Get in Touch
MenuClose

Variowell Development GmbH (hereinafter: "Variowell", "we", "us" or "our") takes its responsibility for data protection and information security seriously. The careful handling of personal data is the basis for our procedures and processes.

With this privacy policy, we would like to inform you about the processing of your personal data in connection with your visit and use of this website and our social media presence as well as the associated use of our services. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

As a company with a presence in different regions of the world, we are subject to different data protection regulations in the countries in which we operate. In our global operations, we take as consistent an approach as possible to protecting your data, which is always in accordance with the applicable law. However, the specific requirements, rights and obligations regarding the handling of personal data may vary from location to location depending on the applicable law.

The following information on data processing sets out what applies in the area of the European General Data Protection Regulation (GDPR). If we operate in countries outside the European Union or in countries where the GDPR does not apply (such as the USA), these descriptions, rights and obligations and limitations of scope do not necessarily apply. In particular, this Privacy Policy does not create any rights and obligations that go beyond what applies under the applicable local data protection regulations.

This Privacy Policy does not exempt you from complying with the requirements of the applicable law, nor does it replace it. In the event of a conflict between a provision or regulation of an applicable law and a provision of this Privacy Policy, the former shall prevail.

I. General information on data processing

This general data protection information applies to all online offerings of Variowell Development GmbH. This includes websites, functions and content as well as external online presences, such as our social media profiles. In addition to general information and mandatory information, we have compiled additional individual data protection information for other individual offers for you. There we inform you, among other things, about offer-specific data processing procedures as well as about the cooperation with external service providers who provide services for us under our strict control.

(1) Responsible body within the meaning of data protection law within the scope of the GDPR:

Variowell Development GmbH

Managing Director Tobias Kirchhoff

Fridtjof-Nansen-Weg 5a

48 155 Münster

Tel: +49 (0)251 2031 989-0

E-mail contacteu@variowell-development.com

Internet https://variowell-development.de

(2) You can contact our data protection officer at datenschutz@variowell-developement.com or via our postal address (see above) with the addition "Data Protection Officer".

(3) We only process our users' personal data to the extent necessary to provide a functional website and our other online offers, content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

(4) Legal basis for the processing of personal data: Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

(5) The personal data of the data subject shall be erased or blocked as soon as the purpose of storage ceases to apply. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

(6) In principle, we do not pass on any personal data to third parties without your express consent. If we nevertheless disclose your data to third parties in the course of processing, transfer it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal bases. For example, we transmit data to payment service providers if this is necessary for the fulfillment of the contract. If we are obliged to do so by law or by court order, we must transfer your data to authorities entitled to receive information. In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers as part of so-called order processing, this is done on the basis of Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us. We only commission processors who offer sufficient guarantees that suitable technical and organizational measures are taken to ensure that the processing is carried out in accordance with the requirements of data protection legislation and guarantees the protection of your rights.

(7) The GDPR guarantees the same high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area as part of the use of third-party services.  We will only allow your data to be processed in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. As a rule, we will request your consent in accordance with Art. 49 GDPR. Alternatively, your data may be processed on the basis of special guarantees, such as the EU Commission's officially recognized determination of a level of data protection corresponding to the EU or compliance with officially recognized special contractual obligations, the so-called "standard contractual clauses".

(8) We do not use automated decision-making or profiling.

(9) Due to the further development of our website, legal changes, the expansion of our services and the implementation of new technologies, it may become necessary to amend this data protection notice with effect for the future. We therefore recommend that you read the data protection information again from time to time.

II. Your rights

(1) You have the following rights vis-à-vis us with regard to your personal data:

Right to information,

Right to rectification or erasure,

Right to restriction of processing,

Right to object to the processing,

Right to data portability,

insofar as these rights are not restricted by statutory provisions.

(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The supervisory authority responsible for Variowell Development GmbH is

Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-mail: poststelle@ldi.nrw.de

(3) Revocation or objection to the processing of your data: If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of your objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to send us your objection to advertising is to use the contact details given above. 

III. Processing of personal data when visiting our website

  1. Data processing for informational use 

(1) When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us.

