This data protection declaration informs you about the type, scope and purpose of the processing of personal data when using the websites, functions and content of BAMAC Group GmbH, insofar as the provider named under 3. processes data as the person responsible under data protection law. The privacy policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is executed.

Provider of the online offer and responsible under data protection law is BAMAC Group GmbH, Petersgarten 18 A, 53773 Hennef, Germany, Managing Director: Dipl.-Math. Jürgen Walter Bach, Contact form: www.bamacgroup.de/en/contact (hereinafter referred to as "we" or "us"). You can reach the data protection officer at the following e-mail address: datenschutz@bamacgroup.com. For further information about us and contact options, please refer to our imprint: www.bamacgroup.de/en/imprint.

The personal data of users processed within the scope of this online offer includes inventory data (e.g. names and data on customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the web pages visited on our online offer) and content data (e.g. entries in contact and booking forms). The customers / users are informed in detail about the types of data processed within the scope of this privacy policy.

The term "user" includes all categories of persons affected by data processing. They include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as "user", are to be understood as gender-neutral.

We process users' personal data only in compliance with the relevant data protection regulations. This means that the users' data will only be processed if legal permission has been granted. I.e., in particular if the data processing is necessary for the provision of our contractual services (e.g. processing of orders) as well as online services, or is required by law, a consent of the users is available, as well as due to our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO, in particular in the case of range measurement, creation of profiles for advertising and marketing purposes, as well as collection of access data and use of third-party services.

With regard to the processing of personal data on the basis of the Data Protection Regulation (DSGVO), we point out that the legal basis of the consents Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures Art. 6 (1) lit. b DSGVO, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) lit. c DSGVO, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) lit. f DSGVO.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and thus to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server. With regard to the processing of data on behalf of clients, we refer to the technical and organizational measures provided to clients pursuant to Art. 32 DSGVO.

Data is only passed on to third parties within the framework of legal requirements. We only disclose users' data to third parties if this is necessary, for example, for billing purposes or for other purposes if these are necessary to fulfill our contractual obligations to users.

If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

If content, tools or other means from other providers (hereinafter collectively referred to as "third party providers") are used within the scope of this data protection declaration and their named registered office is located in a third country, it is to be assumed that a data transfer to the third party providers' countries of domicile takes place. Third countries are countries in which the GDPR is not directly applicable law, i.e. basically countries outside the EU or the European Economic Area. The transfer of data to third countries takes place either if there is an adequate level of data protection, user consent or otherwise legal permission.

When contacting us (via contact form or e-mail), the user's details are processed in accordance with the request, in particular for processing contact requests, booking training offers, activating test accesses and answering support requests and their processing in accordance with Art. 6 para. 1 p. 1 lit. b. DSGVO, insofar as the request is directed towards the conclusion of a contract. Otherwise, it is our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO to respond to requests.

The user's details may be stored in our customer relationship management system ("CRM system") or comparable inquiry organization and booking systems.

We use data processing on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. DSGVO (i.e. interest in the optimization and economic operation of our online offer as well as more efficient and faster processing of service requests), a CRM system implemented with the provider Microsoft Corporation through the application Office 365 (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement). User data is only used in accordance with our instructions and to comply with the EU level of data protection based on the standard contractual clauses.

BAMAC Group GmbH reserves the right to contact you via e-mail for the offer of further services from BAMAC Group GmbH as soon as a business relationship with you exists. The contact will be made by BAMAC Group Consultants, responsible Customer Success Managers or their representatives. If you have not already objected to the processing, we will send you information via e-mail that is relevant to the business relationship and information about other interesting offers from our portfolio. You can inform us at any time that you do not wish to receive further information by using the unsubscribe link in the respective e-mail. Unless the sending of electronic information is necessary for the performance of the contract (e.g. e-mail in informational form) and the legal basis of Art. 6 (1) p. 1 lit. b) DSGVO is relevant, the processing is based on the legal basis pursuant to Art. 6 (1) p. 1 lit. f) DSGVO. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising and ensuring customer satisfaction. We delete your data when you terminate your usage contract, but no later than three years after termination of the contract.

When users write comments, the data displayed in the comment form is stored. Regarding the access data (IP address, user agent string), please read point 7.

We collect data on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO, we collect data about every access to the server on which this service is located (so-called server log files). It is our legitimate interest to ensure the stability and security of our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the final clarification of the respective incident.

