You can contact us as follows for your data protection concerns and to exercise your rights in accordance with section 13:

Wagner Switzerland AG
Altgraben 31
4624 Härkingen
Phone: +41 58 201 22 30
E-mail: info@wagner-schweiz.ch

Data protection representative in the EU pursuant to Art. 27 GDPR

WAGNER Group GmbH
Schleswigstrasse 1-5
30853 Langenhagen
Joachim Cors
Phone: +49 511 97383 203
E-Mail: datenschutz@wagner.de

We process various categories of data about you. The main categories are as follows:

• Technical data: When you use our website or other electronic offers (e.g. free WLAN), we collect the IP address of your end device and other technical data to ensure the functionality and security of these offers. This data also includes logs in which the use of our systems is recorded. We generally store technical data for 6 months. To ensure the functionality of these offers, we can also assign you or your end device an individual code (e.g. in the form of a cookie, see section 9). The technical data itself does not allow any conclusions to be drawn about your identity. However, in the context of user accounts, registrations, access controls or the processing of contracts, they can be linked to other data categories (and thus possibly to your person).
• Registration data: Certain offers, e.g. of competitions and services (e.g. login areas of our website, newsletter dispatch, free WLAN access, etc.) can only be used with a user account or registration, which can be done directly with us or via our external login service providers. In doing so, you must provide us with certain data and we collect data on the use of the offer or service. Registration data may be collected during access controls to certain systems; depending on the control system, biometric data may also be collected. As a rule, we retain registration data for 12 months after the end of use of the service or the termination of the user account. 
• Communication data: If you are in contact with us via the contact form, by e-mail, telephone or chat, by letter or by other means of communication, we record the data exchanged between you and us, including your contact data and the marginal data of the communication. If we record or listen in on telephone conversations or video conferences, e.g. for training and quality assurance purposes, we will make you aware of this. Such recordings may only be made and used in accordance with our internal guidelines. You will be informed if and when such recordings take place, e.g. by a display during the relevant video conference. If you do not wish to be recorded, please let us know or end your participation. If you simply do not wish your image to be recorded, please switch off your camera. If we want or need to establish your identity, e.g. if you request information, apply for media access, etc., we will collect data to identify you (e.g. a copy of your ID). As a rule, we store this data for 12 months from the last exchange with you. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. E-mails in personal mailboxes and written correspondence are generally stored for at least 10 years. Recordings of (video) conferences are generally stored for 24 months. Chats are generally stored for 2 years.
• Master data: We define master data as the basic data that we require in addition to the contract data (see below) for the processing of our contractual and other business relationships or for marketing and advertising purposes, such as name, contact details and information, e.g. about your role and function, your bank account(s), your date of birth, customer history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a customer or other business contact or work for one (e.g. as a contact person of the business partner), or because we want to contact you for our own purposes or the purposes of a contractual partner (e.g. as part of marketing and advertising, with invitations to events, with vouchers, with newsletters, etc.). We receive master data from you yourself (e.g. when you make a purchase or register), from bodies for which you work or from third parties such as our contractual partners, associations and address dealers and from publicly accessible sources such as public registers or the internet (websites, social media, etc.). We generally store this data for 10 years from the last exchange with you, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. In the case of pure marketing and advertising contacts, the period is normally much shorter, usually no more than 2 years from the last contact.
• Contract data: This is data that arises in connection with the conclusion or processing of a contract, e.g. information about contracts and the services to be provided or provided, as well as data from the run-up to the conclusion of a contract, the information required or used for processing and information about reactions (e.g. complaints or information on satisfaction, etc.). We generally collect this data from you, from contractual partners and from third parties involved in the execution of the contract, but also from third-party sources (e.g. providers of creditworthiness data) and from publicly accessible sources. As a rule, we store this data for 10 years from the last contractual activity, but at least from the end of the contract. This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons.
• Behavioral and preference data: Depending on the relationship we have with you, we try to get to know you and better tailor our products, services and offers to you. To do this, we collect and use data about your behavior and preferences. We do this by evaluating information about your behavior in our area, and we may also supplement this information with information from third parties, including from publicly accessible sources. Based on this, we can, for example, calculate the probability that you will use certain services or behave in a certain way. Some of the data processed for this purpose is already known to us (e.g. when you use our services), or we obtain this data by recording your behavior (e.g. how you navigate our website). We anonymize or delete this data when it is no longer relevant for the purposes pursued, which may be 24 months (for product and service preferences). This period may be longer if this is necessary for reasons of proof or to comply with legal or contractual requirements or for technical reasons. We describe how tracking works on our website in section 9.
• Other data: We also collect data from you in other situations. In connection with official or court proceedings, for example, data is collected (such as files, evidence, etc.) that may also relate to you. We may also collect data for health protection reasons (e.g. as part of protection concepts). We may receive or produce photos, videos and audio recordings in which you may be recognizable (e.g. at events, through security cameras, etc.). We may also collect data about who enters certain buildings or has corresponding access rights and when (including during access controls, based on registration data or visitor lists etc.), who takes part in events or campaigns (e.g. competitions) and when, or who uses our infrastructure and systems and when. The retention period for this data depends on the purpose and is limited to what is necessary. This ranges from a few days for many of the security cameras and usually a few weeks for contact tracing data to visitor data, which is usually stored for 3 months, to reports on events with images, which can be stored for several years or longer.

