Data privacy policy

In this privacy statement, we inform you about the collection and processing of your personal data by us, the AOX Group GmbH, and the companies affiliated with us pursuant to §§ 15 et seq. German Stock Corporation Act (AktG) (see Part A, Section 2.1 below).

The protection of your privacy when processing personal data (hereinafter also referred to as "data") is an important concern for us. To ensure data security, we have taken comprehensive technical and organizational measures that are always adapted to the current state of the art. All personal data that we collect is processed confidentially and in accordance with the statutory data protection regulations.

The data protection statement explains what data we collect from you, for what purpose this is done and what we use the data for, how long we process your data and what rights you have as a data subject. In addition to the general data protection information that applies to all processing (hereinafter Part A), we inform you about the processing of your personal data when you visit our website (hereinafter Part B), are our business partner (hereinafter Part C), apply to us via our applicant management system (hereinafter Part D), contact us e.g. by e-mail, telephone or virtual conference services (hereinafter Part E) or you visit our company pages on social networks (hereinafter Part F).

 

Part A

General data privacy notice

1. Collection and processing of personal data

1.1. Personal data is all information that can be related to you personally, e.g. names, addresses, e-mail addresses, telephone numbers, IP addresses, user behavior and location data. In addition, this may also include data from a contractual relationship with us, such as business partner history, sales data, payments and comparable data. Processing means any operation related to personal data, e.g. collection, storage, modification, use, transmission or deletion.

1.2. The processing may occur in particular when visiting our website, in the context of a contractual relationship, a pre-contractual contact or any other inquiry. Insofar as necessary for the fulfillment of our contractual or legal obligations, we also process data that we permissibly collect from publicly accessible sources (e.g. commercial register, press, Internet) or that are transmitted to us by third parties (e.g. a credit agency).

2. Responsible bodies ("verantwortliche Stellen") and common processing

2.1. Responsible bodies ("verantwortliche Stellen") according to Art. 4 No. 7 of the General Data Protection Regulation (DSGVO) are:

AOX Group GmbH, Karlsruher Str. 21, 78048 Villingen-Schwenningen
AOX Technologies GmbH, Karlsruher StraĂźe 21, 78048 Villingen-Schwenningen
AOX Connect GmbH, Karlsruher Str. 21, 78048 Villingen-Schwenningen
AOX Drive GmbH, Karlsruher Str. 21, 78048 Villingen-Schwenningen

Phone: +49 77 21 / 40613-0
Fax: +49 77 21 / 40613-699
Email: info(at)aox.de

2.2. The respective responsibility for data processing in the operation of our website, in the context of business relationships with you, etc. can be found in the corresponding parts (hereinafter B to F) of this privacy policy. In this context, the responsible bodies within the AOX Group mentioned above in Part A, Section 2.1 also process your personal data in part as joint controllers pursuant to Art. 26 DSGVO.

3. Contact details of our data protection officer

The responsible bodies within the AOX Group mentioned in Part A, Section 2.1 above have appointed a joint data protection officer. This person can be reached under the following contact details:

Email: datenschutz(at)aox.de

4. Legal basis

The processing of your personal data may be based in particular on the following legal bases:

  • Art. 6 para. 1 subpara. 1 lit. b) DSGVO, insofar as the processing of your personal data is necessary for the performance of a contract or for the implementation of pre-contractual measures (such as in the case of inquiries about our products),

  • Art. 6 para. 1 subpara. 1 lit. c) DSGVO, insofar as we are subject to a legal obligation that requires us to process your personal data, such as for the fulfillment of tax or accounting obligations,

  • Art. 6 para. 1 subpara. 1 lit. f) DSGVO, unless your legitimate interests, fundamental rights and freedoms override our legitimate interests for the processing, such as for the optimization of internal IT processes (customer database or similar) or the exercise or defense of legal claims,

  • Art. 6 para. 1 subpara. 1 lit. a) DSGVO, insofar as we obtain your consent in advance for processing operations for a specific processing purpose.

5. Processing purposes

Your personal data will be processed in particular for the following purposes:

  • Operation and technical administration of our website,
  • processing your inquiries and correspondence with you,
  • Initiation, implementation or handling of business relationships,
  • Examination of your application, planning and implementation of the application process and, if applicable, establishment of an employment relationship,
  • Fulfillment of our contractual and/or legal obligations,
  • customer management and implementation of internal processes.

