Data protection information
We at SPECTRUM Aktiengesellschaft would like you to know how we treat your personal data and inform you that data protection is our top priority. We always endeavour to adapt our services to the latest developments, taking into account the applicable data protection principles.
This Privacy Statement informs you about the type, scope and purpose of the collection and use of personal data by the Data Controller.
The legal basis of data protection can be found in the current version of the German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG).
This Privacy Statement explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offer and the associated websites, functions and contents as well as external online presences, e.g. our social media profiles (hereinafter jointly referred to as the “online offer”). With regard to the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
The websites of SPECTRUM Aktiengesellschaft may contain links to websites of other providers to which this Privacy Statement does not apply. We refer to the provisions on the pages of the linked websites of other providers.
We would like to expressly point out here that the use of contact data published under our imprint or comparable information such as postal addresses, telephone or fax numbers and email-addresses for the sending of information that has not been expressly solicited is prohibited. Legal action against senders of spam e-mails in violation of this prohibition is expressly reserved.
Name and address of the Data Controller
Data Protection Officer
Data Protection Officer: Mr Ulrich Wagner
SPECTRUM AG – Datenschutz
D- 70565 Stuttgart
Types of data processed
- User data (e.g. names, addresses).
- Content data (e.g. text input, photographs, videos).
- Contact information (e.g., e-mail address, phone numbers).
- Contract data (e.g. subject matter of the contract, term, customer category).
- Payment data (e.g. bank details, payment history).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
- Customer data and partner data (data from business relationships).
- Job applicant and employee data.
Processing of special categories of data (Art. 9 (1) of the GDPR)
- We do not intend to process any special categories of data unless the users provide it voluntarily and without request. This can be done in particular by entering data in online forms. We may also be required by law to process special categories of personal data, e.g. in the context of employment relationships.
Categories of Data Subjects
- Data of those expressing an interest (address data, offer data).
- Customers (address data, contact data incl. telephone, fax and e-mail data, contract data, support information including customer development, statistical data, billing and performance data).
- Employees, applicants, trainees, interns, former employees (mainly application data, details of professional career, training and qualifications); contract, user and accounting data (details of private and business address, area of activity, salary payments, name and age of relatives where relevant for social benefits, wage tax data, bank details, assets entrusted to the employee); contact information; employee status; qualifications; employee appraisals; career history; personnel management and control data; work time and terminal access data; appointment management data; data for communication, transaction processing and control; emergency contact data.
- Business partners and suppliers (address, billing and performance data), insofar as these are necessary for the fulfilment of the purpose of the processing.
Hereinafter, Data Subjects are also referred to as “users”.
Purpose of processing
In accordance with the principles of the GDPR, personal data will only be processed for a specific purpose.
- Performance of consulting and development activities with or for the customers of SPECTRUM AG and its subsidiaries (SPECTRUM group of companies) in Germany and abroad.
- Storage and data processing of personal data. Data on behalf and in the name of business partners, customers and cooperation partners in accordance with the respective agreements in force with them.
- Provision of the online offer, its contents and functions.
- Provision of contractual services, service and customer care.
- Response to contact requests and communication with users.
- Marketing, advertising and market research.
- Security measures.
- Job Applications (eRecruiting).
- Employee data processing.
Recipient or categories of recipients
“Recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party.
- Public authorities, which receive data due to legal regulations (e.g. social insurance agencies, tax authorities).
- Internal departments involved in the execution of the respective business processes (human resources management, accounting, purchasing, marketing, sales, telecommunications and IT).
- External contractors (service companies) as Data Processors.
- Other external institutions such as credit institutions (salary payments, insurance benefits).
- Contractual Parties.