You provide us with much of the data mentioned in this Section 2 yourself (e.g. via forms, in the context of communication with us, in connection with contracts, when using the website, etc.). You are not obliged to do so, subject to individual cases, e.g. in the context of binding protection concepts (legal obligations). If you wish to conclude contracts with us or claim services, you must also provide us with data as part of your contractual obligation in accordance with the relevant contract, in particular master data, contract data and registration data. When using our website, the processing of technical data is unavoidable. If you wish to gain access to certain systems or buildings, you must provide us with registration data. In the case of behavioral and preference data, however, you always have the option of objecting or not giving your consent.

Insofar as this is not inadmissible, we also obtain data from publicly accessible sources (e.g. debt collection registers, land registers, commercial registers, media or the Internet including social media) or receive data from other companies within our group, from authorities and from other third parties (such as credit agencies, address dealers, associations, contractual partners, Internet analysis services, etc.).

The small black icon on the edge of the screen gives you the option to revalidate the data protection settings.

We process your data for the purposes explained below. Further information for the online area can be found in Section 9. These purposes and the underlying objectives represent legitimate interests of us and, where applicable, of third parties. You will find further information on the legal basis of our processing in Section 5.
We process your data for purposes in connection with communication with you, in particular to respond to inquiries and assert your rights (section 13) and to contact you in the event of queries. In particular, we use communication data and master data for this purpose and, in connection with offers and services used by you, also registration data. We retain this data in order to document our communication with you, for training purposes, for quality assurance and for follow-up questions.

We process certain data for the establishment, administration and processing of contractual relationships.

We process data for marketing purposes and to maintain relationships, e.g. to send our customers and other contractual partners personalized advertising about our products and services and those of third parties (e.g. advertising contractual partners). This may, for example, take the form of newsletters and other regular contacts (electronically, by post, by telephone), via other channels for which we have contact information from you, but also as part of individual marketing campaigns (e.g. events, competitions, etc.) and may also include free services (e.g. invitations, vouchers, etc.). You can refuse such contacts at any time (see the end of this section 3) or refuse or revoke your consent to being contacted for advertising purposes. With your consent, we can target our online advertising on the Internet more specifically to you (see section 9).  

We continue to process your data for market research, to improve our services and operations and for product development.

We may also process your data for security purposes and for access control.

We process personal data to comply with laws, instructions and recommendations from authorities and internal regulations ("compliance").

We also process data for the purposes of our risk management and in the context of prudent business management, including business organization and business development.
We may process your data for other purposes, e.g. as part of our internal processes and administration or for training and quality assurance purposes.

If we ask for your consent for certain processing (e.g. for the processing of particularly sensitive personal data, for marketing mailings, for advertising control and behavioral analysis on the website), we will inform you separately about the corresponding purposes of the processing. You can withdraw your consent at any time with effect for the future by sending us written notification (by post) or, unless otherwise stated or agreed, by email; our contact details can be found in section 2. For the withdrawal of your consent to online tracking, see section 12 et seq. If you have a user account, you may also be able to withdraw your consent or contact us via the website or other service in question. Once we have received notification of the withdrawal of your consent, we will no longer process your data for the purposes to which you originally consented, unless we have another legal basis for doing so. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Where we do not ask for your consent for processing, we base the processing of your personal data on the fact that the processing is necessary for the initiation or execution of a contract with you (or the body you represent) or that we or third parties have a legitimate interest in it, in particular in order to pursue the purposes and associated objectives described above under Section 4 and to be able to carry out corresponding measures. Our legitimate interests also include compliance with statutory provisions, insofar as this is not already recognized as a legal basis by the applicable data protection law. However, this also includes the marketing of our products and services, the interest in better understanding our markets and the secure and efficient management and further development of our company, including its operations.

If we receive sensitive data (e.g. health data, information on political, religious or ideological views or biometric data for identification purposes), we may also process your data based on other legal grounds, e.g. in the event of disputes due to the necessity of processing for any legal proceedings or the enforcement of or defense against legal claims. In individual cases, other legal grounds may apply, which we will communicate to you separately if necessary.

