Data protection

Privacy Information

according to Art. 13, 14 GDPR

Brief overview: How we process your personal data via the website

On our website we inform about our products and our company history. In order to provide you with this information for retrieval, we process personal data in the form of data to transmit it to your IT device, e.g. your smartphone (log files) and to optimize the website presentation (cookies).

We collect and process your contact data and your message content when you contact us via contact forms or other means of communication, e.g. by e-mail, in order to reply to you if necessary.

In order to market our products even better, we would like to know more about your interests and your usage behavior. Therefore we evaluate how you use our website. We use, among other things, log files, cookies, analysis software and services of third parties – of course only with your consent.

Below you will find information about your rights as a data subject. Please address any inquiries, requests and suggestions regarding data protection to our data protection officer.

Content of the privacy notice:

I. Name and contact details of the data controller

II. Name and contact details of the data protection officer

III. Data processing via contact forms and means of communication

IV. Data processing on the website

1. Logfiles
2. Cookies
3. Recruitics
4. ProSoft
5. Google analytics
6. Google maps
7. Google fonts
8. Google remarketing
9. Google Recapture
10. Google YouTube
11. Facebook und Instagram
12. Borlabs
13. Flockler

V. Information for automated decision making

VI. Information on data security

VII. Your rights as a data subject

Content of the privacy notice:

I. Name and contact details of the data controller

The following body is accountable for this website in accordance with Art. 4 (7) of the General Data Protection Regulation (from now on: GDPR):

Da Vinci Engineering GmbH
Hauptstätter Straße 149
70178 Stuttgart

Represented by:
Dipl.-Ing. Massimiliano Cava (Managing Director)

Phone: +49 (0)711 722 40 – 0
Fax: +49 (0)711 722 40 – 198
e-mail: info@davinci.de

II. Name and contact details of the data protection officer

Da Vinci Engineering Ltd
To the attention of the data protection officer
Hauptstätter Straße 149
70178 Stuttgart

Phone: +49 (0)711 722 40 – 0
Fax: +49 (0)711 722 40 – 198
e-mail: datenschutz@davinci.de

III. Data processing via contact forms and means of communication

1. Scope of the data processing

We are available for your inquiries by mail, e-mail, contact form, fax and telephone. Simple inquiries that do not require identification of your person can be made anonymously. As far as your identification should be necessary, e.g. to answer you or to call you back, we will collect your contact data.

If you send us a message via our contact form, we collect the personal data you enter (first name, last name, e-mail address, message content). In addition, we record your IP address and log files about the date and time of the message dispatch.

2. Purpose of the data processing

Your personal data is processed in order to identify you, to assign your message to an existing contract, a job advertisement, an application procedure or any other business relationship, to store it, to reply to it or to forward it if necessary.

3. Legal basis of the processing

If you have given us your consent during correspondence with you, we may process your data within the scope of your prior consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

In individual cases, the processing of your data may be necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken at your request, Art. 6 (1) sentence 1 lit. b GDPR.

Personal data may also be processed on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

4. Legitimate interests

We have a legitimate economic interest in being accessible via our contact forms and (electronic) means of communication for processing and answering enquiries with an interest in our products, and in responding to your enquiries. In addition, we have a legitimate interest in processing your data if, for example, you are a managing director, employee, job applicant, customer, potential customer or other representative of our contractual partner. We also collect information in order to check your job application. We also process your data for the purpose of contract fulfilment, assertion or defence of claims.

5. Recipients or categories of recipients

Your personal data are usually processed by us. We only pass on your personal data, which we have received via electronic means of communication, to external recipients if this is necessary in individual cases to process your enquiry.

6. Transfer to third countries

We do not transfer your personal data abroad, unless you agree to this.

7. Duration of storage

Your personal data will be deleted as soon as they are no longer required for the purpose of their collection and due to contractual, commercial or tax law obligations to retain them. Application documents are kept for at least two months after receipt of the rejection (§ 15 (4) AGG). Invoice vouchers are kept for 10 years, commercial letters for 6 years.