  • IP address

  • Date and time of the request

  • Time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (page visited)

  • Access status/HTTP status code

  • Amount of data transferred in each case

  • Website from which the request comes

  • Browser

  • Operating system

  • Language and version of the browser software

(2) The data is stored in the log files of our system. This data is stored in order to ensure the functionality of the website and the security of the information technology systems. It is not stored together with other personal data.

(3) The storage of information in the user's terminal equipment or access to information is carried out in accordance with § 25 (2) TTDSG. Data processing is carried out on the basis of our legal obligation to ensure IT security in accordance with Art. 6 para. 1 lit. c GDPR in conjunction with Art. 32 GDPR. Art. 32 GDPR or on the basis of Art. 6 para. 1 lit. f GDPR.

(4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

  1. Processing of data from your end devices ("cookies")

(1) In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which may be stored on your end device.

(2) When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set. In the following, we first describe cookies from a technical perspective before going into more detail about your individual choices by describing technically necessary cookies and cookies that you can voluntarily select or deselect.

(3) Technical description: Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:

  • Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the shared session and your computer can be recognized when you return to our website.

  • Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.

  • Other technologies: These functions are not based on cookies, but on similar technical mechanisms, HTML5 objects or an analysis of your browser settings. As a result, we may also use the technologies described below. Here, too, you can of course consent or object.

(5) Required cookies: Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with. § 25 para. 2 no. 2 TTDSG.

(6) Optional cookies if you give your consent: We only set various cookies with your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with. § 25 para. 1 TTDSG. You can withdraw your consent at any time without this affecting the lawfulness of processing up to the time of withdrawal.

(7) If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. Please note that if you delete all cookies, any opt-out cookies that have already been set will also be deleted, meaning that you will have to declare your objection again.

  1. Web analytics

Matomo

(1) On this website, we use the web analysis service Matomo to analyze and check the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.

(2) We operate Matomo in a version that does not require cookies. This means that no Matomo cookies are stored on your computer for the purpose of web analysis. To analyze website usage, your IP address and information such as timestamps, websites visited and your language settings are recorded. We store the information collected in this way on our server.

(3) This website uses Matomo with the extension "anonymizeIP". This means that IP addresses are further processed in abbreviated form and cannot be directly linked to individuals. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) You can prevent the use of Matomo by unchecking the following box to activate the opt-out plug-in (Matomo iFRame). In this case, an opt-out cookie is stored in your browser, which prevents Matomo from storing user data. If you delete your cookies, the Matomo opt-out cookie will also be deleted. The opt-out must be reactivated when you visit our site again.

The Matomo program is an open source project. Information from the third-party provider on data protection can be found at matomo.org/privacy-policy/.

Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

(2) Scope of processing: Google Analytics uses cookies that enable your use of our website to be analyzed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. We use the 'anonymizeIP' function (so-called IP masking): Due to the activation of IP anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your visit to the website, the following data is recorded: the pages you have accessed, your "click path", achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases, etc.). newsletter registrations, downloads, purchases), your user behavior (e.g. clicks, dwell time, bounce rates), your approximate location (region), your IP address (in abbreviated form), technical information about your browser and the end devices you use (e.g. language setting, screen resolution), your Internet provider, the referrer URL (via which website/advertising medium you came to this website).

(3) Purposes of processing: On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

(4) Recipient of the data: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as processor. We have concluded a data processing agreement with Google for this purpose. Google LLC, based in California, USA, and, if applicable, US authorities can access the data stored by Google.

(5) Transfer to third countries: A transfer / disclosure of data to the USA cannot be ruled out. We expressly point out that there is a residual risk, which we as the client cannot eliminate, that US security authorities may access the data.

(6) Storage period: The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by either not giving your consent to the setting of cookies or by downloading and installing the browser add-on to deactivate Google Analytics (available at https://tools.google.com/dlpage/gaoptout?hl=de).

You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites.

(7) Demographic characteristics in Google Analytics: This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section "Objection to data collection".

Google Ads

(1) We use Google Ads to draw attention to our offers with the help of advertisements. If you access our website via a Google ad, Google Ads will store a cookie on your device. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent.

