Privacy Policy and Data Protection

Brightest GmbH's Privacy Policy

Version 2.0, Valid from 2021-01-15

Preliminary note: This privacy policy has been translated from German. In case of understanding problems, the German version always applies as a matter of priority!

We are very pleased with your interest in our company. Data protection is of particular importance to the management of Brightest GmH, Berlin. The use of our Internet pages is possible without any indication of personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, postal address, e-mail address or telephone number of a data subject, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection declaration, we would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed about their rights by means of this data protection declaration.

Brightest GmH, Berlin, as the controller, has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed via this website. However, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, any data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

This data protection declaration of Brightest GmbH, Berlin is based on the terms used in the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain some specific terms in advance.
We use the following terms, among others, in this privacy policy:

  • a) Personal data

    Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable when they can be identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location, online identifier or one or more specific characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

  • b) Data subject

    The data subject refers to any identified or identifiable natural person whose personal data are processed by the controller.

  • c) Processing

    Processing refers to any operation or series of operations carried out with or without the help of automated procedures in connection with personal data such as the collection, registration, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

  • d) Restriction of processing

    Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

  • e) Data Controller (Controller)

    The data controller refers to the natural or legal person, public authority, agency or other body which decides, alone or jointly with others, the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of Member States, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  • f) Processors

    Processor refers to the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  • g) Recipients

    Recipient refers to the natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, authorities which may receive personal data in the framework of a specific investigation mandate under Union or Member State law shall not be considered as recipients shall not be regarded as recipients.

  • h) Third party

    A third party refers to the natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or processor.

  • i) Consent

    Consent refers to any statement of intent voluntarily made by the data subject in an informed and unequivocal manner, in the form of a declaration or other unambiguous affirmative act in which the data subject indicates that they agree to the processing of the personal data concerning them.

2. Name and address of the controller

The person responsible for the purposes of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:

  • Brightest GmbH
  • Lehmbruckstr. 18
  • 10245 Berlin
  • Tel.: +49 (0) 176 7074 2936
  • E-Mail: [email protected]
  • Website: www.brightest.org

3. Name and address of the Data Protection Supervisor

The data protection officer of the controller is:

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Contact details of the supervisory authority

# used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the internet service provider of the accessing system and other data (8) other data , which are designed to prevent attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about the person concerned. This information is needed only to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functioning of our information technology systems and the technology of our website, and (4) to provide the authorities in charge of law enforcement with the necessary information in case of a cyber-attack. We therefore analyze this anonymously collected data and information for statistical reasons and for the purpose of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

SSL encryption

For security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator, this site uses Secure Socket Layer (SSL) encryption. You can recognize an encrypted connection by changing the address line of the browser from “http://” to “https://” and by the lock icon in your browser line. If SSL encryption is enabled, then the data you submit to us cannot be read by any third parties.

5. Cookies

A cookie is a small record that is stored on your device and contains data such as .B. personal page settings and credentials. This record is generated and sent to you by the web server with which you have established a connection via your web browser. In general, we use cookies to analyse interest in our websites and to improve the usability of our websites. You can also access our websites without cookies. If you want to use our websites in full or conveniently, you should accept those cookies that enable the use of certain functions or make the use more convenient. The purposes of the cookies used by us can be found in the Consent Management on the first call to our website or then by calling up the control of the cookie services under "Cookies" on our website. By using our websites, you are asked to consent to the use of cookies, insofar as they are not necessary for the proper operation of the website. You can decide whether to consent to the use of cookies subject to consent in the Consent Manager on our website. You also have the option of setting your browser so that cookies are displayed before they are stored, only certain cookies are accepted or rejected, or cookies are generally rejected. We would like to point out that settings changes in the browser only affect the respective browser. If you use different browsers or change the device, the settings must be made again. In addition, you can delete cookies from your storage medium at any time.

For information on cookie settings, their modification and the deletion of cookies, please refer to the help function of your web browser. The following are the most common types of cookies explained to your understanding:

5.1 Session Cookies

While you are active on a Web page, a session cookie is temporarily placed in your computer's memory, storing a session ID, for example, to prevent you from logging on again each time you break a page. Session cookies are deleted when you log off or expire when their session expires automatically.

5.2 Permanent or protocol Cookies

A persistent or protocol cookie stores a file on your computer over the period of time provided for in the expiration date. These cookies remind websites of your information and settings on your next visit. This results in faster and more convenient access, as you don't have to re-set your language setting for our portal. When the expiration date expires, the cookie is automatically deleted when you visit the website that createdit.

5.3 Third-party Cookies

Third-party cookies come from providers other than the operator of the website. For example, they can be used to collect information for advertising, custom content, and web statistics.

5.4 Flash-Cookies

Flash cookies are stored as data items from websites on your computer when they are operated with Adobe Flash. Flash cookies do not have a time limit.

5.5 Processing of your data in the USA

If you allow all cookies, you also agree in accordance with Art. 49 sec. 1 lit a GDPR that your data will be processed in the USA. The US is considered by the European Court of Justice to be a country with an inadequate level of protection by EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, possibly without any redress on your part.

5.6 Cookie consent with Klaro! Consent Manager
5.6.1 Description and purpose of data processing

In order to control the use of cookies, a cookie consent tool is implemented on the website (hereinafter: Klaro!). Klaro! is provided by KIProtect GmbH, Bismarckstr. 10 – 12, 10625 Berlin as an open source tool and operated by us. Klaro! A list of cookies, broken down by function group, explains the purpose of the cookie function groups and the individual cookies and their storage time. When you enter our website, a Klaro! cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not sent to the provider of Klaro! Passed.

5.6.2 Legal basis of processing

The use of Klaro! to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 sec. 1 sentence 1 lit.c GDPR.

5.6.3 Duration of storage, possibility of appeal and disposal

The data collected in this way is stored until you delete the Klaro! cookie or the purpose for data storage is omitted. Mandatory statutory retention periods remain unaffected. Details of Klaro's data processing! Cookie can be found under klaro.kiprotect.com.