Cookies are information that is transmitted from our web server or third-party web servers to the users' web browsers and stored there for later retrieval. Cookies may be small files or other types of information storage. Unless explicitly stated in this privacy policy, we only use so-called "session cookies", which are only stored for the duration of the current visit within our online offer (e.g. to enable the storage of your login status and thus the use of our online offer at all). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online offer and log out or close the browser, for example.

Users will be informed about the use of cookies in the context of pseudonymous reach measurement within the scope of this privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

You can object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (https://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

We use the consent management service Cookiebot, of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary for compliance with a legal obligation (Art. 7 para. 1DSGVO) to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO). For this purpose, the following data is processed with the help of cookies:

Your IP address (the last three digits are set to '0'). Date and time of consent. Browser information URL from which the consent was sent. An anonymous, random and encrypted key Your end-user consent status, as proof of consent.

The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and tracked.

If you enable the "Collective Consent" service feature to enable consent for multiple web pages through a single end-user consent, the service will also store a separate, random, unique ID with your consent. If all of the following criteria are met, this key is stored in the third-party cookie "CookieConsentBulkTicket" in your browser in encrypted form: you enable the collective consent feature in the service configuration. You allow third-party cookies via browser settings. You have disabled "Do not track" via browser settings. You accept all or at least certain types of cookies when you give consent.

The functionality of the website is not guaranteed without the processing.

Cybot is a recipient of your personal data and acts as a processor for us.

The processing takes place in the European Union. You can find more information about objection and removal options vis-à-vis Cybot at: https://www.cookiebot.com/de/privacy-policy/.

Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland, ("Google") to analyze and optimize the economic operation of our online offer. Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Google guarantees compliance with the EU data protection level on the basis of the standard contractual clauses.

Google will use this information on our behalf for the purpose of evaluating the use of our online offer by users, compiling reports on the activities within this online offer and providing us with other services relating to the use of this online offer and internet usage. In doing so, pseudonymous usage profiles of the users can be created from the processed data.

We use Google Analytics to display the ads placed within Google's advertising services and those of its partners only to users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited), which we transmit to Google (so-called "Remarketing Audiences" or "Google Analytics Audiences"). With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of users and do not have a harassing effect.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there..

The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

When customers from BAMAC Group GmbH log into our software, we set a cookie that allows us to form segments in Google Analytics and thus analyze non-customers and customers separately. In addition, we also set a cookie for employees who access our pages from the office in order to filter out in-house traffic.

You can find out more information about Google's use of data, setting and objection options on Google's websites: https://www.google.com/intl/de/policies/privacy/partners ("Data use by Google when you use our partners' websites or apps"), http://www.google.com/policies/technologies/ads ("Data use for advertising purposes"), http://www.google.de/settings/ads ("Manage information that Google uses to show you advertising").

We use the marketing and remarketing services (in short "Google Marketing Services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin Ireland ("Google") on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) the marketing and remarketing services (in short "Google marketing services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google guarantees compliance with the EU data protection level on the basis of the standard contractual clauses.

The Google marketing services allow us to display advertisements for and on our website in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other websites, this is referred to as "remarketing". For these purposes, when our website and other websites on which Google marketing services are active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the user has visited, which content he is interested in and which offers he has clicked on, as well as technical information on the browser and operating system, referring websites, time of visit and other information on the use of the online offer. The IP address of the user is also recorded, whereby we inform Google Analytics that the IP address is shortened within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is transferred in full to a Google server in the USA and shortened there. The IP address is not merged with the user's data within other Google offerings. The aforementioned information may also be linked on the part of Google with such information from other sources. If the user subsequently visits other websites, he can be shown ads tailored to his interests.

The user's data is processed pseudonymously as part of the Google marketing services. This means that Google does not store and process the name or e-mail address of the user, for example, but processes the relevant data on a cookie basis within pseudonymous user profiles. This means that from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected by Google marketing services about users is transmitted to Google and stored on Google's servers in the USA.

The Google marketing services used by us include, among others, the online advertising program "Google Ads". In the case of Google Ads, each Google Ads customer receives a different "conversion cookie". Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained using the cookie is used to generate conversion statistics for Google Ads customers who have opted in to conversion tracking. Google Ads customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

We may use the service "Google Optimize". Google Optimize allows us to track how various changes to a website (e.g. changes to input fields, design, etc.) as part of so-called "A/B testing". Cookies are placed on users' devices for these testing purposes. Only pseudonymous data of the users is processed in the process.We may also use the "Google Tag Manager" to integrate and manage Google analysis and marketing services on our website.

For more information about Google's use of data for marketing purposes, please visit the overview page: https://www.google.com/policies/technologies/ads, Google's privacy policy is available at https://www.google.com/policies/privacy.