Applicable legal bases
In accordance with Art. 13 of the GDPR, we inform you of the legal basis of data processing. If a legal basis is not mentioned in this Privacy Statement, the legal basis shall be deemed to be § 28 of the Federal Data Protection Act (BDSG) or, from 25 May 2018: Art. 6 (1) and Art. 7 of the European General Data Protection Regulation 2016/679 (GDPR). The legal basis for the collection of consent is Art. 6 (1) (a) and Art. 7 of the GDPR (§4a Bundesdatenschutzgesetz (BDSG) and § 51 of the new Bundesdatenschutzgesetz (BDSG neu)). The legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as the answering of inquiries is Art. 6 (1) (b) of the GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 (1) (c) of the GDPR, and the legal basis for processing for the purposes of our legitimate interests is Art. 6 (1) (f) of the GDPR. In the event that vital interests of the Data Subject or another natural person require the processing of personal data, Art. 6 (1) (d) of the GDPR acts as the legal basis.
In accordance with Art. 32 of the GDPR, we take appropriate technical and organisational measures (TOMs) to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing and the varying likelihood and severity of the risk to the rights and freedoms of natural persons. These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation.
In addition, we have established procedures that ensure the availability of data and the recognition of the rights of Data Subjects, erasure of data, and reaction to threats to the data. Procedures have also been established to regularly review, assess and evaluate the effectiveness of the TOMs.
Furthermore, we take into account the principles of privacy by design (data protection through technology design) and privacy by default (data protection-friendly default settings) in accordance with Art. 25 of the GDPR. The protection of personal data is already taken into account by us during the development and selection of hardware, software and procedures.
The transmission of data between your browser and our server takes place with the help of Secure Socket Layer (SSL) encryption. However, we would like to point out that data transmissions – especially over the Internet – are generally subject to security gaps, so that absolute protection cannot be guaranteed. For this reason, everyone is free to transmit personal data to us by alternative means, for example by telephone.
Cooperation with Data Processors
A transfer of data to third parties only takes place due to legal regulations or within the scope of contract data processing in accordance with Art. 28 of the GDPR, § 62 BDSG.
If, in the course of our processing, we disclose data to other persons and companies, transfer data to them or otherwise grant them access to the data, this is done, for example, if a transfer of the data to a third party, in accordance with the provisions of the Art. 6 (1) (b) of the GDPR is required for the fulfilment of the contract, if you have given consent in accordance with Art. 6 (1) (a) of the GDPR, if pursuant to Art. 6 1 (c) of the GDPR a legal obligation provides for this or on the basis of our legitimate interests in accordance with Art. 6 (1) (f) of the GDPR (e.g. when using agents, web hosters, etc.).
Transfer to third countries
If SPECTRUM processes data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of the use of third party services or disclosure or transfer of data to Third parties, this will only happen if it is done for the fulfilment of our contractual or pre-contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we only process the data in a third country or have the data processed in a third country if the particular requirements of Art. 44 ff. of the GDPR are met. Processing is thus carried out, for example, on the basis of an adequacy decision pursuant to Art. 45 of the GDPR, on the basis of appropriate safeguards within the meaning of Art. 46 of the GDPR and insofar as enforceable rights and legal remedies result from this. This is the case, for example, when an EU-approved level of data protection is established, such as for the USA through the “Privacy Shield” or when officially recognised special contractual obligations (“standard contractual clauses”) are observed. Within the Group as a whole, binding corporate rules will be applied to ensure compliance with an appropriate level of protection.
Rights of the Data Subject
You have the legal rights under Art. 12 ff. of the GDPR.
Any Data Subject shall have the right of access under Art. 15 of the GDPR, the right to correction under Art. 16 of the GDPR, the right to erasure under Art. 17 of the GDPR, the right to restriction of processing under Art. 18 of the GDPR, the right to object under Art. 21 of the GDPR and the right to data transfer (portability) under Art. 20 of the GDPR. The restrictions according to paras. 34 and 35 of the German Federal Data protection law (BDSG – new version) apply to the right to access and the right to erasure.
