This privacy notice informs you about the nature, scope and purpose of the processing of personal data within our website (hereinafter "website"). The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data in the sense of the GDPR is all data that can be personally related to you, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.

We use various other terms in our privacy notice in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find corresponding definitions for these terms in Art. 4 GDPR.

1. Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:

silver.solutions GmbH
Färberstraße 26
12555 Berlin
Tel. +49 (0)30.65.48.19.90
Fax: +49 (0)30.65.48.19.99
E-Mail: contact@silversolutions.de

You can reach our data protection officer at:

mip Consult GmbH
Rechtsanwalt Asmus Eggert
Wilhelm-Kabus-Str. 9
10829 Berlin
datenschutz@silversolutions.de
www.sofortdatenschutz.de

2. What sources and data do we use?

We process personal data that we receive from you while using our website and, if applicable, our business relationship.

In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and safety. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, company, address, e-mail-address, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as "contact data"). Please note that we cannot guarantee complete data security when communicating by e-mail, so we recommend that you use the postal service for information requiring a high degree of confidentiality.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:

4. Who can access my data?

Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.

In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, printing services, telecommunications, consulting, sales and marketing . If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.

Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.

5. How long will my data be retained?

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.

Applicant data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six and ten years respectively.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

If you exercise your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 para 2 no 1 OWiG, Section 41 para 1 BDSG, Article 83 para 5 lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

6. Are data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard contractual clauses with the recipients of your data or obtain your consent for the data transfer.

Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

7. What are my data subject rights?

Every data subject has

• the right of access according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
• the right to rectification according to Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
• the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
• the right to data portability under Art. 20 of the GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance).

Furthermore, you can withdraw consents, in principle with effect for the future.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

In addition, we would like to point out your right to object according to Art. 21 GDPR:

Information about your right to object according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 sentence 1 lit. e of the GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.

If possible, the objection should be addressed to:
silver.solutions GmbH
Färberstraße 26
12555 Berlin

Or via e-mail to:
datenschutz@silversolutions.de

8. To what extent do you apply automated individual decision-making, including profiling?

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data?

You must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

10. Newsletter

With the following information, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of revocation.

Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only on the basis of the consent of the recipients. If we specifically describe individual newsletters as part of the registration process, this description is decisive for the consent of a newsletter subscriber. If no separate description is provided, our newsletters will contain information about our products, offers and promotions as well as information about our company.

Double-Opt-In: The registration for our newsletter takes place in the so-called double-opt-in procedure. This means that after you have registered for the newsletter, we will send you an e-mail in which we ask you to confirm your registration. This confirmation serves to ensure that only persons who have access to the specified e-mail address register for our newsletter. We log the registrations to the newsletter in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.

The newsletter is sent via "Brevo" (formerly "Newsletter2Go").

To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide a name, for the purpose of personal address in the newsletter.

The dispatch of the newsletter and the measurement of success are based on the consent of the recipients in accordance with Art. 6 para. 1 sentence 1 lit. a).

The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR and serves as proof of consent to receive the newsletter.

You can unsubscribe from receiving our newsletter at any time, i.e. withdraw your consents. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and have cancelled this subscription, their personal data will be deleted if claims for proof of previously granted consent should be time-barred.

11. Applications

We are always happy to welcome new colleagues! If you apply for one of the positions we offer or send us an unsolicited application, we will process your data for the purpose of establishing or initiating an employment relationship and for the performance of pre-contractual measures, Article 88 GDPR in conjunction with Section 26 (1) and (8) sentence 2 of the Federal Data Protection Act (BDSG) and, if applicable, Article 6 (1) sentence 1 lit. b) GDPR.

By submitting an application, you express your interest in taking up employment with us. As part of the application/acceptance process, we collect and process data from various sources. First and foremost, this is data that you provide to us as part of the application process; this includes, in particular, application documents or interviews. In addition, we reserve the right to process data about you from professional platforms, such as Xing and LinkedIn, insofar as this is necessary to determine your suitability for the position in question. Lastly, to the extent necessary, third parties, such as former employers or recruiters, may also provide us with personal data, for example, when validating your employment reference.

The processing may involve the following personal data or categories of data: Personal Master Data (e.g., name, address, date of birth), contact data (e.g., email address, telephone number), education, performance and employment data (e.g., professional qualifications and schooling, professional development information), and other data from job applications and interviews, such as information regarding your availability and salary expectations, cover letter or resume.

