions, but not which user has carried out a specific action. The statistics of the Insights data therefore do not allow us to draw any conclusions about a specific person.

In an appendix to the information on page insights, Facebook also provides information on the technical and organizational measures taken in accordance with. Art. 32 GDPR to protect your data.

In cases of joint responsibility, you can assert your aforementioned rights directly against Facebook or us.

At https://de-de.facebook.com/policies/cookies/ you can also adjust your settings for the use of cookies. Under the sections "If you have a Facebook account" (Facebook account available) and "Public" (no Facebook account available) you will find information on how you can object to processing by Facebook.

You can determine the storage duration of the respective cookies via your browser when you display the cookies (usually by clicking on the "i" next to the address bar, e.g. in Firefox or Google Chrome).

Note on data transfer to the USA: The service provider is headquartered in the USA. In a judgment of July 16, 2020, the ECJ declared the agreement on the so-called EU-US Privacy Shield to be invalid (C-311/18).

18. Use and application of Instagram

We have integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to disseminate such data in other social networks.

The operating company for Instagram services is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland.

Every time one of the individual pages of this website is accessed, which is operated by us and on which an Instagram component (Insta button) has been integrated, the Internet browser on your system is automatically prompted by the respective Instagram component to display the corresponding component from Download Instagram. As part of this technical process, Instagram receives information about which specific subpage of our website you are visiting.

If you are logged into Instagram at the same time, Instagram recognizes which specific subpage you are visiting every time you visit our website and for the entire duration of your stay on our website. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click one of the Instagram buttons integrated on our website, the data and information transferred will be assigned to your personal Instagram user account and saved and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are logged into Instagram at the same time as you access our website; this takes place regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent the transmission by logging out of your Instagram account before visiting our website.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/ .

19. Deployment and use of the social network LinkedIn

We have integrated components of the LinkedIn Corporation on this website. LinkedIn is an internet-based social network that enables users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time you visit our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser you are using to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plugins can be found at https://developer.linkedin.com/plugins . As part of this technical process, LinkedIn gains knowledge of which specific subpage of our website you are visiting.

If you are logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website you are visiting every time you visit our website and for the entire duration of your stay on our website. This information is collected by the LinkedIn component and assigned to your LinkedIn account by LinkedIn. If you press a LinkedIn button integrated on our website, LinkedIn will assign this information to your personal LinkedIn user account and save this personal data.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged in to LinkedIn at the same time as you access our website; this takes place regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent the transmission by logging out of your LinkedIn account before calling up our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the option of unsubscribing from email messages, SMS messages and targeted advertisements, as well as managing advertisement settings. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, who can set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy . The applicable data protection provisions of LinkedIn are available at https://www.linkedin.com/legal/privacy-policy . The LinkedIn cookie policy is available at https://www.linkedin.com/legal/cookie-policy .

20. Information on Google services

We use various Google services on our website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. You will find more detailed information on the individual specific services provided by Google in the further course of this data protection notice.

By integrating the Google services, Google may collect information (including personal data) and process it. It cannot be ruled out that Google will also transmit the information to a server in a third country.

We cannot influence which data Google actually collects and processes. However, Google states that the following information (including personal data) can be processed:

Log data (especially IP address)
Location related information
Unique application numbers
Cookies and Similar Technologies

If you are logged into your Google account, Google can add the processed information to your account and treat it as personal data, depending on your account settings. You can find more information on this at https://www.google.de/policies/privacy/partners .

Google explains this:

“We may combine personal data from one service with information and personal data from other Google services. This makes it easier for you to share content with friends and acquaintances, for example. Depending on your account settings, your activities on other websites and in apps may be linked to your personal data in order to improve Google's services and advertising displayed by Google. ”( Https://www.google.com/intl/de/policies /privacy/index.html )

You can prevent this data from being added directly by logging out of your Google account or by making the appropriate account settings in your Google account.

You can also change your cookie settings (e.g. delete or block cookies, etc.).

You can find more information in Google's privacy policy: https://www.google.com/policies/privacy/ .

You can find information on Google's privacy settings at https://privacy.google.com/take-control.html .

The provision of personal data is neither required by law nor by contract and is also not required for the conclusion of a contract. You are also not obliged to provide the personal data. Failure to provide this could, however, mean that you may not be able to use some of the functions of our website or not be able to use them fully.

21. Use and application of Google Analytics for web analysis

We have integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the gathering, collection and evaluation of data on the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a person concerned came to a website (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed. A web analysis is mainly used to optimize a website and for the cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

We only use Google Analytics with activated IP anonymization ("anonymize IP"). With this addition, the IP address of your Internet connection is shortened and anonymized by Google if our Internet pages are accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show the activities on our website, and to provide other services related to the use of our website.

The legal basis for the processing of your data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a GDPR.

Google Analytics places a cookie on your system. By setting the cookie, Google is enabled to analyze the use of our website. Every time one of the individual pages of this website is accessed, which is operated by us and on which a Google Analytics component has been integrated, the Internet browser on your system is automatically prompted by the respective Google Analytics component to provide data for the purpose of online analysis to submit to Google. As part of this technical process, Google gains knowledge of personal data, such as your IP address, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission accounting.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of your visits to our website. Each time you visit our website, this personal data, including the IP address of your Internet connection, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass this personal data collected through the technical process on to third parties.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting in the internet browser used would also prevent Google from placing a cookie on your system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

You also have the option of objecting to the collection of the data generated by Google Analytics relating to the use of this website and the processing of this data by Google and to prevent this. To do this, you need to download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout . This browser add-on informs Google Analytics via JavaScript that no data or information on website visits may be transmitted to Google Analytics. The installation of the browser add-on will be considered an objection by Google. If your system is deleted, formatted or reinstalled at a later date, you must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by you or another person who is attributable to your area of control, you have the option of reinstalling or reactivating the browser add-on.

Further information and the applicable data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html . Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/ .

Revocation of your consent

We only use Google Analytics with your consent. You can revoke your consent once you have given

prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent;
Download and install the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Remove the consent from Google Analytics in the consent tool in order to prevent Google Analytics from collecting data on our website in the future. An opt-out cookie is then stored in your browser. Please note that you have to activate the opt-out cookie in every browser you use on all of your end devices and, if necessary, reactivate it if you delete all cookies in a browser.

22. Integration of Google Maps

We have integrated Google Maps on our website. This enables us to show you interactive maps directly on the website and enables you to conveniently use the map function. When you use this service, you will be shown our location and any journey will be made easier.

The operating company for the services of Google Maps is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. This happens regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account.

You can find more information about data processing by Google in the Google data protection information:

https://policies.google.com/privacy . There you can also change your personal data protection settings in the data protection center. You can view Google's terms of use at http://www.google.de/intl/de/policies/terms/regional.html . You can find additional terms of use for Google Maps at https://www.google.com/intl/de_de/help/terms_maps/ .

The legal basis for the processing of your data is your consent in accordance with. Art. 6 para. 1 sentence 1 lit. a GDPR.

Revocation of your consent

We only use Google Maps with your consent. Once you have given your consent, you can revoke it by

prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of our website to their full extent;
Deactivate your consent via our consent tool;
Deactivate JavaScript in your browser settings. In this case, however, you cannot use our website or only to a limited extent.

If you do not want the assignment in your Google profile, you must log out of Google before activating the button. Google stores your data as a usage profile and uses it for advertising, market research and / or needs-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact Google to exercise this right.

We do not collect any personal data through the integration of Google Maps.

The provision of your personal data is voluntary, based solely on your consent. However, if you prevent access, this can lead to functional restrictions on the website.

23. Legal basis for processing

In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the regulations of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act - BDSG). The BDSG contains in particular special regulations on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases including profiling. It also regulates data processing for the purpose of employment (Section 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of the individual federal states can be applied.

Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary to fulfill a contract to which the data subject is party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to processing operations that are required to carry out pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Art. 6 Para. 1 lit. c GDPR.

Ultimately, processing operations can be based on Art. 6 Para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis, if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 GDPR).

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the efficient conduct of our business activities for the benefit of our employees and our shareholders.

24. Duration of storage of personal data

We process and store your personal data only for the period necessary to fulfill the storage purpose or if this has been provided for in laws or regulations. After the purpose no longer exists or the purpose has been fulfilled, your personal data will be deleted or blocked. In the case of blocking, the deletion takes place as soon as there are no legal, statutory or contractual retention periods to the contrary and there is no reason to assume that deletion would affect your interests worthy of protection, and deletion does not cause a disproportionate effort due to the special type of storage.

Otherwise, specific criteria for the retention period are listed in the individual sections of this data protection notice.

25. Update / delete your personal information

You have the option at any time to check, change or delete the personal data made available to us by sending us an email to

info@drive-consulting.de . In this way you can also exclude the receipt of further information for the future.

You also have the right to revoke your consent at any time with effect for the future.

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other permits are no longer applicable (e.g. if the purpose of processing this data is no longer required or is no longer required for the purpose).

If the data are not deleted because they are required for other and legally permissible purposes, their processing will be limited to these purposes, ie the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

26. Legal or contractual provisions for the provision of personal data

We explain to you that the provision of personal data is in part required by law (e.g. tax regulations) or may result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the person concerned is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract with the person concerned could not be concluded.

Before the person concerned provides personal data, the person concerned must contact one of our employees. Our employee explains to the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

27. Existence of automated decision-making

As a responsible company, we do not use automated decision-making.

28. Changes to the data protection notice

Changes in the law or changes to our internal processes may make it necessary to adapt this data protection notice. We ask you to inform yourself regularly about the content of our data protection information.

Please note that the current version of the data protection notice is the valid one.

Status: 27.09.2020

Note: This data protection notice was created using a wide variety of sources, including the links given here. Current case law as well as interpretations and comments were taken into account as far as we know.

1. Definitions

2. Contact details of the data privacy officer

3. Collection of general data and information when you visit our website

4. Provision of the online offer and web hosting

5. Security Measures

6. Transmission and disclosure of personal data

7. Data processing in third countries

8. Cookies

9. Deployment and use of a cookie consent tool

10. Contact

11. Advertising communication by post, fax or telephone

12. Contact options via the website

13. Routine deletion and blocking of personal data

14. Rights of the data subject

15. Data protection in applications and in the application process

16. Use of social media plugins or links

17. Data protection information for our Facebook fan page

18. Use and application of Instagram

19. Deployment and use of the social network LinkedIn

20. Information on Google services

21. Use and application of Google Analytics for web analysis

22. Integration of Google Maps

23. Legal basis for processing

24. Duration of storage of personal data

25. Update / delete your personal information

26. Legal or contractual provisions for the provision of personal data

27. Existence of automated decision-making

28. Changes to the data protection notice

DATA PRIVACY POLICY

1. Definitions

2. Contact details of the data privacy officer

3. Collection of general data and information when you visit our website

4. Provision of the online offer and web hosting

5. Security Measures

6. Transmission and disclosure of personal data

7. Data processing in third countries

8. Cookies

9. Deployment and use of a cookie consent tool

10. Contact

11. Advertising communication by post, fax or telephone

12. Contact options via the website

13. Routine deletion and blocking of personal data

14. Rights of the data subject

15. Data protection in applications and in the application process

16. Use of social media plugins or links

17. Data protection information for our Facebook fan page

18. Use and application of Instagram

19. Deployment and use of the social network LinkedIn

20. Information on Google services

21. Use and application of Google Analytics for web analysis

22. Integration of Google Maps

23. Legal basis for processing

24. Duration of storage of personal data

25. Update / delete your personal information

26. Legal or contractual provisions for the provision of personal data

27. Existence of automated decision-making

28. Changes to the data protection notice

CONTACT

ABOUT DRIVE

SOCIAL