5.6.4 Order Processing

Klaro! is operated on our own servers. No personal data will be transferred.

6. Collection of general data and information

Our website collects a series of general data and information with each call-up to the website by a data subject or an automated system. This general data and information is stored in the log files of the server. The browser types and versions used (1) can be recorded, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the internet service provider of the accessing system and other data (8) other data , which are designed to prevent attacks on our information technology systems. When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functioning of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by us on the one hand statistically and further with the aim of increasing data protection and data security in our company, in order to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

SSL encryption

For security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator, this site uses Secure Socket Layer (SSL) encryption. You can recognize an encrypted connection by changing the address line of the browser from "http://" to "https://" and by the lock icon in your browser line. If SSL encryption is enabled, the data you submit to us cannot be read by third parties.

7. Scope and purpose of the collected data

7.1 Brightest Websites - General

Each time a Web page or file is accessed through a browser program, the following data is stored:

  • 1. the requested website or file,
  • 2. the date and time of the request,
  • 3. the amount of data transferred,
  • 4. the description of the type of web browser and the operating system that have been used,
  • 5. the IP address of the requesting computer.

This information is used to optimize the Brightest websites and to log possible attacks on our services via the internet. The data provided will be deleted automatically or by employees of Brightest GmbH after one year.

7.2 Brightest Websites - Contact Form, Support Requests and Webinars

The Brightest websites include the possibility to contact Brightest GmbH in general, to make inquiries directly to Brightest GmbH support or to register for webinars. At least the following data from the required fields is stored:

  • 1. Name and first name,
  • 2. E-mail address,
  • 3. Company (only for requested offers)
  • 4. Free text (contact form and support request only),
  • 5. Phone number (webinars only).

This data is used by Brightest GmbH to respond to requests or to announce dates for webinars.

7.2.1 Brightest Websites - Contact Forms

The data stored in individual cases corresponds to the fields specified in the forms and can therefore be seen directly in the forms. The data will only be passed on to third parties with the consent of the respective user.

7.2.2 Brightest Websites - Registration

During registration via the website, the user's e-mail address is stored. The password entered during registration is stored exclusively in encrypted form and is also not decryptable by Brightest GmbH. Brightest GmbH would like to emphasize that the e-mail addresses of all active (i.e. not deleted) users are used for important changes, for example regarding the scope of the service or in the case of technically necessary changes, in order to inform you in this manner. The processing of the data entered for registration takes place as a pre-contractual measure on the basis of Art. 6 sec. 1 lit. b GDPR. Your registration data will remain with us as long as you do not request the deletion of your data.

7.3 Customer Database

Brightest GmbH maintains an internal customer database in which all relevant customer-related events and notes are stored. These include:

  • 1. Customer
  • 2. Company
  • 3. Company address,
  • 4. e-mail addresses of all active (i.e. not deleted) users,
  • 5. Names of all active (i.e. non-deleted) users,
  • 6. Notes on telephone calls,
  • 7. Billing information,
  • 8. statistical information on the use.

This data is used to optimize the support and sales service for Brightest GmbH customers. In addition, statistical evaluations of this data are used to optimize the scope of the Brightest services. This data will not be passed on to third parties. Users may request the deletion of this data in writing at the addresses listed under 2).

8. Privacy Policy on the Use and Use of Google Analytics (with Anonymization Function)

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Legal basis for processing:

The storage of “Goolge Analytics Cookies” and the use of this tool are carried out on the basis of your consent within the framework of consent management. The processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a GDPR. You can revoke or change your consent at any time in consent management. You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when the browser is closed. When disabling cookies, the functionality of this website may be limited. Google also processes your personal data in the United States of America. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection in accordance with EU standards. There is a risk that your data may be processed by USA authorities for control and monitoring purposes, possibly without any appeal on your part. By agreeing to use Google Analytics in the consent management, you also consent to such transfer to the United States. In such a case, the transfer will be made on the basis of your consent in accordance with Art. 49 sec. 1 lit. a GDPR. We, as Brightest, do not share any personal data.

IP anonymization

We have activated the IP anonymization feature on this website. This will shorten your IP address from Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before being transferred to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.

Browser Plugin

You can prevent the storage of cookies in the consent management of the homepage or by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Opposition to data collection

You can prevent the collection of your data by Google Analytics, on the one hand, in the consent management of the homepage or by clicking on the following link. In the latter case, an opt-out cookie is set to prevent the collection of your data on future visits to this website: https://tools.google.com/dlpage/gaoptout?h For more information on how to handle user data at Google Analytics, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Storage time

User-level and event-level data stored by Google, which are linked to cookies, user identifiers (i.e. user ID) or advertising IDs (i.e. DoubleClick cookies, Android advertising ID), will be deleted after 26 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de

9. Hotjar

Brightest uses Hotjar from Hotjar Limited (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julian's STJ 1000, Malta) on our website to statistically analyze visitor data. Hotjar is a service that analyzes user behavior and feedback on our website through a combination of analysis and feedback tools.

Purposes of processing

We receive reports and visual representations from Hotjar that show us where and how to “move” on our site. Personal data is automatically anonymized. As you browse our website, Hotjar automatically collects information about your user behavior. In order to collect this information, we have installed our own tracking code on our website. The following data can be collected via your computer or browser:

  • computer's IP address (collected and stored in an anonymous format),
  • Screen,
  • Browser info (which browser, version, etc.),
  • Your location (but only the country),
  • Your preferred language setting Visited web pages (subpages),
  • Date and time of access to one of our subpages (websites).

For more details on the Privacy Policy and what data Hotjar collects and how, please visit https://www.hotjar.com/legal/policies/privacy?tid=311165122. Cookies also store data that is placed on your computer (usually in your browser).

Legal basis and legitimate interests

The storage of "Hotjar cookies" and the use of this tool are carried out on the basis of your consent within the framework of consent management. The processing is carried out exclusively on the basis of Art. 6 sec. 1 sentence 1 lit. a GDPR. You can revoke or change your consent at any time in Consent Management. Please note that deleting cookies, using your browser's private mode or using another browser will result in the collection of data again.