Under certain circumstances, we process special categories of personal data in accordance with Art. 9 (1) GDPR as part of the personnel selection process if you provide information in this regard; this includes, for example, information about severe disabilities. This is done on the basis of Art. 9 (2) (b) GDPR in conjunction with Section 26 (3) BDSG.

In addition, we may process personal data from you if this is necessary to fulfill legal obligations (Section 26 (1) BDSG, Article 6 (1) sentence 1 lit. c) GDPR) or to assert, exercise or defend legal claims in the context of the application process (e.g. claims under the General Equal Treatment Act). In these cases, the data processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Art. 6 (1) Sentence 1 lit. a) GDPR and Section 26 (2) BDSG. Any consent given can be withdrawn at any time, with effect for the future.

Only those of our employees who are entrusted with the preparation and performance of the application process or, in the case of a talent pool, with the management of the pool and the talent, have access to your data. This includes employees from the HR department and the specialist departments in which vacancies are to be filled.

Where necessary, we will store your data for the duration of the application process.

If your application is rejected or withdrawn, your data will be stored for a maximum period of 6 months beyond the end of the application process. The process ends as soon as you receive our rejection or withdraw your application. As a rule, this is done to fulfill legal obligations or to defend against any claims arising from legal regulations. We are then obliged to delete your data.

If you give us your express consent, we will also store your data for inclusion in our "Talent Pool" for up to 2 years after the end of the application process in order to identify any other interesting positions for you. Storage for this purpose is based on your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR, § 26 Para. 2 BDSG. You are entitled to withdraw your consent at any time. If you exercise your right of revocation, we will no longer be able to contact and consider you for future vacancies. The lawfulness of the processing based on your consent until withdrawal remains unaffected.

If an employment relationship is established between you and us following the application process, we will transfer your data to the personnel file and delete it after taking into account the statutory retention periods.

12. Cookies

12.1 General

We ourselves and service providers used by us process personal data on this website and use cookies and similar technologies in this context, such as web storage or web beacons. These technologies may store information on your device or access information stored on your device (so-called client-based tracking).

Cookies are stored in the browser on the user's device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly during subsequent, renewed visits to this page or transfer the cookie information to the server via a script on the website. If cookies are set, they generally collect and process certain user information to an individual extent, such as browser and location data and IP address values.

In the case of web storage, information is stored locally in the cache of your browser. The stored information is either automatically deleted again after closing the browser window ("session storage") or continues to exist so that it can be read again when you visit the website again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1×1 pixel-sized graphics that are embedded in various ways in websites or also in e-mails (newsletters) and are also used to collect and analyze user data.

We store information on your terminal device if this is absolutely necessary to provide you with our website, § 25 para. 2 no. 2 TTDSG. Otherwise, the collection and storage of data in accordance with § 25 para. 1 TTDSG is generally only based on your express consent. If personal data is also processed by individual cookies, the processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit or in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR as a result of your consent. You have the option at any time in the privacy settings at the bottom of our website to withdraw your consent with effect for the future.

You can prohibit the storage of cookies individually in each case via the settings of your browser (via the help page of the browser you can find out how to set the cookie handling). You can find help on cookie management in the most popular browsers at the following addresses:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
• Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09

Please note that the deactivation of cookies may lead to functional limitations of this website.

In addition, you can deactivate cookies that serve range measurement and advertising purposes via the deactivation page for consumers from the EU https://www.youronlinechoices.com/de/praferenzmanagement/.

We will inform you about the specific use of cookies and similar technologies, as well as the scope of the information collected in each case, in the following paragraphs.

12.2 Consent management

To enable you to conveniently manage your consents, a consent banner is displayed when you first visit our website. You are given the opportunity to find out about the use of cookies and similar technologies and the processing of personal data on our website and to give your consent to services requiring consent. Your consent settings will be stored in a cookie on your terminal device for one month.

If you have given us your consent to set cookies and similar technologies and to process your data, you can withdraw your consent at any time via the data protection settings in the footer of our website with effect for the future.

The data collection is carried out in accordance with Section 25 (2) No. 2 TTDSGG, the subsequent data processing in accordance with Art. 6 (1) Sentence 1 lit. c) GDPR, as obtaining consent for the use of cookies and similar technologies and the processing of personal data is required by law, and in accordance with Art. 6 (1) Sentence 1 lit. f) GDPR on the basis of our legitimate interest in consent management.

