Privacy Policy

Privacy Policy Website

Controller

The processing of personal data in connection with the website https://www.modell-aachen.de is carried out byModell Aachen GmbH
Interaktive Managementsysteme
Am Kraftversorgungsturm 5
52070 Aachen
Email: qwiki@modell-aachen.de ("Modell Aachen", "we") Modell Aachen has appointed a Data Protection Officer, who can be reached at the following contact details:
Modell Aachen GmbH
Attn: Data Protection Officer
Am Kraftversorgungsturm 5
52070 Aachen
Email: datenschutz@modell-aachen.de

Type of Data and Purpose of Processing Personal Data

When you use the website for purely informational purposes, we only process the personal data that your browser transmits to our servers. When you access the website, we process the following data on the basis of our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, which is technically necessary for us to display our website and to ensure data security as well as the stability and security of our IT systems:

* Browser type and version
* Operating system used
* Referrer URL
* Hostname of the accessing device
* Time of the server request
* IP address

The processing of the IP address serves to protect against or trace hacker and cyber attacks. The processing of the remaining data serves to deliver the content of our website, to ensure the functionality of our information technology systems, to optimise our website and to ensure the functionality of the website. Log file data is always stored separately from other personal data of users. This processing of your aforementioned data is necessary to safeguard our legitimate interests and is justified by a balancing of interests in our favour. We have a legitimate interest in ensuring that the website and the services offered there function properly from a technical standpoint and are protected against attacks. Your legitimate interest in your aforementioned data not being used for this purpose does not outweigh our legitimate interest, as we use this data appropriately in accordance with the described processing purpose and you also benefit from the functionality of the website.

Contact by Email, Telephone or Fax

If you contact us by email, telephone or fax, your enquiry, including all resulting personal data (name, enquiry, time), will be stored and processed by us for the purpose of handling your request.
The processing of this data is based on Art. 6(1)(1)(b) GDPR, insofar as your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interests (Art. 6(1)(1)(f) GDPR), as we have a legitimate interest in effectively processing enquiries addressed to us.
The data you send us via contact requests will remain with us until you ask us to delete it or the purpose for storing the data no longer applies (e.g. after your request has been fully processed). Mandatory statutory provisions — in particular statutory retention periods under § 147 AO and § 257 HGB — remain unaffected.

Use of Cookies

Our website places cookies on your device. These are small text files used for various purposes. Some cookies are technically necessary for the website to function at all (necessary cookies). Others are required to perform certain actions or functions on the website (functional cookies). If we use third-party services on our website, e.g. to process payments, these companies may also place cookies on your device when you visit the website (so-called third-party cookies).
Where we use third-party cookies from other companies or for analysis purposes, we will inform you about this in general within this privacy policy and specifically in the further information on the individual cookies within our cookie banner (purpose, duration, technical information on the type of cookie, etc.). We also use our cookie banner to request your prior consent when you visit our website.
We have a legitimate interest in ensuring that our online services can be used by visitors without technical problems and that all desired functions are available to you. The storage of necessary and functional cookies on your device is therefore based on § 25(2)(2) TDDDG and Art. 6(1)(1)(f) GDPR.
All other cookies are used on the basis of § 25(1) TDDDG and Art. 6(1)(a) GDPR, provided you have given us your corresponding consent.
With regard to consents granted, you have the option at any time to change the decision you have made and to grant your consent retrospectively or to revoke it with effect for the future. The cookie and consent banner can be accessed at any time via the symbol (paper clip) that is permanently embedded in the bottom right of our website.
The use of the cookie banner is justified by our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR in the use of optimised consent management. The tool helps us, as the controller, to fulfil our legal obligations under the TDDDG and the GDPR as well as the CJEU case law on cookies. No overriding legitimate interests of the user that outweigh our interests are apparent.

Use of Third-Party Providers (Advertising, Analytics, Sales & Outreach, etc.)

