Privacy Policy

1. Overview
In this section of the data protection declaration you will find information about the scope, the person responsible for data processing and their data protection officer.

1.1 Responsible person
The person responsible for data processing – i.e. the person who decides on the purposes and means of processing personal data – in connection with the processing is:

PIA Media GmbH
Gorch-Fock-Wall 1a
20354 Hamburg
Vertreter: Axel Schönau
Telefon: +49 (0)40-1888112-0
E-Mail: contact@piamedia.com

1.2 Data protection officer
You can contact our data protection officer as follows:

ePrivacy GmbH
Burchardstr. 14
20095 Hamburg
E-Mail: datenschutz@piamedia.com

2. Data processing
In this section of the data protection declaration we inform you in detail about the processing of personal data. For better clarity, we organize this information according to specific functionalities.

2.1 General information about data processing
Unless otherwise stated, the following applies to all processing operations described below:

2.1.1 No obligation to provide
There is neither a contractual nor legal obligation to provide personal data. You are not obliged to provide any data.

2.1.2 Consequences of non-provision
In the case of required data (data that is marked as mandatory when entered), failure to provide it will result in the service in question not being able to be provided. Otherwise, non-provision may result in our services not being able to be provided in the same form and quality.

2.1.3 Storage period
We do not store your personal data longer than we need it for the respective processing purposes. Below we specify the generally required storage period. If the data is no longer required, it will be deleted regularly, unless its temporary storage is still necessary. Reasons for this can e.g. B. be:

• The fulfillment of commercial and tax retention obligations
• Obtaining evidence for legal disputes within the statutory limitation period
  

2.1.4 Categories of recipients
In addition to the recipient categories explicitly listed below, personal data is also transmitted to the following categories of recipients: IT service providers, telephone and fax providers.

2.1.5 Data categories

• Account details: login/user ID and password
• Personal master data: title, salutation/gender, first name, last name, date of birth Address data: street, house number, additional address if applicable, postal code, city, country Contact details: telephone number(s), fax number(s), email address(es)
• Registration Data: Information about the service through which you registered; Times and technical information regarding registration, confirmation and deregistration;
• Data you provided when registering Order data: Products ordered, prices, payment and delivery information
• Payment data: account details, credit card details, data on other payment services such as PayPal
• Access data: date and time of visit to our service; the page from which the accessing system accessed our site; pages accessed during use;
• Session identification data (Session ID); In addition, the following information from the accessing computer system: Internet Protocol address (IP address) used and, if applicable, data associated with the IP address such as rough position and company, browser type and version, device type, operating system and similar technical information Application data: CV, references, evidence, work samples, certificates, pictures, videos Data in accordance with Art. 9 GDPR: data revealing racial and ethnic origin, political opinions, religious or ideological beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of a natural person,
• health data or data on sexual life or the sexual orientation of a natural person.

2.1.6 Legal basis for processing personal data
The legal basis for our processing of personal data is:
For processing operations in which we obtain consent for a specific processing purpose, Art. 6 Para. 1 subpara. 1 S. 1 lit. a) GDPR legal basis.
The processing of personal data that we need to fulfill contractual or pre-contractual obligations is carried out on the basis of Article 6 Paragraph 1 Subsection. 1 lit. b) GDPR.

• If the processing is necessary to fulfill a legal obligation (e.g. statutory retention obligations according to § 257 HGB, § 147 AO) to which the controller is subject, Art. 6 Para. 1 subpara. 1 lit. c) GDPR as the legal basis.
• If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests, fundamental freedoms and fundamental rights of the data subject do not outweigh this, Art. 6 para. 1 subparagraph serves us. 1 lit. f) GDPR as the legal basis for the processing of personal data.
• If the storage of information in the user’s end device or access to information that is already stored in the end device – especially cookies – is necessary for the processing of the data, Section 25 Paragraph 1 TDDDG (consent), Section 25 Paragraph 2 No. 1 TDDDG (carrying out the transmission of a message via a public telecommunications network) or Section 25 Paragraph 2 No. 2 TDDDG (provision of a digital service expressly requested by the user) is the legal basis for this.
• Processing can also be based on several legal bases.