Passing

According to its own information, Hotjar does not store any of your personal data for the analysis. The company even advertises with the slogan “We track behavior, not individuals”.

Possibility of opposition

In addition to the recruitment options in consent management, you have the option to prevent the collection of your data as follows; (1) You only go to the "Opt-out" and "Disable Hotjar" button; (2) You can also activate the "Do Not Track" button in your browser.

10. Subscription to our newsletter

On our website, we offer to subscribe to the newsletter of our company. Which personal data is transmitted to the controller when ordering the newsletter is determined by the input mask used for this purpose. We inform you at regular intervals by means of a newsletter about offers of the company. In principle, the newsletter of our company can only be received by the data subject if:

  • 1. the data subject has a valid e-mail address and
  • 2. the data subject registers for the sending of the newsletter.

For legal reasons, a confirmation e-mail will be sent to the e-mail address entered for the first time by a data subject in the sending of the newsletter using the double opt-in procedure. This confirmation e-mail is used to verify that the owner of the e-mail address, as the data subject, has authorized the receipt of the newsletter. When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration by the Internet service provider (ISP) as well as the date and time of the registration. The collection of this data is necessary to understand the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves the legal protection of the controller. The processing of the personal data entered in the context of the newsletter registration takes place exclusively on the basis of your consent (Art. 6 sec. 1 lit. a GDPR). The personal data collected in the context of a subscription to the newsletter will only be used for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail, if this is necessary for the operation of the newsletter service or for a related registration, as could be the case in case of changes to the newsletter offer or changes in technical circumstances. The personal data collected within the framework of the newsletter service will not be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data that the data subject has given us for sending the newsletter can be revoked at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation. The data you have stored with us for the purpose of receiving the newsletter will be stored by us until you are sent out of the newsletter and deleted after the newsletter has been unsubscribed.

11. Mailchimp

This website uses MailChimp's services to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, i.e. for the technical optimization of the shipping and presentation of the newsletters or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them themselves or to pass them on to third parties. We would like to point out that the US is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any redress on your part. By registering to send the newsletter, you decide for yourself whether or not you wish to consent to such a transfer. In such a case, the transfer will be made on the basis of your consent in accordance with Art. 49 sec. 1 lit. a GDPR. The data protection guidelines of MailChimp are available via their website: https://mailchimp.com/legal/privacy

Statistical survey and analysis:

The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file, which is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are collected first. This information is used to improve the technical requirements of the services on the basis of the technical data or the target groups and their reading behavior on the basis of the polling locations (which can be determined by means of the IP address) or the access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention, nor that of MailChimp, to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

12. Plugins and tools

12.1 YouTube with enhanced privacy

This website integrates videos from YouTube. The site is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in advanced privacy mode. According to YouTube, this mode does not allow YouTube to store information about visitors to this website before they watch the video. However, the extended data protection mode does not necessarily exclude the transfer of data to YouTube partners. This way, youTube connects to the Google DoubleClick network, regardless of whether you are watching a video. As soon as you start a YouTube video on this website, a connection is made to the servers of YouTube. The YouTube server will be informed which of our pages you have visited. Whenever you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This is done regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly associated with your account. If you do not want to be assigned to your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses it for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for unlogged users) for the provision of demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must address YouTube in order to exercise this.

Legal basis of processing

The storage of "YouTube cookies" and the use of this tool are carried out on the basis of your consent within the framework of consent management. The processing is carried out exclusively on the basis of Art. 6 sec. 1 lit. a GDPR. You can revoke or change your consent at any time in Consent Management. You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when the browser is closed. When disabling cookies, the functionality of this website may be limited.

Disclosure of data

It is conceivable that some of the information collected will also be processed outside the European Union by Google Inc. with its headquarters in the USA. We would like to point out that the USA is considered by the European Court of Justice to be a country with an insufficient level of data protection according to EU standards. In this respect, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly also without any legal remedy. You decide yourself in the consent management of our website whether you want to agree to such a transfer or not. In such a case, the transfer takes place on the basis of your consent pursuant to Art. 49 sec. 1 lit. a DSGVO. We, as Brightest, do not pass on any personal data ourselves.

Possibility of opposition

Users of YouTube can influence the extent to which their user behavior may be recorded when visiting our YouTube page under the settings for advertising preferences. For more information on the purpose and scope of Data Collection and its processing by YouTube, please see the Privacy Policy. There you will also find more information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy. The processing of information using the cookie used by YouTube can be prevented by the fact that third-party cookies or those of YouTube and/or Google are not allowed in your own browser settings. We would like to point out that in this case you may not be able to use all functions of our website to the full extent. For more information on the purpose and scope of data collection and its processing by YouTube, please see the Privacy Policy. There you will also find more information about your rights and settings to protect your privacy: https://www.google.de/intl/de/policies/privacy.

12.2 Google Web Fonts

In order to display our content correctly and graphically in a browser-wide, we use "Google Web Fonts" of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as "Google") to display fonts. We have integrated this script library locally on our web server, so that when we access our website no connection to Google is established and also no "Google cookie" is set.

Legal basis of processing

The legal basis for the integration of Google Web Fonts is our legitimate interest in a correct and graphically appealing presentation of the website according to Art. 6 para. 1 sentence 1 lit. f DSGVO. Since we have integrated the script library locally on our own web server, there is no data transfer to Google. In this respect, no explicit consent is required from you for the use of Google Web Fonts.

Disclosure of data

Due to the local integration of the script library on our web server, no data is passed on to third parties.

Storage time

We do not collect any personal data through the local integration of the script library on our server.