We use the following third-party tools to analyse the behaviour of our website visitors, to display advertising to you or to offer other website functions. The use of these tools requires your prior consent pursuant to Art. 6(1)(1)(a) GDPR and § 25(1) TDDDG. We obtain this via the cookie banner (Cookie Bot by Usercentrics) on the relevant website. If you have given your consent to the use of one or more of the following services, various cookies will be used by third-party providers and data will be transmitted to the services. The consent may also include the transfer of certain personal data to third countries, including the USA, pursuant to Art. 49(1)(a) GDPR.
You may revoke any consents you have given at any time with effect for the future. To do so, please use our consent and cookie banner via the symbol (paper clip) that is permanently embedded in the bottom right of our website.

Loom Inc. (Embedding Video Content)

We use the service provider Loom Inc., headquartered at 140 2nd Street, 3rd Floor, San Francisco, United States, to embed videos (e.g. YouTube) on our website.
Various personal data is processed and transmitted to Loom in this context, including your IP address and technical usage data (e.g. videos watched, views, interest in content, timestamps).

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Loom privacy policy: https://www.atlassian.com/legal/privacy-policy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework, see https://www.atlassian.com/legal/privacy-policy#how-we-transfer-information-we-collect-internationally

LinkedIn

We use the service provider LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, to embed posts from the LinkedIn community on our website.
Various personal data is processed and transmitted to LinkedIn in this context, including your IP address, usage data (e.g. websites visited, interest in content, timestamps) and, where applicable, meta and communication data such as name, email, address or LinkedIn login.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy
* Basis for third-country transfer: Standard contractual clauses / EU–U.S. Privacy Framework
* Right to object / opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing

We use the service provider Xing.de, New Work SE, Am Strandkai 1, 20457 Hamburg, on our website. Xing is used in connection with the "Kununu" rating function and offers users the opportunity to submit ratings of Modell Aachen GmbH as an employer; your IP address is also processed for this purpose.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Xing privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Meta Platforms (Facebook)

We use the service provider Meta Platforms Ireland Limited ("Meta"), Merrion Road, Dublin 4, D04 X2K5, Ireland, and operate a "Facebook Page" for Modell Aachen GmbH.
Together with Meta, Modell Aachen GmbH is jointly responsible pursuant to Art. 26 GDPR for the collection or receipt, within the scope of a transmission, of data that Facebook collects via Facebook social plugins or within the Facebook Page, or receives within the scope of a transmission, for the following purposes:

1. Displaying content and advertising information that corresponds to the presumed interests of users;
2. Delivering commercial and transactional messages (e.g. addressing users via Facebook Messenger);
3. Improving ad delivery and personalising features and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of users).

We have entered into an agreement with Facebook pursuant to Art. 26 GDPR (see https://www.facebook.com/legal/controller_addendum), which in particular specifies the security measures Facebook must implement. In addition, Facebook has agreed to fulfil data subject rights under the GDPR in connection with the joint processing, i.e. requests for information and deletion.
Where Meta provides us with aggregated anonymous metrics, analyses and reports, this processing does not take place within the framework of joint controllership under Art. 26 GDPR, but on the basis of a data processing agreement pursuant to Art. 28 GDPR.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Meta privacy policy: https://www.facebook.com/privacy/policy/
* Basis for third-country transfer: Standard contractual clauses & EU–U.S. Data Privacy Framework

Microsoft Advertising (Bing Ads) – Conversion Tracking (UET)

We use Microsoft Advertising's conversion tracking (Universal Event Tracking, "UET") to measure the effectiveness of our ads in the Microsoft advertising network and to optimise our campaigns. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA). Microsoft acts as an independent controller in this context.

Microsoft UET

When you visit our website and/or after clicking on one of our Microsoft ads, a cookie or comparable technology is set via the UET tag and usage data is collected. Data processed includes in particular IP address, date/time, URL and referrer, user agent/browser and device information, screen resolution, pages visited and events/conversions defined by us (e.g. form submissions, purchases). Pseudonymous identifiers are used (e.g. uetsid, uetvid, where applicable _uetmsclkid for auto-tagging/MSCLKID) as well as Microsoft IDs on Bing domains (e.g. MUID). We receive exclusively aggregated, pseudonymous conversion reports; no directly identifying information. We do not use remarketing. If you are logged into Microsoft services, Microsoft may carry out cross-device attribution for its own purposes.