8. Possibility of objection and removal

As a data subject you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6 (1) sentence 1 lit. e or f GDPR (Art. 21 (1) GDPR). If we base the processing of your data on your consent or on a contract, you do not have the right to object.

9. obligation to provide (Art. 13 (2) lit. e GDPR)

Your personal data such as title, first name, surname and e-mail address are required to send the request to us via the contact form. Otherwise, the provision of your personal data is voluntary. In the event that you do not provide us with your personal data, we may not be able to process or answer your enquiries, requests or wishes. However, if you do not provide us with your e-mail address in the contact form or provide it incorrectly, we will not be able to reply to you.

IV. Data processing on the website

1. Log files

1.1 Scope of the data processing
Whenever you visit our website, our system automatically collects data and information from the computer system with which you, as data subject, access our website. These data are stored and processed on our server in a protocol file (so-called log files). The following personal data is collected:

Among other things, log files store the IP address, the browser used, the time and date and the system used by a visitor to the site. We only store anonymous IP addresses of visitors to the website. At web server level, this is done by storing an IP address 123.123.123.XXX in the log file instead of the actual IP address of the visitor, e.g. 123.123.123.123, where XXX is a random value between 1 and 254. It is no longer possible to establish a personal reference.

1.2 Purpose of the data processing
The IP address is a string of numbers that uniquely identifies your computer system at the time you use our website. The IP address is used to receive and send data packets and enables a user to access a website. The temporary storage of the IP address on our server is necessary to transmit the page contents to the user’s computer system after calling up our website, so that the user can perceive the contents.

The storage in log files is done to ensure the functionality of the website and to be able to detect possible transmission errors. In addition, this data serves us to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

1.3 Legal basis of the processing
The processing is carried out on the basis of our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

1.4 Legitimate interests
We have a legitimate interest in processing the above-mentioned personal data for the above-mentioned purposes to ensure that information about our services is always available online.

1.5 Recipients or categories of recipients
Your personal information is shared with our IT department and with our contractors who are hired to host and provide the IT resources to operate the website.

1.6 Transfer to third countries
We do not intend to transfer your personal data abroad.

1.7 Duration of storage
Your personal data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended. The user’s IP address must remain stored for the duration of the session to enable the usage of the website.

In the event that your data is stored in the log file, the data collected therein will be stored indefinitely.

1.8 Possibility of objection and removal
As a data subject, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6 (1) sentence 1 lit. e or f GDPR (Art. 21 (1) GDPR). In this case we will no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms as a data subject, or the processing serves to assert, exercise or defend and defend legal claims.

The processing of personal data for the provision of the website and for the creation of the log file is absolutely necessary for the operation of the website. The user can therefore not object to this type of processing.

1.9 Duty to provide data (Art. 13 (2) lit. e GDPR)
The processing of log files is necessary to display the website correctly. In case you do not provide an IP address, page requests are excluded for technical reasons.

2. Cookies

2.1 Scope of the data processing
We use so-called cookies on our website. Cookies are text files that are stored on the user’s IT system as soon as he or she accesses our website. Cookies contain characteristic character strings that enable the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some page elements of our website require that the calling Internet browser can be identified even after a page change within our website.

The following cookies are described in more detail below.

2.2 Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the usage of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the Internet browser is recognized even after a page change. In these technically necessary cookies, data is collected, stored and transmitted to us to enable our website to be accessed. The user data collected by technically necessary cookies is not used to create user profiles.

We use cookies, which are not technically necessary, to get to know our target groups better, to evaluate their interests and to draw their attention to our products and our company by means of direct marketing.

2.3 Legal basis of the processing
If cookies are not “essential”, i.e. not technically required for the operation of our website, they will only be processed with your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.
Otherwise, the processing is carried out on the basis of our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR.

2.4 Legitimate interests
We have a legitimate economic interest in the external presentation of our company and in advertising our services. Cookies help us in this regard with the optimal presentation of the website.

2.5 Recipients or categories of recipients
The cookie information is shared with our internal departments and with our contractors who are hired to host and provide IT resources.