2.1.7 Transmission to the state authorities
We only transmit personal data to state authorities (including law enforcement authorities) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: Art. 6 Para. 1 Subpara. 1 lit. c) GDPR) or to assert or exercise it or defense of legal claims is necessary (legal basis: Art. 9 Para. 1 lit. f) GDPR).

2.2 Visiting the website
This describes how we process your personal data when you access the website.

2.2.1 Information on processing

Data category	Purpose	Legal basis	legitimate interest, if applicable	storage period
Access data	Establishing a connection, displaying the contents of the service, detecting attacks on our site based on unusual activities, diagnosing errors	§ 25 Paragraph 1 Sentence 1 TDDDG; Safeguarding legitimate interests (Art. 6 para. 1 subpara. 1 lit. f) GDPR)	proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems	7 days, referring to cookies see 2.2.3
Access data	Tracking for the purposes of marketing, analysis and optimization of our services and their use (Section 2.2.3)	Consent (Section 25 Paragraph 2 No. 2 TDDDG)		See 2.2.3
User consent data	User consent management and esp. the storage and manage visitor choices to use or not use tools when visiting this website	Safeguarding legitimate interests (Art. 6 Abs. 1 Uabs. 1 lit. f) DSGVO)	proper functioning of the services	3 years

2.2.2 Recipient of the personal data

Recipient category	Affected data	Legal basis for transmission	legitimate interest, if applicable
Hosting and content provider	Access data	Not necessary because order processing (Art. 28 GDPR)	proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems
Access data	Tracking for the purposes of marketing, analysis and optimization of our services and their use (Section 2.2.3)	Consent (Section 25 Paragraph 2 No. 2 TDDDG)
User consent management platform	User consent data	Safeguarding legitimate interests (Art. 6 Abs. 1 Uabs. 1 lit. f) DSGVO)

2.2.3 Use of cookies and other methods, tracking for the purposes of marketing, analysis and optimization of our services and their use
Below we describe how we use your personal data using tracking technologies (such as cookies) for the purposes of marketing, analysing and optimising our services and your use. The tracking methods used are also described in the Consent Management Tool. The tracking methods described process personal data only in pseudonymous form. There is no connection with a specific, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym. The description of the tracking procedures in the Consent Management Tool also includes information on how you can prevent or object to data processing. Please note that the so-called “opt-out”, i.e. the rejection of processing, is usually stored via cookies, even after a previous “opt-in”. If you are using our Services on a new device or browser, or if you have deleted the cookies set by your browser, you will need to opt-out again. In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small data sets that are stored on your permanent storage medium associated with the browser you are using and through which certain information flows to the entity that sets the cookie (in this case, by us). Cookies cannot run programs or transmit viruses to your computer. We use technically necessary cookies on our website in order to operate the website. These technically necessary cookies ensure that the website can be used by enabling basic functions. Without these cookies, the website would not function properly. The legal basis for this is § 25 para. 2 no. 2 TDDDG and, in the alternative, our legitimate interest (Art. 6 para. 1 subpara. 1 lit. f) GDPR). Our legitimate interest lies in providing a functional website. These cookies are usually stored until the end of the respective browser session.

2.3.2 Recipients of personal data

Category of recipient	Data affected	Legal basis for transfer	legitimate interest, if applicable
Provider of newsletter service	all mentioned data see 2.3.1	Not necessary as order processing (Art. 28 DSGVO)	–