Microsoft Bookings (Appointment Booking Form)

For the purpose of organising, scheduling and conducting consultations with customers (in particular product updates), we use Microsoft Bookings, provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521.
As part of the appointment booking process, your IP address and the data you provide during booking are processed. This may include, among other things: name, telephone number, email address, preferred communication method or tool, date of appointment request and agreed appointment, reason for your enquiry or interests, and any free text you have added.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Microsoft privacy policy: Microsoft Privacy Statement – Microsoft Privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Google Analytics

We use the services of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google Analytics to measure and analyse the use of our web offering. For this purpose, we use a pseudonymous user identification number that does not contain any personal data such as names or email addresses. This identification number makes it possible to assign analytics information to a specific end device. We use Google Analytics to identify which content users have accessed during various sessions, which search terms you have used and how you have interacted with our web offering. We also record the scroll depth of users in order to optimise the relevance of our advertising. In addition, the time of use as well as further technical information about users' end devices and browsers is stored. Pseudonymous profiles are created that can combine information from the use of various devices. For EU users, Google does not log or store individual IP addresses. However, coarse geographic location data is derived by analysing IP address metadata. This includes city (and derived latitude and longitude), continent, country, region and sub-continent. For EU traffic, IP address data is used exclusively for the derivation of geolocation data and is then immediately deleted. It is not accessible to you and is not used for any further purposes. All IP queries are processed on EU-based servers before the data is forwarded to Analytics servers for processing.

Browser Plugin

You can prevent the storage of cookies by configuring your browser software accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, and the processing of such data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Google privacy policy: https://policies.google.com/privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Google AdWords and Google Conversion Tracking

We use the service Google AdWords. AdWords is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies expire after 30 days and are not used for personal identification of users. If a user visits certain pages of this website and the cookie has not yet expired, Google and we can recognise that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked across the websites of AdWords customers. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can opt out of this use by deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.
More information about Google AdWords and Google conversion tracking can be found in Google's privacy policy: https://www.google.com/policies/privacy/.
You can configure your browser to notify you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Google privacy policy: https://policies.google.com/privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Google Tag Manager

We use the Google Tag Manager service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool for managing cookies, conversion pixels and tracking codes on our website, enabling us to manage and control various codes on our website. These codes are stored in a dedicated container and are not integrated directly into the page's source code. The Google Tag forwards information collected on our website via cookies to the corresponding tools for further processing. The following types of data may be processed: IP address, browser information, information about the operating system, and information about page views and interactions such as page calls or clicks.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Google privacy policy: https://policies.google.com/privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Google Maps

We use the map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, via an API.
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. We have no influence over this data transfer.
The use of Google Maps is in the interest of presenting our online offerings in an appealing manner and making it easy to find the locations indicated on our website.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Google privacy policy: https://policies.google.com/privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Kickscale

Modell Aachen GmbH uses Kickscale for analysis purposes in presentations, a service provided by Kickscale GmbH, headquartered at Stella-Klein-Löw-Weg 8, A-1020 Vienna, Austria.
Kickscale is a software solution that we use to analyse various aspects of our pre-sales presentations. These include, among other things:

* Conversation analysis of the sales representative, and
* Summary of relevant information.

Each recording requires the consent of the prospective customer, which is requested at the beginning of each presentation. The tool is identified by the participant "Notes" in the meeting. Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time by unsubscribing from our subscriptions. The lawfulness of data processing operations already carried out remains unaffected by the revocation.
If you do not wish to be recorded by Kickscale in general, storage can be prevented at any time by providing appropriate notice. Further information on how Kickscale works can be found in the privacy policy of Kickscale GmbH.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* Kickscale privacy policy: https://app.kickscale.com/privacy

AI Telephone Assistant (fonio.ai)

To receive and respond to general enquiries, we use an AI-based telephone assistant. The provider is Fonio GmbH, Am Lokdepot 3, 10965 Berlin.