6. Sharing of data within the AOX-group and with external third parties

6.1. Within the AOX-group, those departments (e.g. Financial Accounting, Human Resources) or companies (see Part A, Section 2.1) will have access to your personal data which require the data for the respective processing purposes mentioned in particular under Part A, Section 5. This may be done, for example, via our customer relationship management system ("CRM system") or online application portal as part of a joint responsibility.

6.2. In addition, we sometimes use other companies as external service providers for the provision of our website and services. These are in particular external companies in the areas of economic and/or legal consulting as well as financial, IT and logistics services. The following third parties, for example, may be considered as recipients of your personal data:

  • Processors on the basis of a contract processing agreement pursuant to Art. 28 DSGVO, who only act on our instructions and have been contractually obligated by us to comply with the provisions of data protection law (e.g. cloud providers and other service providers in connection with the operation and provision of our IT systems and website),
  • Public agencies and institutions (e.g., social insurance carriers, financial and law enforcement authorities, courts),
  • Auditors, tax consultants and lawyers.

6.3. We will only share your personal data with third parties if

  • the transfer is necessary for the fulfillment of a contract with you or the implementation of pre-contractual measures according to Art. 6 para. 1 subpara. 1 lit. b) DSGVO,
  • a legal obligation exists for the disclosure pursuant to Art. 6 (1) (1) (c) DSGVO (e.g. fulfillment of tax or accounting obligations),
  • the disclosure is necessary to protect our legitimate interests (e.g., internal administrative purposes or assertion, exercise or defense of legal claims) pursuant to Art. 6(1)(f) DSGVO and you have no overriding legitimate interest in non-disclosure, or
  • you have given your consent in accordance with Art. 6 Para. 1 Uabs. 1 lit. a) DSGVO.

7. Transfer of data to third countries

7.1. We would like to point out that when you visit our website (Part B below), it cannot be ruled out that some cookies from third-party providers, e.g. Google services, may transfer your personal data to the USA or other third countries outside the European Union or the European Economic Area and that the data may be processed there. In the case of data processing in a third country, an appropriate level of data protection comparable to the GDPR is generally not guaranteed. A transfer of your data when visiting our website only takes place if the special requirements of Art. 44 et seq. DSGVO are present. In particular, the transfer may be based on an adequacy decision of the EU Commission (Art. 45 GDPR) or subject to appropriate safeguards, such as the standard data protection clauses of the EU Commission as amended from time to time (Art. 46 GDPR). If there is no such legal basis, the transfer may also take place on the basis of your express consent pursuant to Art. 49 (1) Uabs. 1 lit. a) DSGVO.

7.2. In the case of data transfers to the USA, we would like to point out that the European Court of Justice, in its ruling of 16.07.2020 (C-311/18 - "Schrems II"), declared the EU Commission's adequacy decision on the so-called EU-US Privacy Shield, which legitimized transfers, invalid. A new adequacy decision of the EU Commission entered into force on July 10, 2023. According to the assessment of the European Commission in the adequacy decision of 10.07.2023, the U.S. or commercial organizations participating in the "EU-U.S. Privacy Shield" was included in the list of countries that ensure an adequate level of protection. We would also like to point out that no general adequate level of data protection can be assumed for transfers to organizations in the USA. Data exporters from the EU must first check in advance that the organization to which the transfer is made is certified under the EU-US data protection framework. Furthermore, even in the case of a transfer based on an adequacy decision, a supervisory authority may conclude that the transfer is unlawful and file a request for a judicial decision pursuant to Section 21 BDSG. The main reasons for this are intelligence powers to monitor non-U.S. citizens outside U.S. territory (Section 702 FISA, Executive Order 12333) and the CLOUD Act (this law regulates that U.S. authorities have access rights to stored data on the Internet even if U.S. companies process data outside the U.S.).

7.3. As a matter of principle, we agree on the current standard data protection clauses of the EU Commission with the relevant service providers and take further technical and organizational measures to ensure an appropriate level of data protection. Insofar as these measures do not constitute suitable guarantees, your data will only be transferred when you visit our website with your express consent pursuant to Art. 49 (1) Uabs. 1 lit. a) DSGVO. If you consent to the use of the services concerned when calling up the website via the cookie banner, you also consent to the transfer of your data to the respective third countries.