We may automatically evaluate certain of your personal characteristics for the purposes stated in Section 4 using your data (Section 3) ("profiling") if we want to determine preference data, but also to determine risks of misuse and security risks, to carry out statistical evaluations or for operational planning purposes. For the same purposes, we can also create profiles, i.e. we can combine behavioral and preference data, but also master and contract data and technical data assigned to you in order to better understand you as a person with your different interests and other characteristics.
In both cases, we pay attention to the proportionality and reliability of the results and take measures to prevent misuse of these profiles or profiling. If these can have legal consequences or significant disadvantages for you, we always provide for a manual review.

The personal data you provide will be collected and processed for the purpose of deciding on the establishment of an employment relationship in accordance with Art. 6 para. 1 subpara. 1 lit. b) GDPR and the DSG. The provision of your personal data is necessary for the handling of the application process and for the decision on the establishment of an employment relationship.

If you do not provide your data, we will unfortunately not be able to consider you for a vacancy. Automated decision-making is not carried out.

In order to assess your documents, they will be forwarded to the responsible employees in the HR department and to the responsible contact persons in the respective specialist departments for which the application is intended.

A transfer to a third country or other international organization of the personal data provided by you does not take place and is not planned.

Your application documents will be stored by us for the duration of the application process and kept for a further 3 months so that we can answer any subsequent questions you may have. After this period, the documents will be deleted. Documents sent by post will be returned or destroyed at the end of the 3-month period.

We will only store your data for 12 months after receipt of your express consent to use our talent pool in order to inform you during this period about vacancies within our company that may be of interest to you. After this period, the documents will be deleted.

Furthermore, you are entitled to all the rights of data subjects described above. If you wish to exercise these rights, please contact our data protection officer.

We use technical and organizational security measures to protect the personal data you provide to us from manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved and adapted in accordance with the state of the art. It cannot be ruled out that unencrypted data transmitted by you may be viewed by third parties during transmission. We would like to point out that data transmission via the Internet (e.g. communication by e-mail) cannot be guaranteed to be completely secure. Sensitive data should therefore either not be transmitted via the Internet at all or only via a secure connection (SSL).

Consent to the processing of personal data can only be given by a person of legal age. For information society services, the consent of a child is permitted from the age of sixteen in accordance with Art. 8 GDPR.

We use various technologies on our website with which we and third parties engaged by us can recognize you when you use our website and, under certain circumstances, track you over several visits. We will inform you about this in this section.

In essence, we want to be able to distinguish between access by you (via your system) and access by other users so that we can ensure the functionality of the website and carry out evaluations and personalization. We do not want to draw conclusions about your identity, even if we can, insofar as we or third parties engaged by us can identify you by combining this with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognized as an individual visitor each time you visit the site, for example by our server (or the servers of third parties) assigning you or your browser a specific identification number (so-called "cookie").

We use such techniques on our website and allow certain third parties to do the same. However, depending on the purpose of these techniques, we may ask for your consent before using them. You can access your current settings every time. You can program your browser to block, deceive or delete existing cookies or alternative technologies. You can also add software to your browser that blocks tracking by certain third parties. You can find more information about this on the help pages of your browser (usually under the heading "Data protection") or on the websites of the third parties listed below.

A distinction is made between the following cookies (technologies with comparable functions such as fingerprinting are also meant here):

9.1 Technically necessary cookies (session cookies)

We use technical cookies on our website to make the website more user-friendly. In order to use the full functionality of our website, it is therefore necessary for technical reasons to allow session cookies.

The purpose of using such cookies is to enable you to use the website in a simplified and more user-friendly manner. It is therefore necessary for the browser to be able to identify you even after a page change.

The data is not used to create a user profile for you. If you block them, the website may not work. Other cookies are necessary so that the server can store decisions or entries made by you beyond a session (i.e. a visit to the website) if you use this function (e.g. selected language, consent given, function for automatic log-in, etc.). These cookies have an expiry date of up to 24 months.

9.2 Cookies for evaluation (tracking cookies)

In addition to the use of technical cookies, tracking cookies are used on this website. Cookies are text files that are stored on your computer and enable your use of the website to be analyzed. However, they only collect and store data in pseudonymous form. They are not used to identify you personally and are not combined with data about the bearer of the pseudonym. We use this information to determine the attractiveness of our website and to continuously improve its content.

We do this through the use of third-party analysis services. We have listed these below. Before we use such cookies, we ask for your consent. You can revoke this at any time via the cookie settings here. Performance cookies also have an expiry date of up to 24 months. Details can be found on the websites of the third-party providers. The legality of the data processing until the revocation remains unaffected.

You can adjust these cookie settings again at any time.

9.3 Other third-party offers

We may also integrate other third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (e.g. by clicking a button), the relevant providers can determine that you are on our website. If you have an account with the social media provider, they can assign this information to you and thus track your use of online services. These social media providers process this data on their own responsibility.