* Purpose: Automated handling of general caller enquiries (excluding existing customers/prospects). Your details are collected and analysed to respond to the enquiry.
* Legal basis: Our legitimate interest in efficient availability and provision of information (Art. 6(1)(f) GDPR).
* Recipients: The data is processed by Fonio GmbH on the basis of a data processing agreement (DPA).
* Details: Further information can be found at the Fonio privacy policy – Fonio Help Center.

HubSpot

Modell Aachen GmbH uses HubSpot on its websites for analysis purposes, a service provided by HubSpot Inc. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland.
HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among other things: email marketing, reporting, contact management (e.g. user segmentation & CRM), contact forms and live chat.
So-called "web beacons" are used and "cookies" are set, which are stored on your computer and enable us to analyse your use of the website. The information collected (e.g. IP address, geographic location, type of browser, duration of visit and pages accessed) is evaluated by HubSpot on behalf of Modell Aachen in order to generate reports on visits to and pages of the Modell Aachen website.
When our newsletter is subscribed to or forms are completed, we can use HubSpot to link a user's visits to Modell Aachen websites with their personal details (in particular name/email address) on the basis of consent given, thereby recording data on a personal basis and informing users individually and in a targeted manner about preferred subject areas.
Data processing is based on your consent (Art. 6(1)(a) GDPR). You may revoke this consent at any time by unsubscribing from our communications. We provide a corresponding link in every email message for this purpose. The lawfulness of data processing operations already carried out remains unaffected by the revocation.
If you do not wish to be tracked by HubSpot in general, the storage of cookies can be prevented at any time by adjusting your browser settings. Further information on how HubSpot works can be found in the privacy policy of HubSpot Inc.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* HubSpot privacy policy: http://legal.hubspot.com/privacy-policy
* Basis for third-country transfer: EU standard contractual clauses

YouTube

We use the service provider YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website to embed videos. In this context, your IP address and various usage data (depending on the type of use) are processed. This may include the following types of data: video views and watch time, click paths, usage intensity and frequency, information about devices used (MAC) and software used (e.g. operating system), or interactions with content and functions. In addition, the processing of inventory data (such as name or contact details) and content data (content such as texts, images or videos) is possible if the user shares such data.

* Legal basis: Consent, Art. 6(1)(1)(a) GDPR
* YouTube privacy policy: https://policies.google.com/privacy
* Basis for third-country transfer: EU–U.S. Data Privacy Framework

Use of Storylane

On our website we use Storylane, a service for embedding interactive product demos. It is used to give visitors a better insight into our software solutions and to improve the user experience.
When a page with an embedded Storylane demo is accessed, a connection to Storylane's servers may be established. Your IP address is transmitted and cookies may be set. Further information on data processing by Storylane can be found in the provider's privacy policy:
Storylane Inc., 2261 Market Street #4813, San Francisco, CA 94114, United States. Privacy policy: https://www.storylane.io/privacy-policy
The legal basis for use is Art. 6(1)(f) GDPR. Our legitimate interest lies in an appealing and informative presentation of our products.

lemlist (Automation of LinkedIn Communication)

We use the service provider lemlist, a solution of lempire SAS, 128 rue La Boétie, 75008 Paris, France, to automate and manage our direct communication campaigns on the LinkedIn platform (social selling/outreach).
In this context, personal data that we use to conduct the campaigns (e.g. from our CRM database or from public LinkedIn profiles) is transmitted to and processed by lemlist.
Categories of data processed include, among others: name, job title, company name, LinkedIn profile URL, communication content and interaction times. The data is also synchronised with our HubSpot CRM.
Legal basis: Legitimate interest (Art. 6(1)(1)(f) GDPR) for the purpose of conducting effective B2B sales activities.
Data processing agreement: lempire SAS acts as our data processor pursuant to Art. 28 GDPR. We have entered into a corresponding data processing agreement (DPA).
Basis for third-country transfer: Within the EU (France). Any transfers to third countries by lemlist are secured by the DPA and standard contractual clauses (SCCs).
Right to object / opt-out: You may object to the processing at any time. An opt-out is provided in every direct message.

