Legal
Privacy policy
Controller / Data Protection Officer:
We have appointed an external Data Protection Officer for our company:
Our company’s Data Protection Officer, Dr. Marschall (GDPC GbR), or his deputy, Mr. Blazy, can be reached by telephone at +49 (0) 561 830 99 165, by post at the above address with the addition “Data Protection Officer,” or by email at datenschutz@blackflag-agency.com.
General Information and Scope
Use of our website is generally possible without providing personal data. Where personal data (e.g., name, postal address, email address) is collected on our pages, this is—wherever possible—always on a voluntary basis. We do not share this data with third parties without your explicit consent.
Please note that data transmission over the internet (for example, when communicating by email) can have security vulnerabilities. A complete protection of data against access by third parties is not possible.
We expressly object to the use of contact details published due to legal notice (imprint) obligations by third parties for the purpose of sending unsolicited advertising and informational materials. The website operators expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.
Privacy in Applications and the Recruitment Process
For the purpose of handling application procedures, we collect, store, and process applicant data electronically. This is particularly the case if an application is submitted electronically, for example by email.
If an employment contract is concluded, we will continue to store the data in compliance with legal requirements for regular organisational and employment relationship purposes in your personnel file.
If no employment contract is concluded with an applicant, the applicant data will be automatically deleted from our systems after notification of the rejection—unless special legal conditions apply (e.g., statutory retention obligations or the need to retain data to meet the burden of proof under the German General Equal Treatment Act (AGG)) or you have expressly consented to a longer retention period during the application process.
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored by Google on servers in the USA.
If IP anonymisation is activated on this website, your IP address will, however, be truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that if you do so, you may not be able to use all functions of this website to their full extent. You can also prevent Google’s collection of the data generated by the cookie related to your use of the website (including your IP address) and Google’s processing of this data by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.
Legal basis: Art. 6(1)(f) GDPR (legitimate interests – analysis, optimisation, and economic operation of our website and advertising).
Google Tag Manager
This website uses Google Tag Manager, provided by Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Tag Manager is a tag management system. It operates on a cookieless domain and does not itself collect personal data. The tool triggers other tags that may in turn collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager. Further information: http://www.google.de/tagmanager/use-policy.html.
Functions of the service Twitter are integrated into our pages. These functions are offered by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter.
We point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data nor of how it is used by Twitter. Further information can be found in Twitter’s Privacy Policy at http://twitter.com/privacy. You can change your privacy settings at Twitter in the account settings at http://twitter.com/account/settings.
We expressly point out that Pinterest stores user data (e.g., personal information, IP address, etc.) and may also use it for business purposes. Details on Pinterest’s data processing can be found in the Pinterest Privacy Policy: https://policy.pinterest.com/de/privacy-policy.
We have no influence over data collection and further processing by Pinterest. Nor can we determine the extent, location, and duration of data storage, the extent to which Pinterest complies with deletion obligations, what evaluations and linkages of the data are carried out, and to whom the data is disclosed. If you would like to prevent Pinterest from processing personal data you have transmitted to us, please contact us via another channel. Our full contact details can be found in our Pinterest imprint.
TikTok
TikTok is an international video platform that allows the creation of short videos (including lip-sync videos). According to TikTok’s Privacy Policy, the entities responsible for processing personal data are TikTok Technology Limited (“TikTok Ireland”) and TikTok Information Technologies UK Limited (“TikTok UK”). Where this policy refers to “TikTok”, “we”, or “us”, it refers to these entities.
If you have provided advertising consent, TikTok may use your data to display personalised advertising. TikTok is operated by the Chinese company ByteDance. TikTok provides users with settings to control and manage their personal data. Automated self-service tools are available to inform you about how your data is processed. Within the framework of legal requirements, you also have rights to deletion and rectification of data and may object to the use of your data or restrict its use, as well as withdraw consent at any time.
Please note that TikTok’s Terms of Use and Privacy Policy can change at any time. Please check these texts regularly to ensure they are up to date. We assume no liability for the timeliness, accuracy, or completeness of information relating to TikTok’s terms of use and privacy policy. Our present privacy notices serve the information requirements under Arts. 12 et seq. GDPR to the extent that companies of the DSV Group use TikTok by embedding videos on one of our websites or where TikTok is used by our employees for clients.
• TikTok Terms of Use: https://www.tiktok.com/legal/terms-of-use?lang=de
• TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy?lang=de#section-1
Our website uses functions of the LinkedIn network. Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time you access one of our pages that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our internet pages with your IP address. If you click the LinkedIn “Recommend” button and are logged in to your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data as well as its use by LinkedIn.
Further information can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
Social Plugins (Facebook, Google+, Instagram, LinkedIn, Pinterest, Twitter, XING, YouTube)
Where our website uses plugins of the social networks listed above, you can recognise the respective plugins by the corresponding company logos. When our website is accessed, a connection between your device and the server of the social media provider may be established via the respective plugin, and, where applicable, attributed to you. If you are logged in to one of the services while visiting our page, the provider may be able to determine and associate your username and real name from the transmitted information.