2.6 Transfer to third countries
Information stored in cookies is generally not transferred to third countries, unless it is necessary to identify the user.

2.7 Duration of storage
The personal data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the processing of data for the purpose of providing the website, this is the case when the respective session has ended. Cookies are stored on the user’s IT system and transmitted by the user to our server. Therefore, you as a user also have full control over the usage of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the storage of cookies. Cookies already stored can be deleted at any time. This can also be done automatically.

2.8 Possibility of objection and removal
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her that is carried out pursuant to Art. 6 (1) sentence 1 lit. e or f GDPR (Article 21 paragraph 1 GDPR). If cookies are deactivated for our website, it is possible that not all functions of the website, e.g. the shopping basket of the shop, can be used to their full extent.

2.9 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing cookies is voluntary. If you do not provide us with your data, we may not be able to address your IT system and you may not be able to use our website or not use it to its full extent.

3. Recruitics

3.1 Responsible service providers
We use the Recruitics service on our website. Responsible is Recruitics UK, Ltd, 1 Fore Street, London, EC2Y 9DT, United Kingdom, available online at: https://www.recruitics.com/.

3.2 Scope of the data processing
We process your personal data by integrating the above mentioned service into our website. However, Recruitics’ cookie only counts clicks and does not process any personal data, especially IT addresses.

3.3 Purpose of the data processing
With Recruitics, we can evaluate usage behavior, how our job ads are viewed, e.g. how often they have been opened. Data-driven recruiting aims to improve recruiting processes and thus save costs.

3.4 Legal basis of the processing
We process your personal data by integrating the above mentioned services into our website.

If your request is necessary for the performance of a contract with us to which you, as the data subject, are a party or for the implementation of pre-contractual measures taken in response to your request, Art. 6 (1) sentence 1 lit. b GDPR is the legal basis. The processing of your personal data may also be based on our legitimate interests or legitimate interests of a third party. The legal basis is then Art. 6 (1) sentence 1 lit. f GDPR.

3.5 Legitimate interests
We have a legitimate interest in processing personal data for the above-mentioned purposes in order to improve our application procedures and thus our human resources management.

3.6 Recipients or categories of recipients
If and to what extent Recruitics shares personal information, please refer to their privacy notice. We only receive anonymised data in the form of statistics that provide us with conclusions about user behavior in the context of application processes.

3.7 Transfer to third countries
Personal data is transferred via the contractor Amazon Web Services to third countries, i.e. to the USA and Australia. The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy decision of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of US companies subject to this decision. Amazon (AWS) is certified accordingly. The EU Commission has also decided that Australia has an adequate level of protection for the transmission of personal data.

3.8 Duration of storage and possibility of objection and removal
The personal data will be deleted as soon as they are no longer necessary for the purpose of their collection and no retention obligations, e.g. from labour law context, need to be observed.

3.9 Duty to provide
The provision of personal data for this service is voluntary.

4. ProSoft

4.1 Responsible service providers
We use a software solution from prosoft EDV-Lösungen GmbH & Co. KG, Walhallastraße 16, 93083 Regensburg-Obertraubling.

4.2 Scope of the data processing
We process your personal data by integrating the above mentioned service into our website. Candidates apply via an online form. This online form is available on our website. After submitting the application (first name, last name, telephone, e-mail, salutation, attachments, consent to data processing), this data is transferred to Prosoft Recruitung and can be processed in Prosoft.

The following types of data are processed: Address data, contact data, bank details, social security data, contract data, wage and salary data, health data, applications, resumes, certificates.

4.3 Purpose of the data processing
With Prosoft we can initiate working relationships. Prosoft enables us to manage the candidate pool and create a candidate profile in a specific format, so that the search for suitable candidates can be made more effective.

4.4 Legal basis of the processing
We process your personal data by integrating the above mentioned service into our website.