We currently use offers from the following service providers and advertising contract partners (insofar as they use data from you or cookies set by you for advertising purposes):

a) Social share buttons

Our newsletter contains links, so-called "social share buttons", to social networks. For reasons of data protection, we have deliberately decided against using direct plug-ins from social networks in our newsletter. The link is identified both in the email client and in the web version of the newsletter by the logo of the social network X (formerly Twitter), XING and LinkedIn.

Only when you actively click on the respective button (logo) of the respective social network do you consent to your Internet browser establishing a direct connection to the servers of the external services. With social sharing, certain components of the mailing or the shared articles are passed on to the external services. These are headlines, short texts or images. No personal data is transmitted in this process.

If the "share button" (logo) is actively clicked while you are already logged in via a personal user account, the information is automatically forwarded to your timeline of the respective social network. It is possible for you to link the content of our newsletters to your profile. This makes it possible for the respective social network Twitter, XING or LinkedIn to assign your access to our newsletter. Your data will only be transmitted with your express consent. We would like to point out that we have no knowledge of the content of the transmitted data or its use by the respective external provider.

For a detailed description of the respective processing, please refer to the information provided by the providers linked below:

• X (formerly Twitter) (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). You can find Twitter's privacy policy at: https://twitter.com/de/privacy
• XING (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). The following link leads to XING's privacy policy: https://www.xing.com/app/share?op=data_protection
• LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). You can find LinkedIn's privacy policy at: http://de.linkedin.com/legal/privacy-policy

b) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google"), which uses cookies. Cookies generally transmit the information generated about your use of this website to a Google server in the USA and are stored there. However, since this website uses IP anonymization, , your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

The collection within the scope of this service only takes place after you have given your express consent. You can prevent the collection of your data by Google Analytics at any time, even after you have given your consent, by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Deactivate Google Analytics.

If you delete the cookies in this browser, you must reactivate the opt-out cookie.

The purpose of the survey is to evaluate the use of our website. Furthermore, the use of Google Analytics enables us to create reports on website activities and thus improve our website. The legal basis for this is your consent in accordance with Section 25 (1) TTDSG. In addition to us, Google must be named as the recipient of the data. The data will be deleted as soon as it is no longer required for our recording purposes.

c) Google Ads

This website uses Google Ads, a service provided by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google").

We use the conversion tracking function for which Google Ads places cookies on your computer if you have reached our website via an advertisement placed by Google. The data collected by the cookie is not user-related and is therefore not used for personal identification. The cookies lose their validity after 30 days. The data is collected for the purpose of creating conversion statistics for Google Ads customers. We only receive information about the total number of users who clicked on our ad and were subsequently redirected to a website with a conversion tracking tag.

The purpose of the collection is to provide you with targeted advertising. The legal basis for this is your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a) GDPR and Section 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device.

You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing until the revocation remains unaffected.

In addition to us, Google must be named as the recipient of the data. The data is deleted as soon as it is no longer required for our recording purposes.

Consent is also required by Google in accordance with its policy: .www.google.com/about/company/user-consent-policy.html

Further information about the collection and processing of your data by Google and your rights as a data subject in this regard can be found in Google's privacy policy at:www.google.com/policies/privacy/ . The data transfer by Google to the USA is based on the EU standard contractual clauses, details of which can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

d) Google reCAPTCHA

This website uses the Google reCAPTCHA service, operated by Google Ireland Ltd (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter: "Google"), which protects the website from spam and abuse.

The reCAPTCHA service is intended to prevent abusive activities being carried out by automated software on the website. This is ensured by checking whether the entries actually originate from a natural person.

Data such as the address of the page on which the captcha is used, the user's IP address, the user's input behavior (e.g. answering the reCAPTCHA question, input speed in the form fields, the order in which the input fields are selected, etc.) as well as browser, browser size and resolution, browser plug-ins, date, language setting, the display instructions (CSS) and scripts (JavaScript) of the website and the mouse or touch events within the website are collected and processed for verification purposes. If the website user is logged in to Google , the Google account is also recognized and assigned. Cookies from other Google services such as Gmail, Search and Analytics are also read by Google in this case. Data that is collected and stored when using Google reCAPTCHA is sent to Google in encrypted form. Whether the captcha is displayed in the form of a checkbox or by entering text on the page is decided by Google's subsequent evaluation. No personal data is read or saved from the input fields of the respective form.

The legal basis for the use of reCAPTCHA is Art. 6 para. 1 subpara. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing until the revocation remains unaffected. The data will be deleted as soon as you leave our website.