13. Google reCaptcha

We use the service "Google reCAPTCHA" of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") on the basis of your consent.

The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). Google stores information in web storage in this context. The data collected during the analysis is forwarded to Google.

The collected data is transmitted to a server in the USA. Standard data protection clauses issued by the EU Commission within the meaning of Article 46 (2) c) of the GDPR have been concluded with Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Despite the conclusion of standard data protection clauses with Google, the processing of your data in the USA entails the risk that authorities (such as intelligence services) may gain access to the transmitted data. Likewise, the enforceability of your data subject rights cannot be guaranteed.

The data collection and data storage is carried out in accordance with § 25 para. 1 TTDSG. The following data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR based on your express consent. By giving your consent, you agree to the processing of your data in the USA despite potential access by US authorities, Art. 49 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future in the data protection settings.

For more information on Google's privacy policy, please visit https://www.google.com/intl/de/policies/privacy/.

14. Integration of YouTube videos

YouTube videos are embedded on our website. The provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://www.youtube.com/t/impressum?hl=de&gl=DE.

We have integrated the corresponding videos in such a way that, according to Google, personal data is only processed when you click on a video.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website and data on location (GPS data), IP address and devices used including information on objects near your device, such as WLAN access points, radio masts and Bluetooth-enabled devices as well as sensor data from your device. This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data may be assigned to your account. If you do not want the assignment with your profile on YouTube, you must log out before activating a video. Google stores your data in case you are logged in as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. You have a right to object to the creation of these user profiles, and you must contact Google to exercise this right.

The collected data is usually transferred to a Google server in the USA and stored there.

The data collection and data storage is carried out in accordance with § 25 para. 1 TTDSG. The following data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR based on your express consent. By giving your consent, you agree to the processing of your data in the USA despite potential access by US authorities, Art. 49 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future in the data protection settings.

For more information on the purpose and scope of data collection and its processing by Google, please see the privacy notice at https://policies.google.com/privacy. There you will also find further information on your rights and setting options to protect your privacy.

Opting out of personalized advertising is possible at https://adssettings.google.com/authenticated.

15. Matomo website analysis

We use the Matomo web analytics service to perform reach measurement for the web pages under the domain www.silversolutions.de and to understand how and why our website is used. We also use Matomo to identify any technical problems with the use of our web pages.

As part of our use of Matomo, we receive information about how many users accessed the website on a given day, which page (subpage) of the website was accessed and how often, from which end devices and from where approximately (geographical location) the accesses were made.

We use Matomo with IP anonymization. The anonymization completely excludes any reference to persons. Furthermore, we store the collected data exclusively on our servers in Germany, i.e. third parties have no access to this data.

The data processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR on the basis of our legitimate interest in optimizing website use and improving our offer.

The program Matomo is an open source project. Information from the third-party provider on data protection is available at http://matomo.org/privacy-policy.

16. Our Social Media pages

You can find us on social networks and platforms, so that we can also communicate with you there and inform you about our services.

We point out that your data may be processed outside the European Union / European Economic Area and that the data is usually processed for market research and advertising purposes. Profiles can be created from the usage behaviour and resulting interests of the users. These profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.

In principle, we have no influence on the data processing of the social networks. However, we receive statistics from them about the use and visits of our company profile in their social network (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). For more information about the data processed by the social networks, please see the respective privacy notices linked below.

Insofar as we receive your personal data in the context of our social media profiles (e.g. in the context of a communication), you are entitled to the rights mentioned in this privacy notice. You can address your requests regarding data processing within the scope of our company profiles to us via the contact data mentioned above.

If you also wish to exercise rights against the provider of the social network, the easiest way to do so is to contact the respective network directly. The network knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notice linked below. We will also be happy to support you in exercising your rights, insofar as this is possible for us.

The processing of your personal data is generally based on your consent in accordance with Art. 6 para 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para 1 lit. b GDPR if we receive and process your data as part of a contract-related inquiry. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information on the respective processing and the objection options, we refer to the privacy notice of the networks linked below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), We operate our Facebook page on the basis of a shared personal data processing agreement with Facebook - Privacy Information: https://www.facebook.com/about/privacy/ , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland), microblogging service - privacy information: https://twitter.com/de/privacy, opt-out: https://twitter.com/personalization

Google YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), video portal - privacy information: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany), social network for maintaining existing business contacts and making new ones - privacy information/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts - privacy information https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out