13. Google reCaptcha

To protect its orders via the Internet form, LSW uses the reCAPTCHA service provided by Google Inc. (Google). The query is used to distinguish whether the input is by a human being or abusively by automated, machine processing. The query includes sending the IP address and, if necessary, any other data required by Google for the reCAPTCHA service to Google. For this purpose, your input will be transmitted to Google and will continue to be used there. By using reCaptcha, you agree that the recognition you provide will feed into the digitization of old works. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCaptcha will not be merged with other data from Google. This data is subject to the different privacy policy of Google. For more information about Google’s privacy policies, see: https://www.google.com/intl/de/policies/privacy/.

14. Cloudflare

On this website, we use Cloudflare from Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) to make our website faster and more secure. Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an US-American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. We will try to explain in more detail what this means.

Our sites use CloudFlare features. The provider is CloudFlare, Inc. 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare offers a globally distributed content delivery network with DNS. A content delivery network (CDN) is a network of internet-connected servers. Cloudflare has distributed such servers around the world to bring websites to your screen faster. When you visit our website, a load-sharing system ensures that most of our website is delivered by the server that can view our website the fastest. The distance of data transfer to your browser is significantly shortened by a CDN. Thus, the content of our website is delivered to you by Cloudflare not only from our hosting server, but from servers from all over the world. The use of Cloudflare is particularly helpful for users from abroad, as the site can be delivered from a nearby server. In addition to delivering websites quickly, Cloudflare also offers various security services, such as DDoS protection or the Web Application Firewall. Cloudflare helps us to make our website faster and more secure. For security reasons, Cloudflare also uses a cookie. The cookie (__cfduid) is used to identify individual users behind a shared IP address and to apply security settings to each user. Cloudflare generally only forwards data that is controlled by website operators. The content is therefore not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data sent by us or for which Cloudflare has received instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data, and performance data for Web pages derived from browser activity. For example, log data helps Cloudflare detect new threats. This way, Cloudflare can provide a high level of security protection for our website.

Storage of data and legal basis of processing:

The storage of the Cloudflare cookies and the use of this tool are based on your consent in the context of consent management. The processing takes place exclusively on the basis of Art. 6 para. 1 lit. a DSGVO. You can revoke or change your consent at any time in the consent management. You can set your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website. Cloudflare also processes your personal data in the United States and other third countries. We would like to point out that the USA is considered by the European Court of Justice to be a country with an inadequate level of data protection in accordance with EU standards. There is a risk that your data may be processed by US-authorities for control and monitoring purposes, possibly without any redress on your part. By agreeing to use Cloudflair in the consent management, you also consent to such a transfer to the United States. In such a case, the transfer will be made on the basis of your consent in accordance with Art. 49 sec. 1 lit. a GDPR.

Storage time

Cloudflare can transfer and access the information described above from all over the world. In general, Cloudflare stores user-level data for domains in the Free, Pro, and Business versions for less than 24 hours. For Enterprise domains that have Cloudflare Logs (formerly Enterprise LogShare or ELS) enabled, data can be stored for up to 7 days. However, if IP addresses trigger security alerts at Cloudflare, there may be exceptions to the above retention period.

Possibility of opposition

Cloudflare only keeps data logs for as long as necessary, and in most cases this data is deleted within 24 hours. Cloudflare also does not store any personal data, such as your IP address. However, there is information that Cloudflare stores indefinitely as part of its persistent logs to improve the overall performance of Cloudflare Resolver and identify any security risks. You can read which permanent logs are stored exactly on https://www.cloudflare.com/application/privacypolicy/. All data that Cloudflare collects (temporary or permanent) will be cleaned up of all personal data. Cloudflare also anonymizes all permanent protocols. The consent management of our website offers you the possibility to prevent the Cloudflare cookie and thus also the processing of data by Cloudflare. The processing of information using the cookie used by Cloudflare can be prevented by the fact that third-party cookies or those of Cloudflare are not allowed in your own browser settings.

15. Privacy Policy on the use of fan pages on Facebook, Twitter, Instagram, LinkedIn, XING and YouTube

15.1 Privacy Policy for Facebook fan page
15.1.1 Responsible parties

As the operator of this Facebook page we are (Brightest GmbH, Lehmbruckstr. 18, 10245 Berlin, Germany) together with the operator of the social network Facebook (Facebook Ireland Ltd.) responsible within the meaning of Article 4(7) of the General Data Protection Regulation (GDPR). When you visit our Facebook page, personal data is processed by the persons responsible. In the following, we inform you about the data involved, how it is processed and what rights you have in this regard. As the person responsible for this site, we have entered into agreements with Facebook, which, among other things, govern the conditions for the use of the Facebook page. The terms of use of Facebook as well as the other terms and conditions listed there in the end are decisive.

15.1.2 Purposes of processing

The processing of the information is intended, among other things, to enable Facebook to improve its system of advertising, which it distributes over its network. In addition, as the operator of the Facebook page, it should enable us to obtain statistics that Facebook compile on the basis of the visits to our Facebook page. This is intended to control the marketing of our activities. For example, it allows us to gain knowledge of the profiles of visitors who value our Facebook page or use applications of the site to provide them with more relevant content and develop features that may be of greater interest to them. To help us better understand how we can more effectively achieve our goals with our Facebook page, demographic and geographical evaluations are also created and made available to us on the basis of the information collected. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor. If visitors use Facebook on several devices, the collection and evaluation can also be carried out across devices if they are registered and logged in to their own profile. The generated visitor statistics are transmitted to us exclusively in anonymized form. We do not have access to the underlying data.

15.1.3 Legal basis and legitimate interests

We operate this Facebook page to present ourselves and communicate with Facebook users and other interested persons who visit our Facebook page. The processing of the personal data of the users takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

15.1.4 Disclosure of data

We have no influence on the collection of data by Facebook, nor on the data processing processes that exist at Facebook. Nor do we know the extent of the data collection, nor the purposes of the processing or the storage periods stored. It cannot therefore be ruled out that the data will be forwarded to anonymized statistics. If you visit our Facebook page, it is conceivable that some of the information collected will also be processed outside the European Union by Facebook Inc., based in the United States of America. We would like to point out that the USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a risk that your data may be processed by USA authorities for control and monitoring purposes, possibly without any redress on your part. You decide in the consent management of the Facebook page whether you want to consent to such a transfer or not. In such a case, the transfer will be carried out on the basis of your consent in accordance with Art. 6 sec. 1 lit. a GDPR. We, as Brightest, do not share any personal data.