bunny.net – Provision and Hosting of Video Content

We use the service provider Bunny Way d.o.o., Cesta v Mestni log 88, 1000 Ljubljana, Slovenia, to host and deliver videos on our website in a performant and secure manner.
Various personal data is processed and transmitted to bunny.net in this context, including your IP address, technical usage data (e.g. videos watched, views, playback duration, interest in content, timestamps) as well as browser and device information.
Legal basis: Profiling, tracking and the reading/storing of information on your end device are based on your consent pursuant to § 25(1) TDDDG in conjunction with Art. 6(1)(1)(a) GDPR.
bunny.net privacy policy: https://bunny.net/privacy/
Basis for third-country transfer: bunny.net operates a global Content Delivery Network (CDN). Although the contractual partner's registered office is in Slovenia (EU), the forwarding of data to third countries (such as the USA) cannot be entirely excluded. In such cases, the transfer and safeguarding of data processing is based on EU standard contractual clauses.

Apollo

We use the service provider apollo.io, a solution of Apollo, Inc., 548 Market St #82804, San Francisco, CA 94104, USA, to enrich contact data processed via our website.
For this purpose, personal data we receive from users of our website is transmitted to apollo.io and enriched there with additional information.
Categories of data processed include, among others: name and email address. The enriched data is also integrated into HubSpot CRM.
Legal basis: Legitimate interest (Art. 6(1)(1)(f) GDPR) to improve our B2B sales activities and to provide more relevant content.
Data processing agreement: Apollo, Inc. acts as our data processor pursuant to Art. 28 GDPR. A corresponding data processing agreement (DPA) has been concluded.
Basis for third-country transfer: Transfer to the USA. Such third-country transfers are secured by the DPA and standard contractual clauses (SCCs) to ensure an adequate level of data protection.
Right to object / opt-out: You may object to the processing of your data at any time.

Retention Period for Personal Data / Criteria for Determining the Retention Period

Unless otherwise stated, we delete personal data once its storage is no longer necessary for the provision of our services and where no legitimate interests on our part or statutory retention obligations (e.g. § 147 German Tax Code, § 257 German Commercial Code) prevent deletion.

Recipients of Data; No Unauthorised Disclosure to Third Parties

We treat personal data with the utmost care. We only transfer data to third parties where this is necessary for the fulfilment and processing of contractual relationships entered into, where you have given us your consent, or where disclosure is otherwise permitted under applicable legal provisions.
We engage various service providers as so-called data processors within the meaning of Art. 28 GDPR, who, like us, are subject to the provisions of European data protection law and whom we have obligated accordingly.

Protection of Personal Data

We protect both our website and the data stored within our area of responsibility against loss, destruction, unauthorised access, alteration or publication by unauthorised persons through a combination of technical and organisational measures in accordance with the current state of the art. The input and transmission of personal data are encrypted using the SSL (Secure Socket Layer) method.

What is SSL?

A website encrypted with SSL transmits personal data to the server in encrypted form, making it impossible for third parties to intercept or read it. Our identity is verified by a certificate. Depending on your browser, you can recognise a secure connection by the green address bar and/or the padlock symbol. By clicking on the padlock or the green address bar, you can read our online identity verification.

What does SSL do?

The encryption of the transmission means you can be confident that the data you enter can only be read by us. The green address bar indicates that you are connected to our server and that it is not a third-party site.

