Website data protection statement and at the same time information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

1.    Name and address of controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

PERI SE
Rudolf-Diesel-Straße 19
89264 Weißenhorn
Germany
Tel.: +49 (0)7309.950-0
Fax: +49 (0)7309.951-0
info@peri.com
www.peri.com

2.    Contact information for the data protection officer

You can reach our data protection officer as follows:

Dr. Sebastian Kraska
Marienplatz 2
80331 Munich
Tel. +49 89 1891 7360
datenschutz@peri.de

3.    General information on data processing

3.1.    Scope of processing of personal data

As a rule, we only process the personal data of our users to the extent that this is necessary to provide a functioning website and our content and services. The processing of our users' personal data takes place regularly and only with the user's consent. An exception applies in those cases where prior consent cannot be obtained for real reasons and the processing of the data is permitted by law.

3.2.    Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 letter a EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 letter b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary to implement pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 letter c GDPR serves as the legal basis. In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 letter d GDPR serves as the legal basis.
 
If processing is necessary to safeguard a legitimate interest of our company, a company affiliated with our company within the meaning of Section 15 of the German Stock Corporation Act (AktG), or a third party, and if the interests, fundamental rights and basic freedoms of the data subject do not outweigh the interest first mentioned, Art. 6 para. 1 letter f GDPR serves as the legal basis for processing.

3.3.    Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

4.    Provision of the website and creation of log files

4.1.    Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data are collected:

(1)    Information about the browser type and version used
(2)    The user's operating system
(3)    The user's Internet service provider
(4)    The user's IP address
(5)    Date and time of access
(6)    Websites from which the user's system reaches our website
(7)    Websites accessed by the user's system via our website
(8)    Domain name of your Internet access provider

The data are also stored in the log files of our system. These data are not stored together with the user's other personal data.

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 letter f GDPR.

4.2.    Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data are stored in log files to ensure the functionality of the website. In addition, we use the data to optimize our website and to ensure the security of our information technology systems. The data are not analyzed for marketing purposes in this context. For these purposes, we also have a legitimate interest in data processing in accordance with Art. 6 para. 1 letter f GDPR.

4.3.    Duration of storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If the data are collected to make the website available, this is the case when the respective session is over.

If the data are stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or anonymised, so that an assignment to the accessing client is no longer possible.

4.4.    Possibility of objection and elimination

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

5 Use of cookies


a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

1. Language settings
2. Search terms entered
3. Frequency of page views
4. Use of website functions
5. Status of the website feedback dialogue
6. Country selection for project filter
7. Last search query via website search
8. Status of cookie notice
9. Status of the country site hint


When calling up our website, the user is informed about the use of cookies for analysis purposes and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection declaration is also made. With regard to the mode of operation and the possible transmission of the cookie data to third parties for processing, we refer to our Cookie Policy.

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f DSGVO. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent in this regard.

c) Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We require cookies for the following applications:

1. Acceptance of language settings
2. Remembering search terms
3. Remembering visited pages


The user data collected through technically necessary cookies are not used to create user profiles. These purposes also constitute our legitimate interest in processing the personal data in accordance with Art. 6 Para. 1 lit. f DSGVO.

d) Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

With regard to the storage period, a distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. You can delete and manage permanent cookies via your browser settings.

6.    Google Analytics

We create pseudonymous user profiles with the help of Google Analytics in order to design our websites according to your needs. Google Analytics uses targeting cookies that are stored on your terminal device and can be read by us. In this way, we are able to recognise and count returning visitors as such and to find out how often our web pages have been accessed by different users. The data processing is based on Art. 6 para. 1 lit. a DS-GVO (consent). The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. However, as we have activated IP anonymisation on our website, your IP address will be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there (for more information on the purpose and scope of data collection, see e.g. https://policies.google.com/privacy?hl=en&gl=en). We have also concluded an order processing agreement with Google LLC (USA) in accordance with Art. 28 DS-GVO. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our websites for us and compiling reports on website activity. Google sets the following cookies when you visit our website and consent to the use of the Google Analytics cookie:           

  • Name: _ga
    • Purpose: This helps us count how many people visit our website when you have already visited.    
    • Expires: 2 years
  • Name: _gid
    • Purpose: This helps us to count how many people visit our website if you have already visited it.
    • Expires: 1 day
  • Name: _gat
    • Purpose: This helps us manage the frequency with which requests were made to view a page.     
    • Expiry: 1 minute

The data we send and link to cookies, user IDs (e.g. User ID) or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can revoke your consent at any time. Please use one of the following options to do so:

  • You inform us that you wish to revoke your consent.
  • You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
  • You can also prevent the collection of data generated by the cookie and related to your use of our website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link (.
  • For the rest, we refer to our Cookie Policy at https://policies.google.com/privacy?hl=en.