If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.

We use the marketing services of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft Advertising") to place and analyze the success of advertisements within the "Bing" platform.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Microsoft sets a cookie on the users' device and enables an analysis of the use of our online offer by the users, provided that the users have reached our online offer via advertisement of Microsoft Advertising. In this way, Microsoft and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a previously determined target page. A pseudonymous usage profile of individual users can be created. We ourselves only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is disclosed.

If you do not wish to participate in the tracking procedure of Microsoft Advertising, you can also deactivate the setting of a cookie required for this via browser settings or use the opt-out page of Microsoft.

Further information on data protection and the cookies used by Microsoft Advertising can be found in Microsoft's privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Within our online offer, we use the so-called "Facebook Pixel" of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), to analyze and optimize the economic operation of our online offer.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

Facebook guarantees compliance with the EU data protection level on the basis of the standard contractual clauses.

With the help of the Facebook pixel, it is possible for Facebook to determine the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The Facebook pixel is directly integrated by Facebook when you access our websites and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes, this data is encrypted locally in the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison with the data encrypted by Facebook.

The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook Ads, in Facebook's Data Usage Policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.

You can object to the collection by the Facebook Pixel and use of your data to display Facebook Ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are made in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.

You can further object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the U.S. website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

The links/buttons to social networks and platforms (hereinafter referred to as "social media") used within our online offer do not establish direct contact between social networks and users. Their function corresponds to the mode of operation of a regular online link.

Data processing by social networks: We maintain publicly accessible profiles on social networks. The social networks used by us in detail can be found below.Social networks such as Facebook, Twitter, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in. Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis: Our social media sites are intended to ensure the most comprehensive presence possible on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) lit. a DSGVO). Responsible party and assertion of rights: If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook). Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Facebook: We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.Sie can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.Details see Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram: We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

XING: We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on their handling of your personal data, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn: We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.Details for their handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

We maintain a profile on Kununu. The operator is XING kununu Prescreen GmbH, Schottenring 2-6, A - 1010 Vienna. The privacy policy is available at https://privacy.xing.com/de/datenschutzerklaerung.

The following information explains the contents of our newsletter and other types of business e-mails and electronic mail (in short "newsletter") as well as the registration, dispatch and statistical evaluation procedure and the registration, dispatch and evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described. The legal basis of your consent is Art. 6 para. 1 lit. a, Art. 7 DSGVO and § 7 para. 2 No. 3 UWG.

Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain information about the various services of BAMAC Group GmbH (e.g. consulting services, training, lectures, events) and information about current job vacancies.

Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other e-mail addresses. The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address.

Registration data: To register for the newsletter, it is sufficient if you enter your e-mail address and your first and last name. Furthermore, we ask you to provide a title for the purpose of addressing you in the newsletter.

Statistical collection and analyses - The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include the determination of whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is not our intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

The newsletter is sent on the basis of the recipients' consent in accordance with Art. 6 Para. 1 lit. a, Art. 7 DSGVO and § 7 Para. 2 No. 3 UWG. The statistical surveys and analyses are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our interest is directed towards the use of a user-friendly as well as secure newsletter system that serves our business interests as well as meets the expectations of the users. The logging of the registration process takes place. according to Art. 6 para. 1 lit. c. DSGVO due to legal obligation to prove the consent of the newsletter recipients according to § 7 para. 2 no. 3 UWG as well as according to Art. 7 para. 1 DSGVO. In addition, for reasons of legal certainty, we ask newsletter recipients to consent to the aforementioned analyses and logging of the registration.

Cancellation/Revocation - You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. This will simultaneously terminate your consent to the statistical analyses. Unfortunately, a separate revocation of the statistical analysis is not possible. You will find a link to cancel the newsletter at the end of each newsletter. If you have cancelled the newsletter, the unsubscription and the time of unsubscription will be logged.

We use Squarespace to analyze and optimize our website based on user behavior. The provider is Squarespace Ireland Ltd. Le Pole House, Ship Street Great Dublin 8, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation. We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://de.squarespace.com/data-privacy.

We use the LinkedIn Insight Tag for this website. The LinkedIn Insight Tag creates a LinkedIn "browser cookie" which collects the following data: IP address, timestamp, page activity, LinkedIn demographic data if the user is an active LinkedIn member.

This data is anonymized within seven days and the anonymized data is deleted within 90 days.

LinkedIn does not share any personal data with BAMAC Group GmbH, but provides anonymized reports on website audience and display performance.

