We are very pleased about your interest in our company. The management of Peak & Peak GmbH attaches great importance to data protection. It is generally possible to use the internet pages of Peak & Peak GmbH without providing any personal data. However, if a person concerned wishes to use special services of our company via our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to Peak & Peak GmbH. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, this data protection declaration informs affected persons about the rights to which they are entitled.
Peak & Peak GmbH, as the person responsible for processing, has implemented numerous technical and organizational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as by telephone.
The data protection declaration of Peak & Peak GmbH is based on the terminology used by the European legislator for directives and regulations when the basic data protection regulation (DS-GVO) was issued. Our data protection declaration should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:
a) personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the course of a specific investigation mandate under Union or national law shall not be considered as recipients.
j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent is any freely given, informed and unequivocal expression of the data subject's will in a specific case, in the form of a statement or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
2. Name and address of the controller
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is
Peak & Peak GmbH
represented by the data protection officer:
When contacting the data protection officer, please state the company to which your request relates. Please do not share sensitive information such as a copy of your ID with your request.
By using cookies, Peak & Peak GmbH can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be used to their full extent.
4. Collection of general data and information
The website of Peak & Peak GmbH collects a number of general data and information every time the website is called up by a person concerned or an automated system. This general data and information is stored in the log files of the server. The following can be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to prevent danger in the event of attacks on our information technology systems.
When using this general data and information, Peak & Peak GmbH does not draw any conclusions about the person concerned. Rather, this information is required in order to (1) deliver the contents of our website correctly, (2) optimize the contents of our website and the advertising for it, (3) ensure the permanent operability of our information technology systems and the technology of our website, and (4) provide law enforcement agencies with the information necessary for prosecution in the event of a cyber attack. These anonymously collected data and information are therefore evaluated by Peak & Peak GmbH on the one hand statistically and also with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
5. Contact possibility via the website
Due to legal regulations, the website of Peak & Peak GmbH contains information that enables rapid electronic contact with our company as well as direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller are stored for the purposes of processing or contacting the data subject. This personal data is not disclosed to third parties.
6. Routine deletion and blocking of personal data
The data controller processes and stores personal data of the data subject only for the time necessary to achieve the purpose of storage or if this is provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which the data controller is subject.
If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the law.
7. Rights of the data subject
a) Right to confirmation
Every data subject has the right, granted by the European Directives and Regulations, to obtain confirmation from the controller as to whether personal data relating to him are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the data controller.
b) Right to information
Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation Giver, to obtain at any time and free of charge information from the data controller about the personal data stored about him and a copy of this information. Furthermore, the European Directive and Regulation Giver has the right to obtain information from the data subject
c) Recht auf Berichtigung
Jede von der Verarbeitung personenbezogener Daten betroffene Person hat das vom Europäischen Richtlinien- und Verordnungsgeber gewährte Recht, die unverzügliche Berichtigung sie betreffender unrichtiger personenbezogener Daten zu verlangen. Ferner steht der betroffenen Person das Recht zu, unter Berücksichtigung der Zwecke der Verarbeitung, die Vervollständigung unvollständiger personenbezogener Daten zu verlangen.
d) Right of cancellation (right to be forgotten)
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to delete immediately the personal data concerning him.
e) Right to limit processing
Every person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to request the controller to restrict the processing.
f) Right to data transferability
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to receive the personal data concerning him/her, which have been provided by the data subject to a data controller, in a structured, common and machine-readable format. He/she also has the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 paragraph 1 letter a DPA or Art. 9 paragraph 2 letter a DPA or on a contract pursuant to Art. 6 paragraph 1 letter b DPA and that the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
g) Right of appeal
Every person affected by the processing of personal data has the right, granted by the European Directive and Regulation Giver, to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out on the basis of Art. 6(1)(e) or (f) of the DPA.
i) Right to revoke a data protection consent
Every person affected by the processing of personal data has the right granted by the European Directive and Regulation Giver to revoke his or her consent to the processing of personal data at any time.
8. Data protection for applications and in the application process
The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out by electronic means. This is particularly the case if an applicant submits relevant application documents to the data controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the data controller. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act (German: AGG).
The person responsible for processing has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to websites. Among other things, a web analysis service collects data about which website a person concerned came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and for cost-benefit analysis of internet advertising.
The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in Google's search engine results as well as in the Google advertising network. Google AdWords allows an advertiser to specify pre-defined keywords that will cause an ad to appear in Google's search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant Internet pages by means of an automatic algorithm and in accordance with the previously defined keywords.
The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to disseminate such data on other social networks.
Instagram services are operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
The data controller has integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and to make new business contacts. Over 400 million registered users use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.
13. Duration for which the personal data is stored
The criterion for the duration of storage of personal data is the respective legal retention period. After this period has expired, the corresponding data is routinely deleted if it is no longer required for the fulfillment or initiation of a contract.
14. Legal or contractual provisions on the provision of the personal data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner).
Sometimes it may be necessary for a contract to be concluded that a person concerned provides us with personal data, which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the person concerned could not be concluded.
Before the person concerned makes personal data available, the person concerned must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
As a responsible company, we avoid automatic decision making or profiling.