(2) The advertising material is delivered by Google via so-called "ad servers". For this purpose, we and other websites use so-called ad server cookies, through which certain parameters for measuring success, such as the display of ads or clicks by users, can be measured. We can obtain information about the success of our advertising campaigns via the Google Ads cookies stored on our website. These cookies are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that a user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

(3) The cookies set by Google enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer so that the cookies cannot be tracked via the websites of other Ads customers. By integrating Google Ads, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out your IP address and store it.

(4) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We ourselves do not independently collect personal data in the aforementioned advertising measures, but only provide Google with the opportunity to collect the data. We only receive statistical evaluations from Google, which provide information on which advertisements were clicked on how often and at what prices. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information.

(5) You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. The easiest way to revoke your consent is via our Consent Manager or via the following functions: aa) by setting your browser software accordingly, in particular by suppressing third-party cookies so that you do not receive any ads from third-party providers; bb) by setting your browser to block cookies from the domain "www.googleadservices.com", google.de/settings/ads, whereby this setting will be deleted if you delete your cookies; cc) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link aboutads.info/choices, whereby this setting will be deleted if you delete your cookies; dd) by permanently deactivating them in your Firefox, Microsoft Edge or Google Chrome browsers under the link google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this website to their full extent.

(6) Further information on data protection at Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland, can be found here: Terms of use google.com/analytics/terms/en.html, overview of data protection: google.com/intl/en/analytics/learn/privacy.html, and the privacy policy: google.de/intl/en/policies/privacy.

Google Conversion Tracking

(1) We use Google Ads with the additional application "Google Conversion Tracking". This is a procedure with which we can check the success of our advertising campaigns. For this purpose, the advertisements are provided with a technical provision, e.g. an ID, with which we can determine how a user interacts after clicking on the advertisements and whether one of our services is actually used. This provides us with statistical information about the total number of readers of our ads, which ads are particularly popular and, if applicable, further information about the consequences of the ad.

(2) The legal basis for the processing of your data in this respect is also Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent. You can prevent or stop using the conversion tracking function in the same way as described above for Google Ads.

Google Remarketing

(1) We use Google Ads with the additional application "Google Remarketing". This process enables us to create advertisements based on existing information about you and to address you again when you continue to use the Internet. This is done by means of cookies set when you visit our website (usually through cookies), which Google uses to record and pseudonymize your usage behavior when you visit various websites. According to its own statements, Google does not merge the data collected in the context of remarketing with your personal data, which may be stored by Google. In particular, according to Google, pseudonymization is used for remarketing.

(2) The legal basis for the processing of your data in this respect is also Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent. You can prevent or stop using the remarketing function in the same way as described above for Google Ads.

Google reCAPTCHA

To protect our contact forms, this website uses the reCAPTCHA service provided by Google Inc ("Google"). The reCaptcha function is a security function that protects our website from hacker attacks and spam.

We use the Google service reCaptcha to determine whether a person or a computer makes a certain entry in our contact or newsletter form and is only activated at this point.

Google uses the following data to check whether you are a human or a computer:

  • IP address of the end device used,

  • the website/form that you visit with us and on which the captcha is integrated,

  • the date and duration of the visit,

  • the identification data of the browser and operating system type used,

  • Google account if you are logged in to Google,

  • Mouse movements on the reCaptcha areas and tasks where you have to identify images.

Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM.

Google has certified itself under the EU-US Data Privacy Framework and has agreed to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.de/intl/de/privacy

  1. Further functions and offers of our website

Newsletter

(1) You can subscribe to one or more free newsletters on our website, which we use to inform you regularly about current developments.

(2) As part of the registration process, your consent is obtained for the processing of the data and reference is made to this privacy policy. We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. Your confirmation must be sent promptly after we send the e-mail, otherwise your registration and e-mail address will be deleted from the service provider's database. Our newsletter service will not accept any further registrations at this e-mail address until you have confirmed your registration. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted. We store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.


 (3) The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR (consent). The IP address and the time are processed on the basis of Art. 6 para. 1 s. 1 lit. c GDPR in conjunction with. Art. 5 para. 2 GDPR (accountability / proof of consent).