15.1.5 Possibility of opposition

Users of Facebook can influence under the settings for advertising preferences to which extent their user behavior may be recorded when visiting our Facebook fan page. Other options are provided by Facebook under settings or their objection form. Processing of information using the cookie used by Facebook can be prevented by the fact that third-party cookies or cookies from Facebook are not allowed in their own browser settings.

15.1.6 Nature of Shared Responsibility

It is essentially clear from the agreements with Facebook also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly from Facebook. As a provider of the social network and the possibility of integrating Facebook pages there, Facebook alone has the direct access to the required information and can also take any necessary measures and provide information immediately. Should our support be required, we can be contacted at any time.

15.1.7 Information on contact details and other rights as data subject

Further information about our contact details, this privacy policy also covers the rights of affected persons vis-à-vis us and how personal data is processed by us. Information about Facebook’s handling of personal data can be found in its privacy policy.

15.2 Privacy Policy for Twitter fan page
15.2.1 Responsible parties

As the operator of this Twitter page, we (Brightest GmbH, Lehmbruckstr. 18, 10245 Berlin, Germany) together with the operator of the social network Twitter (Twitter International Company One, Cumberland Place, Fenian Street, Dublin 2D02 AX07, Ireland) are responsible within the meaning of Article 4 no. 7 of the General Data Protection Regulation (GDPR). When you visit our Twitter page, personal data is processed by the responsible persons. In the following section, we inform you about the data involved, how it is processed and about your rights in this regard. As the controller of this site, we have entered into agreements with Twitter, which, among other things, govern the conditions for using the Twitter site. The terms of use of Twitter under https://twitter.com/de/tos as well as any other relevant policies.

15.2.2 Purposes of processing

The processing of this information is intended, among other things, to enable Twitter to improve its system of advertising, which it distributes over its network. Secondly, it is intended to enable us, as the operator of the Twitter page, to obtain statistics that Twitter compiles on the basis of visits to our Twitter page. This is intended to control the marketing of our activities. For example, it allows us to gain knowledge of the profiles of visitors who value our Twitter page or use applications of the site to provide them with more relevant content and develop features that may be of greater interest to them. To better understand our Twitter page can better achieve our goals, demographic and geographical evaluations are also created and made available to us on the basis of the information collected. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor. If visitors use Twitter on several devices, the collecting and analysis can also be carried out across devices if they are registered and logged in to their own profile. The generated visitor statistics are transmitted to us exclusively in anonymized form.
We, as Brightest, do not have access to the underlying data.

15.2.3 Legal basis and legitimate interests

We operate this Twitter page to present ourselves to communicate with Twitter users and other interested persons who visit our Twitter page. The processing of the users’ personal data takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

15.2.4 Disclosure of data

We have no influence on the collection of data by Twitter, nor on the data processing processes that exist at Twitter. Nor do we know the extent of the data collection, nor the purposes of the processing or the storage periods stored. It cannot therefore be ruled out that the data will be forwarded to anonymized statistics. If you visit our Twitter page, it is conceivable that some of the information collected will also be processed outside the European Union by Twitter Inc., based in the United States of America. We would like to point out that the USA is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any redress on your part. You decide in the consent management of the Twitter page whether you want to agree to such a broadcast or not. In such a case, the transfer will be carried out on the basis of your consent in accordance with Art. 6 sec. 1 lit. a GDPR. We, as Brightest, do not share any personal data.

15.2.5 Possibility of opposition

Twitter users can influence the extent to which their user behavior may be recorded when visiting our Twitter page under the settings for advertising preferences. Twitter offers further features in the settings in the Twitter account or under https://twitter.com/de/privacy. The processing of information by means of the cookies used by Twitter can be prevented by not allowing third-party cookies from Twitter in their own browser settings.

15.2.6 Nature of Shared Responsibility

It is essentially clear from the agreements with Twitter also on joint responsibility that requests for information and the assertion of other affected persons rights are sensibly asserted directly on Twitter. As a provider of the social network and for the possibility to integrate Twitter pages into it, Twitter alone has the direct access to the required information and can also take any necessary measures and provide information immediately. Should our support be required, we can be contacted at any time.

15.2.7 Information on contact details and other rights as a data subject

Further information about our contact details, the rights of data subjects towards us and how otherwise personal data is processed by us can be found in this privacy policy. Information about Twitter's handling of personal data on Twitter can be found in its privacy policy at: https://twitter.com/de/privacy

15.3 Privacy Policy for Instagram
15.3.1 Responsible parties

As the operator of this Instagram page, we (Brightest GmbH, Lehmbruckstr. 18, 10245 Berlin, Germany) together with the operator of the social network Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland) are responsible within the meaning of Article 4 no. 7 of the General Data Protection Regulation (GDPR). When you visit our Instagram page, personal data is processed by the persons responsible. In the following section, we inform you about the data involved, how it is processed and about your rights in this regard. As the persons responsible for this site, we have entered into agreements with Facebook, which, among other things, govern the conditions for using the Instagram page. The terms of use of Instagram are applicable under https://help.instagram.com/581066165581870 as well as the other conditions and policies listed therein at the end.

15.3.2 Purposes of processing

The processing of the information is intended, among other things, to enable Facebook to improve its system of advertising, which it distributes over its network. Secondly, as the operator of the Instagram page, it should allow us to obtain statistics that Facebook creates on the basis of the visits to our Instagram page. This is intended to control the marketing of our activities. For example, it allows us to gain knowledge of the profiles of visitors who value our Instagram page or use applications of the site to provide them with more relevant content and develop features that might be of greater interest to them. In order to better understand how we can better effiectively our goals with our Instagram page, demographic and geographical evaluations are also created and made available to us on the basis of the information collected. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor. If visitors use Facebook on several devices, the collection and evaluation can also be carried out across devices if they are registered and logged in to their own profile. The generated visitor statistics are transmitted to us exclusively in anonymised form. We do not have access to the underlying data.