If your request is necessary for the performance of a contract with us to which you, as the data subject, are a party or for the implementation of pre-contractual measures taken in response to your request, Art. 6 (1) sentence 1 lit. b GDPR is the legal basis. The processing of your personal data may also be based on our legitimate interests or legitimate interests of a third party. The legal basis is then Art. 6 (1) sentence 1 lit. f GDPR.

4.5 Legitimate interests
We have a legitimate interest here in processing personal data for the above-mentioned purposes, in order to improve our market presence and our external presentation and to provide information about our services in a more interest-oriented, effective and up-to-date manner. This is particularly successful if we can manage candidates via appropriate databases and place them in line with our clients’ requirements.

4.6 Recipients or categories of recipients
We process personal data internally.

4.7 Transfer to third countries
No personal data is transferred to third countries.

4.8 Duty to provide
The provision of personal data is voluntary. In the event that the data is not to be provided, it may not be possible to send the application.

5. Google analytics

5.1 Scope of the data processing
We use functions of the web analysis service Google Analytics. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660
E-mail: support-deutschland@google.com. Google Analytics uses so-called cookies. These are text files which are stored on your computer and which enable an analysis of your usage of the website. On our behalf, Google will use this information to evaluate your use of the website in order to compile reports on the website activities.

5.2 Purpose of the data processing
We use this data to design and optimize the website in line with requirements and to ensure the security of our information technology systems. We receive reports on the usage behavior of the users of our website. We also evaluate the data for marketing purposes in order to better understand the interest of our customers in our services and to improve our service portfolio and service.

5.3 Legal basis of the processing
The processing of personal data takes place on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

5.4 Recipients or categories of recipients
Your personal data, as far as they are not already anonymous by means of IP-anonymisation, are only processed by us and Google.

5.5 Transfer to third countries
Personal data may be transferred to affiliated companies of Google Ireland Ldt. in the USA. We have activated the IP anonymization function on the website. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Unfortunately, we have no knowledge of how the procedure at Google works.

The appropriate level of protection for the transmission of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, Privacy Shield) requires self-certification of US companies subject to this decision. Google Inc. is certified accordingly.

5.6 Duration of storage
We no longer store any personal data for evaluations based on Google Analytics.

5.7 Duty to provide information (Art. 13 (2) lit. e GDPR)
The provision of your data for processing by Google Analytics is voluntary. In the event that your data is not made available, no impairment will occur.

5.8 Possibility of objection and removal
You can prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent future collection of your information when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de.

6. Google maps

6.1 Scope of the data processing
On this website we use the offer of Google Maps. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660
E-mail: support-deutschland@google.com.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the following personal data is collected: protocol data (especially the IP address), location-related information, unique application numbers, cookies and similar technologies. This is done regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account.

6.2 Purpose of the data processing
We use Google Maps to visualize our locations geographically and to allow our users to view the individual locations on the map interactively.

6.3 Legal basis of the processing
The processing of personal data takes place on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

6.4 Recipients or categories of recipients
Your personal data is only processed by us and by Google.

6.5 Transfer to third countries
Personal data may be transferred to affiliated companies of Google Ireland Ldt. in the USA.
The appropriate level of protection for the transmission of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

6.6 Duration of storage
We no longer store any personal data for evaluations based on Google Maps.

6.7 Duty to provide information (Art. 13 (2) lit. e GDPR)
The provision of your data for processing by Google Maps is voluntary. In the event that you do not provide your data, no impairment will occur. It is possible that the map cannot be displayed to you.

7. Google Fonts

7.1 Scope of the data processing
On this website we use the offer of Google Fonts. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660
E-mail: support-deutschland@google.com.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the following personal data are collected: protocol data (especially the IP address), location-related information, unique application numbers, cookies and similar technologies. This is done regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account.

7.2 Purpose of the data processing
We use Google Fonts to display an attractive font on our website.

7.3 Legal basis of the processing
The processing of personal data takes place on the basis of your consent in accordance with Art. 6 (1) S. 1 lit. a GDPR.