7.4. For more information on cookies and transfers to third countries when visiting our website, please refer to Part B Section 2 of this privacy policy. Otherwise, no further transfer of your personal data to a third country or an international organization takes place.

8. Duration of storage and deletion and restriction of processing

8.1. Your personal data will only be processed and stored until the respective purpose is fulfilled and then deleted, unless longer storage is required due to legal provisions and retention periods or for the exercise or defense of legal claims.

8.2. If you visit our website and use it purely for information purposes (i.e. do not contact us), the log data and session cookies collected by us are deleted automatically when the respective session ends. For the other data collected by means of cookies, you will find more detailed information on the duration of storage and deletion in Part B, Section 2 of this data protection declaration. If you are our business partner (Part C below), the accounting and tax retention periods are generally ten years. If you submit personal data as part of a job application (Part D below), we will generally delete this data six months after the application process has been completed. The periods for preserving evidence in connection with the assertion, exercise or defense of legal claims are governed by the statutory limitation provisions. According to §§ 195 et seq. of the German Civil Code (BGB), the limitation periods can be up to 30 years, with the regular limitation period being three years.

8.3. If the processing of your personal data has been restricted on the basis of Art. 18 DSGVO, we will process it, apart from storage, only with your consent or for the purposes specified in Art. 18 (2) DSGVO and delete it as soon as other retention periods do not conflict with this and there is no reason to assume that deletion would impair your interests worthy of protection.

9. Data security

We have taken suitable and appropriate technical and organizational measures to protect your personal data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

To protect the transmission of confidential content, we use SSL or TLS encryption on our website. This means that data that you exchange with our website cannot be viewed by third parties. We point out that data transmission over the Internet (eg communication by e-mail) security gaps and a complete protection of your data from access by third parties is not possible.

10. Your data subject rights

10.1. Under the legal conditions, the existence of which we check in each individual case, you have the right with regard to your personal data stored by us,

  • request information about the data and its processing (Art. 15 GDPR),
  • to demand the correction or completion of the data (Art. 16 DSGVO),
  • to demand the deletion of the data (Art. 17 DSGVO),
  • to demand the restriction of the processing of the data (Art. 18 DSGVO),
  • receive the data in a structured, common and machine-readable format ("data portability", Art. 20 DSGVO), and
  • object to the processing of the data we process on the basis of Art. 6(1)(e) or (f) DSGVO (Art. 21 DSGVO).

Pursuant to Art. 7 (3) DSGVO, you have the right to revoke your consent to the processing of your personal data at any time with effect for the future. This has the consequence that we may no longer continue the data processing that was based on this consent. The legality of the data processing carried out until then remains unaffected.

10.2. If you wish to exercise any of the above rights, a simple message to us will suffice. To do so, you can use the contact details provided or send a corresponding e-mail to datenschutz(at)aox.de.

10.3. You also have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR if you believe that the processing of personal data concerning you violates the GDPR. For further information, you can contact the supervisory authority of your usual place of residence or place of work or the place of the alleged infringement for this purpose.

 

Part B

Supplementary data protection information for visiting our website

1. Collection and processing of personal data

1.1. In the case of purely informational use of the website, i.e. if you do not otherwise transmit information to us (e.g. by contacting us), we only collect the personal data that is automatically transmitted to our server by the browser used on your terminal device and temporarily stored in a log file ("log data"). In addition, we use cookies and similar technologies on our website. Further information on this is provided below in Part B, Section 2 of this data protection declaration. The responsible party is AOX Group GmbH. When you visit our website, we collect the following log data concerning you until it is automatically deleted:

  • IP address of your requesting computer,
  • Date and time of the request,
  • Time zone difference from Greenwich Mean Time (GMT),
  • Name of the URL and content of the request (specific page),
  • Access status/HTTP status code,
  • Website from which the access is made (referrer URL),
  • Browser as well as language and version of the browser software,
  • operating system of your computer as well as the name of your access provider,
  • the amount of data transferred in each case.