Rights of Data Subjects

You have the following rights with regard to personal data concerning you:

* Right of access pursuant to Art. 15 GDPR,
* Right to rectification or erasure pursuant to Art. 16 GDPR and Art. 17 GDPR,
* Right to restriction of processing pursuant to Art. 18 GDPR,
* Right to data portability pursuant to Art. 20 GDPR,
* Right to object to processing pursuant to Art. 21 GDPR.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data. The competent authority is:
Landesbeauftragte für den Datenschutz Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Email: poststelle@ldi.nrw.de

Objection to Processing; Revocation of Consents

If you have given consent to the processing of your data, you may revoke it at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it.
Where the processing of your personal data is based on a balancing of interests pursuant to Art. 6(1)(f) GDPR, you may object to the processing. When exercising such an objection, we ask you to explain the reasons why your personal data should not be processed in the manner carried out. In the event of your justified objection, we will review the situation and will either cease or adjust the data processing, or demonstrate to you the compelling legitimate grounds on the basis of which we will continue the processing.
You may object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can inform us of your objection using the contact details listed under Controller.

Questions and Comments; Changes to the Privacy Policy

If you have any questions or comments about data protection, please contact us using the keyword "Data Protection".
The ongoing development of the internet also affects our data protection strategy. We therefore reserve the right to adapt this privacy policy at regular intervals to reflect the underlying processes. We will inform those affected of any changes to the privacy policy via our website.

Data Protection at Events

Event Management via pretix

For the registration, ticket booking and participant organisation of our event "Beyond", we use the software pretix provided by pretix GmbH, Berthold-Mogel-Str. 1, 69126 Heidelberg, Germany. pretix processes your data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. During registration and booking, the following data is processed in particular: name, email address, order data (selected tickets/products) and, where applicable, payment data depending on the payment method chosen. In addition, technical data is generated (e.g. IP address in server logs), which is stored for a maximum of 90 days. pretix uses cookies that are technically necessary for the ordering and registration process. All data is processed exclusively on servers in Germany. No transfer to third countries takes place.

* Legal basis: Performance of contract, Art. 6(1)(1)(b) GDPR
* pretix privacy policy: https://pretix.eu/about/en/privacy
* Third-country transfer: None – all data remains in Germany

Data Protection in the Application Process at Modell Aachen GmbH

Below you will find supplementary information on the processing of your personal data in the application process at Modell Aachen GmbH. With regard to the mandatory information pursuant to Art. 13(1) and (2) GDPR, we refer you to Part A of this privacy policy.
We offer you the opportunity to apply to us (e.g. by email, post or via an online application form). Below we inform you about the scope, purpose and use of your personal data collected in the course of the application process. We assure you that the processing of your data is carried out in compliance with applicable data protection law and all other statutory provisions, and that your data will be treated with strict confidentiality.
In the context of the application process, we use the service provider EVERYDAY SOFTWARE, S.L., headquartered at Calle Alaba, 61 5º-2ª, 08005, Barcelona, Spain, as a data processor pursuant to Art. 28 GDPR.

Nature, Scope and Purpose of Data Collection in the Application Process

When you submit an application to us, we process the personal data associated with it (e.g. contact and communication data, application documents, notes made during interviews, etc.) to the extent necessary for the decision on establishing an employment relationship. The legal basis for this is Art. 6(1)(1)(b) GDPR in conjunction with § 26(1)(1) BDSG. Your personal data is shared within our company exclusively with those persons involved in processing your application.
If the application is successful, the data you have submitted will be stored in our data processing systems on the basis of Art. 6(1)(1)(b) GDPR in conjunction with § 26(1)(1) BDSG for the purpose of carrying out the employment relationship.

Retention Period for Data

If we are unable to make you a job offer, you decline a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and physical application documents destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place once the purpose for further retention no longer applies. Retention therefore serves in particular as evidence in the event of legal proceedings, cf. § 61b(1) ArbGG in conjunction with § 15(4) AGG.
Longer retention may also take place if you have given your corresponding consent (Art. 6(1)(1)(a) GDPR) or if statutory retention obligations prevent deletion.

As of: 27 May 2026