Privacy Policy

3.3. Online application

You can apply for a position with us through our website. You can use our online application form for this. Alternatively, you can apply via email or postal mail.

In the context of the online application, you are asked for personal information (e.g., name and contact details). Providing certain data is necessary for the establishment and execution of a possible employment relationship. If you do not provide this data, which is marked as mandatory fields, your application will be incomplete and cannot be considered during the application process. Providing additional information and uploading files/documents (e.g., application photo) is not mandatory but optional. If you only provide mandatory information, it will not disadvantage your application.

After receiving your online application, you will receive an automatic confirmation of receipt. Further communication regarding the application process will be handled by our HR department.

We process your data for the purpose of deciding on the establishment of an employment relationship. The legal basis for data processing is Art. 88(1) GDPR in conjunction with Section 26(1)(1) BDSG. If special categories of personal data are involved, the processing is based on Art. 88 GDPR in conjunction with Section 26(3) BDSG. In the event of a rejection or completion of the application process, your data will be deleted within 6 months.

In the context of your online application, you have the option to use data from your social media profile (XING, LinkedIn). We receive your data based on consent you have provided to the respective provider. Please refer to the privacy notices of the social media providers for further information.

3.4. CSS Portal

If you are a customer of ours, you may have the opportunity to access special information or updates related to the product you are using via the login function on this website.

To do this, you must first enter your username and choose a password ("login credentials"). A password should be at least 8 characters long and preferably a combination of uppercase and lowercase letters, numbers, and special characters. Problematic are trivial passwords such as "ABC" or keyboard sequences (e.g., "qwert" or "asdfgh"), all types of names (e.g., of friends, acquaintances, colleagues, family members, pets), city and building names, comic characters, car brands, license plate numbers, terms, birth dates, phone numbers, common abbreviations, etc. Login credentials must be kept strictly confidential. If they are shared for emergency access to certain data by third parties, the password must be changed immediately. It is prohibited for your protection to reuse previously used passwords. In addition, during login, we store your IP address and the time of access. This is necessary to ensure the security of our IT systems. Every time you log in, CSS also sets a session cookie. This session cookie prevents automatic logout during active use of the account or related services. After each logout, the session cookie is automatically deleted within a few minutes.

The legal basis for processing your data is Art. 6(1)(1)(f) GDPR and, if your contractual relationship is affected, Art. 6(1)(1)(b) and/or (f) GDPR.

3.5. Participation in Events

If you wish to participate in our events (e.g., training sessions), we collect the necessary mandatory information (marked with *). Other information is optional. After submitting your registration, you will receive a confirmation email informing you whether your registration was successful. We use your data to enable your participation, for billing purposes, and, if necessary, to communicate with you regarding the event and related organizational aspects.

Registration is personalized for the person who registered or is indicated in the registration. Transfer of a ticket or registration link is not allowed.

The legal basis for processing your data, in the case of pre-contractual or contractual measures, is Art. 6(1)(1)(b) GDPR. Otherwise, the legal basis is Art. 6(1)(1)(f) GDPR. Our legitimate interest lies in organizing and conducting the event.

Please note that photos and audio recordings may be made during our events, in which you may be included. By agreeing during registration, you consent to CSS making these photos and audio recordings available to all participants without time limitations and using them for their own training purposes. Granting this consent is necessary in connection with your participation in events, as we cannot guarantee the exclusion of individual persons.

For online events, please also refer to our privacy information in Section 6.

If you send questions, comments, and/or feedback related to an event, your information will be stored so that we can refer to it when processing your request.

The legal basis for processing your data is generally Art. 6(1)(1)(f) GDPR. Our legitimate interest lies in responding to your request. In the case of (pre)contractual measures, the legal basis is Art. 6(1)(1)(b) GDPR.

3.6. TeamViewer

For support requests (remote maintenance), we provide a link on our website to download TeamViewer. The provider of TeamViewer is the. By visiting the subpage of our website where we offer the download of TeamViewer software, TeamViewer receives the information that you have accessed the corresponding subpage. We have no knowledge of whether or how TeamViewer uses this information for its own purposes. Please refer to TeamViewer's privacy information for details: https://www.teamviewer.com/de/legal/privacy-and-cookies/

The legal basis for processing your data when using TeamViewer is Art. 6(1)(1)(b) and/or (f) GDPR.

To make the use of our website as pleasant as possible for you, we use web tracking systems. This typically involves the use of cookies, i.e., small text files that are sent from a web server to your browser and stored on your computer’s hard drive. This enables us to recognize your device when you visit the website again. Most browsers are set to automatically accept cookies. You can disable the storage of cookies in your browser and delete them from your hard drive at any time. You can also prevent the setting of specific cookies (e.g., third-party cookies) via your browser, for instance, if you want to block web tracking. For more information, please refer to your browser's help function.

We also want to inform you that you can install a privacy protection plugin in your browser, which offers the option to block tracking – for example, AdBlock, Ghostery, or NoScript (please refer to the privacy notices of the respective plugin provider). Finally, we would like to point out that disabling cookies may prevent the full functionality of this website.

The legal basis for processing your data, unless stated otherwise in the subsequent sections of 4.1 and following, is Article 6(1)(1)(f) GDPR. Our legitimate interest lies in the customized design of the website.

To manage your consent to the use of tracking tools, we use the "Cookiebot" cookie consent technology provided by usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Usercentrics"), website: https://www.cookiebot.com/de/. In this context, besides connection data, your consent or rejection of consent, or the withdrawal of consent, will be transmitted to Usercentrics. To enable the corresponding assignment, Usercentrics also sets a cookie in your browser.

The use of Cookiebot is to obtain legally required consent for the use of cookies. The legal basis for this is Article 6(1)(1)(c) GDPR.

Detailed information about our cookies and the option to change your consent can be found in our cookie information.

Our website uses the tracking tool "Google Analytics 4 (GA4)," a service provided by Google Ireland Limited, a company registered and operating under Irish law, based at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This tracking tool helps us make our internet offerings more interesting for you and improve the user experience. Data about the use of our website is stored in pseudonymous user profiles. For this purpose, cookies, as well as JavaScript and pixels, may be used. More information about the use of cookies can be found at  https://support.google.com/analytics/answer/11397207?hl=de. Personal data types processed include online identifiers (including cookie identifiers), IP addresses, and device identifiers, as well as customer-assigned identifiers.

Additionally, data from various devices, sessions, and interactions can be linked using a so-called "User ID." The generated information is usually first transmitted to a Google server within the EU.

As part of the analysis, Google also uses artificial intelligence for automated data analysis and enrichment. This is especially used for predictive metrics, such as the likelihood of future user behavior, churn probability, and projected revenue. Predictive metrics can also be used for predictive audiences. More about this can be found at https://support.google.com/analytics/answer/9846734.

Additionally, Google estimates online conversions that cannot be directly measured using modeling techniques. These estimated conversions allow Google to make more realistic statements in reports, optimize ad campaigns, and improve automatic bidding. More information can be found at https://support.google.com/analytics/answer/10710245.

The data evaluations are finally provided through analytics statistics, with both automatic and custom statistics being made available by Google. More details can be found at https://support.google.com/analytics/answer/9443595.

By default, Google anonymizes user IP addresses already upon data collection. Furthermore, IP addresses are neither logged nor stored by Google. However, the shortening of IP addresses does not fully anonymize the data processing. When using Google Analytics, usage data is collected that qualifies as personal data, such as user identification features that can be linked to an existing Google account.

On our behalf, Google will use the information obtained via Google Analytics to evaluate your use of our website, compile reports on website activity, and provide further services related to website and internet usage. The pseudonymous user profiles are not merged with personal data of the person behind the pseudonym without explicit consent.

More information on Google Analytics can be found at https://support.google.com/analytics/answer/12017362

Please note that Google also independently accesses your data collected via Google Analytics and may use this data for its own purposes. For example, Google may link this data with other data about you, such as search history, your personal account, data from other devices, and any other data Google holds about you.

The legal basis for the use of Google Analytics is your consent, based on Section 25(1)(1) TTDSG for the storage and access to information in end devices and Article 6(1)(1)(a) GDPR for our further processing of your data. Your corresponding consent is given via our cookie banner. Please note that Google is a company from the USA. Information on the locations of Google data centers can be found at www.google.com/about/datacenters/locations/. The new EU Standard Contractual Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. More information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

To display fonts on our website, we use Adobe Typekit. Adobe Typekit is a service that allows access to a font library provided by Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. No cookies are placed or used to provide the fonts during the Typekit service delivery. To deliver the Typekit service, Adobe may collect information about the font used to identify the website itself and the associated Typekit account.

The legal basis for the use of Typekit is your consent, based on Section 25(1)(1) TTDSG for the storage and access to information in end devices and Article 6(1)(1)(a) GDPR for our further processing of your data. Your corresponding consent is given via our cookie banner. Please note that Adobe Inc. is a company from the USA. Adobe Inc. is an active participant in the EU-U.S. Data Privacy Framework, ensuring the secure transfer of personal data to the USA. More information can be found here:  https://www.dataprivacyframework.gov/list.

More information can be found on the information page data protection at Adobe Typekit and in the privacy policies of Adobe.

We use the product "Facebook Custom Audience" via the Pixel method), offered by Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta"). This method uses cookies (see Section 4). The legal basis for the use of Facebook Custom Audience is your consent, based on Section 25(1)(1) TTDSG for the storage and access to information in end devices and Article 6(1)(1)(a) GDPR for our further processing of your data. Your corresponding consent is given via our cookie banner.

Please note that Meta is a company from the USA. The new EU Standard Contractual Clauses have been agreed upon as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, Meta is an active participant in the EU-U.S. Data Privacy Framework, ensuring the secure transfer of personal data to the USA. More information can be found here: https://www.dataprivacyframework.gov/list.

Meta collects and stores usage data in pseudonymous profiles for web analysis or to enable interest-based advertising. This allows us to track the actions of users after they have seen or clicked on a Facebook ad. This helps us measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, meaning we do not see the personal data of individual users. However, Meta stores and processes this data, about which we inform you to the best of our knowledge. Meta may link this data with your Facebook account and use it for its own advertising purposes in accordance with Meta's data usage policy (https://www.facebook.com/privacy/explanation). More information on Meta's data processing can be found in Meta's privacy policy https://de-de.facebook.com/notes/facebook-and-privacy/relevant-ads-that-protect-your-privacy/457827624267125/.

Responsible for data processing, in addition to us, is also Meta itself. Meta processes the data in accordance with Meta's Data Use Policy. Details can be found in Meta's Data Use Policy. Specific information and details about the Facebook Pixel and its functionality can be found in Meta's Help Center.

Meta is jointly responsible with us for data processing under Article 26 GDPR. In this case, you can exercise your rights (see Section 11) against both us and Meta. Meta will serve as the first point of contact. We have entered into an agreement with Meta regarding joint responsibility for the processing of personal data. This can be accessed via the following link: https://www.facebook.com/legal/controller_addendum.

On our website, we use the conversion tool "LinkedIn Insight Tag" provided by LinkedIn Ireland Unlimited Company (LinkedIn Ireland). This tool creates a cookie in your web browser, which enables the collection of data including IP address, device and browser characteristics, and page events (e.g., page views). LinkedIn Ireland does not transmit personal data to us but provides anonymized reports on website audience and ad performance. Additionally, LinkedIn Ireland offers retargeting through the Insight Tag. Using this data, we can display targeted advertising outside of our website without identifying you as a website user. Our legal basis for processing your data is your consent, based on § 25 (1) sentence 1 TDDDG for storing and accessing information on end devices and Art. 6 (1) sentence 1 (a) GDPR for further processing of your data. You provide your consent through our cookie banner. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. New EU Standard Contractual Clauses have been agreed upon as suitable safeguards to ensure an adequate level of protection for data transfers. Additionally, LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, ensuring secure data transfer of personal data to the U.S. Further information can be found here: https://www.dataprivacyframework.gov/list. More information about the LinkedIn Insight Tag can be found at the following link. Detailed information on data protection at LinkedIn Ireland can be found in LinkedIn Ireland's Privacy Policy.

We use the Leadinfo tool on our website provided by Leadinfo B.V., Bunsenstraße 19, 40215 Düsseldorf (“Leadinfo”). This tool allows us to identify the names of companies visiting our website, enabling us to undertake more targeted B2B marketing activities. Leadinfo identifies B2B website visitors through their IP address and creates profiles based on information from publicly available databases, including the use of cookies. Leadinfo also analyzes the behavior of website visitors, such as the time spent on the site or the pages visited.

If it turns out that a website visit is by an individual rather than a company, the IP address of this visitor is deleted, and no profile is created.

The legal basis for using Leadinfo is your consent, based on § 25 (1) sentence 1 TDDDG for storing and accessing information on end devices and Art. 6 (1) sentence 1 (a) GDPR for further processing of your data. You provide your consent through our cookie banner.
Further information on data processing by Leadinfo can be found in Leadinfo’s Privacy Policy: https://www.leadinfo.com/de/datenschutz/.

Please also note that Leadinfo offers the option to opt-out of tracking by sending an email to  info(at)leadinfo.com or by clicking “Opt-Out” here: https://www.leadinfo.com/de/opt-out/.

To embed videos on our website, we use plugins from Vimeo, Inc., a U.S.-based company located at 555 West 18th Street, New York, New York 10011, USA ("Vimeo"). When you visit one of our websites equipped with a Vimeo plugin and give your consent, a connection to the Vimeo servers is established. Vimeo receives information about which of our websites you have visited, your IP address, location, and device and browser characteristics. Additionally, Vimeo uses cookies and similar tracking technologies such as web beacons (invisible graphics) to collect this information and provide its services. Since we have enabled the "do not track" feature, Vimeo does not use third-party analytics or advertising cookies, even if you are logged into your Vimeo account.

The legal basis for processing your data is your consent, based on § 25(1) Sentence 1 TTDSG for storing and accessing information on end devices, and Article 6(1) Sentence 1 lit. a GDPR for our further processing of your data. Your corresponding consent is given via our cookie banner. Please note that Vimeo is a company based in the USA. As appropriate safeguards to ensure an adequate level of protection during data transfers, the new EU Standard Contractual Clauses have been agreed upon. Additionally, Vimeo is an active participant in the EU-U.S. Data Privacy Framework, ensuring the secure transfer of personal data to the USA. More information can be found here: https://www.dataprivacyframework.gov/list.

Further information on Vimeo's data protection can be found here: https://vimeo.com/privacy, https://vimeo.com/privacy/california-privacy  and https://vimeo.com/cookie_policy

For our online marketing activities, we use the service from HubSpot Inc., a software company from the USA, located at 25 First Street, Cambridge, MA 02141 USA, with a branch in Ireland at Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland ("HubSpot").

HubSpot is an integrated software solution that helps us cover various aspects of our online marketing. This includes, among others, email marketing, contact management (e.g., user segmentation & CRM), and data processing via contact forms.

Through our contact forms, users of our website can, for example, learn more about the products and services of CSS and provide their contact information and other details. This information is then stored on the servers of our software partner, HubSpot. It may be used by us to contact users of our website and to determine which of our services are of interest to them. All the information we collect is subject to this privacy policy.

We use all the information collected exclusively to optimize our marketing efforts.

The legal basis for the use of HubSpot is your consent, based on § 25(1) Sentence 1 TTDSG for storing and accessing information on end devices, and Article 6(1) Sentence 1 lit. a GDPR for our further processing of your data. Your corresponding consent is given via our cookie banner. Please note that HubSpot is a company based in the USA. As appropriate safeguards to ensure an adequate level of protection during data transfers, the new EU Standard Contractual Clauses have been agreed upon. Additionally, HubSpot is an active participant in the EU-U.S. Data Privacy Framework, ensuring the secure transfer of personal data to the USA. More information can be found here: https://www.dataprivacyframework.gov/list.

Further information on data protection at HubSpot can be found at:

HubSpot Privacy Policy

HubSpot Security

HubSpot-Tracking Code

Our website contains links to social networks (Facebook or Meta, XING, YouTube, and Instagram). These social networks are operated exclusively by third parties. If you follow the links, the respective social media provider may process your personal data. Please refer to the privacy notices of the respective social media providers for more information.

Our social media presence (Facebook or Meta, XING, YouTube, and Instagram) serves the purpose of informing you about and discussing new developments, services, and products from CSS. Depending on the features offered by the respective social media providers, you have the option to interact (comment, recommend, etc.) in connection with our social media presence. User interactions are a key criterion for us to engage in targeted marketing. For example, we can determine which posts are preferred. We also use the statistics provided by the social media providers for our own purposes. If we process personal data of social media users in this context, the legal basis is Article 6(1) Sentence 1 lit. f GDPR. Our legitimate interest is specifically targeted information/advertising. The legal basis on which the social media providers process your data for their own purposes is provided separately by the social media providers.

In some cases, we share joint responsibility for processing your personal data with social media providers. In this case, you can generally exercise your rights (see Section 11) against both us and the social media provider. However, the social media provider will serve as the initial point of contact.

We have entered into an agreement with Meta (formerly Facebook) regarding joint responsibility for the processing of personal data. This applies to the processing of so-called "Insights Data," which includes page statistics, particularly regarding Facebook user interactions. Details on the Insights Data can be found here: https://www.facebook.com/business/pages/­manage#page_insights.. You can view our agreement with Facebook via the following link: www.facebook.com/legal/terms/­page_controller_addendum.

We have also entered into an agreement with LinkedIn Ireland concerning so-called "Page Insights." With Page Insights, LinkedIn Ireland provides us with only aggregated data, not personal data about you. It is not possible for us to draw conclusions about individual users based on the Page Insights information. Details on Page Insights, as well as our agreement with LinkedIn Ireland, can be found via the following link:
https://legal.linkedin.com/pages-joint-controller-addendum..

Regarding the storage duration of the data processed by us for our own purposes, please refer to our information in Section 9. Otherwise, please consult the privacy policies of the respective social media providers.

In the following provisions, we inform you about the nature, scope, and purposes of the collection and use of your personal data in connection with the online platform GoToMeeting/GoToWebinar ("GoTo"). Otherwise, the general privacy notices (especially regarding CSS's responsibility, the duration for which personal data is stored, and your rights) in this privacy statement apply.
GoTo is a service of GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson's Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland ("GoTo Technologies").

When you access GoTo Technologies' website to use GoTo, GoTo Technologies is responsible for data processing. Accessing the website is only necessary to download the software for using GoTo. You can also use GoTo by entering the meeting ID and possibly other access data directly into the GoTo app. If you do not wish to use the GoTo app, the basic functions are also available through a browser version.

We use GoTo to conduct telephone and/or video conferences, particularly in connection with online seminars for interested parties and professional groups and/or employment relationships ("Online Meetings"). In this context, various types of personal data are processed. The nature and scope of the data depend on the information you provide before or during an online meeting. To identify you as an authorized participant, you must at least provide your name. You can deactivate the video or microphone function at any time through the GoTo application. The personal data processed in connection with GoTo includes:

• Profile data: First name, last name, telephone number (optional), email address, password (if "Single Sign-On" is not used), profile picture (optional), department (optional)
• Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware information
• Call log data: Information on incoming and outgoing phone numbers, country name, start and end time. Additional connection data such as the device's IP address may also be stored.
• Content data: You may have the option to use chat, question, or survey functions during an online meeting. Your text entries and other shared data will be processed to display them in the online meeting.

Where personal data of employees is processed, § 26 (1) BDSG generally serves as the legal basis for data processing. If special categories of personal data are involved, processing is based on § 26 (3) BDSG. If personal data is not required for the establishment, execution, or termination of the employment relationship, the legal basis for processing is generally Art. 6 (1) (f) GDPR, with our interest being the effective conduct of online meetings. For online meetings conducted within the framework of contractual relationships, the legal basis is Art. 6 (1) (b) GDPR. In specific cases (e.g., recording online meetings), where you are asked for prior consent, the legal basis is Art. 6 (1) (a) GDPR.

Please refer to GoTo Technologies' Privacy Framework for details on data protection. The new EU Standard Contractual Clauses have been agreed upon as suitable safeguards for ensuring an adequate level of protection during data transmission. Additionally, GoTo Group, Inc. is an active participant in the EU-U.S. Data Privacy Framework, ensuring secure data transfer to the U.S. Further information can be found here:  https://www.dataprivacyframework.gov/list.

Your personal data is transmitted to third parties or other recipients only if there is a legal permit or you have previously consented. Data transmission, for example, may occur to our technical service provider (server hosting) and service providers for marketing (newsletter distribution) and training services. As necessary, we have contracts with the recipients of your data concerning data processing in accordance with Art. 28 GDPR. We provide your data to government authorities only within the scope of legal obligations or based on official orders or court decisions.

As necessary for our purposes, we transmit your data to recipients outside the EU if you have given consent, there is a legal obligation, or the data transfer is permissible based on another legal foundation. An adequate level of data protection is ensured through the new EU Standard Contractual Clauses and/or the service provider’s participation in the EU-U.S. Data Privacy Framework. An overview of participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search

We store your personal data for as long as necessary for the aforementioned processing purposes; in case of an objection, as long as there are no compelling legitimate reasons from CSS or, in case of withdrawal, as long as no other legal basis for data processing exists. In specific cases, such as when a legal retention obligation exists, your personal data is not immediately deleted but first blocked. For instance, the retention period for messages via the contact form with business content may be up to ten years.

We protect your data through technical and organizational measures against unauthorized access, loss, or destruction. Our security measures are continuously improved according to technological developments. Our employees and all persons involved in data processing are committed to complying with data protection laws and handling personal data confidentially. Our employees are accordingly trained. To protect the personal data of our users, we use a secure online transmission procedure known as "Secure Socket Layer" (SSL) encryption. You can recognize this by the "s" added to the address component http:// ("https://") or a green, closed padlock symbol. Clicking the symbol provides information about the SSL certificate used. The display of the symbol depends on the browser version you use. SSL encryption ensures the encrypted and complete transmission of your data.

Within the framework of legal provisions, you generally have the right to:

• Confirmation of whether your personal data is processed by CSS,
• Information about this data and the circumstances of processing,
• Correction if the data is incorrect,
• Deletion if there is no justification for processing and no obligation to retain (anymore),
• Restriction of processing in special legally defined cases,
• Objection if data processing is based on Art. 6 (1) (f) GDPR, and
• Transfer of your personal data – if provided – to you or a third party in a structured, commonly used, and machine-readable format.

Please address your specific request in writing or by email with clear identification of your person to our data protection officer:

Herrn Jürgen Gies
Danziger Str. 4
36093 Künzell
E-Mail: datenschutz(at)css.de

If we process your data in joint responsibility with the respective social media provider (as detailed in section 5.3), the social media provider is centrally responsible for handling all affected rights. However, you still have the right to assert your rights with us.

Finally, we would like to remind you of your right to lodge a complaint with the supervisory authority.

We do not use your personal data for automated individual decision-making.

New legal requirements, business decisions, or technological developments may necessitate changes to our privacy policy. The privacy policy will be adjusted accordingly. The latest version can always be found on our website.

As of 27th October 2024