7.4 Recipients or categories of recipients
Your personal data, especially IP addresses, are transmitted to Google.

7.5 Transfer to third countries
Personal data is transferred to affiliated companies of Google Ireland Ldt. in the USA, to Google Inc. The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy decision of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

7.6 Duration of storage
We do not process any personal data for evaluations created on the basis of Google Fonts.

7.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing Google Fonts is voluntary. In the event that you do not provide your data, no impairment will occur. It is possible that the map cannot be displayed.

8. Google ads/ remarketing

8.1 Scope of the data processing
On this website we use the service Google Ads. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google enables advertisers to display ads in Google’s search engine results and on the Google advertising network. Through Google Ads, we, as advertisers, can specify specific keywords and audiences so that an ad will appear in Google’s search engine results only when the user searches for a keyword relevant term. The Google ad network uses an automatic algorithm to serve ads to topic-related websites based on the keywords and audiences you specify.

We use the remarketing function within the Google Ads service. This allows us to target people with advertisements by showing personalized and interest-based ads to visitors to this website based on site usage analysis when they visit other sites in the Google Display Network or use the Google search engine.

For this purpose, so-called cookies are used. These are text files which are stored on your computer and which enable an analysis of your use of the website. On our behalf, Google will use this information to evaluate your use of the website in order to compile reports on website activity.

This cookie records your visits to the website and it can be traced if you have reached our website via an ad display and generated a turnover. Accordingly, each time you visit this website, personal data (in particular your IP address) is transmitted to Google.

Further information and Google’s applicable privacy notice. can be found at https://www.google.de/intl/de/policies/privacy/.

8.2 Purpose of the data processing
We use Google Remarketing because we want to offer interested users, potential applicants and customers who have visited our website, also on third-party websites and in search engine results advertising about our services.
We also evaluate the data for marketing purposes in order to better understand our customers’ interest in our services and to improve our service portfolio and service.

8.3 Legal basis of the processing
The processing of personal data takes place on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

8.4 Recipients or categories of recipients
Your personal data is only processed by us and by Google.

8.5 Transfer to third countries
Personal data may be transferred to affiliated companies of Google Ireland Ldt. in the USA. The appropriate level of protection for the transmission of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 para. 9 GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

8.6 Duration of storage
We do not process any personal data for evaluations created on the basis of Google Ads.

8.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing Google Ads is voluntary. In the event that you do not provide your data, there will be no impairment.

8.8 Possibility of objection and removal
You can prevent Google Ads from collecting them by clicking on the following link. An opt-out cookie will be set to prevent future collection of your information when you visit this website: https://tools.google.com/dlpage/gaoptout?hl=de.

It is also possible to opt-out of interest-based advertising by Google.
To do so, you must go to https://www.google.de/settings/ads via any Internet browser you use and select the appropriate settings there.

9. Google ReCapture

9.1 Scope of the data processing
On this website we use the service Google ReCapture. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use the ReCapture service using a cookie to prevent unauthorised access to our site.

Further information and Google’s applicable privacy notice. can be found at https://www.google.de/intl/de/policies/privacy/.

9.2 Purpose of the data processing
Google ReCapture protects our website from attacks by third parties, in particular spam via customer contact forms.

9.3 Legal basis of the processing
Personal data is processed on the basis of our legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR. We have a legitimate interest in protecting our systems, in particular our website, from unauthorised access by third parties, in particular by spam.

9.4 Recipients or categories of recipients
Your personal data is only processed by us and by Google.

9.5 Transfer to third countries
Personal data may be transferred to affiliated companies of Google Ireland Ldt. in the USA. The appropriate level of protection for the transmission of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

9.6 Duration of storage
The cookie is stored for 10 years.

9.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing by Google is voluntary. If you do not provide us with your data, you may no longer be able to use our website.

9.8 Possibility of objection and removal
As a data subject, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR (Art. 21 (1) GDPR). In this case, the person responsible will no longer process the personal data.

10. Google YouTube

10.1 Scope of the data processing
On this website we use the service Google Ads. Responsible is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This cookie records your website visits and can be used to track when you have viewed a YouTube video on our website.
Accordingly, personal data (in particular your IP address) is transmitted to Google each time you visit this website.