BAMAC Group GmbH processes your data to evaluate campaigns and collect information about website visitors who may have reached us through our campaigns on LinkedIn.

In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. For this purpose, the LinkedInInsight tag is integrated on the BAMAC Group GmbH website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time. BAMAC Group GmbH can use this data to display targeted advertising outside of its website without identifying you as a website visitor.

The legal basis for the processing is your consent (Art. 6 para. 1 p. 1 lit. a DSGVO). Data subjects may revoke their consent at any time with effect for the future by contacting us, for example, using the contact details provided in our privacy policy.

We store your data as long as we need it for the respective purpose (campaign evaluation), or you have not objected to the storage of their data or revoked your consent. The collected data is encrypted. You can find more information here. Here you can find the LinkedIn privacy policy, as well as the LinkedIn opt-out.

We use content or service offers from third-party providers within our online offer in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

The following presentation provides an overview of third-party providers and their content, along with links to their data protection statements, which contain further information on the processing of data and, in part already mentioned here, objection options (so-called opt-out):

External fonts from Google Ireland Limited, https://www.google.com/fonts ("Google Fonts"). We have downloaded the fonts from Google and have them retrieved from our server. In this context, we process the IP address of the site visitor only on our server. A transmission to Google does not take place. The legal basis of the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. DSGVO, to optimize the economic operation of our online offer.

External fonts of the provider Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Saggart Dublin 24th, Saggart, Dublin, D24dcw0, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA. The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time with effect for the future by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

We are pleased that you are applying or have applied for a position in our company. In the following, we inform you about the processing of your personal data in the course of the application process.

Data collection

In the course of your application, we will process the following listed application data from you:

• First name, last name

• Telephone number (private or mobile)

• E-mail address

• Application documents (cover letter, resume, references, certificates, etc.)

Purpose of data collection and legal basis
We process the data you have sent us in connection with your application for the purpose of filling positions within our company. As a matter of principle, your data will only be forwarded to the persons and specialist departments responsible for the application process. Your application data will not be used for any other purpose or passed on to third parties.

Application data may be processed for statistical purposes (e.g. reporting). It is not possible to draw conclusions about individual persons.

According to § 26 BDSG-neu, the processing of personal data required in connection with the decision on the establishment of an employment relationship is permitted. Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out in accordance with Art. 6 DSGVO, in particular to safeguard legitimate interests in accordance with Art. 6 para. 1 lit. f) DSGVO. Our interest then consists, for example, in asserting or defending claims.

Finally, we process your data for further application procedures if you have given us your consent to do so. In this case, the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. 

Retention period of applicant data
Your application data will be deleted six months after completion of the application process. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have consented to longer storage.

Storage for future positions
If you agree to the storage of your application data beyond the current position to be filled, we will continue to store your application data for future job offers. In this case, we will delete your data after 24 months.

Place of data processing
The processing of your data takes place in the Federal Republic of Germany and in a member state of the European Union (EU).

Cookies on the job portal server
As part of the applicant management function in HRworks, three essential cookies are set on the job portal server when the function is used.

The cookie "HrwJobApplicationmanagementSession" represents the session of the person on the job portal. This is necessary for operation, as it is possible to distinguish between the users of the session.

In addition, there are two AWS cookies ("AWSALB" and "AWSALBCORS"), which are needed on the one hand to assign any information to the correct instance of the server. Furthermore, they are necessary for the upload of the application documents so that this process can be guaranteed smoothly for the applicants.

Analysis and advertising services
With the help of the following analysis services, we would like to understand your behavior on our job portal and improve our service.

Google Analytics
We use Google Analytics. Further information on the use of Google Analytics can be found above under 10.

Users have the right, upon request and free of charge, to obtain information about the personal data that we have stored about them. In addition, users have the right to correct inaccurate data, restrict processing and delete their personal data, if applicable, to assert their rights to data portability and, in the event of the assumption of unlawful data processing, to file a complaint with the competent supervisory authority (Der Landesbeauftragte für den Datenschutz Baden-Württemberg, Königstraße 10a, 70173 Stuttgart).

Users may also revoke their consent, in principle with effect for the future.

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the user data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.

In accordance with legal requirements, data shall be retained for 6 years pursuant to Section 257 (1) of the German Commercial Code (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) of the German Fiscal Code (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Users may object to the future processing of their personal data in accordance with the statutory provisions at any time. The objection can be made in particular against the processing for purposes of direct advertising.

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations, or in the event of changes to the service as well as data processing. However, this only applies with regard to declarations on data processing. Insofar as user consents are required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of the data protection declaration.

Status: August 2022