Datenschutzerklärung

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. This privacy policy applies to our website, which is available under this domain and the various sub-domains (“our website”).

Objection to promotional emails
The use of contact details published on the website as part of the legal notice, the data protection notice and other contact details published on the website to send unexpressly requested advertising and information material is hereby rejected. The operators of the sites expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.

Who is responsible and how can I contact you?
Responsible person for processing personal data within the meaning of the EU General Data Protection Regulation (GDPR)

ScaleITS GmbHJeschkenstrasse 9
82538 Geretsried
‍
What is it about?
This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behavior when visiting a website. Information that we are unable to identify you personally (or only with disproportionate effort), e.g. through anonymization, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose. Stored personal data is deleted as soon as the purpose of processing has been achieved and there are no legitimate reasons for continuing to store the data. In the individual processing processes, we will inform you about the specific storage periods and criteria for storage. Irrespective of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are legal storage obligations.

Who receives my data?
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal data with third parties if:
‍
- you have given us your express consent to do so in accordance with Article 6 (1) (a) GDPR,
- the transfer is permitted in accordance with Article 6 (1) (f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not sharing your data,
- in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
- this is permitted by law and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.
‍
In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded order processing agreements based on the European Commission's standard contractual clauses.
If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as a legal basis for transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR. Personal data may be transferred to the USA as part of the processing operations described in this privacy policy. In particular, US investigative authorities may oblige US companies to surrender or disclose personal data without the data subjects being able to take effective legal action against this. In principle, this means that your personal data may be processed by US investigative authorities. We have no influence on these processing activities. Data is transferred to the USA in accordance with Article 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under EU-U.S. DPF), we have agreed on other appropriate guarantees with the recipients of the data within the meaning of Art. 44 et seq. of the GDPR. Unless otherwise stated, these are standard contractual clauses issued by the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021.
A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE view. If the standard contractual clauses are not sufficient to establish an adequate level of security or it is not possible to conclude the standard contractual clauses, your consent may serve as the legal basis for the transfer in accordance with Art. 49 para. 1 lit. a) GDPR.

Do you use cookies?
Cookies are small text files that are sent by us to the browser of your device as part of your visit to our website and stored there. As an alternative to using cookies, information can also be stored in your browser's local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses so that, for example, we are able to recognize the browser you are using when you visit our website again and to transmit various information to us (unnecessary cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example, by tracking your use of our website and determining your preferred settings (such as country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot execute programs and do not contain viruses. We will inform you about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in the consent manager of this website.

What rights do I have?
Under the requirements of the legal provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Correction of incorrect or incomplete data stored by us in accordance with Art. 16 GDPR;
- Deletion of data stored by us in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Restriction of processing in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR.
- Data portability Art. 20 DSGVO, insofar as you have provided us with personal data as part of a consent in accordance with Art. 6 para. 1 lit. a DSGVO or on the basis of a contract in accordance with Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another person responsible, insofar as this is technically feasible.
- Art. 21 GDPR objection to the processing of your personal data, insofar as this is based on Article 6 (1) (e, f) GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct marketing. The right to object does not exist if overriding, compelling legitimate reasons for processing are proven or if processing is carried out to assert, exercise or defend legal claims. Insofar as the right to object to individual processing operations does not exist, this is stated there.
- Withdrawal of your consent, Art. 7 (3) GDPR, with effect for the future.
- Complaint Art. 77 GDPR with a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?
Below, we will inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the website
‍
Nature and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Purpose and legal basis
Processing is carried out to protect our overriding legitimate interest in viewing our website and ensuring security and stability on the basis of Art. 6 para. lit. f DSGVO. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to processing due to the exception under Article 21 (1) GDPR. Insofar as further storage of log files is required by law, processing is carried out on the basis of Art. 6 para. 1 lit. c DSGVO. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage period
The above data is stored for the duration of viewing the website and — for technical reasons — for a maximum of 31 days.