7.    Newsletter

7.1.    Description and scope of data processing

You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input mask are transmitted to us:

First and last name
Company
Email * Interests
In addition, the following data are collected upon registration:
(1)    Date and time of registration
(2)    Registration information

We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. The purpose of this procedure is to verify your registration and, if necessary, to be able to clarify a possible misuse of your personal data.

When you register for our newsletter/press mailing, we disclose the personal data that you provide to us when registering (email address, areas of interest, possibly title, first name, last name) to CleverReach GmbH & Co. KG (Muehlenstr. 43, 26180 Rastede, Germany) for the purpose of sending and managing our newsletters/press mailings by using email marketing software. The data you enter when registering is stored on CleverReach's servers in Germany or Ireland. Our newsletters/press mailings sent with CleverReach enable us to analyse the behaviour of the recipients. Among other things, we can analyse how many recipients have opened the newsletter or press mailing and how often which link in the newsletter/press mailing was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action has taken place after clicking on a link in the newsletter. Further information on data analysis by CleverReachNewsletter is available at: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/. If you do not want CleverReach to analyse your data, you must unsubscribe from the newsletter or press mailing. For this purpose, we provide a corresponding link in each newsletter/press mailing. You can also unsubscribe from the newsletter or press mailing directly on the website. For more details, please refer to the CleverReach data protection provisions at: https://www.cleverreach.com/en-de/privacy-policy/. We have concluded an order data processing contract with CleverReach and fully implement the strict requirements of the German data protection authorities when using CleverReach. Otherwise, no data is passed on to third parties in connection with data processing for the dispatch of newsletters/press mailings. The data is used exclusively for sending the newsletter/press mailing.

7.2.    Legal basis for data processing

Art. 6 para. 1 letter a GDPR is the legal basis for the processing of data after registration for the newsletter by the user if the user has given his or her consent.

7.3.    Purpose of data processing

The user's e-mail address is used to send the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

7.4.    Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active.

7.5.    Possibility of objection and elimination

The subscription to the newsletter can be cancelled by the respective user at any time. There is a corresponding link for this purpose in every newsletter.
This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

8.    Contact form and e-mail contact

8.1.    Description and scope of data processing

There is a contact form on our website that can be used for making contact electronically. You also have the option to register for myPERI, which allows you to access content and services that we only offer to registered users. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

* Required field 
Area of interest 
Salutation* 
First name * 
Last name*
Email * 
Company 
Street
Postal code*
City
State
Country* 
Telephone
Fax
Your message*

In addition, the following data are stored at the time the message is sent:
(1)    Date and time of registration 
(2)    Form information

Your consent is obtained for the processing of the data within the scope of the sending process and reference is made to this privacy statement.
Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted via e-mail will be stored.
No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation and for the purposes of myPERI.

8.2.    Legal basis for data processing

Art. 6 para. 1 letter a GDPR is the legal basis for the processing of data if the user has given his or her consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 letter b GDPR.

8.3.    Purpose of data processing

We only use the personal data from the input mask to process the establishment of contact and to provide you with the content and services reserved for our registered users. In the event of contact by 
e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.4.    Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and the data sent by e-mail, this is the case when the respective conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been fully clarified. The additional personal data collected during the sending process will be deleted after a period of no more than seven days. 

8.5.    Possibility of objection and elimination 

The user can revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In this case, the conversation cannot continue.
For these purposes, please contact us by email at data.protection@peri.com or at the postal address of our data protection officer: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich. All personal data stored in the course of contacting us will be deleted in this case.