Servers of the aforementioned services are located in the USA and in other countries of the European Union. Please be aware that the respective companies are subject to their local data protection laws and that general personal data may not be protected to the same extent as within the Member States of the European Union.
For example, Facebook may receive information about you when you click the “Like” button while logged in to Facebook, which can be clearly associated with your account. For Google+, a Google account is required. When using our offering concurrently with Google+, an association may be made with information such as your IP address, the date and time of your visit, the address of the internet page containing the embedded link, and information about your operating system and browser.
The XING Share button does not store personal data; XING does not evaluate your IP address or user behaviour. However, if you are logged in to XING at the time of your visit, your account information may be used to relate your visit to our page.
Please note that we have no influence over the transfer of your data by the providers of the above-mentioned social networks. For details on the applicable privacy policies, please consult the respective providers’ pages:
• Facebook – Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy: https://de-de.facebook.com/about/privacy/
Plugins: https://developers.facebook.com/docs/plugins
• Google+ – Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Buttons policy: https://developers.google.com/+/web/buttons-policy
• Instagram – Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Help: https://help.instagram.com/155833707900388
• LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv
• Pinterest – Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
Privacy: https://pinterest.com/about/privacy/
• Twitter – Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy: https://twitter.com/privacy
• XING – XING SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy: https://privacy.xing.com/de/datenschutzerklaerung
• YouTube – Google Ireland Ltd., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Privacy: https://policies.google.com/privacy?hl=de&gl=de
Hotjar
To improve user experience and identify disruptions on our websites, we use Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar enables us to measure and evaluate user behaviour (mouse movements, clicks, scroll depth, etc.) on our pages. For this purpose, Hotjar places cookies on users’ end devices and can store data such as browser information, operating system, time spent on the page, etc., in anonymised form. Our processing is based on Art. 6(1)(f) GDPR.
You can prevent this processing by disabling the use of cookies in your web browser settings and deleting active cookies. Further information on data processing by Hotjar: https://www.hotjar.com/legal/policies/privacy.
Note: The paragraph about Pinterest that followed in the original German text is already covered under the dedicated Pinterest section above.
Google Ads and Google Remarketing (Conversion Tracking)
This website uses Google AdWords (now: Google Ads), an online advertising program of Google Ireland Ltd, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. As part of Google Ads, we use conversion tracking. If you click on an ad served by Google, a conversion-tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification.
If you visit certain pages of this website and the cookie has not expired, Google and we can recognise that you clicked the ad and were redirected to this page. Each Google Ads customer receives a different cookie; cookies cannot be tracked across the websites of different Ads customers. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked their ad and were redirected to a page tagged for conversion tracking. However, they do not receive information that personally identifies users.
If you do not wish to participate in tracking, you can object to this use by deactivating the Google conversion-tracking cookie in your internet browser under user settings. You will then not be included in conversion tracking statistics. Storage of conversion cookies is based on Art. 6(1)(f) GDPR (legitimate interest in analysing user behaviour to optimise our website and advertising). More information can be found in Google’s Privacy Policy: https://www.google.de/policies/privacy/.
Your Rights as a Data Subject
Where we process personal data relating to you, you are a data subject within the meaning of the GDPR and have the following rights against the controller:
Right of Access
You have the right to obtain confirmation as to whether personal data concerning you is being processed by us. Where this is the case, you may request access to the following information:
• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom personal data concerning you has been or will be disclosed;
• the envisaged period for which the personal data will be stored, or, if specific information is not possible, the criteria used to determine that period;
• the existence of the right to request rectification or erasure of personal data concerning you, or restriction of processing by the controller, or to object to such processing;
• the right to lodge a complaint with a supervisory authority;
• any available information as to the source of the data where the personal data is not collected from you;
• the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for you.
You also have the right to be informed whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.
Right to Rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
Right to Restriction of Processing
You may request the restriction of processing of personal data concerning you where one of the following applies:
• you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defence of legal claims; or
• you have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. You will be informed by the controller before the restriction is lifted.
Right to Erasure (“Right to be Forgotten”)
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• you withdraw consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing;
• you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
Information to Third Parties: Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Exceptions: The right to erasure does not apply to the extent that processing is necessary for:
• exercising the right of freedom of expression and information;
• compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
• archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• the establishment, exercise, or defence of legal claims.
Right to Notification
If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to communicate this to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about those recipients.
Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
• the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
• the processing is carried out by automated means.
In exercising this right, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected.
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to Object
You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. You may exercise your right to object by automated means using technical specifications in connection with the use of information society services, notwithstanding Directive 2002/58/EC.
Right to Withdraw Consent
You have the right to withdraw your data protection consent at any time. The lawfulness of processing based on consent before its withdrawal remains unaffected by the withdrawal.
Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
Sources: eRecht24, Datenschutzerklärung für Google Analytics, Google Ads, Google Tag Manager, Linkedin, Tiktok, Hotjar, Pinteres und Twitter Datenschutzerklärung