contact form
‍
Nature and scope of processing
When you contact us (e.g. via contact form or email), personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. In addition, you can voluntarily provide additional information that, in your opinion, is necessary to process the contact request. When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis
The legal basis for processing your personal data in this application process is primarily Art. 6 para. 1 lit. b) GDPR. According to this, the processing of data necessary in connection with the decision to establish an employment relationship is permitted. This includes, if available, the use of the online applicant portal. If special types of personal data are processed within the meaning of Article 9 GDPR (e.g. health data), the legal basis is Section 26 (3) BDSG or Article 9 (2) lit. b) GDPR in conjunction with Article 6 (1) (b) GDPR. If your application documents are passed on to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Article 6 (1) sentence 1 lit. a GDPR in conjunction with Section 26 (2) BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage period
If you use the contact form on the basis of your consent, we store the data collected for each request for a period of three years, starting with the processing of your request or until you withdraw your consent. If you use the contact form as part of a contractual relationship, we store the collected data for each request for a period of three years from the end of the contractual relationship.

Contact form for applicants

Nature and scope of processing
We collect and process the personal data of applicants. Appropriate data processing can also be carried out electronically, for example when applicants submit application documents to us by e-mail or via a web form on our website. On our website, we offer you to send us applications for advertised job offers by e-mail. Your data will also only be stored in an applicant database in addition to the current application process if you have given us your separate consent to do so. The purpose and legal basis for processing your personal data in this application process is primarily Art. 6 para. 1 lit. b) GDPR. According to this, the processing of data necessary in connection with the decision to establish an employment relationship is permitted. This includes, if available, the use of the online applicant portal. If special types of personal data are processed within the meaning of Article 9 GDPR (e.g. health data), the legal basis is Section 26 (3) BDSG or Article 9 (2) lit. b) GDPR in conjunction with Article 6 (1) (b) GDPR. If your application documents are passed on to third parties, in particular to companies associated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Article 6 (1) sentence 1 lit. a GDPR in conjunction with Section 26 (2) BDSG. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information.

Storage period
Applicants' data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will add your data to our pool of applicants. There, the data is deleted after 24 months.

Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks listed below in order to also provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you which data we or the respective social network process about you in connection with accessing and using our fan pages/accounts.

Data that we process from you
If you would like to contact us via messenger or via direct message via the respective social network, we usually process your username, which you use to contact us, and may store further data provided by you insofar as this is necessary to process/respond to your request. The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary to protect the legitimate interests of the person responsible).

(Static) usage data that we receive from social networks
Through Insights functionalities, we receive automatically provided statistics regarding our accounts. The statistics include the total number of page views, likes, information on page activity and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers. The statistics only contain aggregated data that is not related to individual persons. This does not identify you. Based on the statistical information provided, it is not possible for us to draw conclusions about individual users. We only use these to be able to respond to the interests of our users and to continuously improve our online presence and ensure the quality of it.

What data do social networks process about you
In order to be able to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network. When you access the respective social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data to be able to display the website to you) and use cookies and similar technologies over which we have no influence. Details can be found in the privacy policy of the respective social network (see the corresponding links above) If you want to interact with the content on our fan pages/accounts, e.g. comment on, share or like our postings/contributions and/or want to contact us via messenger functions, prior registration with the respective social network and the provision of personal data is required. We have no influence on data processing by social networks within the framework of use by you. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also to analyze usage behavior (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by social networks outside the EU/EEA and passed on to third parties. Due to the fact that the actual data processing is carried out by the social network provider, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). Appropriate rights are therefore most effectively asserted directly vis-à-vis the respective provider.

Purpose and legal basis
We only collect your data via our profile to make it possible to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information provided by you “publicly”. Your personal data is processed for our purposes mentioned above on the basis of our legitimate business and communication interest in offering an information and communication channel in accordance with Art. 6 para. 1 f) GDPR. Should you, as a user, have given the respective social network provider consent to data processing, the legal basis for processing extends to Art. 6 para. 1 a), Art. 7 GDPR.