1.2. The aforementioned data will be processed by us for the following purposes:

  • Ensuring a smooth connection of the website,
  • to ensure a comfortable use of our website,
  • to evaluate system security and stability,
  • for further administrative purposes and
  • for statistical purposes, without the possibility of assignment to your person.

1.3. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) DSGVO. The collection of this data is technically necessary for us to display our website to you, to ensure and optimize the functionality and stability of our website and to ensure the security of our information technology systems. An evaluation for marketing purposes does not take place in this context.

2. Cookies

2.1. We use cookies on our website. These process personal data from you (e.g. IP address, information about the browser and operating system) in order to personalize content (such as fonts), integrate media from third-party providers or analyze access to our website.

2.2. Cookies are small text files that are assigned to the browser you are using when you visit our website and are stored on your computer and which provide the party setting the cookie with certain information (e.g. about your usage behavior). Cookies may contain data that enable the recognition of the terminal device you are using for a later call-up of the website. In some cases, however, cookies only contain information on certain settings that cannot be linked to personal data. Without being linked to other data, cookies cannot identify you directly. Cookies cannot execute programs or transmit viruses and thus cannot cause any damage.

2.3. There are different types of cookies, all of which have different functions and are distinguished according to their respective characteristics. "First party cookies" are generally used directly by us as the operator of this website. These include, for example, cookies that store your settings (such as your preferred language), log-in data, shopping cart contents or your user behavior on our website. These cookies are needed, for example, to recognize you as a user when you visit our website again and primarily serve to make our offer more user-friendly and effective, i.e. more pleasant for you. Cross-website tracking ("tracking") does not take place. "Third party cookies", on the other hand, originate from third-party providers. These include, for example, advertisements that are not stored on our website servers. These cookies can monitor your user behavior over a longer period of time and across several websites from different providers, thus enabling the creation of extensive user profiles. In addition, a distinction is made between temporary cookies ("session cookies"), which are automatically deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made in particular between the following four types of cookies:

  • Necessary/essential cookies: These cookies are technically absolutely necessary to provide you with the website as such, to use basic functions and to ensure the security and stability of the website. This includes, for example, the necessary session management through the use of session cookies (e.g. cookies for storing language settings, log-in status and shopping cart contents) or the storage of user input in an online form if the website has such functions and you make a corresponding interaction. This also includes the management of your consents via a Consent Management Platform ("CMP") and cookies for user-oriented fraud prevention and IT security. Without these cookies, the website cannot function properly. These cookies do not analyze your user behavior, do not collect data about you for marketing and/or advertising purposes, and are not used for geolocation or tracking you across websites.
  • Functional cookies: These cookies are not technically essential, but increase the general user-friendliness of the website, e.g. through improved and personalized functions. For example, information you enter once, such as user name, language settings, location, form data or similar, can be stored beyond the session in order to display this information immediately when you return to the website. In addition, this allows additional functions beyond the essential functionality, such as nicer fonts, video and audio files, blogs, forums, etc. to be integrated into the website.
  • Performance, statistics cookies: These cookies store information about how you use the website. For example, data can be collected on which sub-pages you visit, how often and for how long, which search terms you use and whether errors occur during website use. Loading times or the behavior of the website with different browsers are also measured with this. These cookies are needed to collect pseudonymized data about visitors to the website in aggregate form. This data is used to improve the website and tailor it to individual user needs.
  • Marketing/advertising cookies, tracking cookies, targeting cookies: These cookies are used in particular to analyze your user behavior on the website, to show you personalized advertising or offers from third-party providers on the website (e.g. online map services, content and/or plug-ins from video and social media platforms) and to measure the effectiveness of these offers. These cookies make it possible to track you across several different websites and to create extensive user profiles.

2.4. Cookies that are technically absolutely necessary for the proper functioning of our website are used on the basis of Art. 6 (1) Uabs. 1 lit. f) DSGVO. Any further use of cookies is only permitted with your explicit and active consent pursuant to Art. 6 para. 1 subpara. 1 lit. a) DSGVO. When visiting the website, you can agree to the use of all cookies via the cookie banner, make individual settings or completely reject the use of non-essential cookies and change your settings at any time.

2.5. We currently use the following services on our website that store cookies:

  • Google Analytics
Provider:

Responsible body for processing operations in the EU
Google Ireland Ltd.