When using this Google service, personal data may be transferred to Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in the USA. You can find more information about the collection and processing of your data by Google and your rights as a data subject in this regard in Google's privacy policy: https:

e) IPAPI.co

We use the IPAPI tool (www.ipapi.co) from Kloudend, Inc. to automatically localize the location, country, time zone and access to the website via computer or mobile device as well as the Internet provider and routing information (IP address). The tool is used to adapt the content of our website based on the findings of the localization and to better tailor it to the respective visitor. The tool is also used to protect against attackers and bots. The legal basis for data processing is our legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f) GDPR in presenting the website in the best possible way. The privacy policy of Kloudend, Inc. can be found at: https://ipapi.co/privacy/.

f) Web conferencing tools

We want to make communication with interested parties, customers and users easier and adapted to the current technical and practical reality. We therefore use conferencing tools for video and audio conferences. You can find out which individual web conferencing tools we use in the following section.

As a rule, data is first collected that represents metadata and technical data of the users and the conferences. Metadata includes, for example, the duration of the conference, the period of participation, the number of participants or the name and/or description of the meeting. Technical data includes IP addresses and device and hardware information of the participants, such as MAC addresses, device and operating systems or information about peripheral devices and connection quality. In the case of optional participation via a cell phone, further data can be stored in addition to the telephone number. The data collected also includes all data that you provide for the use of the service (some of which is optional). The usual data here is your name, telephone number, email address and other log and profile data.

During a meeting in a web conferencing tool, video and audio data recorded by your microphone/camera as well as all content that can be uploaded (messages in chats, surveys, etc. as well as other files such as presentation documents) can be processed, logged or displayed. When using the optional web conference recording function, this data can be stored permanently, including on the service provider's servers.

However, we would like to point out that we have no influence on what data is collected. Accordingly, failure to provide the aforementioned data may mean that you are unable to participate in the web conference. Automated decision-making is not carried out. Details on the processing of data by the relevant services can be found in the data protection notices of the respective services, which are described in the following section.

We use the web conferencing tools to communicate with you in a simple, effective and direct way. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f) GDPR. In the case of an existing contractual relationship, the use of such a service serves the purpose of providing a service, for which the legal basis for processing is Art. 6 para. 1 subpara. 1 lit. b) GDPR. The same legal basis applies to registration and participation in an online webinar offered by us. If your consent has been obtained, the legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG, provided that the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing carried out until the revocation remains unaffected.

We have no influence on the storage period of the data stored by the service providers for their own purposes. If you ask us to delete the data or if the purpose for which the data was stored no longer applies, we will delete your data unless this is contrary to mandatory statutory provisions. Cookies stored by you remain on your end device until you delete them.

g) Microsoft Teams

We also use the web conferencing tool Microsoft Teams. This is an application of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: "Microsoft").

The personal data transmitted by you will be collected and processed exclusively for the purpose of conducting external and internal video conferences within the framework of a contractual relationship in accordance with Art. 6 para. 1 subpara. 1 lit. b) GDPR.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 subpara. 1 lit. f) GDPR. Our interest here is in effective communication and exchange between the parties involved.

The provision of your personal data is necessary for the video conferences to take place. If you do not provide it, you will unfortunately not be able to participate. Automated decision-making is not carried out.

Personal data that is processed in connection with video conferences is not passed on to third parties unless it is intended to be passed on.

You can find Microsoft's privacy policy at: https://privacy.microsoft.com/de-de/privacystatement

Data transfer to the USA is based on the EU standard contractual clauses, details of which can be found here: https://docs.microsoft.com/de-de/compliance/regulatory/offering-EU-Model-Clauses.

h) Microsoft 365

Microsoft 365 is a productivity, collaboration and exchange platform for individual users, groups, communities and networks that can be used across organizational units.
Microsoft 365 applications such as Teams, OneDrive, SharePoint etc. (hereinafter referred to as M365) process personal data.
This data protection notice provides information about the processing of personal data when using Microsoft 365 applications.
Further information on the processing of personal data by Microsoft can be found at the following link: https://privacy.microsoft.com/dede/privacystatement

Data protection and the protection of your privacy are important to us. Accordingly, we only process personal data in accordance with the applicable data protection and data security legislation, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG), the Swiss Data Protection Act (DSG) and the Ordinance to the Data Protection Act (DSV). We are guided by the principle of data avoidance and data economy. Our employees are bound to confidentiality and secrecy.

Categories of personal data when using Microsoft 365:

The following personal data is processed automatically when you use Microsoft 365 as soon as you use Microsoft 365.

• IP address used to access the Microsoft 365 applications
• User name (access data for the Microsoft 365 applications)
• Data that you have stored in your Microsoft account as part of multi-factor authentication, e.g. optionally your (private) cell phone number
• Identification features: Personal information that identifies you as a user, sender, recipient of data within Microsoft 365
• Master data: Surname, first name, contact details such as telephone number, e-mail address, fax number, if provided by you
• other data such as a profile picture you have stored
• Data required for authentication and license use
• all user activities such as time of access, date, type of access, information on the data/files/documents accessed and all activities in connection with the use, such as creating, changing, deleting a document, setting up a team (and channels in teams), making notes in the notebook, starting a chat, replying in the chat, etc.