2.3. Content providers who transfer data to third countries
There will be no transfer to third countries

2.4.1 Processing information

Data category	Purpose	Legal basis	legitimate interest, if applicable	storage period
All data entered in the input mask of the contact form or email (these data are e.g. content of the message, name, address, email address, telephone number, input text)	Processing of contact by us	Consent (Art. 6 Abs. 1 Uabs. 1 lit. a) DSGVO), Processing of contractual relationships with potential and existing customers (Art. 6 Para. 1 sub-para. 1 lit. b) GDPR, protection of legitimate interests (Art. 6 Para. 1 sub-para. 1 lit. f) GDPR)	Retaining customers, improving our service, responding effectively to the message	Duration of contact processing
IP address of the user, date and time of the request (only when using the contact form)	Use for short-term pseudonymized identification	Safeguarding legitimate interests (Art. 6 para. 1 subpara. 1 lit. f) GDPR)	Preventing misuse of the contact form and increasing the security of our IT systems

2.4.2 Recipient of the personal data

Recipient category	Affected data	Legal basis for transmission	legitimate interest, if applicable
Customer management	all data mentioned under 2.5.1 (unless contradicted in part)	Not necessary because order processing (Art. 28 GDPR)	–
Affiliated companies	alle unter 2.5.1 gall data mentioned under 2.5.1 (unless contradicted in part)	Not necessary because order processing (Art. 28 GDPR)	–

2.4.3 Content providers who transfer data to third countries
There will be no transfer to third countries.

2.5 Application
Job applications can be made using a tool or other methods. During an ongoing application process, we process your personal data in the following ways: We use the “Softgarden” tool for our recruiting and application management. Applicants can register with this tool and provide us with their application digitally. You can also voluntarily become part of the PIA Group’s talent pool, so that all companies in the group can access your applicant data when filling positions.

2.5.1 Information on processing

Data category	Purpose	Legal basis	legitimate interest, if applicable	Storage period
address and contact data	Identification, contact, communication to initiate a contract	Fulfillment of a contract, initiation or implementation of pre-contractual measures (Article 6 Paragraph 1 Subparagraph 1 Letter b) GDPR or purposes of the employment relationship (Article 88 GDPR in conjunction with Section 26 Paragraph 1 Sentence 1 BDSG)	–	6 months or until end of contract
Personal master data	Identification, contact, age verification	Fulfillment of a contract, initiation or implementation of pre-contractual measures (Article 6 Paragraph 1 Subparagraph 1 Letter b) GDPR or purposes of the employment relationship (Article 88 GDPR in conjunction with Section 26 Paragraph 1 Sentence 1 BDSG)	–	6 months or until end of contract
Application data	Assessment and evaluation for the advertised position	Fulfillment of a contract, initiation or implementation of pre-contractual measures (Article 6 Paragraph 1 Subparagraph 1 Letter b) GDPR or purposes of the employment relationship (Article 88 GDPR in conjunction with Section 26 Paragraph 1 Sentence 1 BDSG)	–	6 months or until end of contract

2.5.2 Recipient of personal data

Recipient category	Affected data	Legal basis for transmission	legitimate interest, if applicable
Applicant management & data storage provider (softgarden e-recruiting GmbH, Tauentzienstr. 14, 10789 Berlin)	all data mentioned under 2.5.1 (unless contradicted in part)	Not necessary because order processing (Art. 28 GDPR)	–
When using the talent pool: PIA group of companies (affiliated companies within the meaning of Section 15 of the German Stock Corporation Act)	all data mentioned under 2.5.1 (unless contradicted in part)	Consent Art. 6 Abs. 1 Uabs. 1 lit. a) DSGVO bzw. Art. 88 DSGVO iVm § 26 Abs. 2 BDSG	Enabling an effective application process with internal talent promotion

2.5.3 Content providers who transfer data to third countries
There will be no transfer to third countries.

2.6 Social media
Wie wir deine personenbezogenen Daten verarbeiten, wenn du uns über soziale Medien folgst und interagierst, findest du hier:
Information on processing

Data category	Purpose	Legal basis	legitimate interest, if applicable	storage period
Online Identifier	External representation, advertising approach	Safeguarding legitimate interests (Art. 6 Abs. 1 Uabs. 1 lit. f) DSGVO)	Acquiring new customers, maintaining existing customers and recruiting and retaining employees	analogous to the contract term