Gordon House, Barrow Street, Dublin 4, Irland

 

Responsible body for processing operations in the USA

Google LLC

1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Google Ireland Ltd. and Google LLC are part of the Alphabet Inc. group of companies based in Mountain View, CA, USA (hereinafter each "Google").

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google
The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The legal basis for data processing is your consent pursuant to Art. 6 (1) Uabs. 1 lit. f) DSGVO.

Google processes your data in the USA. We would like to point out that in the case of data processing in a third country, an adequate level of data protection is not guaranteed and your express consent is required, unless an adequacy decision exists by way of exception or the processing takes place on the basis of suitable guarantees, in particular the standard data protection clauses of the EU Commission (cf. Part A, Section 7 above). If you consent to the use of this service, you also consent to the possible processing of your data in the USA pursuant to Art. 6 Para. 1 Uabs. 1 lit. a) DSGVO.

We have activated the IP anonymization function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

You can find more information on how long Google Analytics cookies are stored in our cookie settings.

You can find more information at

Terms of use: www.google.com/analytics/terms/de.html

Privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

2.6. You can configure your browser according to your wishes and, for example, set it so that you are always informed about the setting of cookies, refuse the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. We would like to point out that if you deactivate cookies, the functionality of our website may be limited and you may not be able to use all functions.

3. Online-Application portal

If you use the online application portal on our website, you will receive supplementary data protection information on the processing of your personal data in this regard in Part D of this privacy policy below.

4. Storage period and data subject rights

For information on the storage period of log data and session cookies as well as your data subject rights, please refer to Part A Sections 8 and 10 of this Privacy Policy.

 

Part C

Supplementary data protection information for processing in business relationships

1. Collection and processing of personal data

1.1. In the course of a business relationship with you, we process further personal data relating to you, which may be stored in our internal CRM system or a comparable system. The responsibility for this is governed by Part A Section 2 of this Privacy Policy. This data includes for example

  • Salutation and gender,
  • First and last names and any other identification data contained in official ID cards, for example,
  • valid e-mail address,
  • Telephone numbers (landline and/or mobile),
  • Delivery and billing address,
  • tax and other identification numbers,
  • Details of the type of payment method you have chosen,
  • Communication data (e.g. contents of e-mails and other correspondence),
  • other data required for the performance of the contract (e.g. details of contact persons, customer history).

1.2. The processing of your personal data takes place,

  • to be able to identify you as a business partner,
  • for correspondence and other communication with you (including conducting virtual conferences),
  • to initiate, execute and/or process contracts with you and fulfill our contractual obligations (including processing your product inquiries, delivery, invoicing),
  • to fulfill our legal obligations (including tax and accounting retention periods, business partner screening),
  • for internal administrative purposes (e.g. financial accounting),
  • for the exercise or defense of legal claims (including the conduct of legal and administrative proceedings), and
  • for other measures required in connection with the contractual relationship.

1.3. The legal basis for data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6 Para. 1 Uabs. 1 lit. b) DSGVO. If you do not provide us with your personal data, we cannot perform the contract with you or fulfill the aforementioned communication purposes. In addition, the data processing is carried out, as far as legally permissible, on the basis of our legal obligations pursuant to Art. 6 para. 1 subpara. 1 lit. c) DSGVO and our legitimate interests pursuant to Art. 6 para. 1 subpara. 1 lit. f) DSGVO.

2. Sharing of data within the AOX Group and with external third parties

Your personal data will be passed on to those departments (e.g. financial accounting) or companies within the AOX Group that require the data for the purposes stated in Part C Item 1 above. In addition, we may, to the extent legally permissible, transfer your data for the aforementioned purposes to the external service providers and public bodies or institutions (e.g. financial and law enforcement authorities, courts) mentioned in Part A Item 6 of this Privacy Policy.

3. Storage period and data subject rights

For information on the storage period of your personal data and your data subject rights, please refer to Part A Sections 8 and 10 of this Privacy Policy.

 

Part D

Supplementary data protection information for applications

1. Collection and processing of personal data

1.1. We process your personal data when you apply to us by post, by e-mail, using a recruitment agency or via the online application portal on our website and send us your application documents or provide us with information by other means (e.g. in interviews). Responsibility for this is governed by Part A Section 2 of this Privacy Policy, whereby the online application portal on our website is managed centrally by AOX Group GmbH, which is responsible for processing your personal data together with the respective recruiting agency.