9.    Transfer of data to third parties

We work with various service providers to implement the PERI website. They are obliged to process data strictly in accordance with instructions as processors in accordance with Art. 28 GDPR. Any further disclosure of your data to third parties will only take place if you have consented to this (Art. 6 para. 1 letter a) GDPR), if this is necessary within the scope of our legal obligations (Art. 6 para. 1 letter c) GDPR) or if this is necessary to protect our legitimate interests or the legitimate interests of a company affiliated with us within the meaning of § 15 of the German Stock Corporation Act (AktG) (Art. 6 para. 1 letter f) GDPR). A list of our group companies is available here [https://www.peri.com/de/unternehmen/vertriebskontakte-weltweit.html]. Our legitimate interest lies in the uniform administration of customer and prospective customer data throughout the group. Please note that our affiliates may be located outside the EU, and therefore in a country that does not provide an adequate level of protection in accordance with EU data protection requirements. We undertake to take all reasonable steps to ensure that users' personal data are adequately protected when transferred to a country other than the one in which they are located and that this protection complies with the criteria set out in this privacy statement.

10.    Use of social plugins in the area of social media

10.1.    Facebook

The PERI website uses social plugins ("plugins") of the social network Facebook.com, which is operated by Meta Platform Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The plugins are marked with a Facebook logo.
 
If you access a page on our website that contains such plug-ins, they are initially deactivated. The plugins are not activated until you click the button provided by Facebook. With this activation you establish the connection to Facebook and declare your consent to the transmission of data to Facebook. If you are logged in to Facebook, Facebook can assign your visit to your account there. If you click on the respective Facebook button, the corresponding information is transmitted directly from your browser to Facebook and stored there.
For information on the purpose and scope of data collection, further processing and use of data by Facebook, as well as your relevant rights and setting options to protect your privacy, please refer to Meta´s privacy policy.
If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. 

As the operator of an Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, Facebook provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that Facebook collects to compile these statistics. Facebook has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, Facebook uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own Facebook profile or are not logged into it during your visit to our fan page. These cookies allow Facebook to create user profiles based on your preferences and interests and to show you advertising (within and outside of Facebook) tailored to these. Cookies remain on your end device until you delete them. You can find details on this in Facebook's privacy policy.

10.2.   LinkedIn

The PERI website uses social plugins ("plugins") of the social network Instagram, which belongs to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 in den USA. The plugins are marked with an LinkedIn logo.
If you access a page of our website that contains such plugins, then they are initially deactivated. The plugins are not activated until you click the button provided by LinkedIn. With this activation you establish the connection to LinkedIn and give your consent to the transfer of data to LinkedIn . If you are logged in to LinkedIn, LinkedIn can assign your visit to your account there. When you press the respective LinkedIn button, the corresponding information is transmitted directly from your browser to LinkedIn and stored there.
For information on the purpose and scope of data collection, further processing and use of data by LinkedIn, as well as your relevant rights and setting options to protect your privacy, please refer to LinkedIn's privacy policy.

As the operator of an LinkedIn fan page, we can only view the information stored in your public LinkedIn profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, LinkedIn provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that LinkedIn collects to compile these statistics. LinkedIn has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, LinkedIn uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own LinkedIn profile or are not logged into it during your visit to our fan page. These cookies allow LinkedIn to create user profiles based on your preferences and interests and to show you advertising (within and outside of LinkedIn tailored to these. Cookies remain on your end device until you delete them. You can find details on this in LinkedIn's privacy policy.

10.3.    Instagram

The PERI website uses social plugins ("plugins") of the social network Instagram, which belongs to Meta Platform Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The plugins are marked with an Instagram logo.
If you access a page of our website that contains such plugins, then they are initially deactivated. The plugins are not activated until you click the button provided by Instagram. With this activation you establish the connection to Instagram and give your consent to the transfer of data to Instagram. If you are logged in to Instagram, Instagram can assign your visit to your account there. When you press the respective Instagram button, the corresponding information is transmitted directly from your browser to Instagram and stored there.
For information on the purpose and scope of data collection, further processing and use of data by Instagram, as well as your relevant rights and setting options to protect your privacy, please refer to Meta's privacy policy.

As the operator of an Instagram fan page, we can only view the information stored in your public Instagram profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, Instagram provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that Instagram collects to compile these statistics. Instagram has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, Instagram uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own Instagram profile or are not logged into it during your visit to our fan page. These cookies allow Instagram to create user profiles based on your preferences and interests and to show you advertising (within and outside of Instagram) tailored to these. Cookies remain on your end device until you delete them. You can find details on this in Instagram's privacy policy.