Instagram page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this under the following link (Note: by clicking on the following link, you will be taken to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the Instagram social network): https://facebook.com/help/pages/insights.Together with Instagram, we are responsible for the personal content of the fan page. Data subject rights can be claimed with Meta Platforms Ireland Ltd. and with us.According to GDPR, Instagram and Instagram fulfills all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. makes the essence of the Page Insights supplement available to data subjects.We do not make any decisions regarding the processing of insights data and the storage period of cookies on user devices.Further information can be found directly on Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.For more information on, among other things, the exact scope and purposes of processing your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please see Instagram's privacy policy/cookie policy (note: by clicking on the following link, you can access the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be found in the help section of the Instagram website via the following link:
https://help.instagram.com/581066165581870The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

‍technique

SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that there is “https://” in the browser address line instead of “http://” and by the lock icon in your browser line. If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Google Analytics

Nature and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service to statistically evaluate our online offering. This includes, for example, the number of times our online offer has been visited, and the length of time visitors spend. Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the Google Analytics privacy policy: https://policies.google.com/privacy.

Google Maps

Nature and scope of processing
We use the Google Maps map service to create route descriptions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website. When you access this content on our website, you connect to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, which transmits your IP address and, if applicable, browser data such as your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google Maps.

Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data is transferred to the USA in accordance with Article 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The participating US companies and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under EU-U.S. DPF), we have agreed on other appropriate guarantees with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses issued by the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. A copy of these standard contractual clauses can be found at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE In addition, before such a transfer to a third country, we obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a. GDPR, which you give via consent in Consent Manager (or other forms, registrations, etc.). We would like to point out that third-party transfers may involve risks that are unknown in detail (e.g. data processing by third country security authorities, the exact scope and consequences for you, over which we have no influence and of which you may not become aware of).

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the privacy policy for Google Maps: https://policies.google.com/privacy.

Google Tag Manager

Nature and scope of processing
We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the exact integration of services on our website. This allows us to flexibly integrate additional services to evaluate user access to our website.

Purpose and legal basis
Google Tag Manager is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. For more information, please see the Google Tag Manager privacy policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

LinkedIn Ads
Type and scope of processingWe have integrated LinkedIn Ads on our website. LinkedIn Ads is a service provided by LinkedIn Corporation that shows users targeted advertising. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and return usersRecognizeen. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. LinkedIn Ads also delivers targeted advertising based on behavioral profiles and geographical location. Your IP address and other identification features, such as your user agent, are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, USA. Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be combined with you as a natural person, but are used, for example, for segmentation when displaying advertisements.

Purpose and legal basis
LinkedIn Ads are used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by LinkedIn Corporation. For more information, please see the LinkedIn Ads privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

ScoreApp

Nature and scope of processing
We use the “ScoreApp” tool from Hyper Targeted Marketing Limited. ScoreApp is a quiz funnel tool from Hyper Targeted Marketing Limited C/O Hillier Hopkins LLP First Floor, Radius House, 51 Clarendon Road, Watford, United Kingdom, WD17 1hp.Scoreapp is used to determine your needs with the help of a quiz. While using the tool, we automatically collect some information, e.g. using cookies, to collect data about what actions users perform. To send you the result, enter the requested data in the mask provided. The data entered will only be used to evaluate and provide your results. Generated leads are transferred to our ERP system.

Purpose and legal basis
ScoreApp is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.

Storage period
The data you have entered will remain in our database until you request us to delete it or until the purpose of data storage ceases to apply. Mandatory legal provisions — in particular retention periods — remain unaffected. For more information, see the ScoreApp privacy policy: https://www.scoreapp.com/privacy-policy/

‍TeamViewer
‍
Nature and scope of processing
We have integrated components of the TeamViewer customer communication platform on our website. TeamViewer is a service provided by TeamViewer Germany GmbH and offers web-based solutions for remote connections, collaboration and support.TeamViewer is used to perform remote maintenance in the event of problems as part of our customer support. When you access this content, you connect to servers of TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany, which transmits your IP address and, if applicable, browser data such as your user agent. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of TeamViewer. If we should become aware of personal data as part of remote maintenance, this is done solely to provide the service you have requested and not to process the data on your behalf. We do not store such data and we maintain data secrecy for it. If we are to process personal data on your behalf using TeamViewer, we ask you to conclude an order processing contract beforehand.

Purpose and legal basis
The service is used on the basis of the execution or fulfilment of a concluded contract in accordance with Art. 6 para. 1 lit. b. GDPR, or on the basis of our legitimate interests, i.e. interest in increasing customer satisfaction and the optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by TeamViewer Germany GmbH. You can find further information in the TeamViewer privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/

stand: May 2026

Data protection