15.3.3 Legal basis and legitimate interests

We operate this Instagram page to present ourselves to and communicate with Instagram users and other interested people who visit our Instagram page. The processing of the users’ personal data takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

15.3.4 Disclosure of data

We have no influence on the collection of data by Instagram, nor on the data processing processes that exist at Facebook. Nor do we know the extent of the data collection, nor the purposes of the processing or the storage periods stored. It cannot therefore be ruled out that the data will be forwarded to anonymized statistics. If you visit our Instagram page, it is conceivable that some of the information collected will also be processed outside the European Union by Facebook Inc., based in the United States. We would like to point out that the US is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any redress on your part. You decide in the Consent management of the Instagram page whether you want to agree to such a transfer or not. In such a case, the transfer will be made on the basis of your consent in accordance with Art. 49 sec. 1 lit. a GDPR. We, as Brightest, do not share any personal data.

15.3.5 Possibility of opposition

Instagram users can influence the extent to which their user behavior may be recorded when they visit our Instagram page under the settings for advertising preferences. Other options include Facebook and Instagram settings at:
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fads%2Fpreferences%2F%3Fentry_product%3Dad_settings_screen
https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/
or the form on the right of objection at:
https://www.facebook.com/help/contact/1994830130782319.
The processing of information by means of the cookie used by Facebook can be prevented by not allowing third-party cookies or cookies from Facebook in their own browser settings.

15.3.6 Nature of Shared Responsibility

It is essentially clear from the agreements with Facebook also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly from Facebook. As a provider of the social network and the possibility of integrating Facebook pages there, Facebook alone has the direct access to the required information and can also take immediately any necessary measures and provide information. However, if our support is required, we can be contacted at any time.

15.3.7 Information on contact options and other rights as a data subject

Further information about our contact details, the rights of data subjects towards us and how otherwise personal data is processed by us can be found in this privacy policy. Information about Facebook's handling of personal data on Instagram can be found in its privacy policy at https://help.instagram.com/519522125107875

15.4 LinkedIn Privacy Policy
15.4.1 Responsible parties

As the operator of this LinkedIn page, we (Brightest GmbH, Lehmbruckstr. 18, 10245 Berlin, Germany) together with the operator of the social network LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) are responsible within the meaning of Article 4 no. 7 of the General Data Protection Regulation (GDPR). When you visit our LinkedIn page, personal data is processed by the controller. In the following section, we inform you about the data involved, how it is processed and about your rights in this regard. As the controller of this site, we have entered into agreements with LinkedIn, which, among other things, govern the conditions for using the LinkedIn site. LinkedIn's terms of use are based on: https://www.linkedin.com/legal/user-agreement?src=or-search&veh=www.google.com%7Cgo-pa&trk=sem_lms_gaw

15.4.2 Purposes of processing

One of the aims of processing of this information is to enable LinkedIn to improve its system of advertising, which it distributes over its network. Secondly, as the operator of the LinkedIn page, it is intended to enable us to obtain statistics that LinkedIn creates on the basis of visitors to our LinkedIn page. This is intended to control the marketing of our activities. For example, this allows us to gain knowledge of the profiles of visitors who value our LinkedIn page or use applications on the site to provide you with relevant content and develop features that might be of the greatest interest to you. In order to better understand how we can better achieve our goals with our LinkedIn page, demographic and geographical evaluations are also created and made available to us on the basis of the information collected. This information can be used to target interest-based advertisements without immediately knowing the identity of the visitors. If visitors use LinkedIn on multiple devices, the collection and analysis can also be carried out across devices if they are registered and logged in to their own profile. The visitor statistics produced are transmitted to us exclusively in anonymized form. We do not have access to the underlying data.

15.4.3 Legal basis and legitimate interests

We operate this LinkedIn page to present ourselves and communicate with LinkedIn users and other interested people who visit our LinkedIn site. The processing of the users’ personal data takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

15.4.4 Disclosure of Data

We have no influence on the collection of data by LinkedIn, nor on the data processing processes that exist at LinkedIn. Nor do we know the extent of the data collection, nor the purposes of the processing or the storage periods stored. It cannot therefore be ruled out that the data can be forwarded to anonymized statistics. When you visit our LinkedIn page, it is conceivable that some of the information collected will also be processed outside the European Union by LinkedIn Corporation, based in the United States of America. We would like to point out that the US is assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. There is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without redress. You decide in the consent management of the Instagram page whether you want to agree to such a transfer or not. In such a case, the transfer will be carried out on the basis of your consent in accordance with Art. 6 sec. 1 lit. a GDPR.
We, as Brightest, do not share any personal data.

15.4.5 Possibility of opposition

LinkedIn users can influence the extent to which their user behavior may be recorded when they visit our LinkedIn page under the settings for advertising preferences. LinkedIn offers further possibilities in the settings in the LinkedIn account. The processing of information using the cookies used by LinkedIn can be prevented by not allowing third-party cookies or cookies from LinkedIn in their own browser settings.

15.4.6 Nature of Shared Responsibility

It is essentially clear from the agreements with LinkedIn also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly with LinkedIn. As a provider of the social network and the possibility to integrate LinkedIn pages there, LinkedIn alone has the direct access to the required information and can also take immediately any necessary measures and provide information. However, if our support is required, we can be contacted at any time.

15.4.7 Information on contact options and other rights as a data subject

Further information about our contact details, the rights of data subjects towards us and how otherwise personal data is processed by us can be found in this privacy policy. Information about LinkedIn’s handling of personal data on LinkedIn can be found in their privacy policy (https://www.linkedin.com/legal/privacy-policy?_l=de_DE).