2.6.2 Recipient of personal data

Recipient category	affected data	Legal basis	legitimate interest, if applicable
Social media platform operator	all data mentioned under 2.6.1 (unless contradicted in part)	Safeguarding legitimate interests (Art. 6 Abs. 1 Uabs. 1 lit. f) DSGVO)	Acquiring new customers, maintaining existing customers and recruiting and retaining employees

2.6.3 Content providers who transfer data to third countries

Recipient	Operation	data category	Adequacy decision if applicable (Art. 45 DSGVO)	appropriate guarantees if applicable (Art. 46 DSGVO)
LinkedIn Ireland Unlimited Company	External representation, advertising approach	Online Identifier	In principle, no transfer to third countries (countries that do not belong to the EU or the European Economic Area) (if transfer to third countries, then only with a corresponding adequacy decision)Übertragung in Drittstaat, dann nur bei entsprechendem Angemessenheitsbeschluss)

3. Data security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. To transmit website data to you via your browser, we use the common SSL (Secure Socket Layer) process in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page on our website is transmitted encrypted by the key or lock symbol in the status bar of your browser.

4. No automated decision making (including profiling)
The personal data collected from you will not be used for any automated decision-making process (including profiling).

5. Rights of those affected
You can assert your rights as a data subject regarding your processed personal data at any time using the contact details provided at the beginning. As the person affected, you have the right:

• in accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can obtain information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or the right to object, request the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details; in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;
• in accordance with Art. 15 GDPR, to request information about your data processed by us. In particular, you can obtain information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or the right to object, request the existence of a right to complain, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
• in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;
• in accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is;
• in accordance with Art. 18 GDPR, to request the restriction of the processing of your data if you dispute the accuracy of the data or the processing is unlawful;
• gemäß Art. 20 DSGVO deiner Daten, die du uns bereitgestellt hast, in einem strukturierten, gängigen und maschinenlesbaren Format zu erhalten oder die Übermittlung an einen anderen Verantwortlichen zu verlangen („Datenübertragbarkeit“);
• ACCORDING TO ART. 21 GDPR TO OBJECT TO PROCESSING, IF PROCESSING IS PROCESSED BASED ON ART. 6 ABS. 1 UABS. 1 p. 1 LIT. E) GDPR (PERFORMANCE OF PUBLIC INTERESTS) OR ART. 6 ABS. 1 UABS. 1 p. 1 LIT. F) GDPR (LEGITIMATE INTERESTS OF THE RESPONSIBLE) APPLIES. THIS IS PARTICULARLY THE CASE IF THE PROCESSING IS NOT NECESSARY TO PERFORM A CONTRACT WITH YOU. IN CASE OF YOUR REASONABLE OBJECTION, WE WILL CHECK THE SITUATION AND WILL EITHER STOP DATA PROCESSING OR CUSTOMIZE OR SHOW YOU OUR COMPLEX REASONS WHY WE CONTINUE PROCESSING;
• in accordance with Art. 7 Para. 3 GDPR, your consent once given – i.e. your voluntary, informed and unambiguously made clear through a statement or other clear confirmatory action that you consent to the processing of the relevant personal data for one or more specific purposes you agree – to revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing based on this consent in the future;
• gemäß Art. 77 DSGVO das Recht, jederzeit Beschwerde bei einer Aufsichtsbehörde einzulegen, insbesondere bei einer Aufsichtsbehörde in dem Mitgliedstaat deines Aufenthaltsorts, deines Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes, wenn du der Ansicht bist, dass die Verarbeitung der dich betreffenden personenbezogenen Daten gegen datenschutzrechtliche Bestimmungen verstößt.

For Hamburg, for example, this is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 7.OG
20459 Hamburg
Telefon: +49 (0)40-42854-4040
E-Mail: mailbox@datenschutz.hamburg.de

You can find a list of state data protection authorities below: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

6. Currentness and changes to this data protection notice
Due to the further development of our internal processes, offers and the website or due to changed legal or official requirements, it may become necessary to change this data protection information. The current data protection information can be accessed and printed out on the website at any time.

As of: September 12, 2024