Without prejudice to any other administrative or judicial remedy, any Data Subject shall have the right to lodge an appeal with a supervisory authority in accordance with Art. 77 of the GDPR in connection with § 19 BDSG (new). The competent data protection supervisory authority is:
The State Commissioner for Data Protection and Freedom of Information (Landesbeauftragte für den Datenschutz und die Informationsfreiheit) Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany
Königstraße 10a, 70173 Stuttgart, Germany
Phone: +49 (0)711/61 55 41 – 0
Fax: +49 (0) 711/61 55 41 – 15
Requirement to provide personal data
In the context of our business relationship, you must provide those items of personal data that are necessary for the establishment and implementation of a business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without these items of data, we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.
Cookies and right of objection to direct advertising
Please note that in this case not all functions of this online offer can be used.
Erasure of data
We will take account of requests for erasure in accordance with Art. 17 of the GDPR or for limitation of the processing in accordance with Art. 18 of the GDPR.
Unless expressly stated in this data protection policy, the data stored by us will be erased as soon as it are no longer required for its intended purpose and the erasure does not conflict with any statutory retention obligations.
Unless expressly stated in this Privacy Statement, an erasure can be legally rejected despite the existence of the above-mentioned reason for erasure if SPECTRUM has a legitimate interest in the further use of the data. This may be the case in particular if the ongoing processing or storage is necessary to fulfil a statutory retention obligation and if there is a legal obligation (Art. 17 (3) (b) of the GDPR) not to erase the data. If the data is not erased because it is necessary for other and legally permissible purposes, the processing of the data will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or if they are subject to other retention obligations.
In particular, pursuant to legal requirements in Germany, retention lasts for 6 years pursuant to § 257 para. 1 of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) as well as for 10 years pursuant to § 147 para. 1 AO (Abgabenordnung – tax law/German Tax code)(books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.). For all other countries, the retention period is not explicitly stated; here, retention takes place in accordance with the legal requirements. The erasure time-limit results from the retention period plus a reasonable period for carrying out the erasure. This is then the “standard erasure period”.
Provision of contractual services – customer and partner data
Sources and data categories
SPECTRUM processes personal data that we receive from you within the context of our business relationship.
If and insofar as this is necessary for the provision of our services, we process personal data which we have legitimately received from third parties (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of a consent given by you).
We process personal data that we have legitimately obtained and may process from publicly accessible sources (e.g. press, media, Internet and the Handels- und Vereinsregister (register of commerce and associations)). Relevant personal data are user data (name, address and other contact data, date and place of birth and nationality) and identification data (e.g. identity card data). In addition, this may also include contract data (e.g. order data, product data), data from the fulfilment of our contractual obligations (e.g. sales, ), creditworthiness data, scoring/rating data, advertising and sales data (including advertising scores), documentation data (e.g. from documented conversations), data about your use of our offered telemedia (e.g. time of calling up our websites, apps or newsletters, clicks or entries on our pages) as well as other data comparable with the categories mentioned (e.g. profiling).
Purpose of processing and legal basis
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as set out in more detail below:
For the fulfilment of (pre)contractual obligations (Art. 6 (1) (b) of the GDPR)
The processing of personal data (Art. 4 (2) of the GDPR) takes place for the performance of our obligation deriving from customer contracts with you, in particular for the execution of our contracts or pre-contractual measures with you and the execution of your orders as well as all activities necessary for the operation and administration of our Company.
The purposes of the data processing depend primarily on the specific product or service (e.g. order, framework agreement).
Further details on the purpose of the data processing can be found in the respective contractual documents and the terms and conditions.
Within the framework of the balancing of interests (Art. 6 (1) (f) of the GDPR)
SPECTRUM may also use your data on the basis of a balance of interests for the purpose of our legitimate interests or those of third parties.
This is done in particular for the following purposes:
- As an aid to customer advice and support and sales
- General business management and further development of services, products and systems
- Fulfilment of internal requirements and the requirements of our affiliated companies
- Ensuring IT security and operation
- Advertising, market and opinion research
- Assertion of legal claims and mounting a defence in legal disputes
- Crime prevention and investigation, risk management and fraud prevention
Our interest and that of the additional Data Controllers in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, distribution, and avoidance of legal risks).