(4) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by sending an e-mail to newsletter@variowell-development.com, by clicking on the link provided in every newsletter e-mail or in writing by sending a message to the contact details given in the imprint.

(4) If you have a customer relationship with us and we have received your electronic mail address in connection with the sale of products and services or the provision of services free of charge (e.g. white papers for download), we may subsequently use this address to send you an information e-mail, i.e. without your express prior consent. In such a case, only direct advertising for our own similar goods or services will be sent. The legal basis in this case is Art. 6 para. 1 lit. f GDPR i.V.m. § Section 7 (3) UWG. You can request to no longer receive such information emails from us at any time. You can declare your revocation by clicking on the link provided in every newsletter e-mail or in writing via the contact details in the imprint.

(5) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process will generally be deleted after a period of seven days.

Contact forms / e-mail contact

(1) There are contact forms on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. If you contact us via the aforementioned forms, the following data may be stored in addition to the data fields specified there at the time the message is sent: Date and time of registration, date and time of the request, IP address at the time of the request, date and time of confirmation, anonymized hash value of the IP address. Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation.

(2) The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. a GDPR (consent) or Art. 6 para. 1 lit. e GDPR or Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

(3) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

(4) The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time in the same way. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

Online offers on social media platforms

(1) We offer online services on various social media platforms in order to provide information there and to be able to contact you. We operate these offerings with the service providers listed below:

YouTube (service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

LinkedIn (service provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Instagram (service provider Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Central Harbour, Dublin 2, Ireland)

What information the social media platform receives and how it is used is described by the providers in their privacy policies. There you will also find information about contact options:

YouTube: https://policies.google.com/privacy?hl=de

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Instagram: https://privacycenter.instagram.com/policy

Further information on social networks and how you can protect your data can also be found at www.youngdata.de.

(2) When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. We have no influence on the processing of personal data by the respective platform operator. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the data protection declarations of the respective operator. As a rule, when you visit our social media offerings, the platform operator stores cookies in your browser in which your usage behavior and interests are stored for market research and advertising purposes. The platform operators use the usage profiles obtained in this way, usually across all devices, to show you personalized advertising. Data processing may also affect people who are not registered as users with the respective social media platform. Your data may be processed outside the European Union, which may make it more difficult to enforce your rights. However, when selecting such social media platforms, we ensure that the operators undertake to comply with EU data protection standards. The processing of your personal data when you visit one of our social media offerings is based on our legitimate interests in a diverse external presentation and the use of an effective information option as well as communication with you. The legal basis for this is the consent you have given to your platform operator in accordance with Art. 6 para. 1 lit. a GDPR. Detailed information on data processing in connection with the use of our social media offerings, opt-out options and the assertion of information rights can be found in the privacy policy of the respective platform operator.

(3) We use the technical platform and services of the providers for these information services. We would like to point out that you use our presence on the social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.

(4) The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. The aforementioned providers have certified themselves under the EU-US Data Privacy Framework and we have concluded the standard data protection clauses with the companies. We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track how you have moved around the network. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to tailor content or advertising to you. If you want to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies on your device and restart your browser.

(5) As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the presentation of our services and offers via the social media channels and communication with users.

(6) To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about profiling and the processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to the contact details provided by us above.

Social media buttons

Usually, the button solutions provided by the social networks (such as the Like button on Facebook) already transfer personal data to the respective social network when a user visits a website in which a social media button has been integrated.

This is not the case with us. If we use functions such as the Like button, we do not use plug-in buttons, but merely display icons. These refer to the corresponding social media platforms via an external link as soon as you click on them. You are only actively connected to the respective platforms when you yourself become active by clicking on them and, if necessary, log in to the respective platform. A transfer of personal data due to the integration of the icons to the social media platforms by calling up our website or other online offers does not take place.

Google Maps

This website uses Google Maps from Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland to display interactive maps and to provide directions. By using Google Maps, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, may be transmitted to Google in the USA.

