Data Protection

Website Privacy Policies

We welcome you to our website. We would like to inform you about the management of your personal data in accordance with Art. 13 General Data Protection Regulation (GDPR).


The controller responsible for the described data collection and processing is: Heimat Werbeagentur GmbH, Segitzdamm 2, 10969 Berlin.

Storage of Your IP address

We store the IP address transmitted by your web browser for a period of seven 7 days, strictly for the purpose of identifying, restricting and eliminating attacks on our website. After seven (7) days, we delete or anonymize your IP address. The legal basis for the processing of this personal data is provided for in Art. 6 para. 1 s. 1 lit. f GDPR.

Usage Data

When you visit our website, the data collected from the use of the website is temporarily stored on our web server for statistical purposes in order to improve the quality of our website. This data set contains:

- the page, from which the data is requested,

- the name of the data file,

- the date and time of the query,

- the amount of data transferred,

- the access status (file transmitted, file not found),

- a description of the type of browser used,

- the IP address of the requesting computer shortened to such an extent that no reidentification of any persona data is possible.

The listed usage data is stored anonymously.

Data Transfer to Third Parties

We transfer your data to service providers who support us in the operation of our website and the associated processes. This transference is made under the scope of a data processing agreement in accordance to Art. 28 GDPR. Our service providers are bound to us by strict instructions and contractual obligations. We use the following service providers: Pizza Pizza Design Services GmbH (website development and support), Netlify Inc. (hosting-service provider), Contentful GmbH (hosting-service provider).

In some cases, we may transfer personal data to third countries outside the EU. In each case, we ensure an appropriate level of data protection according to European standards.

In the case of Google Analytics (USA), an appropriate level of data protection is ensured by the corresponding participation in the Privacy Shield Agreement (Art. 45 para. 1 GDPR).


We use cookies on our website. Cookies are small pieces of data that are stored and read in your end-device. A distinction is made between session cookies, which are deleted when you close your browser, and permanent cookies, which are stored even after your visit has expired. Cookies may contain data that enables the recognition of the device being used. However, in some cases cookies only contain information on certain settings which are not personal data.

We use session cookies and permanent cookies on our website. The data is processed in accordance to Art. 6 para. 1 s. 1 lit. f GDPR and in the interest of optimizing or enabling user guidance and improving our website presence.

Please be aware that you can set your browser to inform you when cookies are being stored or used on the website you are visiting. Thus, any use of cookies is transparent to you. You have the possibility to delete your browser configuration at any time and prevent any use of new cookies.  In the event you refuse the use of cookies, please note that our web sites may not be displayed optimally and some functions are then no longer technically available.

Google Analytics

We use Google Analytics to create pseudonymous user profiles for improving and designing our website on demand. Google Analytics is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4. Google Analytics uses “cookies”, which are text files placed on your end device and can be read by us. In this way, we are able to recognize and count returning visitors. This data processing is carried out on the basis of Art. 6 para. 1 s. 1 lit. f GDPR. 

The information generated by the cookies about your use of the website will be transmitted to and stored by Google on its servers in the United States. We have activated IP-anonymization on this website, your IP address will be truncated within the area of Member States of the European Union. Only in exceptional cases is the whole IP address transferred to a Google server in the USA and truncated there (an adequate level of data protection is ensured according to Art. 45 para. 1 GDPR because Google is a participant in the Privacy Shield Agreement). We have also concluded a contract with Google Inc. (USA) for order processing pursuant to Art. 28 GDPR. Accordingly, Google will solely use collected data for the purposes intended, which are to evaluate the use of the website and to compile reports on website activities.