As far as the specific purpose permits, we and the additional Data Controllers will process your data in pseudonymised or anonymised form.
On the basis of your consent (Art. 6 (1) (a) of the GDPR)
If you give us your consent to process your personal data for certain purposes (e.g. passing on data within the group, use of your e-mail address or also advertising about similar services), the legality of this processing is given on the basis of your consent. Your current consent is the legal basis for the aforementioned processing. You can withdraw the consent given to us at any time. This also applies to the withdrawal of declarations of consent given to us before 25 May 2018. Please note that such withdrawal is only with future effect. Processing that took place before the withdrawal is not affected by this.
Due to legal requirements (Art. 6 (1) (c) of the GDPR)
We are subject to various legal obligations, i.e. statutory requirements (e.g. terrorist list regulations, money laundering laws, tax laws) on the basis of which we are legally obliged to process personal data. The purposes of processing include the prevention of fraud and money laundering, the fulfilment of tax and criminal law monitoring and reporting obligations to law enforcement authorities and the assessment and management of risks.
Rules on the use of data
Your personal data will only be disclosed to the following recipients or categories of recipients:
- Service providers for the supply and settlement of the contract;
- Credit institutions and providers of payment services for settlements and the processing of payments;
- Service providers for the operation of the IT infrastructure, for printing bills and subscriber/customer information letters,as well as for the retention and destruction of files;
- Public authorities in justified cases (e.g. social insurance agencies, tax authorities, police, public prosecutor’s office, supervisory authorities);
- credit agencies and scoring providers for credit information and assessment of credit risk;
- Collection service providers and lawyers to collect claims, in which case we will inform you before the intended transfer.
Within our Company and within the additional Data Controllers, the departments that receive your data are those that need it to fulfil their contractual and legal obligations or to fulfil their respective tasks (e.g. sales and marketing).
In addition, the following recipients may receive your data:
- Data Processors appointed by us (Art. 28 of the GDPR, § 62 BDSG new), especially in the areas of IT services, logistics and printing services, which process your data on our behalf in accordance with our instructions,
- public bodies and institutions (e.g.) in the event of a legal or official obligation,
- our current officers, employees, representatives, agents,
- auditors, service providers and any subsidiaries or group companies (and their respective officers, employees, consultants, representatives, agents),
- specialised companies under contractual agreements for the use of cloud solutions that can use processing centres located within the European Union or abroad (in particular in the United States),
- other bodies for which you have given us your consent to the transfer of data.
Storage of data
SPECTRUM processes and stores your personal data from the point of view of its necessity throughout the business relationship. The processing and storage can also include the initiation and processing of contractual matters.
The data can also be stored in our web-based 1CRM (Customer Relationship Management System) or comparable systems / applications. Further information on the use of data by 1CRM, setting and objection options can be found on the websites of 1CRM: https://1crm-system.de/datenschutz/
It should be noted that our business relationship is usually a long-term debt relationship that is designed to run for years.
In addition, we are subject to various retention and documentation obligations, which derives, among other things, from the German Commercial Code (HGB) or the Tax Code (AO). The period for retention and documentation specified in these regulations can range from two to ten years. Finally, the retention period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) may as a rule be 3 years, but in certain cases also up to thirty years. If necessary, your personal data will be processed for the duration of the business relationship, which also includes the initiation and processing of a contract. In addition, we are subject to various retention and documentation obligations. The retention and documentation periods specified there are implemented according to their provisions.
Profile development (scoring)
SPECTRUM processes your data partially automatically with the aim of evaluating certain personal perspectives (so-called “profiling” as referred to in Art. 4(4) of the GDPR). Profiling is used, for example, to determine your potential interest in products and services. This evaluation is based on statistical procedures using current customer data and data from the past. We use the results to address you in a more needs- and target-oriented way, as well as an aid in consulting, support and sales. When assessing your creditworthiness, we may use the scoring of credit agencies. The probability that customers will meet their payment obligations in accordance with the contract is calculated. Scoring is based on mathematically and statistically recognised and proven methods. The calculated score values of the credit agencies support us in making decisions and are included in the ongoing risk management of our Company.