Disclosure and transfer of data, purposes and legal bases:

Your personal data will only be passed on without your prior consent in cases other than those expressly mentioned in this privacy policy if there are legal grounds for doing so or if it is necessary, e.g. to protect vital interests.

The data that you provide during registration will be passed on within our group of companies for the fulfillment of the contract, including joint customer support, to the extent necessary. A possible transfer of personal data is based on contractual obligations towards you (pursuant to Art. 6 para. 1 subpara. 1 lit. b) GDPR) and our legitimate interest (pursuant to Art. 6 para. 1 subpara. 1 lit. f) GDPR) in passing on the data for administrative purposes within our group of companies if your rights and interests in the protection of your personal data do not prevail.
Automated decision-making (profiling) is not carried out.

Disclosure may also take place within the framework of order processing in accordance with Art. 28 GDPR, in particular if necessary service providers are involved.

If it is necessary to clarify an illegal or improper use of Microsoft 365 or for legal prosecution, personal data will be forwarded in particular to law enforcement authorities, other authorities, lawyers or other necessary third parties. This possible disclosure of personal data is justified by the fact that:

• the processing is necessary for compliance with a legal obligation to which we are subject pursuant to Art. 6 para. 1 subpara. 1 lit. c) GDPR in conjunction with legal requirements.
• we have a legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f) GDPR in passing on the data to the aforementioned third parties to enforce our legal claims and your rights and interests in the protection of your personal data do not outweigh this.

When using Microsoft 365, Microsoft is used as a processor and is subject to our instructions when processing personal data, as we are the controller within the meaning of the GDPR. A possible transfer of personal data is based on our legitimate interest in effectively designing our IT processes (Art. 6 para. 1 subpara. 1 lit. f) GDPR) as well as on the regulations on order processing in accordance with Art. 28 GDPR, according to which we have carefully selected third-party companies and external service providers, regularly checked them and contractually obliged them in accordance with Art. 28 para. 3 GDPR to process all personal data exclusively in accordance with our instructions.

Data transfers to third countries

Upon presentation of the corresponding purpose limitation and legitimate interests, the data to be transferred, the selected transfer process, as well as the data recipient and the receiving country are subjected to a detailed "Transfer Impact Assessment". The result of this assessment is documented. The data is only transferred with the required content and scope if there are no positive findings.

Changes of purpose

Your personal data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with all other relevant information.

Data erasure and storage duration

The personal data of the data subjects will be deleted or blocked as soon as the purpose of the storage no longer applies, e.g. the storage of the data is no longer necessary for the performance of a contract or an overriding legitimate interest. Data may also be stored if this is provided for by the European or national legislator in regulations, laws or other provisions to which the controller is subject. The data will therefore be deleted or blocked if a storage period prescribed by the aforementioned standards expires.

i) Social media

We would like to get in touch with you and other interested parties, customers and users. We use various social networks for this purpose. You can find out which individual social networks we use in the following section.

As a rule, data is collected which is used for market research and advertising purposes. Such data includes the assignment of your visit to our website to your user account with the social network or the assignment by means of your stored cookies or your IP address. This is usually done by creating user profiles and the interests determined from them. This makes it possible to display customized advertising, both within and outside the social network. For this reason, cookies may be stored on your computer when you use social networks. However, we would like to point out that we generally have no influence on what data is collected.

Through the social media sites, we would like to provide you with information in the simplest and fastest way possible or give you the opportunity to share such information. Therefore, unless you have consented to data processing on the respective platform, the legal basis is our legitimate interest in accordance with Art. 6 para. 1 subpara. 1 lit. f) GDPR.  If you have given your consent on the respective platform, your consent is the legal basis for processing in accordance with Art. 6 para. 1 subpara. 1 lit. a) GDPR and Section 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing up to the revocation remains unaffected.

If you revoke your consent, ask us to delete your data or if the purpose for storing the data no longer applies, we will delete your data unless this is contrary to mandatory legal provisions. Cookies stored by you will remain on your end device until you delete them.

The data processed as a result of your visit to our presence on social media websites is classified as data processing initiated by us and is therefore subject to joint responsibility with the operator of the social media website in accordance with Art. 26 GDPR. Joint controllership is limited to those processing operations where the purpose and means of processing are decided jointly. If you wish to assert your rights as a data subject, you can do so both vis-à-vis us and vis-à-vis the operator of the social media website.

