We take data protection seriously

Privacy policy

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalized evaluation of this data.

If you send us data via the contact form, this data will be stored on our servers as part of the data backup process. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.

Responsible body:

Cherry SE

Rosental 7, c/o Mindspace

80331 Munich

Phone: +49 9643 2061 100

info@cherry.de

Personal data

Personal data is data about your person. This includes your name, your address and your e-mail address. You do not have to disclose any personal data in order to visit our website. In some cases we need your name and address as well as other information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your inquiries. In these cases, we will always point this out to you. Furthermore, we only store the data that you have transmitted to us automatically or voluntarily.

When you use one of our services, we generally only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

Contacting us

When contacting us (e.g. by contact form, e-mail, telephone or via social media), the data of the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.

The response to contact requests in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of the legitimate interests in responding to the inquiries.

  • Processed data types: Inventory data (e.g. names, addresses), Contact data (e.g. e-mail, telephone numbers), Content data (e.g. entries in online forms).
  • Affected persons: Communication partner.
  • Purposes of processing: Contact requests and communication.
  • Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 lit. b. GDPR), Legitimate interests (Art. 6 para. 1 lit. f. GDPR).
Server log files

Automatically saved data

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.  

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

Information about specific data processing on the website

If necessary, in deviation from or in addition to the general information above, you will find details below on the individual data processing on our website.

Applications and application procedure

Applicant data is collected, processed and used for the purpose of selecting potential employees.

The personal data of applicants whom we do not hire will be stored for the period required for possible legal claims (e.g. under the General Equal Treatment Act (AGG)) (maximum 6 months) and then immediately destroyed or deleted.

For a smooth application process, it is necessary that you provide us with the requested information truthfully.

Failure to do so (i.e. failure to provide the required data) may mean that an employment contract cannot be concluded with you.

In this context, we do not use automated decision-making.

As a rule, the data originates from the data subject themselves; however, it may also originate from third parties.

If we take you on as an employee after the application process has been completed, the purpose for processing the relevant data will change: in this case, the data will be used in future to implement and maintain the employment relationship.

In addition, we use a recruiting tool from Prescreen (Prescreen International GmbH, Mariahilfer Straße 17, 1060 Vienna), which is operated under the domain *.jobbase.io. Jobbase.io is the central platform for our applicant management. When you use our online form, your personal data is recorded directly in jobbase.io. Your data can also be transferred to the e-recruiting system in the case of a postal or e-mail application. As part of these activities, Prescreen processes personal data on our behalf and thus acts as a processor of Cherry SE within the meaning of Art. 28 GDPR.

We use cookies to make your online application via our website as user-friendly as possible. These are technically necessary and are used for the application process on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). The cookies also serve to be able to continue an application that may have been interrupted at a later date. The documents you have uploaded up to that point will therefore remain recorded for the time being, your application will be marked as incomplete and the data will remain visible to our company to a limited extent.

Newsletter

Provision of information in the form of electronic circulars

Consent (Art. 6 para. 1 lit. a GDPR)

The data will not be passed on to third parties and/or to a third country.

See General deadlines for data deletion

There is no obligation to provide personal data. Newsletters are only sent after registration via a double opt-in procedure (voluntary and revocable informed consent in accordance with Article 6 (1) a GDPR) or after a purchase contract has been successfully concluded and the e-mail address has been collected in this process (in accordance with Section 7 (3) UWG).

Failure to comply (i.e. failure to provide the required data) would result in the newsletter not being delivered to you.

In this context, we do not use automated decision-making.

Contact form

Processing and, if necessary, answering the request of the form sender

Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR), if your request serves to clarify a contractual relationship. Our legitimate interest (Art. 6 para. 1 lit. f GDPR) for all other inquiries, as we are interested in a quick response to your inquiry.

The data will not be passed on to third parties and/or to a third country.

See General deadlines for data deletion

In this context, we do not use automated decision-making.

User login

Data type: User name, password

Purpose of the survey: Access for the user

Protection of legitimate interests (Art. 6 para. 1 f)

Performance of a contract (Art. 6 para. 1 b)

Implementation of pre-contractual measures (Art. 6 para. 1 b)

The data will not be passed on to third parties and/or to a third country.

See General deadlines for data deletion

The user account cannot be created without the data.

In this context, we do not use automated decision-making.

Customer account and product order

Data type: 

  1. Salutation, title, first name, surname, street, no., zip code, city, country, date of birth (optional)
  2. E-mail address, password
  3. Telephone number (optional)

Purpose of the survey: 

  1. Unique identification of the customer account, processing of the product purchase, delivery, payment transactions, processing of complaints
  2. Authentication, independent resetting of the password
  3. Contact by telephone

 

Fulfillment of a contract (Art. 6 para. 1 lit. b GDPR)

Parcel service provider:

  • dataform dialogservices GmbH
  • DSV Air & Sea Germany GmbH

Logistics service provider:

  • DHL Paket GmbH
  • DACHSER SE

Payment service provider:

  • PAYONE GmbH
  • PayPal (Europe) S.à r.l. et Cie, S.C.A.
  • Visa Europe Management Services Limited, German Branch
  • Mastercard Europe SA
  • American Express Europe S.A.
  • Amazon Payments Europe, S.C.A.

See General deadlines for data deletion

The data (in the mandatory fields) must be provided as part of the underlying contract.

It is not possible to create a customer account in this case.

In this context, we do not use automated decision-making.

Cookies

We use cookies on this website; these are small text files that are stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: Many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used for the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a character string that enables websites and servers to be assigned to the storing browser.
 Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TTDSG). All other cookies are subject to consent (Section 25 (1) TTDSG); regulated by our consent management platform
where applicable.
 We use cookies in part only for the duration of your visit to the website, in part for a predefined period and in part permanently. You can delete all these cookies manually or automatically at any time via your web browser.
 It is possible to use our website (although possibly not to its full extent) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser so that it notifies you as soon as cookies are sent.

Web tracking technologies - managed with Usercentrics

We use the consent management platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which we have integrated the following services to manage all cookies, website and tracking technologies that require consent or opt-out in compliance with data protection regulations:

Cloudfront

We use the content delivery network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter "Amazon").

Amazon CloudFront CDN is a globally distributed content delivery network. Technically, the information transfer between your browser and our website is routed via the content delivery network. This enables us to increase the global accessibility and performance of our website.

The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Amazon has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.

Further information about Amazon CloudFront CDN can be found here:

d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf

Facebook

Plugins from the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

You can recognize the Facebook plugins by the Facebook logo or the "Like" button on this website. You can find an overview of the Facebook plugins here:

developers.facebook.com/docs/plugins/

When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at

de-de.facebook.com/privacy/explanation

If you do not want Facebook to associate your visit to this website with your Facebook user account please log out of your Facebook user account.

The Facebook plugins are used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

www.facebook.com/legal/EU_data_transfer_addendum

de-de.facebook.com/help/566994660333381

www.facebook.com/policy.php

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to place advertisements in the Google search engine or on third-party websites.

When the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). We as the website operator can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.

Details can be found here:

policies.google.com/privacy/frameworks 

privacy.google.com/businesses/controllerterms/mccs/

Google Adsense

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalized" mode. In contrast to personalized mode, the advertisements are therefore not based on your previous user behavior and no user profile is created for you. Instead, so-called "contextual information" is used to select the advertisements. The selected advertisements are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalized and non-personalized targeting with Google AdSense here:

support.google.com/adsense/answer/9007336

Please note that cookies or comparable recognition technologies (e.g. device fingerprinting) may also be used when using Google Adsense in non-personalized mode. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time.

Your data may be transferred to the USA. The EU Commission has issued an adequacy decision for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in:

adssettings.google.com/authenticated

You can find more information about Google's advertising technologies here:

policies.google.com/technologies/ads

www.google.de/intl/de/policies/privacy/

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a device ID.

We can also use Google Analytics to track your mouse and scroll movements and clicks, among other things.

Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG. Consent can be revoked at any time. Your data may be transferred to the USA. There is an adequacy decision by the EU Commission for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles. Details can be found here:

privacy.google.com/businesses/controllerterms/mccs/

We use Google signals. When you visit our website, Google Analytics records, among other things, your Location, search history and YouTube history as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalized advertising messages. The data is also used to compile anonymous statistics on the user behavior of our users.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarized by Google under a transaction ID that is assigned to the respective user or their device.

Google Fonts

We integrate the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: www.google.com/policies/privacy/, Opt-Out: adssettings.google.com/authenticated.

External fonts in the form of Google Fonts are used on this website for the uniform display of fonts. Google Fonts is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ("Google").

When you visit our website, your browser loads the required web fonts directly from a Google server into your browser cache in order to display texts and fonts correctly. This tells the server which of our web pages you have visited. The IP address of the browser of the end device of the visitor to this website is also stored by Google. If your browser does not support web fonts, a standard font will be used by your computer.

The legal basis for the use of Google Fonts is Art. 6 I (f) GDPR. Our legitimate interest arises from the fact that we can present the fonts to you in a uniform form. Google LLC. is certified under the US Privacy Shield to ensure a level of data protection appropriate to the GDPR.

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that we use to implement tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

GStatic

We use the Gstatic service provided by Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: www.google.com on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 GDPR (hereinafter: DPF - commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection of the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, which you have given on our website.

Gstatic is a background service used by Google to retrieve static content in order to reduce bandwidth usage and load required catalog files in advance. In particular, the service loads background data for Google Fonts and Google Maps.

As part of order processing, personal data may also be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the certification under the EU-US Data Privacy Framework at www.dataprivacyframework.gov/s/participant-search/participant-detail.

You can withdraw your consent at any time. You can find more information on withdrawing your consent either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at policies.google.com/privacy.

The provider also offers an opt-out option at support.google.com/My-Ad-Center-Help/answer/12155451.

Heyzine

On our website we provide information that is processed by the company Heyzine, Calle Santa Isabel, 21 (08840). Barcelona, Spain. Further information can be found on the Heyzine website: heyzine.com/legal/privacy-policy

The processing only takes place after your consent, the legal basis is therefore § 6 para. 1 b KDG, or Art. 6 para. 1 a GDPR.

LinkedIn

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time you access a page on this website that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited this website with your IP address. If you click on the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to this website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

The LinkedIn plugin is used on the basis of Art. 6 para. 1 lit. f GDPR. 

The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

Further information on this can be found in LinkedIn's privacy policy at: www.linkedin.com/legal/privacy-policy

Magento

This is an e-commerce platform. This service improves the shopping experience.

Processing company

Adobe Systems Incorporated

345 Park Avenue. San Jose, CA 95110-2704, United States of America

Data processing purposes

This list shows the purposes of data collection and processing.

E-Commerce / Advertising / Optimization / Personalization

This list contains all (personal) data collected during or through the use of the service

IP address, anonymous traffic data, credit and debit card number, pages visited, Service user actions, postal address, screen resolution, browser language, Name and version of the services used, browser type, telephone number, MAC address (Media Access Control), device type, referrer URL, search terms, demographic data, statistical data, cookie ID, advertisements viewed, advertisements clicked on, geographic location, browser version, e-mail address, hardware type, device operating system, device manufacturer, device model, usage data, success rates of advertising campaigns, browser information, device information

Legal basis

The required legal basis for the processing of data is stated below.

Art. 6 para. 1 s. 1 lit. f GDPR

Place of processing

United States of America

Storage period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the processing purposes.

Data recipient

Adobe Systems Incorporated

Google LLC

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company. legal@magento.com

Click here to read the data processor's privacy policy: magento.com/legal/terms/privacy

Microsoft Advertising

We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited (Ireland/EU) (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted advertisements via the Microsoft Bing search engines. Microsoft Advertising uses cookies for this purpose. Personal data is processed in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.

Microsoft Advertising collects data via UET, which we can use to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when you visit our website. This enables Microsoft Advertising to recognize that our website has been visited and to display an advertisement when Microsoft Bing or Yahoo is used later. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an ad. This tells us the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information with which users can be personally identified.

Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place with your consent in accordance with § 25 TTDSG or Art. 6 para. 1 lit. a GDPR. You can revoke your consent via our Consent Management Tool.

In the case of Microsoft services, the transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". Further information on data protection at Microsoft can be found in Microsoft's privacy policy at privacy.microsoft.com/de-de/privacystatement.

Microsoft Clarity

This website uses Clarity. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA98052-6399 (USA), docs.microsoft.com/en-us/clarity/ (hereinafter referred to as "Clarity").

Clarity is a tool for analyzing user behavior on this website. Clarity records in particular mouse movements and creates a graphical representation of which part of the website users scroll particularly frequently (heat maps). Clarity can also record sessions so that we can view page usage in the form of videos. We also receive information about general user behavior within our website.

Clarity uses technologies that enable the recognition of the user for the purpose of analyzing the user behavior (e.g. cookies or the use of device fingerprinting). Your personal data is stored on Microsoft's servers (Microsoft Azure Cloud Service) in the USA.

The use of Clarity is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective user analysis. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Further details on Clarity's data protection can be found here: docs.microsoft.com/en-us/clarity/faq

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the above-mentioned provider. This is a contract prescribed by data protection law, which guarantees that the provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Oribi

Some of our websites use the Oribi service of Oribi Ltd, Shim'on Rokah St 101, Tel Aviv-Yafo, Israel for analysis and marketing purposes. This only happens if you consent to the corresponding category in the consent banner. Accordingly, the legal basis for this processing is Art. 6 para. 1 lit. a. With the help of this cookie, Oribi can track your visit to our site and to other websites that use the service. The transfer to a third country is based on an adequacy decision of the EU Commission for Israel. For more information about Oribi's privacy policy, visit: oribi.io/privacy

Onlyfy

We offer applicants the opportunity to apply online on our website. In order to be included in the application process, applicants must provide us with all personal data required for a well-founded and informed assessment and selection via the form.

The required information includes general personal details (name, address, telephone or electronic contact details) as well as performance-specific proof of the qualifications required for a position. In addition, health-related information may be required, which must be given special consideration under labor and social law in the interest of the applicant's social protection.

We use the Onlyfy service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany, for application management. Jobbase.io is the central platform for our applicant management. When you use our online form, your personal data is recorded directly in jobbase.io. Your data can also be transferred to the e-recruiting system in the case of a postal or e-mail application.

Onlyfy processes personal data in the context of these activities only on behalf of and for the purposes of Cherry SE and is therefore a so-called processor within the meaning of Art. 4 No. 8 GDPR. We have concluded an order processing contract with New Work SE, in which we oblige New Work SE to protect our customers' data and not to pass it on to third parties.

Further information on data processing in accordance with Art. 13 GDPR can be found directly in the application platform.

When you submit the form, your data will be transmitted to us in encrypted form in accordance with the state of the art and processed exclusively for the purpose of processing your application.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG, in the sense of which the application procedure is considered to be the initiation of an employment contract. Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. health data such as information on severely disabled status) are requested from applicants as part of the application procedure, processing is carried out in accordance with Art. 9 para. 2 lit. b) GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations.

Based on this or alternatively, the processing of special categories of data may also be based on Art. 9 para. 1 lit. h) GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnostics, health or social care or treatment or for the management of health or social care systems and services.

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, the data provided will be deleted after a corresponding notification after six months at the latest. This period is based on our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to comply with our obligations to provide evidence under the regulations on equal treatment of applicants.

You can also consent to us keeping your application documents within an applicant pool for longer than the defined retention period of six months after the end of the application process, should you be considered for another position in our company.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG for the purposes of implementing the employment relationship.

YouTube

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection is established to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts.

If necessary, further data processing operations may be carried out after the start of a YouTube video over which we have no influence. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

You can find more information about data protection at YouTube in their privacy policy at: policies.google.com/privacy

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly being revised. Please ensure that you have the latest version.

Rights of data subjects

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data portability and to complain in accordance with the requirements of data protection law.

You can request information from us as to whether and to what extent we process your data.

If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

You can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of statutory retention obligations.

Irrespective of the exercise of your right to erasure, we will erase your data immediately and completely, provided that there is no legal or statutory retention obligation to the contrary.

You can request that we restrict the processing of your data if

  • you contest the accuracy of the data, for a period enabling us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request that the use of the data be restricted,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have objected to the processing of the data.

You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transmit this data to another controller without hindrance from us, provided that

  • we process this data on the basis of your revocable consent or for the performance of a contract between us, and
  • this processing is carried out using automated procedures.

If technically feasible, you can request that we transfer your data directly to another controller.

If we process your data for legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions you may have. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert one of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policy if this should be necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce these on our website.

All interested parties and visitors to our website can contact us regarding data protection issues at:

Mr. Christian Volkmer

Projekt 29 GmbH & Co KG
Ostengasse 14
93047 Regensburg

Phone: 0941 2986930
Fax: 0941 29869316
E-mail: anfragen@projekt29.de
Internet: www.projekt29.de