When you contact us by e-mail, fax, post or telephone, the data you provide will be stored by us in order to answer your questions. A valid e-mail address, fax or telephone number, or postal address is required so that we know who sent the request and can respond to it. Data processing for the purpose of establishing contact and initiating business with us is generally based on your voluntary consent (Art. 6(1) (a) of the GDPR) We will erase the data collected in this context after its storage is no longer required, or otherwise limit its further processing if we are required by law to continue retaining it.
Recruitment, job applicant and employee data
The recruitment process covers a not insignificant core area of our work, so that we can carry out this process on the basis of consent within the meaning of Art. 6 (1) (a) of the GDPR.
Within the recruitment process, we use special recruitment software (eRecruiter). If you voluntarily provide us with your data, the data will be stored in accordance with the Privacy Statement and on the basis of your voluntary consent. Your consent given in individual cases pursuant to Art. 6 (1) (a) of the GDPR as well as according to Art. 28 of the GDPR, § 62 BDSG new is the legal basis for the mentioned processing.
Further information is available at: https://www.erecruiter.net/nutzungsbedingungen-datenschutz/
The provisions applicable to employment relationships also allow the processing of personal data of employees for purposes connected with the employment relationship, if this is necessary for hiring decisions or, after hiring, to process or terminate the employment contract or to comply with the rights and obligations of employee representatives provided for by law or collective agreements or other agreements between the employer and a works council. Further information can be found in § 26 BDSG (new).
Job applicant data
Personal data necessary for the creation, execution and termination of the employment contract may be processed for the employment relationship. See among other things § 26 BDSG (new). Thus, the personal data of job applicants may also be processed during the initiation of an employment relationship. We process your data further in order to offer you precisely tailored employment opportunities. This is only about data that is relevant to this process.
Implementation and termination of an employment relationship: Personal data may therefore also be processed in the implementation and termination of an employment relationship. The regulations on data processing during the execution and termination of the employment relationship also derive from the employment contract regulations. Full inspection can take place before the start of the employment relationship via the corresponding personnel department.
Data processing on the basis of a legal permit
In addition, data processing is permissible on the basis of a legal permit if state legislation requires, presupposes or even demands the data processing.
Data processing on the basis of consent
Personal data of the employee can also be processed if the employee has given his or her consent, which complies with legal requirements.
Automated decision-making in an employment context, personality profiles
Only an evaluation by a natural person is carried out in order to prevent possible wrong decisions. A possible individual decision result is communicated to the Data Subject, who is given the opportunity to submit an opinion.
Although human decisions are currently involved in all our recruitment activities, we will use fully automated technologies, such as expert systems or machine learning, for the entire selection process of our candidates in accordance with all local laws and regulations.
We may ask for your consent for some or all of these measures. If you do not consent to the profiling process, your application will continue to be reviewed manually for positions you are applying for, but your profile will not automatically be considered for alternative positions.
The Company provides telephone systems, e-mail addresses, intranet and Internet as well as internal social networking opportunities for the fulfilment of operational tasks. Use within the framework of the applicable legal provisions and the Company’s internal policies is permitted. If permission for private use is available, the Company’s internal guidelines must be observed in this context.
Event-related personal evaluations can be carried out if there is a concrete, justified suspicion of a violation of laws or
Company policies. In such cases, the Data Protection Officer shall be involved.
When accessing the SPECTRUM website, the servers automatically store various data about the accessing system. This includes the type of browser used, the browser version, the operating system used, the website from which the SPECTRUM website was accessed, the accessed sub-pages of the SPECTRUM website, the date and time of access, the Internet protocol address (IP address), the Internet service provider and data comparable with this data.
