Privacy Policy

Protecting your personal data when you visit our website is an important concern for us…

Recipients of Personal Data

To carry out and process processing operations, we may engage service providers through data processing agreements. Specifically, we have commissioned service providers for our applicant portal and for hosting our website. Contractual relationships with these service providers are governed by Art. 28 GDPR, including required data protection and security provisions.

Data Collection through Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to help analyze your use of the website. Information collected may be transferred to and stored by Google on servers in the USA.

We also use Google Signals to gather additional data on users with personalized ads enabled. IP anonymization is enabled by default in Google Analytics 4. In exceptional cases, full IP addresses may be transmitted to Google servers in the USA and shortened there. According to Google, your IP address is not merged with other data.

User interactions are tracked as “events,” including:

  • Page views
  • First website visit
  • Session start
  • Clicks and interactions
  • Scrolls, external link clicks, downloads
  • Search terms, language setting

Additional data: approximate location, IP (shortened), browser/device info, ISP, referrer URL. The data is used to analyze site usage and optimize our services.

Possible recipients: Google Ireland Ltd., Google LLC, and Alphabet Inc. Google LLC is certified under the EU-US Data Privacy Framework. We have entered into standard contractual clauses with Google.

Data linked to cookies is deleted after 2 or 14 months. Cookie lifespan is 2 years.

Legal basis: your consent under Art. 6(1)(a) GDPR and §25(1) TDDDG. Consent can be withdrawn at any time via cookie settings.

Google Web Fonts

This site uses Google Web Fonts for uniform presentation. Your browser connects to Google servers to download fonts, which allows Google to collect your IP address. Legal basis: Art. 6(1)(f) GDPR. If your browser doesn’t support Web Fonts, a default font is used.

More info: Google Privacy Policy

Google reCAPTCHA

We use Google reCAPTCHA to verify human interaction and prevent spam. It may collect your IP and other data for processing. Legal basis: Art. 6(1)(f) GDPR. Data may be transmitted to Google LLC servers in the USA.

Details: Google reCAPTCHA Privacy Policy

Instagram

We have integrated Instagram features on our site. Provider: Instagram LLC, 1 Hacker Way, Menlo Park, CA, USA. When you visit a page containing Instagram content, Instagram is notified and may link the visit to your profile. Legal basis: your consent under Art. 6(1)(a) GDPR.

Data may be transferred to Meta Platforms, Inc. in the USA under standard contractual clauses (Art. 46(2)(c) GDPR).

WhatsApp

We use services by Messenger People GmbH to integrate WhatsApp communication. Personal data such as your number and profile name are processed. By initiating a WhatsApp chat, you consent under Art. 6(1)(a) GDPR. Revoke by sending “Revocation” to dsb@ecom.de.

WhatsApp Ireland Ltd. is the provider. Messages are end-to-end encrypted, but metadata is accessible. WhatsApp may share data with Meta. We use the “Business” version, and EU standard contractual clauses apply.

Rapidmail Analytics

Emails sent via Rapidmail contain a tracking pixel to determine if a message has been opened. Click behavior is also tracked using tracking links. Legal basis: your consent under Art. 6(1)(a) GDPR.

Data is deleted after you unsubscribe from the newsletter. More info: Rapidmail Data Protection

Pipedrive

We use Pipedrive CRM, operated by Pipedrive OÜ, Tallinn, Estonia. It manages customer relations and sales communications. Legal basis: Art. 6(1)(b) and (f) GDPR. Data may be transferred to non-EU countries with appropriate safeguards under Art. 46 GDPR.

AdWords and Google Conversion Tracking

We use Google AdWords conversion tracking. A cookie is set when you click a Google ad. Cookies expire after 30 days and do not personally identify users. If valid, it helps us understand conversions. Legal basis: your consent under Art. 6(1)(a) GDPR.

You can manage cookies through your browser or via Google’s privacy policy.

Social Media Plugins

YouTube

We embed YouTube videos using a two-click method. Google may associate your visit with your YouTube account. Legal basis: your consent under Art. 6(1)(a) GDPR or our legitimate interest (Art. 6(1)(f) GDPR).

Facebook Pixel

We use Facebook Pixel to measure conversions. Data is anonymized for us but may be linked to your Facebook account. Legal basis: your consent under Art. 6(1)(a) GDPR. More: Facebook Privacy Policy

Facebook Plugins

Our site uses Facebook plugins (Like & Share). If logged in, Facebook may associate site visits with your account. Legal basis: Art. 6(1)(f) GDPR. More: Facebook Policy

LinkedIn

Our site uses LinkedIn plugins. Provider: LinkedIn Corporation, USA. Your IP and interaction may be linked to your LinkedIn profile. Legal basis: Art. 6(1)(f) GDPR. More: LinkedIn Privacy Policy

Use of Cookies

We use cookies to enhance usability. Session cookies are deleted after the session. Persistent cookies help recognize your browser. Legal basis: Art. 6(1)(f) GDPR; for non-essential cookies, Art. 6(1)(a) GDPR. Manage preferences in browser settings.

Your Rights

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)

Regular Deletion Deadlines

Data is deleted when no longer necessary and no legal retention periods apply. Retention periods vary (e.g., 10 years for tax, 6 years for commercial law). Some statutes of limitations may extend to 30 years.

Right to Lodge a Complaint

If you believe your data is being processed unlawfully, you may file a complaint with the supervisory authority:

The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia
P.O. Box 20 04 44
40102 Düsseldorf
Phone: +49 211 38424-0
Fax: +49 211 38424-999
Email: poststelle@ldi.nrw.de