When you access a web page on our website that contains Google Maps, your browser establishes a direct connection with Google's servers. The map content is transmitted by Google directly to your browser, which integrates it into the website. We therefore have no influence on the scope of the data collected by Google in this way (including personal data) and therefore cannot accept any responsibility for this. To the best of our knowledge, this is at least the following data Protocol data (in particular the IP address), date and time of the visit to the website in question, Internet address or URL of the website accessed, (start) address entered as part of route planning (location information), cookies and similar technologies

If you are logged into your Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings. You can prevent this data from being added directly by logging out of your Google account or by making the appropriate account settings in your Google account. You can also change your cookie settings (e.g. delete cookies, block cookies, etc.).  You can find more information in Google's privacy policy, which you can access here: https://www.google.com/policies/privacy/. You can find information on Google's privacy settings at https://privacy.google.com/take-control.html

Links from third parties

On our website, in addition to links to our own product pages (e.g. pepaminto, KIKOO, swayy), we also refer to third-party services (e.g. SleepAdvisor), whose website you can access via a link. If you click on these links, the information mentioned above under III.1.1 will be transmitted to the operator of the other website. Although we carefully check the links provided, we expressly point out that we have no influence whatsoever on the design and content of the linked pages. Variowell Development GmbH can therefore accept no responsibility for the handling of your data on these websites. Please inform yourself in advance about the handling of personal data by these third parties.

Data security

Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet. We take appropriate technical and organizational measures to protect our website and other IT systems against loss of availability, integrity and confidentiality. Your personal data is transmitted to our website in encrypted form. You can recognize the secure connection by the fact that the address displayed begins with "https://..." instead of "http://..." and a closed padlock is displayed in your browser. For more information about our SSL certificate, click on the padlock.

V. Data protection information for applicants 

We display vacancies on our website under the heading "Vacancies". Below we inform you about the processing of your personal data in the event that you apply for a job with us.

(1) What data do we process and from what sources does it originate?

We process personal data that we receive from you as part of the application process, e.g. cover letter, passport photo, CV, references. This data originates either from the letter of application you send us by post or e-mail and from the documents you enclose. In individual cases, the content of personal or telephone conversations that occur in the course of communication with you (e.g. when contacting us by telephone) may also be included.

(2) For what purposes do we process your data and on what legal basis?

We collect and process the personal data of applicants for various purposes. In principle, the following purposes of processing can be considered: Processing for the initiation of contractual relationships (Art. 6 para. 1 lit. b GDPR, § 26 BDSG), for the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR) and on the basis of your consent (Art. 6 para. 1 lit. a GDPR).

(3) Who receives my data?

Within Variowell Development GmbH, only those departments entrusted with the preparation and implementation of the application process will receive your data. These are the employees in the HR department and the specialist departments in which a position is to be filled, the managers and potential superiors and, if necessary, the Equal Opportunities Officer, the representative body for severely disabled employees and the Staff Council. Service providers employed by us and acting on our behalf (so-called processors) may also process data for the preparation and execution of the application process.

(4) To what extent is there automated decision-making in individual cases?

Our decision-making in the application process is not based on automated processing in accordance with Article 22 GDPR.

(5) To what extent will my data be used for profiling?

Your data will not be used for profiling. Profiling is any form of automated processing of personal data consisting of the use of personal data to analyze or predict certain personal aspects.

(6) Can I object to data processing?

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing based on a balancing of interests). GDPR (data processing on the basis of a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. The objection can be declared informally by e-mail to joinus@variowell-development.com or to the address given in the legal notice.

(7) How long will my data be stored?

If necessary, we process and store your personal data for the duration of the application process. If an employment/training/internship relationship is established following the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process ends when the applicant receives a rejection. The data will be anonymized no later than 4 months after receipt of the rejection. This does not apply if the processing and storage of your personal data is necessary in the specific case for the assertion, exercise or defense of legal claims (duration of a legal dispute).

Despite a rejection in a specific application procedure, you may receive an invitation to join a so-called "talent pool" for future job advertisements at Variowell Development GmbH. With your express consent, which will be obtained in the course of the invitation, your application data will be stored for a further year in this case.

(8) Is data transferred to a third country or to an international organization?