SPECTRUM uses this data to make the website accessible, to identify and correct any technical problems that may occur, and to prevent and, if necessary, track any misuse of our services. In addition, SPECTRUM uses this data in anonymous form, i.e. without the possibility of identifying the user, for statistical purposes and to improve the websites.
The legal basis for the processing of these data is § 15 Abs. 1 of the Telemedia Act (TMG)/Art. 7 (f) of Directive 95/46/EC and from 25 May 2018: Art. 6 (1) sub-paragraph 1 (f) of the GDPR.
We will ask for your consent to send you promotional materials to a business mailing address or e-mail address as required by applicable local laws and regulations.
In future, the basis for assessing the admissibility of advertising, with the exception of consent pursuant to Art. 6 (1) (a) of the GDPR, will be a balancing of interests in accordance with Art. 6 (1) (f) of the GDPR. The starting point for the decision on the balancing of interest is Recital No. 47 of the GDPR, such as the customer’s existing use of our services. Of course, you are free to object to advertising and the associated processing of your customer data (Art. 21 (2) of the GDPR).
SPECTRUM recognises the importance of protecting children’s privacy, particularly with regard to Internet communications. This website is not intended for minors, i.e. persons under the age of 18, and is not intended to address them or to request or collect personal data. According to Art. 8 of the GDPR, minors may only give their consent from the age of 16. Country-specific regulations on the ability of individual countries (EUR/third countries) to give their consent must be observed.
Comments and posts
If users leave comments or other posts, their IP addresses will be stored on the basis of our legitimate interests within the meaning of Art. 6 (1) (f) of the GDPR.
This takes place for our security, in case someone leaves illegal contents in comments and posts (insults, forbidden political propaganda, etc.). In this case, we ourselves could be prosecuted for the comment or post and are therefore interested in the identity of the author.
Integration of services and content from third parties
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online offer within the meaning of Art 6 (1) (f) of the GDPR), our offer also includes the content, services and performances of other providers (so-called third party providers). In order for these data items to be called up and displayed in the user’s browser, the transmission of the IP address is absolutely necessary. The third party providers therefore become aware of the IP address of the respective user.
Although we make every effort to use only third-party providers who only need the IP address to deliver content, we have no influence on whether the IP address may be stored. In this case, this process is used for statistical purposes, among other things. If we have knowledge that the IP address is stored, we point this out to our users.
Stock Image Providers: iStock / Shutterstock / Fotolia – Use with Third-Party Providers
Online presence in social media
We maintain online presences within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When calling up the respective networks and platforms (also via the links set by us), the terms and conditions and the data processing guidelines of their respective operators apply. We maintain the following online presences:
Unless otherwise stated in our Privacy Statement, we process the data of users who communicate with us within social networks and platforms, e.g. write posts on our websites or send us messages.
Cookies & Audience Reach measurement
In order to make your visit to our website more pleasant, and to enable you to use certain functions, we use “cookies” on certain pages.
These are small text files that are stored on your end device. Cookies can be used to determine whether there has already been communication from your computer to our sites. Some of the cookies we use are erased after the browser session, that is, after you close your browser (known as session cookies). Other cookies remain on your end device and enable us and our partner companies to recognise your browser on your next visit (long-term cookies). Only the cookie on your end device is identified. Personal data can be stored in cookies if you have consented or if this is technically absolutely necessary, e.g., to enable a protected login.
Cookies cannot be used to access other files on your computer or to determine your e-mail address. The legal basis for processing personal data using cookies is Art. 6 (1) sub-paragraph (1) (f) of the GDPR.
Cookies are stored on your end device and you have full control over their use. You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our websites, you may no longer be able to use all functions of the websites to their full extent.
We use “session cookies”, which are only stored on our website for the duration of your current visit (e.g. to store your login status). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close your browser, for example.
If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies already saved can be deleted in the system settings of the browser at any time. The exclusion of cookies can lead to functional restrictions of this online offer.