15.5 Privacy Policy for XING
15.5.1 Responsible parties

As the operator of this XING page, we (Brightest GmbH, Lehmbruckstr. 18, 10245 Berlin, Germany) together with the operator of the social network XING (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany) are responsible within the meaning of Article 4 no. 7 of the General Data Protection Regulation (GDPR). When you visit our XING page, personal data is processed by the controller. In the following section, we inform you about the data involved, how it is processed and which rights you have in this regard. We, as the responsible party for this site with XING, operate them on the basis of the terms and conditions for the use of the XING site. The general terms and conditions of XING are applicable under https://www.xing.com/terms as well as the conditions and guidelines listed therein.

15.5.2 Purpose of processing

We collect personal data when you contact us, for example, via the contact form or messenger. You can see which data we collect when you contact us using the contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. Your data will be deleted after the final processing of your request, provided that no legal retention obligations conflict. We assume that processing is complete when the circumstances indicate that the matter in question has been conclusively clarified. When you visit our XING page, XING collects, among others, your IP address and other information that is available in the form of cookies on your PC. This information is used to provide us, as the operator of the XING pages, with statistical information about the use of the XING site. XING provides more detailed information on this matter at the following link: https://privacy.xing.com/en/privacy-policy.

15.5.3 Legal basis and legitimate interests

We operate this XING page to present ourselves and communicate with XING users and other interested persons who visit our XING site. The processing of the users’ personal data takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR). If you also provide data records in XING, this the legal basis is your consent in accordance with Art. 6 sec. 1 sentence 1 lit. a GDPR.

15.5.4 Disclosure of data

We, as Brightest, do not share any information we have received from you about XING with third parties. With regard to the transfer of data by XING, we refer to the link to The XING Privacy Policy cited in Section 13.5.7.

15.5.5 Possibility of opposition

The processing of information using the cookie used by XING can be prevented in the cookie policy and by the fact that third-party cookies or those of XING are not allowed in their own browser settings.

15.5.6 Nature of Shared Responsibility

It is essentially clear from the agreements with XING also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly from XING. As a provider of the social network and the possibility of integrating XING pages there, XING alone has the direct access to the required information and can also take any necessary measures and provide information immediately. However, if our support is required, we can be contacted at any time.

15.5.7 Information on contact options and other rights as a data alike

We will delete your data that you have provided to us via XING as soon as the purpose of the processing is fulfilled and there are no further legal retention obligations. Since contacting us via XING can be based on various reasons and purposes, the storage time is also directly related to it. Information on XING's handling of personal data can be found in its privacy policy under https://privacy.xing.com/de/datenschutzerklaerung
You can contact XING's data protection officer using the contact form provided by XING at https://privacy.xing.com/de/ihre-ansprechpartner.

15.6 Privacy Policy for YouTube
15.6.1 Responsible persons

As the operator of this YouTube page, we (Brightest GmbH, 18, 10245 Berlin, Germany) together with the operator of the You-Tube website (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA a subsidiary of Google inc. 160 Amphitheatre parkway, Mountain View, CA 94043, USA) are responsible within the meaning of Article 4 no. 7 of the General Data Protection Regulation (GDPR). When you visit our YouTube page, personal data is processed by the responsible persons. in the following section, we inform you about the data involved, how it is processed and which rights you have in this regard. All data protection settings on YouTube must be made in the Google Account. As the controller of this site, we have entered into agreements with Google, which, among others, govern the conditions for the use of the Google services (here: YouTube). The terms of use of Google and the other terms and policies listed there in the end are decisive.

15.6.2 Purposes of processing

The processing of the information is intended, among other things, to enable YouTube to improve its system of advertising, which it distributes over its network. Secondly, as the operator of the YouTube site, it should enable us to obtain statistics that YouTube creates based on the visitors to our YouTube site. This is intended to control the marketing of our activities. For example, this allows us to gain knowledge of the profiles of visitors who value our YouTube videos or use the Site’s applications to provide you with relevant content and develop features that might be of the greatest interest to you. In order to better understand how we can better achieve our goals with our YouTube page, demographic and geographical evaluations are also created and made available to us on the basis of the information collected. We may use this information to target interest-based advertisements without directly knowing the identity of the visitor. If visitors use YouTube on several devices, the recording and evaluation can also be carried out across devices if they are registered and logged in to their own profile. The visitor statistics produced are transmitted to us exclusively in anonymized form. We do not have access to the underlying data.

15.6.3 Legal basis and legitimate interests

We operate this YouTube page to present ourselves to and communicate with YouTube users and other interested people who visit our YouTube site. The processing of the personal data of the users takes place on the basis of our legitimate interests, in an optimized corporate presentation (Art. 6 sec. 1 lit. f GDPR).

15.6.4 Disclosure of data

We have no influence on the collection of data by Google, nor on the data processing processes that exist at Google. Nor do we know the extent of the data collection, nor the purposes of the processing or the storage periods stored. It cannot therefore be ruled out that the data will be forwarded to anonymized statistics. It is conceivable that some of the information collected will also be processed outside the European Union by YouTube LLC, based in the United States. Google is certified under the US-EU Privacy Shield and is committed to complying with European data protection requirements for its services (here: YouTube). We, as Brightest, do not share any personal data.

15.6.5 Possibility of opposition

Users of YouTube can influence the extent to which their user behavior may be recorded when they visit our YouTube page under the settings of your Google Account. See also: https://policies.google.com/privacy?hl=de#infochoices The processing of information using the cookies used by YouTube or Google can be prevented by not allowing cookies from third-party providers or those from Google and YouTube in their own browser settings.

15.6.6 The nature of shared responsibility

It is essentially clear from the agreements with YouTube and Google also on joint responsibility that requests for information and the assertion of other data subjects' rights are sensibly asserted directly from YouTube or Google. As a provider of the social network and the possibility of integrating YouTube pages there, YouTube alone has the direct access to the required information and can also take any necessary measures and provide information immediately. However, if our support is required, we can be contacted at any time.