Further information and Google’s applicable privacy notice. can be found at https://www.google.de/intl/de/policies/privacy/.

10.2 Purpose of the data processing
We use YouTube to make videos of us available to you on the website.

10.3 Legal basis of the processing
The processing of personal data takes place on the basis of your consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR.

10.4 Recipients or categories of recipients
Your personal data is only processed by us and by Google.

10.5 Transfer to third countries
Personal data may be transferred to affiliated companies of Google Ireland Ldt. in the USA. The appropriate level of protection for the transmission of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, privacy shield) requires self-certification of the US companies subject to this decision. Google Inc. is certified accordingly.

10.6 Duration of storage
The cookie is stored for 6 months.

10.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing by Google is voluntary. If you do not provide us with your data, you may no longer be able to use our website.

11. data processing via Facebook and Instagram

11.1 Scope of the data processing
We have a fan page on Facebook, https://www.facebook.com/DaVinciEngineering/, and a profile on Instagram. For both websites Facebook Ireland Limited, 4 Grand Canal Square, Dublin Dublin Dublin 2, Ireland (“Facebook”) is responsible for the collection and processing of personal user data. Please note that Facebook collects and processes certain information about your visit to our Facebook page, even if you do not have a Facebook user account or are not logged in to Facebook. Information about the processing of personal data from Facebook can be found in the Facebook privacy notice.: https://www.facebook.com/privacy/explanation

As part of our Facebook page, we can only view your public profile on Facebook. Furthermore, we process your personal data (such as your name and the content of your messages) when you contact us via our Facebook page. We then process this data for the purpose of processing and, if necessary, replying to your postings.

Facebook also provides us with so-called Page Insights data. This information is anonymous statistics that we use to evaluate the quality of our Facebook page and our content. Facebook has agreed to take the main responsibility for processing Insights data in accordance with the General Data Protection Regulation (GDPR) and to fulfil your rights. You can find more information about this here: https://www.facebook.com/legal/terms/page_controller_addendum

11.2 Purpose of the data processing
We process personal data via the Facebook and Instagram pages only to the extent necessary to advertise our company and, if applicable, to be available for queries from customers, job applicants or interested parties via the respective messenger channels.

11.3 Legal basis of the processing
With this data processing, we safeguard legitimate economic interests by also being represented in social media with an advertising presence, Art. 6 (1) sentence 1 lit. f GDPR. Insofar as it is necessary to contact you in order to enter into or fulfil a contract with you, Art. 6 (1) sentence 1 lit. b GDPR is the legal basis.

11.4 Recipients or categories of recipients
Your personal data will only be processed by us and by the company Facebook.

11.5 Transfer to third countries
Facebook Ireland Ltd. is the competent authority for processing data of EU citizens or persons residing in the EU. In this respect, there is no transfer of data to third countries.

Personal data may be transferred to affiliated companies of Facebook Ireland Ldt. in the USA, e.g. to Facebook, Inc. The appropriate level of protection for the transfer of personal data to the USA is guaranteed by an adequacy finding of the EU Commission in accordance with Art. 45 (9) GDPR. The appropriateness decision (EU-US data protection shield, Privacy Shield) requires self-certification of the US companies subject to this decision. Facebook Inc. is certified accordingly.

11.6 Duration of storage
We do not store personal data, which is processed via our fan pages, outside of these internet pages and it will be deleted, if you remove e.g. your comments or ask for deletion of a chat history. In any case, we store personal data in the fan pages only as long as it is necessary to establish contact or correspondence.

11.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing is voluntary. If you do not provide us with your data, we may not be able to contact you or may no longer be able to contact you.

12. Borlabs

12.1 Scope of the data processing
We use a cookie banner of the company Borlabs, owner: Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany.

12.2 Purpose of processing
The cookie is processed in order to store the user selection regarding the cookie banner.

12.3 Legal basis of the processing
The processing of personal data is necessary for the provision of the website. We have a legitimate interest in advertising via this Internet site, Art. 6 (1) sentence 1 lit. f GDPR.