1.2. In particular, we process the following data contained in application documents (e.g. cover letter, resume, references) or otherwise provided by you:

  • Salutation and gender,
  • first and last name,
  • address,
  • valid e-mail address,
  • telephone number (landline and/or mobile),
  • other contact data (e.g. social networks),
  • Date of birth and age,
  • marital status,
  • professional background,
  • qualifications and education,
  • Application data (e.g., position or job, time of availability, etc.), and

If you use our online application portal or send us your application by e-mail, for example, the following technical data may also be processed:

  • IP address,
  • Date and time of the application,
  • Website from which the access is made (referrer URL),
  • Browser and version of the browser software,
  • operating system of the computer.

1.4. Your personal data is processed for the purpose of reviewing your application, planning and implementing the application process and may be required to establish an employment relationship with us. The legal basis for the processing is Art. 6 Para. 1 Uabs. 1 lit. b) DSGVO in conjunction with Section 26 Para. 1 Sentence 1 of the Federal Data Protection Act (BDSG). If the application documents you submit contain special categories of personal data within the meaning of Art. 9 (1) DSGVO (e.g. a photograph showing your racial or ethnic origin, information on your state of health or on your trade union, party or religious affiliation, or information on your marital status showing your sexual orientation), they will be stored on the basis of your consent pursuant to Art. 9 (2) (a) DSGVO. You are not obliged to provide us with your personal data online. We will also be happy to process your application if you send it to us by other means.

2. Sharing of data within the AOX Group and with external third parties

2.1. Your personal data may be passed on to those departments (e.g. Human Resources) or companies within the AOX Group that require the data for the purposes stated in Part D Item 1 above. In addition, we may, to the extent legally permissible, transfer your data for the aforementioned purposes to the external service providers and public bodies or institutions (e.g. social security institutions, courts) mentioned in Part A Item 6 of this Privacy Policy.

2.2. For the online application portal on our website, we use the "Personio" service of Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany (hereinafter "Personio"). Personio is a personnel administration and applicant management software. The data will be stored in Personio's data centers in Germany and processed exclusively within the European Union. Personio will store the data only as long as necessary for the aforementioned processing purposes. The data will be regularly deleted from Personio's servers 60 days after the completion of the application process. You can find further information at https://personio.de/datenschutzerklaerung/.

2.3. If you use the online application portal on our website, your personal data and the files you send us for this purpose will be transmitted unchanged by the web server via e-mail to the relevant contact person at the AOX company concerned by the application (cf. Part A Clause 2 above). Your data is protected against unauthorized access during the transmission phase. The applicant management system is secured in such a way that only the persons responsible for applications can access your data.

3. Storage duration

3.1. In the event of a successful application, we will retain your data contained in application documents as part of the personnel file. In the event of an unsuccessful application, your personal data will be deleted by us no later than six months after completion of the application process, unless longer storage is necessary due to statutory provisions or for the defense of legal claims, or you have expressly consented to longer storage.

3.2. In the event that we are unable to hire you in the form you requested or at the time you requested, your application could also be of interest to us for other areas or at another time based on your profile. In such cases, if you give us your consent, we will store your application data in our applicant management system for two years so that we can contact you again at a later date. The legal basis for this data processing is, subject to your consent, Art. 6 (1) Uabs. 1 lit. a) DSGVO. You are not obliged to give consent in this regard. If you do not consent, we will not be able to consider you for future job offers without a renewed application.

4. Data subject rights

For information on your rights, please refer to Part A Section 10 of the Privacy Policy.

 

Part E

Supplementary privacy notices for contacting and virtual conferences

1. Contact

When you contact us (e.g. by e-mail, telephone), the data you provide, such as names, e-mail addresses and telephone numbers, will be stored by us based on Art. 6 (1) p. 1 lit. a) DSGVO in order to respond to your inquiry. The responsibility for this is governed by Part A Section 2 of this Privacy Policy. We delete the data collected in this context after the storage is no longer necessary. This is usually the case when the respective conversation with you has ended and the facts concerned have been conclusively clarified. If there are legal obligations to retain data, we restrict the processing.