15.6.7 Information on contact options and other rights as a data subject

Further information about our contact details, the rights of data subjects towards us and how otherwise personal data is processed by us can be found in this privacy policy. Information on how YouTube handles personal data on Google can be found in their privacy policy (https://policies.google.com/privacy?hl=de).
Google also processes your personal data in the US and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

16. Data protection for applications and in the application process

We offer you the opportunity to apply to us (e.g. by e-mail). In the following section, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with the applicable data protection law and all other legal provisions and that your data will be treated strictly confidentially.

Scope and purpose of data collection

When you send us an application, we process your personal data (e.g. contact and communication data, application documents, notes in the course of interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is Section 26 OF the German Data Protection Act (initiation of an employment relationship), Art. 6 sec. 1 lit. b GDPR (general initiation of contracts) and, if you have given your consent, Art. 6 sec. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in the processing of your application. If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the German Data Protection Act (BDSG) and Art. 6 (1) lit. b GDPR for the purpose of carrying out the employment relationship.

Retention period of the data

In the case that we do not offer you a job you have applied to, reject your job offer or you withdraw your application, we reserve the right to keep the data you provide on the basis of our legitimate interests (Art. 6 sec. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted, and the physical application documents destroyed. The retention is used, in particular, for verification purposes in the event of a dispute. If it is apparent that the data will be necessary after the expiry of the 6-month period (e.g. due to an impending or pending litigation), deletion will only take place if the purpose for further storage is no longer necessary. A longer retention can also take place if you have given appropriate consent (Art. 6 sec. 1 lit. a GDPR) or if legal retention obligations prevent deletion.

17. Deletion and blocking of personal data

The controller processes and stores the data subject's personal data only for the period necessary to achieve the purpose of storage or if this has been provided for in the laws or regulations to which the controller is subject. If the storage purpose is waived or a storage period prescribed by another competent legislator expires, the personal data will be blocked or deleted in accordance with the statutory provisions.

18. Legal basis for processing

Unless otherwise stated:
Art. 6 sec. 1 sentence 1 lit. a GDPR serves as a legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in the case of processing operations necessary for the supply of goods or the provision of any other service or consideration, the processing shall be based on The First sentence of Article 6 (1) (GDPR),.b the GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing shall be based on Article 6 paragraph 1 sentence 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were to be injured and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third parties. The processing would then be based on the first sentence of Article 6 (1) of the GDPR. Ultimately, processing operations could be based on the first word of GDPR in Article 6 (1). This legal basis is based on processing operations which are not covered by any of the aforementioned legal bases where the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are allowed to do this kind of processing, in particular because they have been specifically mentioned by the European legislator. In that regard, it took the view that a legitimate interest could be presumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

19. Legitimate interests in the processing pursued by the controller or a third party

Based on Article 6 paragraph 1 sentence 1 lit. f GDPR, our legitimate interest is to carry out our business for the benefit of the well-being of all our employees and our shareholders.

20. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of the period, the relevant data will be routinely deleted, provided that they are no longer necessary for the performance of the contract or initiation of the contract.

21. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-deployment

We inform you that the provision of personal data is partly required by law (i.e. tax regulations) or may also result from contractual regulations (i.e. information about the contractual partner). In some ways, it may be necessary for a data subject to provide us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee clarifies on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the non-provision of the personal data would have.

22. Rights of the data subject

 

  • a) Right to information

    You can at any time exercise your right of access to us under Article 15 GDPR as to whether personal data concerning you are processed by us.

  • b) Right to correction

    You can exercise your right of rectification under Article 16 GDPR to us at any time and request the correction of inaccurate personal data concerning yourself.

  • c) Right to restrict processing

    You may at any time exercise your right to restrict the processing in accordance with Article 18 GDPR and request the restriction of the processing, provided that the legal requirements for doing so are met.

  • d) Right to erasure

    You can exercise your right of deletion under Article 17 GDPR to us at any time and request that personal data concerning you be deleted immediately if such data are no longer required for the purposes for which they were collected or otherwise processed. This right of deletion may be precluded by other legal obligations (e.g. retention obligations).

  • e) Right to be informed

    You can assert your right to information under Article 19 GDPR against us at any time. If you have asserted a right to delete, rectify or restrict the processing of personal data concerning you, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed, the rectification or deletion of the data or the restriction of the processing, unless this proves impossible or this only involves a disproportionate effort. You have the right to be informed of these recipients.

  • f) Right to data portability

    You can exercise the right to data portability in accordance with Art. 20 GDPR at any time. You have the right to receive your personal data that you have provided to us in a structured, commonly-used and machine-readable format or to request that it be transfered to another controller if this is technically feasible.

  • g) Right to object

    You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which takes place pursuant to Article 6(1) (e) or (f) GDPR. We will no longer process these personal data in the event of an objection, unless we can prove compelling legitimate grounds for their processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims. If we process personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. If the data subject objects to us from the processing for direct marketing purposes, we will no longer process the personal data for these purposes. To exercise the right of appeal, the person involved can contact us directly. They are also free to exercise his or her right of opposition by means of automated procedures.

  • h) Right to revoke a data protection consent

    You have the right to revoke your consent to the processing of personal data at any time. The revocation of your consent does not affect the lawfulness of the processing of your personal data that has taken place on the basis of your consent until its revocation.

  • i) Right to complain to a supervisory authority

    Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the GDPR.

 

1) This data protection declaration was prepared in the marked points by the Data Protection Declaration Generator, which is operated and made available in cooperation between DGD Deutsche Gesellschaft für Datenschutz GmbH, Dachau (available at: https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de) and the lawfirm Wilde/Beuger/Solmecke Rechtsanwälte GbR, Cologne (available at: https://www.wbs-law.de/it-recht/datenschutzrecht/datenschutzerklaerung-generator/). These texts are subject to the copyright of DGD Deutsche Gesellschaft für Datenschutz GmbH, Dachau and the law firm Wilde/Beuger/Solmecke Rechtsanwälte GbR,Köln.