No, data is not transferred to third countries.

(9) What data protection rights do I have?

If we are responsible for data processing in accordance with Section 1, you have the following rights with regard to the personal data concerning you:

  • Right to information,

  • Right to rectification or erasure,

  • Right to restriction of processing,

  • Right to object to the processing,

  • Right to data portability.

To exercise the aforementioned rights, you can contact joinus@variowell-development.com.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. This also includes the data protection supervisory authority responsible for Variowell Development GmbH:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-mail: poststelle@ldi.nrw.de

The right of appeal exists without prejudice to any other administrative or judicial remedy.

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected. The revocation can be declared form-free by e-mail to joinus@variowell-development.comoder at the address given in the imprint.

(10) Do I have an obligation to provide data?

There is no legal or contractual obligation to provide data. As part of your application, you should only provide the personal data that is necessary for the acceptance and implementation of the application. Without this data, however, we will have to reject your inclusion in the application process.

VI. Data protection information when using Microsoft Teams

 

We use Microsoft Teams, a service from Microsoft Corporation based in Redmond, USA, to conduct video and audio conferences. Microsoft Teams is a cloud-based platform that combines chats, meetings, notes and attachments. The service is integrated into Microsoft 365 (formerly Microsoft Office 365). The contractual partner of Variowell Development GmbH is Microsoft Ireland Operations Ltd. from Dublin, which operates Microsoft Teams as a processor within the meaning of Article 28 GDPR for Variowell Development GmbH.

We would like to provide you with essential data protection information about Microsoft Teams.

(1) Responsible for data processing

(a) If you receive an invitation from Variowell Development GmbH with a link to Microsoft Teams or a dial-in number and a conference ID, Variowell Development GmbH is responsible to external users for the operation under data protection law:

Variowell Development GmbH

Managing Director Tobias Kirchhoff

Fridtjof-Nansen-Weg 5a

48 155 Münster

Tel: +49 (0)251 2031 989-0

E-mail contacteu@variowell-development.com

Internet https://variowell-development.de

If you have any questions about data protection law or your rights as a data subject, you can also contact our data protection officer directly at datenschutz@variowell-developement.com or via our postal address (see above) with the addition "Data Protection Officer".

(b) When accessing the "Microsoft Teams" website, Microsoft, as the provider of Microsoft Teams, is responsible for data processing.

Microsoft Corporation

One Microsoft Redmond

WA 98052-6399

USA

https://www.microsoft.com/de-de/

You can contact Microsoft's EU Data Protection Officer at:

EU Data Protection Officer of Microsoft

One Microsoft Place

South County Business Park

Leopardstown

Dublin 18

D18P521

Ireland

T.: 353 (1) 706-3117

or under the web form https://www.microsoft.com/de-de/concern/privacy

(c) You only need to access the website to download the desktop or mobile device app for using Teams that is tailored to your operating system. You can also use Microsoft Teams without downloading an app by following the link in your invitation or by using the dial-in number and the conference ID from the email and participating in the conference via your browser.

(2) What data is processed for what purpose?

(a) In order to use Microsoft Teams, we need to process various types of data. The total volume of data processed in the context of video conferences depends on the range of functions used and the data you enter as a user before, during and after participating in a session. You can participate in Microsoft Teams with either guest access or external access. The difference between guest access and external access is that guest access does not have a Microsoft account and does not belong to any other Microsoft 365 environment. External access is a Microsoft user who already uses Microsoft 365 in another environment. In both cases, access is limited to the following functions:

  • Implementation of the online event (communication via audio and/or video),

  • Possibility to participate in a private chat or channel group conversation (sending, deleting and editing messages, sharing files),

  • Possibility of calls within Microsoft Teams in the form of individual or group calls.

(b) The following personal data may be processed:

  • Access data: e.g. an individualized link that you use to dial into the online event.

  • Meeting metadata: e.g. date, time of the event, date and time you dialed into the conference and the time you left, meeting ID, telephone number and location if applicable.