2. Virtual conferences

2.1. If you communicate with us via a video conferencing service (e.g. Microsoft Teams, Zoom), we will process your personal data to the extent necessary to communicate and collaborate with you. The responsibility for this is governed by Part A Section 2 of this Privacy Policy. The responsible company of the AOX Group together with the respective provider of the service is responsible for the processing of your personal data.

2.2. When using it, we primarily collect the following personal data from you:

  • User and communication data (e.g., name and display name, email address, IP address, preferred language, device information, profile picture),
  • Virtual conference metadata (e.g., date, time, location, meeting ID),
  • content data (e.g. text input via a chat function), and
  • your voice and, if applicable, your image via the microphone and any video camera on your end device to enable sound playback and video display.

2.3. The purposes and legal bases for the processing of your personal data result from the respective context of the communication or cooperation. Such contexts and the corresponding legal bases are described in Part A Sections 4 and 5 of this Privacy Policy.

2.4. For video conferencing, we use Microsoft Teams. In the case of Microsoft Teams, it is not excluded that Microsoft transfers your personal data to third countries outside the European Union, in particular to the USA. For more information, please refer to Part A Section 7 of this Privacy Policy.

3. Storage period and data subject rights

For information on the storage period of your personal data and your data subject rights, please refer to Part A Sections 8 and 10 of this Privacy Policy.

 

Part F

Supplementary privacy notices for company pages on social networks

1. Our company pages in social networks, responsible bodies

1.1. In addition to our website, we operate publicly accessible company pages on the following social networks:

  • LinkedIn (https://de.linkedin.com/company/aox-tech), responsible body is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (for processing in the EU, EEA and Switzerland) or LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (for processing in the USA, hereinafter referred to as "LinkedIn").
  • Xing (https://www.xing.com/pages/aoxtechnologiesgmbh), responsible body is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

1.2. We use the technical platform and services of the respective provider for our appearances in the aforementioned social networks. The content of our company pages is the responsibility of the respective company of the AOX Group that operates the page (see Part A Section 2 of this privacy policy). The latter is jointly responsible for the processing of your personal data with the respective provider of the social network. We point out that you use the services offered by the respective provider and their functions (e.g. commenting, sharing, rating) on your own responsibility.

2. Collection and processing of personal data by social network providers, data sharing and transfer to third countries

2.1. When you visit our company pages on the aforementioned social networks, the respective provider collects your personal data (e.g. IP address, device and browser information, website activities) and can thus analyze your user behavior. The collection of data takes place, for example, through the use of cookies that are stored on your device. This information is used, among other things, to provide us as the operator of the company pages with statistical information about the interaction with us. We have no influence on the scope and further processing, including forwarding, of the personal data concerning you by the respective provider. If you visit our company pages and are logged into the network with your account, the respective provider can assign this visit to your user account. Such data collection may also occur if you are not logged in or registered with the respective network. Based on this data, it is possible for the respective provider to display personalized advertising to you (if you have allowed this).

2.2. In the case of LinkedIn, it is not excluded that LinkedIn transmits your personal data to third countries outside the European Union, in particular to the USA. For more information, please refer to Part A Section 7 of this privacy policy.

3. Collection and processing of personal data by the AOX Group

We process your personal data when you interact with us via the respective social network (e.g. via the comment function) or actively communicate it to us (e.g. via Messenger). We process this data in order to handle your respective request. Otherwise, we do not have full access to your profile data and can only see the information of your profile that you have made publicly available in your settings. You also have the option of following our company pages so that your profile appears in the list of our followers. Furthermore, we receive anonymous statistics from the respective provider on the use of our company pages (e.g., on the number of people who see a specific post). We use these statistics to improve our company pages and cannot draw any conclusions about your person from them. We cannot influence the upstream data processing by the respective provider to provide these statistics. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.

4. Data subject rights

To exercise your data subject rights, you can contact both us and the provider of the social network. To the extent that one party is not responsible for responding or must obtain the information from the other party, we or the provider will then forward your request to the other party. Please contact the platform provider directly for general questions about the processing of your personal data when using the social network. For specific questions about the processing of your interaction with us on our corporate site, you can contact us using the contact details provided in Part A Section 2 of this Privacy Policy. For more information on the processing of your personal data and your rights, please refer to the privacy notices of the individual providers: