Privacy Policy — JF&C

In principle, you can use our website without providing any personal data. In individual cases, however, the collection and processing of your personal data may be necessary in order to use certain functions of our website. In addition, we collect and process personal data in order to optimize our website and services in accordance with data protection regulations.

We take the protection of your personal data very seriously and would therefore like to inform you below about your rights and the nature and scope of the respective data collection.

1. Responsible person and data protection officer

Contact details of the responsible person

Person responsible for processing within the meaning of the General Data Protection Regulation (DS-GVO) and the Federal Data Protection Act (BDSG):

Joschka Fischer and Company GmbH
Markgrafenstrasse 34, 10117 Berlin
E-mail: jfandc@jfandc.de
Phone: +49 (0)30 - 20625-330
Fax: +49 (0)30- 2062533-69030

Contact details of the data protection officer

We have appointed a data protection officer in the company. You can contact this officer in all matters relating to your personal data as follows:

Data Protection Officer

E-mail: jfandc@jfandc.de

2. Definitions

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

A data subject is that person whose personal data is processed by the controller.

Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling

Profiling is any type of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

As a responsible company, we do not use automated decision-making or profiling.

Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Person responsible

The controller is the person who decides on the purposes and means of the processing of personal data and also carries it out accordingly.

Processor

The processor is another natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.

Recipient

The recipient is a natural or legal person, authority, institution or other body to whom personal data are disclosed.

Consent

Consent of the data subject is any freely given indication of his or her wishes in an informed and unambiguous manner, in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

Personal data breach

A personal data breach is a breach of security that results in the destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of or access to personal data that has been transmitted, stored or otherwise processed.

Supervisory Authority

The supervisory authority is an independent governmental body established by a Member State pursuant to Article 51 of the GDPR, which is responsible for monitoring compliance with data protection laws and regulations.

3. General information on data processing, including scope and purpose and legal basis

Scope of data processing

(1) We process personal data so that we can present our offers and services and so that you can use them. In doing so, we only collect personal data that is actually required.

(2) The scope depends on whether you merely visit our website or actively contact us. For further details on data processing, please refer to the explanations in this privacy policy.

Legal basis for data processing

(1) No data processing is possible without a corresponding legal basis. We take this so-called prohibition with reservation of permission very seriously.

(2) The DS-GVO provides for the following legal bases:

• Consent by the data subject (Art. 6 para. 1 p. 1 lit. a DS-GVO),
• Performance of a contract and pre-contractual measures (Art. 6 para. 1 p. 1 lit. b DS-GVO),
• Fulfillment of a legal obligation of the responsible person (Art. 6 para. 1 p. 1 lit. c DS-GVO),
• Safeguarding vital interests of the data subject or another natural person (Art. 6 (1) p. 1 lit. d DS-GVO),
• Performance of a task in the public interest or for the exercise of official authority (Art. 6 (1) p. 1 lit. e DS-GVO),
• safeguarding legitimate interests of the controller or a third party (Art. 6 (1) p. 1 lit. f DS-GVO).

(3) For each specific data processing, we have added the corresponding legal basis in this privacy policy.

Purpose of the data processing

(1) If the legal basis is not shown separately in the data protection declaration, the processing is carried out for one or more of the following purposes on the basis of the respective legal regulations mentioned:

• Implementation of pre-contractual and contractual measures, which takes place upon request (Art. 6 para. 1 p. 1 lit. b DS-GVO).
• Safeguarding our legitimate interests or the legitimate interests of a third party (Art. 6 para. 1 p. 1 lit. f DS-GVO).
• If you have given us your consent, on the basis of this consent (Art. 6 para. 1 p. 1 lit. a and Art. 7 DS-GVO).

(2) For a detailed description of the processing purposes, please refer to the explanations of the respective data processing below.

Transfer of your data

(1) We only transfer your data to external service providers to the extent that this is necessary and permissible for the fulfillment of our contractual and legal obligations or for the provision of our offer. If we therefore cooperate with order processors, we bind them contractually in accordance with the legal requirements under Art. 28 DS-GVO (contract on order processing). This ensures an appropriate level of data protection and data security.

(2) Insofar as the service providers are located outside the European Economic Area in individual cases, it is ensured that the necessary legal basis for this exists. We select these service providers carefully and check whether the transfer of data is necessary for the processing of the contractual relationship with you and whether the processing meets the legal requirements.

Duration of storage and deletion of data

(1) We process and store your personal data as long as it is necessary for the fulfillment of our legal and contractual obligations. This includes the storage of your personal data for the entire period of the contractual relationship with you.

(2) After expiration of the retention periods, your personal data will be deleted by us.

(3) The retention periods under commercial and tax law (including from the German Commercial Code, the German Fiscal Code and social security regulations) are two to ten years and serve retention and documentation purposes.

(4) Further details on the storage period and data deletion can be found in the explanations below on the respective data processing.

4. information about the processing of personal data.

We process your personal data through various technical means and, if necessary, also with the increase of further service providers. We would like to inform you about the specific details of the processing in the following points.

Visiting our website

(1) When you visit our website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address and service provider
• Date and time of the request
• Content of the request (specific page)
• access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser incl. language and software version
• operating system and its interface

(2) The data listed in paragraph 1 are also automatically stored in the log files (log file) of our server. The log data is stored separately from other data and can only be viewed by the hoster. As a matter of principle, we only store your data for as long as it is required for the respective purpose of processing. Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. The legal basis for the processing of your data when visiting our website is Art. 6 para. 1 p. 1 lit. f DS-GVO, § 15 Telemediengesetz (TMG).

Use of cookies

(1) In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the body that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website as a whole more user-friendly and effective.

(2) This website uses the following types of cookies, the scope and functionality of which are explained below:

• Transient cookies
• Persistent cookies

(3) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

(4) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(5) You can configure your browser settings according to your preferences and also refuse to accept third-party cookies or all cookies. Please note, however, that you may then not be able to use all functions of this website.

(6) The legal basis for the use of cookies is Art. 6 para. 1 p. 1 lit. f DS-GVO. If you have given us consent for the setting of cookies, Art. 6 para. 1 p. 1 lit. a DS-GVO is the additional legal basis for the use of cookies.

Contacting

(1) When you contact us by e-mail or via the contact form on our website, the data you enter (your e-mail address and optionally your name and the other data you provide) will be stored by us at the time of sending in order to process your request.

(2) You can contact us at any time via the e-mail address provided on our website, which can be found in the imprint.

(3) You can consent to the processing of your personal data at any time by sending an e-mail to the person(s) listed in section 1 above. If you contact us directly by e-mail, you can object to the processing of your personal data at any time by the same means.

(4) We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations. The legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO.

(5) If your contact aims at the conclusion of a contract, the additional legal basis for the processing of your personal data is Art. 6 para. 1 p. 1 lit. b DS-GVO.

Presence in social networks

(1) We also operate online presences (fan pages) within social networks and platforms. We use them to present ourselves as a company, to communicate with you as our customers, partners or interested parties and to publish information and offers. Also, a possible analysis of the activity on our fan page can take place with statistical data provided to us by the providers of the social networks and platforms (so-called insights data). However, data processing only takes place as soon as you interact with our fan page. The legal basis for this is Art. 6 (1) p. 1 lit. f DS-GVO, as the data processing is based on our legitimate interests in more effective information and communication with you. In the case of contract-relevant communication with us, Art. 6 para. 1 p. 1 lit. b DS-GVO is the legal basis.

(2) When calling up and using our fan page, your personal data is processed by the providers of the social networks and platforms themselves for analysis and advertising purposes. As the operator of the fan page, we have no influence on this and we do not receive any information from the respective providers about the exact scope of the data processing. The providers can thus create usage profiles, e.g. in order to place interest-based advertising. Cookies are usually stored on your devices for this purpose. Data processing may also take place outside the European Union. The US providers of the social networks and platforms are certified under the Privacy Shield, whereby they undertake to comply with EU data protection standards. The respective provider of the social networks and platforms is primarily responsible for data processing via the Fanpage. You also have the option of asserting your data subject rights (see "Your rights") directly against the providers of the social networks and platforms.

(3) Further information on data processing and your rights can be found in the privacy statements of the providers:

• Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland); Privacy Policy: https://www.facebook.com/about...; Shared Responsibility Agreement: https://www.facebook.com/legal...; Opt-Out: http://www.youronlinechoices.c... and via the settings in your personal Facebook profile there is also the option to object to certain data processing. Facebook Ireland Ltd. is also responsible for data processing via Instagram Inc.
• LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; privacy policy: https://www.linkedin.com/legal...; opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Transfer to third countries

In some cases, your data will be transferred to servers outside the EU by external service providers (so-called third countries). These can be, in particular, service providers in the areas of hosting and marketing, whereby we carefully select these service providers and contractually obligate them to comply with data protection in accordance with the legal requirements. Insofar as the service providers are located outside the EU, it is ensured that in these cases Binding Corporate Rules (BCR), or the standard data protection clauses within the meaning of Art. 46 DS-GVO apply, or an adequacy decision within the meaning of Art. 45 DS-GVO exists and thus an adequate level of data protection can be guaranteed.

The following companies receive data in third countries outside the European Union:

• Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/polic...
• LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy

Data processing in the application procedure

(1) We offer you the opportunity to apply to us (e.g. by e-mail, post or online). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

(2) If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 p. 1 lit. b DS-GVO (general contract initiation) and - if you have given your consent - Art. 6 para. 1 p. 1 lit. a DS-GVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application. If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 (1) lit. b p. 1 DS-GVO for the purpose of implementing the employment relationship.

(3) If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 6 months after completion of the application process in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 (1) p. 1 lit. f DS-GVO). Alternatively, we ask you to consent to longer storage.

(4) You can object to this storage at any time, provided that there are legitimate interests on your part that outweigh our interests.

(5) After expiry of the retention period, the data will be deleted, unless there is a legal obligation to retain the data or another legal reason for further storage. If it is evident that it will be necessary to retain your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until it has become irrelevant. Other legal storage obligations remain unaffected.

5. Your rights

You have the following rights vis-à-vis us with regard to the processing of personal data concerning you, which you can assert informally at any time vis-à-vis the contact person listed above under point 1:

Right to information (Article 15(1) and (2) DS-GVO).

Upon request, we will provide you with information about which of your personal data we have stored, for what purpose, for how long, from what source and on what legal basis, and whether we have disclosed this data to third parties.

Right to rectification (Article 16 sentence 1 DS-GVO).

If it turns out that the personal data we have about you is incorrect or incomplete, we will correct or supplement it immediately upon request.

Right to erasure (right to be forgotten) (Article 17 DS-GVO).

You have the right to have your personal data deleted without delay, unless there is a legal obligation to retain it for this purpose.

Right to restriction of processing (Article 18 DS-GVO).

You may request us to restrict the processing of your personal data.

Right to object to processing (Article 21(1) DS-GVO).

You may object to the processing of your personal data at any time. This applies in particular if the legal basis of the processing is Article 6 (1) p. 1 lit. f and, if applicable, lit. e DS-GVO.

Right to data portability (Article 20 DS-GVO).

You have the right to receive the personal data we have about you in a universally readable format.

Right to withdraw consent (Article 17(3) DS-GVO).

If the data processing is based on your consent, you have the possibility to revoke your consent to the processing of your personal data for the future at any time. You can revoke your consent by sending an e-mail to jfandc@jfandc.de. Your personal data will then be deleted.

Right to lodge a complaint with a supervisory authority (Article 77 DS-GVO).

You also have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us. The competent data protection authority is the data protection authority of the federal state in which we have our registered office. You can find more details about this at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

We would like to point out that the exercise of your rights may be subject to certain conditions in individual cases.

Ensuring data security and data protection

To ensure the protection and security of your personal data, we implement a variety of technical and organizational security measures, the effectiveness of which we regularly review.

6. Adaptation of the data protection declaration

We reserve the right to update this privacy policy from time to time. Updates will be published on our website. Changes will apply from the time of their publication, We therefore recommend that you visit our website regularly to find out about any updates that may have been made.