  • Details of the user themselves: e.g. display name, online status, status messages, profile picture (optional), IP address, preferred language if applicable. In the case of guest access, the label (guest) is displayed next to the user name (depending on the entry; if only the e-mail address has been entered, this is displayed) and in the case of external access, the display is determined depending on the entry.

  • Content data: Content of your contributions, e.g. in chats or in votes or files shared by you. Image or sound recordings of you will only be made if and insofar as you have given your prior separate consent (Art. 6 para. 1 sentence 1 lit. a GDPR). The purpose and consent to the recording are documented within the recording. If you use individual or group chats, send or receive files, this data will be processed. Files shared by users in chats are saved in the OneDrive for Business account of the user who shared the file. Files that team members share in a channel are saved on the SharePoint site of the respective team.

  • Text, audio, video and other multimedia data: For the display of video signals and the playback of audio signals and multimedia files, data from the microphone, a webcam/video camera or a screen display on your end device (using the screen/content sharing function) is processed for the duration of the meeting. The latter is necessary, for example, if you want to give a screen presentation. Data transmission from the camera and microphone can be switched on and off independently at any time and by any user. The screen/content sharing function must be actively activated by the user and can also be deactivated at any time. In a video conference, you also have the option of using the chat function of the video conferencing platform in parallel. In this respect, the text entries you make, the sharing of links or content, social interactions (such as emoticons, pictograms, etc.) are recorded: Emoticons, pictograms, Like-Button for comments or the sending of so-called GIFs - Graphics Interchange Format) are processed in order to display them to the participants in "video conferences".

  • Support/feedback data: Information related to any troubleshooting tickets or feedback.

  • Telemetry data: This includes diagnostic data in connection with the use of the service, including transmission quality. This data is used for troubleshooting, securing and updating the technical service and monitoring it. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the provision of a secure and error-free service for online events.

The following information is visible to other participants who are not organizers during the conference: your name, profile photo and your chat contributions. We do not record whether you took part in the event attentively (e.g. whether you activated windows other than the online event window during the event).

(c) Data storage takes place in the Microsoft Cloud, namely in data centers in Europe. If you log in from a third country, the processing initiated by us will also take place via European data centers in this case.

(d) Microsoft also collects certain diagnostic and service data when providing the Service and uses it independently for its own purposes. To the extent that Microsoft processes personal data in connection with its own legitimate business operations, Microsoft is an independent controller within the meaning of the GDPR for such processing. Details on processing by Microsoft can be found at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

You can also participate in an online event based on Microsoft Teams without your own Microsoft user account. If you use your own Microsoft user account to participate, additional data may be processed in accordance with the provisions of your Microsoft user account.

(3) Legal basis for data processing

If business partners or project partners of Variowell Development GmbH participate in virtual conferences via Microsoft Teams, the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. b GDPR, provided that the conference is necessary for the performance of the contract. If third parties participate in virtual conferences via Microsoft Teams and there are no (employment) contractual relationships with these participants, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in the effective implementation of virtual conferences for third parties and other participants. If personal data of employees of Variowell Development GmbH are processed, then Section 26 BDSG / Art. 6 para. 1 lit. b GDPR is the legal basis for data processing. The legal basis for data processing is also consent (Art. 6 para. 1 lit. a GDPR). The legal basis for the collection of technically necessary data in connection with the provision of Microsoft Teams is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is the provision of a secure and error-free service for online events. Without the provision of the data, participation in a Microsoft Teams conference is - for technical reasons - not possible.

(4) Recipients of your data / third country transfer

Personal data processed in connection with participation in Microsoft Teams conferences will only be passed on to our processor, Microsoft Operations Limited, and its sub-processor, Microsoft Corporation, for the purpose of conducting Microsoft Teams conferences. Apart from this, data will only be passed on to third parties in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. have given your express consent to this, or Variowell Development GmbH is legally obliged to do so (e.g. by court order).

Data processing outside the European Union: We have limited our storage location to data centers in the European Union, which is why data processing does not generally take place outside the European Union (EU). However, we cannot technically rule out routing or storage on servers outside the European Union at the processor Micro-Soft. The providers of Microsoft Teams, Microsoft Operations Limited, Ireland, and Microsoft Corporation, USA, receive knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft Ireland Operations Limited. Microsoft Corporation is based in the USA, which means that the processing also takes place in a third country. We have concluded an order processing contract with Microsoft Operations Limited, Ireland, which complies with the requirements of Art. 28 GDPR. Microsoft Corporation, based in the USA, has stated that it imposes a standard that corresponds to the former EU-US Privacy Shield and the new EU-US Data Privacy Framework and has undertaken to comply with applicable data protection laws when transferring data internationally. Notwithstanding this, we would like to point out that the ECJ declared the predecessor regulation of the EU-US Data Privacy Framework, the EU-US Privacy Shield, to be inadmissible in its ruling of 16.07.2020 (Case C-311/18). It cannot be ruled out that the ECJ will also declare the new EU-US Data Privacy Framework invalid.

Microsoft Operations Limited, Ireland, has also agreed so-called standard data protection clauses with Microsoft Corporation, USA, the purpose of which is to maintain an adequate level of data protection in the third country. A secure level of data protection is also ensured by technical and organizational measures. These include the fact that data is transport-encrypted during transportation via the Internet and is generally protected against disclosure to third parties. With regard to personal data that is stored by Microsoft in the USA and Europe and may be subject to official requests for information from authorities in the USA, Microsoft guarantees in a statement dated July 20, 2020 that such orders will be challenged in court, which would allow access to personal data. https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/. In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of US national security orders issued to Microsoft. Variowell Development GmbH and Microsoft have also taken measures to fulfill the requirements for a secure and permissible data transfer to the USA. The level of data protection is considered sufficient in relation to the anticipated content of Microsoft Teams.  However, we expressly point out that despite these measures and the EU-US Data Privacy Framework, there is a residual risk, which we and the providers of Microsoft Teams cannot eliminate, that US security authorities may gain access to the data. The level of data protection is considered sufficient based on the expected content of the Microsoft Teams conferences.

Further information on the purpose and scope of data collection and its processing by Microsoft can be found at Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; Website: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

(5) Necessary consent to the data protection and terms of use vis-à-vis Microsoft and Microsoft Teams

The use of Microsoft Teams is generally subject to Microsoft's terms of use and data protection provisions, over which Variowell Development GmbH itself has no influence. To use Microsoft Teams, you must accept Microsoft's terms of use and privacy policy, otherwise you will not be able to use MS Teams.

Data protection provisions: https://privacy.microsoft.com/de-de/privacystatement;

Terms of use: https://www.microsoft.com/de-de/servicesagreement/

(6) How long will the data be stored?

The video and/or audio data streams of Microsoft Teams conferences are generally not recorded. If, in exceptional cases, a recording is planned, Variowell Development GmbH will communicate this transparently in advance and - if necessary - obtain the consent of all participants. Chat content and uploaded files will be deleted unless there is a further need for storage.

Variowell Development GmbH stores personal data for external users for a maximum of 30 days. The personal data of guests is only temporarily accessible and only during the meeting. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after expiry of the respective retention obligation.

Personal data is stored in the Microsoft Cloud, namely in data centers in the European Union and thus within the scope of the GDPR. Further information on the storage and deletion of personal data on Microsoft servers can be found at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

(7) No automated decision-making

Automated decision-making within the meaning of Art. 22 GDPR is not used.

(8) Rights of data subjects

If we are responsible for data processing in accordance with Section 1, you have the following rights with regard to the personal data concerning you:

Right to information,

Right to rectification or erasure,

Right to restriction of processing,

Right to object to the processing,

Right to data portability.

unless they are restricted by statutory provisions. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by Variowell Development GmbH. This also includes the data protection supervisory authority responsible for Variowell Development GmbH:

Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Phone: 0211/38424-0

Fax: 0211/38424-999

E-mail: poststelle@ldi.nrw.de

(9) Objection or revocation against the processing of data

If you have given your consent to the processing of data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. You can send your revocation at any time by e-mail to datenschutz@variowell-development.com

or via the contact details given above under point 1.

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of your objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to object to advertising is to contact us using the contact details provided above.

Status 12/2023