Furthermore, we would like to point out that your data may also be processed outside the European Union and that you therefore run the risk of not being able to fully enforce your rights. For further information on the processing by the platform operators, please refer to the platforms' data protection notices. There you can also find out in which countries they process your data, what rights of access, erasure and other rights of data subjects you have and how you can exercise these or obtain further information. We currently use the following platforms:

j) XING (link)

On our website, we use a reference (link) to our presence on the social career network XING. This is an application of New Work SE (Dammtorstraße 30, 20354 Hamburg; hereinafter: "XING").

We have used functions of the XING service on our website. When you visit our website, your web browser connects to the XING servers for a short time, through which the XING functions are provided. XING does not use cookies and does not store any personal data. Furthermore, your usage behavior is not evaluated.

If you have consented to data processing at XING, your consent is the legal basis for processing in accordance with Art. 6 para. 1 subpara. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing up to the revocation remains unaffected.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by XING. Further information can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

k) LinkedIn (Link)

On our website, we use a link to the social network LinkedIn, which is operated exclusively by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland); hereinafter referred to as "LinkedIn".

The link is identified by the LinkedIn logo (no LinkedIn plugin).

When you click on the LinkedIn logo, your browser establishes a direct connection to the LinkedIn servers. If you are already logged in to LinkedIn via your personal user account, the information about your visit to our website is automatically forwarded to LinkedIn. It is then possible for LinkedIn to assign the visit to the website to your account.

If you have consented to data processing at LinkedIn, your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device, is the legal basis for the processing. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing up to the revocation remains unaffected.

Data transfer to the USA is based on the EU standard contractual clauses, details of which can be found here: https://www.linkedin.com/legal/l/eu-sccs.

We would like to point out that we have no knowledge of the content of the transmitted data or its use by LinkedIn. The following link leads to LinkedIn's privacy policy: http://de.linkedin.com/legal/privacy-policy.

l) LinkedIn Insight

On this website, we use the analysis and conversion tracking technology as well as the retargeting function of LinkedIn Corporation (2029 Stierlin Ct, Mountain View, CA 94043, USA, hereinafter: "LinkedIn"). The legal basis for the processing of the data is Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing carried out up to the revocation remains unaffected.

With the help of this technology, visitors to this website can be shown personalized advertisements on LinkedIn. We also receive aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with our website. To do this, LinkedIn uses a JavaScript code (Insight tag), which in turn places a cookie in your web browser or uses a pixel. The LinkedIn Insight tag is used to collect data about the use of our website, including URL, referrer URL, IP address, device and browser characteristics, timestamps and page views. The data collected via the LinkedIn Insight tag is encrypted and anonymized within 7 days. The anonymized data is deleted within 180 days. LinkedIn does not share any personal data with the owner of the website, but only provides summarized reports on the website target group and display performance.

LinkedIn also offers retargeting for website visitors so that the website owner can use this data to display targeted advertising outside its website without identifying the member. We also use data that does not identify you to improve the relevance of ads and reach members across devices.

In LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and data use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time by clicking on the following link: https://www.linkedin.com/psettings/enhanced-advertising.

Alternatively, you can prevent the analysis of your user behavior in connection with LinkedIn by making the appropriate cookie setting in your browser.

m) YouTube (appearance)

We operate a presence on the YouTube video platform. This is an application of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter: "Google").

If you have consented to data processing by YouTube, your consent is the legal basis for processing in accordance with Art. 6 para. 1 subpara. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent within the meaning of the TTDSG relates to the setting of cookies or access to information on your terminal device. You have the right to withdraw your consent at any time with effect for the future. The legality of the data processing up to the revocation remains unaffected.

It is possible that personal data may be transferred to the USA when using this Google service. We would like to point out that we have no knowledge of the content of the transmitted data or its use by Google. You can find further information at: .www.google.de/intl/de/policies/privacy/

In connection with our contracts, the website, our services and products, our legal obligations or otherwise to safeguard our legitimate interests and the other purposes listed in Section 4, we also transfer your personal data to third parties, in particular to the following categories of recipients:

• Group company in Germany: WAGNER Group GmbH, Schleswigstraße 1-5, 30853 Langenhagen, Germany. The group company may use the data in accordance with this privacy policy for the same purposes as we do (see section 4).
  In particular, the Group company will have access to your master, contract and registration data as well as behavioral and preference data in order to provide you with offers from its own range of products and services or to advertise them. If you wish to object to the forwarding and use of your data for marketing purposes, you can do so via us.
  For certain products and services, we transfer your data to other Group companies in Europe, e.g. if certain products and services originate from Group companies other than ours and we only coordinate the processing.
• Service providers: We work with service providers in Switzerland and abroad who process data about you on our behalf or under joint responsibility with us or who receive data about you from us under their own responsibility (e.g. IT providers, shipping companies, advertising service providers, login service providers, cleaning companies, security companies, banks, insurance companies, debt collection companies, credit agencies or address verifiers). Central service providers for us in the IT area are Microsoft, Infoniqa and Wagner Group GmbH, in the debt collection area the company Steuer & Treuhand Experten AG and in the security area MM Safety GmbH.
• Contractual partners including customers: This initially refers to customers (e.g. service recipients) and other contractual partners of ours, because this data transfer arises from these contracts. If you work for such a contractual partner yourself, we may also transfer data about you to them in this context. The recipients also include contractual partners with whom we cooperate or who advertise for us and to whom we therefore transmit data about you for analysis and marketing purposes (these may in turn be service recipients, but also sponsors and providers of online advertising, for example). We require these partners to only send you advertising or display it based on your data if you have consented to this. Our online advertising contract partners are listed in section 9.
• Public authorities: We may disclose personal data to offices, courts and other authorities in Switzerland and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. This may also include health data. The authorities process data about you that they receive from us under their own responsibility.
• Other persons: This refers to other cases where the inclusion of third parties arises from the purposes set out in section 4, e.g. service recipients, media and associations in which we participate or if you are part of one of our publications.

All these categories of recipients may in turn involve third parties, so that your data may also become accessible to them. We can restrict the processing by certain third parties (e.g. IT providers), but not by other third parties (e.g. authorities, banks, etc.).

We reserve the right to disclose this data even if it concerns confidential data (unless we have expressly agreed with you that we will not disclose this data to certain third parties, unless we are legally obliged to do so). Irrespective of this, your data will continue to be subject to appropriate data protection even after disclosure in Switzerland and the rest of Europe. The provisions of section 12 apply to disclosure to other countries. If you do not wish certain data to be disclosed, please let us know so that we can check whether and to what extent we can accommodate you.

We also enable certain third parties to collect personal data from you on our website and at our events (e.g. media photographers, providers of tools that we have integrated on our website, etc.). Insofar as we are not involved in a decisive way in this data collection, these third parties are solely responsible for it. If you have any concerns and wish to assert your data protection rights, please contact these third parties directly.

As explained in section 11, we also disclose data to other bodies. These are not only located in Switzerland. Your data may therefore be processed in Europe, but in exceptional cases in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we contractually oblige the recipient to comply with the applicable data protection (we use the revised standard contractual clauses of the European Commission, which are available here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is already subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exemption clause.

An exception may apply in particular in the case of legal proceedings abroad, but also in cases of overriding public interests or if the processing of a contract requires such disclosure, if you have given your consent or if the data in question has been made generally accessible by you and you have not objected to its processing.

Please also note that data exchanged via the Internet is often routed via third countries. Your data may therefore be sent abroad even if the sender and recipient are located in the same country.

We process your data for as long as required by our processing purposes, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes or if storage is technically necessary. Further information on the respective storage and processing periods can be found in the individual data categories in section 2 or in the cookie categories in section 10. If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.

Under certain circumstances, applicable data protection law grants you the right to object to the processing of your data, in particular for the purposes of direct marketing, profiling for direct marketing and other legitimate interests in processing.

To make it easier for you to control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

• The right to request information from us as to whether and which of your data we process;
• the right to have us correct data if it is incorrect;
• the right to request the deletion of data;
• the right to obtain from us the personal data concerning you in a commonly used electronic format or to transmit those data to another controller;
• the right to withdraw consent where our processing is based on your consent;
• the right to receive, on request, further information necessary for the exercise of these rights;
• the right to express your point of view on automated individual decisions and to request that the decision be reviewed by a natural person.

If you wish to exercise the above rights against us (or against one of our group companies), please contact us in writing, at our premises or, unless otherwise stated or agreed, by e-mail; our contact details can be found at the beginning of this privacy policy. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, unless otherwise possible).

You also have these rights vis-à-vis other bodies that work with us on their own responsibility - please contact them directly if you wish to exercise rights in connection with their processing. You will find information on our key cooperation partners and service providers in section 10 and further information in section 11.

Please note that these rights are subject to conditions, exceptions or restrictions under the applicable data protection law (e.g. to protect third parties or business secrets). We will inform you accordingly if necessary.

If you do not agree with our handling of your rights or data protection, please let us know. In particular, if you are located in the EEA, the UK or Switzerland, you also have the right to complain to the data protection supervisory authority in your country. A list of authorities in the EEA can be found here:
https://edpb.europa.eu/about-edpb/board/members_de.

You can contact the supervisory authority of the United Kingdom here:
https://ico.org.uk/global/contact-us/.

You can reach the Swiss supervisory authority here:
https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/adresse.html.

This privacy policy is not part of any contract with you. We may amend this privacy policy at any time. The version published on this website is the current version.