12.4 Recipients or categories of recipients
Your personal data will only be processed by us and Borlabs.

12.5 Transfer to third countries
No data is transferred to third countries.

12.6 Duration of storage
The cookie is stored for 1 year.

12.7 Duty to provide (Art. 13 (2) lit. e GDPR)
The provision of your data for processing is voluntary. If you do not provide your data, it may be that the cookie banner cannot be deactivated and is always displayed.

13. Flockler

The Da Vinci Engineering’s social media feeds are automatically collated and displayed on the Da Vinci Engineering’s online social wall https://www.davinci.de/en/news/. Here you can access all social media content without having to log into or open the respective platform. At present, Da Vinci Engineering is active on Instagram, Facebook and LinkedIn.

To display social media content on the social wall, Da Vinci Engineering uses a service called Flockler, which is operated by Flockler Oy at Rautatienkatu 26 B 32 in 33100 Tampere, Finland. Flockler aggregates relevant social media channels and feeds this information into the Da Vinci Engineering’s social wall.

When an item is called up, a connection is established with Flockler’s servers and the user’s IP address is transmitted. While the content is loading, data are also transmitted to the individual social media providers. This also applies if users are not logged in on the social media platform or if they have no account with them. Please note that Da Vinci Engineering as the host of the newsroom website has no knowledge of the content of the transmitted data or how these are used by the social media providers. Further information can be found in the providers’ data policies.

Facebook und Instagram: https://www.facebook.com/privacy/explanation

LinkedIn: https://de.linkedin.com/legal/privacy-policy

The use of the Flockler plugin is governed by Article 6 (1) letter (f) of the GDPR. The website operator has a legitimate interest in being as visible as possible on social media platforms.

Flockler’s data protection provisions and further information on this service provider can be found at https:/www.flockler.com/privacy-policy.

V. Information for automated decision making

To find out which of the above-mentioned service providers subject your data to automated decision making, please refer to the data protection guidelines of the respective responsible parties. We deliberately refrain from automated decision making.

VI. Information on data security

To guarantee your data security, our website is SSL-encrypted. The call of https:// is forced by server settings, so that unencrypted connections are not possible.

VII. Your rights as a data subject

As a data subject, you have the right

• in accordance with Art. 7 (3) GDPR to revoke your once given consent to us at any time (e.g. in writing or in text form) As a result, we are not allowed to continue data processing in the future if it was based on this consent;
• to request information about your personal data processed by us in accordance with Art. 15 GDPR. You may request information on the purposes of processing, the category of personal data processed by us, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal to a supervisory authority, the origin of your data, if it has not been collected from you, as well as the existence of automated decision-making, including profiling, in accordance with Art. 22 (1) GDPR and, if applicable, meaningful information on the details thereof;
• in accordance with Art. 16 GDPR, to demand the correction of incorrect data or the completion of your personal data stored by us without delay;
• pursuant to Art. 17 GDPR to demand the deletion of your personal data stored with us if one of the reasons stated in Art. 17 (1) lit. a-f GDPR applies, insofar as the processing of the data is not necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend and defend against legal claims;
• pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of such data, if the processing is unlawful but you refuse to delete it, or if we no longer need your data but you need it for the assertion, exercise or defence and defence of legal claims, or if you have lodged an objection to the processing pursuant to Art. 21 GDPR and it has not yet been established whether our legitimate interests outweigh yours;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided us with in a structured, common and machine-readable format, if the processing is based on consent pursuant to Art. 6 (1) or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR and the processing is carried out with the aid of automated procedures. In exercising this right, you also have the right to request that the personal data concerning you be transmitted directly by us to another responsible party, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this.
• in accordance with Art. 21 GDPR, to object, on the basis of legitimate interests, to the processing of your personal data if there are reasons for doing so arising from your particular situation.
• in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurs, if you consider that the processing of personal data relating to you is in breach of the GDPR.

Please contact the Data Protection Commissioner with any enquiries or applications concerning data subjects’ rights.