You can use your browser settings to delete individual cookies or the entire cookie inventory. In addition, you will receive information and instructions on how these cookies can be deleted or their storage blocked in advance, depending on the provider of your browser, at the following links:
The data entered during registration, e.g. in the SPECTRUM Career Portal (JOBS), will be used for the purpose of using the offer. The user can be informed via e-mail about the offer or information that is relevant to the registration, such as changes to the scope of the offer, or technical circumstances. The data collected are shown in the input fields during the registration process.
- Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- On our behalf, Google will use this information to evaluate the use of our online offering by the user, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and the Internet. Pseudonymous usage profiles of users may be created from the processed data in this respect.
- We also use Google Analytics to display advertisements placed by Google and its partners within advertising services only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined by the web pages visited) that we transmit to Google (known as “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we would also like to ensure that our advertisements correspond to the potential interest of the users and are not annoying.
- We use Google Analytics only with activated IP anonymisation. This means that the IP address of the user is shortened by Google within the member states of the European Union or in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there.
- For further information on data usage by Google, setting and blocking options, please see the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), https://policies.google.com/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.com/authenticated (“Control the information Google uses to show you ads”).
Google-Re/Marketing Services/Google Marketing Platform
- Based on our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offering within the meaning of art. 6 para. 1 lit. f. GDPR), we use marketing and re-marketing services (“Google Marketing Services” for short) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
- Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- The Google marketing services allow us to target ads for and on our site in order to present users only with ads that potentially match their interests. For example, if a user sees ads for products he/she has been interested in on other websites, this is referred to as “re-marketing”. For these purposes, when our and other websites on which Google marketing services are active are accessed, Google directly executes a code from Google and (re-)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. These store a unique cookie (a small file) on the user’s device. Comparable technology may also be used instead of cookies. Cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file it is noted which websites the user visits, which content he/she is interested in and which offers he/she has clicked on, along with technical information about the browser and operating system, referring websites, visiting time as well as further information about the use of the online offering. The IP address of the users is also recorded, whereby we give notice within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other signatory states of the European Economic Area Agreement. Only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there. The IP address is not combined with other data Google has about the user. The above information may also be linked by Google to such information from other sources. If the user subsequently visits other websites, the ads tailored to his/her interests can be displayed.
- User data is processed pseudonymously for Google marketing services. This means that Google does not store and process, for example, the names or email addresses of users, but rather processes the relevant data related to the cookie within pseudonymous user profiles. This means that, from Google’s point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymisation. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.
- The Google marketing services we use include the online advertising program “Google Ads”, also previously known as “Google Adwords”. Google Ads is a service for providing Internet advertising in the form of ads. Google Ads gives us the ability to reach customers via text-based search network ads, graphics-based display network ads, YouTube video ads or mobile in-app ads. The ads appear as search results in search engine results or in the Google advertising network. We define certain keywords using Google Ads. Google plays out our ads in search engine results when you use Google’s search engine to retrieve a search result that matches the keyword. Our ads appear on websites dealing with relevant topics across the Google advertising network. If you click on one of the ads, you will be redirected to the website we advertise. Google Ads sets a cookie (“conversion cookie”) in this case. Both Google and we can use this information to find out whether you came to our site via our ad and whether you have taken any further action here, such as purchasing something, using a contact form or calling us. For this purpose, the pages you visit, including your IP address, are collected by the cookie which has been set and transferred to Google servers in the USA. Google evaluates this data to produce a report with statistical statements about the number of visitors generated by the advertising and the success of the advertising measure. This enables us to optimise our ads. Additional information transmitted is not assigned to the IP address by Google and is not linked to it. Google may share this information with third parties. Beyond what is described above, we do not receive any information/data about the people who click on our ads.
- We can also use the “Google Optimizer” service. Google Optimizer allows us to track the effects of various changes to a website (e.g. changes to input fields, design, etc.) within the framework of so-called “A/B testing”. Cookies are stored on the user’s devices for these test purposes. Only pseudonymous user data is processed in this regard.