10.4.    Twitter

The PERI website uses social plugins ("plugins") of the social network Twitter, which is operated by Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plugins are marked with a Twitter logo or the suffix "Tweet".
If you access a page of our website that contains such plugins, then they are initially deactivated. The plugins are not activated until you click the button provided by Twitter. With this activation you establish the connection to Twitter and declare your consent to the transmission of data to Twitter. If you are logged in to Twitter, Twitter can assign your visit to your account there. If you press the respective Twitter button, the corresponding information is transmitted directly from your browser to Twitter and stored there.
For information on the purpose and scope of data collection, further processing and use of data by Twitter, as well as your relevant rights and setting options to protect your privacy, please refer to the Twitter privacy policy [https://twitter.com/en/privacy].

As the operator of an Twitter fan page, we can only view the information stored in your public Twitter profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, Twitter provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that Twitter collects to compile these statistics. Twitter has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, Instagram uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own Twitter profile or are not logged into it during your visit to our fan page. These cookies allow Twitter to create user profiles based on your preferences and interests and to show you advertising (within and outside of Twitter) tailored to these. Cookies remain on your end device until you delete them. You can find details on this in Twitter's privacy policy.

10.5.    XING

The PERI website uses social plugins ("plugins") of the social network Xing, which is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. The plugins are marked with the Xing logo.
If you access a page of our website that contains such plugins, they are initially deactivated. The plugins are not activated until you click the button provided by Xing. With this activation you establish the connection to Xing and by registering you declare your consent to the transmission of data to Xing. If you are logged in to Xing, Xing can assign the visit to your account there. When you press the respective Xing button, the corresponding information is transmitted directly from your browser to Xing and stored there.
For information on the purpose and scope of data collection, further processing and use of data by Xing, as well as your relevant rights and setting options to protect your privacy, please refer to the Xing privacy policy [https://privacy.xing.com/de/datenschutzerklaerung].

As the operator of an XING fan page, we can only view the information stored in your public XING profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, XING provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that XING collects to compile these statistics. XING has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, Instagram uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own XING profile or are not logged into it during your visit to our fan page. These cookies allow XING to create user profiles based on your preferences and interests and to show you advertising (within and outside of XING) tailored to these. Cookies remain on your end device until you delete them. You can find details on this in XING's privacy policy.

10.6.    YouTube

The PERI website uses the video platform YouTube, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066 in the USA. YouTube is a platform that enables the playback of audio and video files.
When you visit a page of our website, the YouTube player integrated into it connects to YouTube to ensure the technical transmission of a video or audio file. When you connect to YouTube, your connection information is transferred to YouTube for the purpose of playing a video or audio file.
For information on the purpose and scope of data collection, further processing and use of the data by YouTube, as well as your relevant rights and setting options to protect your privacy, please refer to the YouTube privacy policy [https://policies.google.com/privacy?hl=en].

As the operator of an YouTube fan page, we can only view the information stored in your public YouTube profile, and only if you have such a profile and are logged into it while visiting our fan page. In addition, YouTube provides us with anonymous usage statistics that we use to improve the user experience when visiting our Fanpage. We do not have access to the usage data that YouTube collects to compile these statistics. YouTube has committed to us to take primary responsibility under the GDPR for the processing of this data, to comply with all obligations under the GDPR with respect to this data and to provide the data subjects with the essence of this commitment. This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in a way that is tailored to the target group. The legal basis for the data processing is therefore Art. 6 para. 1 lit. f) DS-GVO. In addition, Instagram uses so-called cookies that are stored on your end device when you visit our fan page, even if you do not have your own YouTube profile or are not logged into it during your visit to our fan page. These cookies allow YouTube to create user profiles based on your preferences and interests and to show you advertising (within and outside of YouTube) tailored to these. Cookies remain on your end device until you delete them. You can find details on this in YouTube's privacy policy.

11.    Information about other data processing procedures

11.1.    Specific information about the application process

Affected data:
Application information

Processing Purpose:
Implementation of application process

Categories of recipients:
Public authorities in the event of priority legislation.
External service providers or other contractors, et al for data processing and hosting 
Other external bodies insofar as the data subject has giv-en his consent or a transmission is permitted due to a prevailing interest, et al Customers and prospects in the context of order acquisition 

Third-country transfers:
As part of contractual execution, processors could also be used outside the European Union, et al Email Provider 

Duration of data storage:
Application data will generally be deleted within four months after communication of the decision, unless consent has been given for a longer period of data storage.

11.2.    Specific information for the processing of customer data/prospective parties’ data

Affected data:
Data communicated for contract execution; if nec-essary, additional data for processing on the basis of your express consent.

Processing Purpose:
Contract execution, et al Offers, orders, sale and invoicing, quality assurance

Categories of recipients:
Public authorities in the event of priority legislation.
External service providers or other contractors, et al for data processing and hosting, for shipping, transport and logistics, service providers for the printing and dispatch of information and call centers.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest, et al for the credit check on purchase on account, for the electronic dispatch of information, for quality assurance purposes

Third-country transfers:
As part of contractual execution, processors could also be used outside the European Union, et al Email Provider.

Duration of data storage:
The duration of data storage depends on the stat-utory storage requirements and is usually 10 years. 

11.3.    Specific information on the processing of employee data

Affected data:
Data communicated for contract execution; if nec-essary, additional data for processing on the basis of your express consent.

Processing Purpose:Contract execution within the employment relationship.

Categories of recipients:
Public authorities in the event of priority legisla-tion, et al Tax Office, Social Insurance Institution, Professional Association 
External service providers or other contractors, et al for data processing and hosting, for payroll, for travel expenses, for insurance benefits, for vehicle use 
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest, et al for order acquisition, insurance benefits

Third-country transfers:
As part of contractual execution, processors could also be used outside the European Union, et al Email Provider 

Duration of data storage:
The duration of data storage depends on the stat-utory storage requirements and is usually 10 years.

11.4.    Specific information for the processing of supplier data

Affected data:
Data communicated for contract execution; if nec-essary, additional data for processing on the basis of your express consent.

Processing Purpose:
Contract execution, et al Inquiries, Purchasing, Quality Assurance.

Categories of recipients:
Public authorities in the event of priority legisla-tion, et al Tax Office, Customs.
External service providers or other contractors, et al for data processing and hosting, accounting, payment.
Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers:
As part of contractual execution, processors could also be used outside the European Union, et al Email Provider.

Duration of data storage:
The duration of data storage depends on the stat-utory storage requirements and is usually 10 years. 

11.5. Specific information on the processing of participant data (customer survey)

Affected data:
Personal data (name, email address) is only processed if you share or have shared it with us. Apart from that, no personal data is collected. Any processing of your personal data that goes beyond the scope of what is permitted by law is only possible based on your expressed consent.

Processing Purpose:
Group-wide customer satisfaction survey.

Categories of recipients:
Data processing partner Qualtrics LLC

Third-country transfers:
As part of contractual execution, processors could also be used outside the European Union.

Duration of data storage:
The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Reference to data subjects and contacts

In addition, you can exercise your rights to rectification or erasure, to restriction of processing, to object to processing and to data portability at any time. Here you will find the possibility to contact us by e-mail or letter.
For details, please refer to chapter 12 of this privacy policy.

12.    Rights of the data subject

12.1.    Right to information, correction, deletion, restriction and transfer

If the legal requirements are met, you have the right to request information from us about personal data or data processing concerning you (Art. 15 GDPR), correction, deletion and restriction of personal data or data processing concerning you (Art. 16 to 18 GDPR), and the transfer of personal data concerning you (Art. 20 GDPR).

12.2.    Right of revocation

In addition, you have the right to object to data processing based on a "legitimate interest" of the controller pursuant to Art. 6 para. 1 letter f) GDPR if the legal requirements of Art. 21 GDPR are met.
You have the right to revoke your data privacy declaration of consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

12.3.    Automated decision in individual cases including profiling

You have the right not to be subject to a decision based exclusively on automated processing – including profiling – that has legal effect against you or significantly impairs you in a similar manner. This does not apply if the decision
(1)    is necessary for the conclusion or performance of a contract between you and the controller,
(2)    is admissible under the laws of the Union or the Member States to which the controller is subject, and where such laws contain appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
(3)    is taken with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 letter a or g applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in (1) and (3), the controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to seek the intervention of a person by the controller, to state your position and to challenge the decision.
To exercise all these rights, please contact us at the e-mail address data.protection@peri.com or the postal address of our data protection officer: Dr. Sebastian Kraska, Marienplatz 2, 80331 Munich.

12.4.    Right of appeal to a supervisory authority

Pursuant to Art. 77 para. 1 GDPR, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not carried out lawfully, and in particular if it violates the GDPR. The address of the supervisory authority with jurisdiction over us is:
Bayerisches Landesamt für Datenschutzaufsicht
[Bavarian State Office for Data Protection Supervision] (BayLDA) 
Promenade 27
91522 Ansbach
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
Email: poststelle@lda.bayern.de