- We can also use the “Google Tag Manager” to integrate Google analysis and marketing services into our website and manage them.
- If you wish to object to interest-based advertising by Google marketing services (see also general information “Cookies and right of objection” above), you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
- You can prevent cookies from being stored by setting this in your browser. Cookies that have already been stored can be deleted in your browser. You can also object to the use of interest-based advertising by opening the following link and manually deactivating the corresponding options http://www.google.com/ads/preferences.
- You can also deactivate interest-based advertising here by setting this under the following link http://www.aboutads.info/choices.
- Further information on data use by Google and in particular Google Ads, setting and objection options can be found on the Google websites: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when using our partners’ websites or apps”), https://policies.google.com/technologies/ads (“Use of data for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information Google uses to show you advertisements”), https://ads.google.com/intl/en_en/home/ and earlier https://adwords.google.com/intl/de_en/home/ (” Advertise on Google”) and https://policies.google.com/privacy?hl=en&gl=en
- Our website uses the pixel counting technology of Wiredminds GmbH (www.wiredminds.de) to analyse visitor behaviour. Data may be collected, processed and stored, and used to create usage profiles under a pseudonym. Where possible and practical, these usage profiles are completely anonymous. Cookies may be used for this purpose. Cookies are small text files that are stored in the visitor’s Internet browser and serve to recognise the Internet browser. The collected data, which may also contain personal data, are transmitted to Wiredminds or collected directly by Wiredminds. Wiredminds may use information left behind by visits to the websites to create anonymous user profiles. The data acquired in this process will not be used to personally identify any visitor to the website without the explicit consent of the Data Subject, and it is not linked to any personal data relating to the bearer of the pseudonym. If IP addresses are recorded, they are made anonymous immediately by deleting the last number block.
- For more information on the use of data for marketing purposes by Wiredminds, see the overview page https://www.wiredminds.de/datenschutz/
- By clicking on the following link, you can object to the further and future recording of your visitor session for web analysis. This function is cookie-based and therefore browser-dependent.
Exclude from Website-Tracking
Currently we do not use a newsletter. Where applicable, you can subscribe to newsletters on our website. For a registration for our newsletter, we need the following required: First name and Last name, your e-mail address. We will automatically send an e-mail to the e-mail address provided, asking you to confirm your subscription to the newsletter by clicking on a link. The clicking on this link and the calling up the corresponding website will be recorded. When you receive newsletters from us, the opening of the newsletter and the clicking on links in the newsletter are recorded in order to be able to adapt the newsletter even better to your usage behaviour. The legal basis for our use of your above data is Art. 6 (1) (a) of the GDPR) You can send SPECTRUM AG the withdrawal of your consent to receiving the newsletter, free of charge, with effect for the future, at any time, e.g. via the “Unsubscribe” link contained in every newsletter or via the e-mail address: email@example.com
Updates of data protection
This Privacy Statement is valid as of 24 May 2018. It may be necessary to change this Privacy Statement as a result of further development of our website and offering, or due to changes in statutory or regulatory requirements. The current Privacy Statement can be requested from us at any time.
Right of Withdrawal
You have the right to revoke your consent according to Art. 7 (3) of the GDPR with effect for the future at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018. Please note that such withdrawal is only with future effect. Processing that took place before the withdrawal is not affected by this. If you would like to make use of your right of withdrawal, this is possible without formality; for example, an e-mail to firstname.lastname@example.org is sufficient.
Right to Object
You have the right at any time to object to the processing of personal data concerning you (e.g. data processing on the basis of a balance of interests pursuant to Art. 6 (1) (f) of the GDPR or data based on profiling for customer advice, customer care and for marketing purposes within the meaning of Art. 4 (4) of the GDPR or in the context of direct advertising pursuant to Art. 21 of the GDPR).
If you object, the personal data that concerns you will no longer be processed, unless legitimate grounds for the processing can be proved, which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.