You can withdraw your consent to the processing at any time. Please use one of the following options:

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you proceed accordingly you may not be able to benefit from the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to opting out from being tracked by Google Analytics you can also click the following link. An opt-out cookie will be stored, which means that no web analysis will take place as long as the opt-out cookie is stored by your browser. <a href="javascript:gaOptout()">Klicken Sie hier, um die Verarbeitung Ihrer Daten durch Google Analytics zu widersprechen.</a>

Applications (softgarten)

The Online Application System on our web pages is operated and provided by softgarden eRecruiting GmbH, Tauentzienstr. 14, 10789 Berlin, by order of TBWA (Deutschland) Holding GmbH. The service provider is strictly bound by our instructions, pursuant to contractual obligations. Besides softgarden, only subcontractors bound by the same instructions may gain access to your data, if commissioned by softgarden.

You are given the opportunity to apply for our advertised jobs on our applicant pages. We are processing your personal data according to applicable data protection regulations on basis of § 88 DSGVO (General Data Protection Regulation) in conjunction with § 26 par. 1 p. 1 BDSG. We are processing the data you reveal to us within the scope of your online application only for the purpose of choosing applicants. No data processing for any other purpose is taking place.

If you want us to consider your application also for other or future employment ads, then we ask you to notify us accordingly on your application. We will then process your data on basis of § 6 par. 1 p. 1 lit. a) DSGVO. You can revoke your consent at any time. Until revoked, such data processing is legit.

In order to make the application process transparent for you, you can register on the applicants’ page of softgarden. To do so, you need to state your name, your e-mail address, the name of the company, your user name, and choose a password. These data are necessary in order to create and maintain an account for you in the career portal. We also need such data and possibly further data in order to reply to your requests, questions and criticism.

Other optional data are:

• Contact data (address, phone number)

• CV data (e.g. school education, job training, job experience, language skills)

• Profiles in social networks (e.g. XING, LinkedIn, Facebook)

• Documents associated with applications (application photo/letter, references, work examples, etc.)

Data of rejected applicants are deleted three months after the end of the application process. Storage beyond this time span is only done with the applicant’s consent (applicant pool). In this case, data will be deleted after six months at the latest or after consent has been rejected.

Data of hired persons are stored for the duration of the employment relationship. After termination, data are deleted after three months, except if the data are relevant according to tax law and must be retained for six to up to ten years according to the statutory retention period.

Embedded Vimeo Videos

On some of our websites we embed Vimeo videos. Opening these websites results in Vimeo content being downloaded. In this context, Vimeo also receives your IP address, which is technically necessary for retrieving the contents. In principle, we have no influence on further data processing by Vimeo, which is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. However, when embedding the videos, we activated the extended data protection mode offered by Vimeo.

Social Media Plugins

For data protection reasons, we do not integrate any social media plugins directly into our website. Therefore, when you access our pages, no data is transferred to social media services such as LinkedIn or Instagram. A profiling by third parties is thus excluded.

However, you still have the option of sharing selected pages by clicking on the LinkedIn or Instagram buttons, and you can see how often a page has been shared in the past when you view the post. We use the so-called Shariff solution developed by the German c't Magazine to offer a data protection compliant alternative to the classic social plug-ins.

What's behind it? The Shariff solution means that as a first step, all the data and functions required to display LinkedIn or Instagram buttons are provided by our web server.

Only when you decide to share a post via the corresponding button and click on it, does a data transfer to the operator of the respective social media service takes place.

Data Security

To avoid unauthorized access to your data, we have implemented technical and organizational measures. We use encryption technologies on our website. Your data will be transferred to our servers and back again via a connection that is protected by a TLS encryption technology. You can recognize that you are browsing on an encryption secured website by the lock-symbol shown in the address bar of your browser and by the address bar starting with https://.

Your Rights as a User

As a website user, the GDPR grans you certain rights when processing your personal data.

1. Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

2. Right to rectification and erasure (Art. 16 and 17 GDPR): You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed. You also have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies, e.g. if the data is no longer necessary for the intended purpose.

3. Right to restriction of processing (Art. 18 GDPR): If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

4. Right to data portability (Art. 20 GDPR): In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

5. Right to object (Art. 21 GDPR): If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.  

6. Right to lodge a complaint with a supervisory authority: Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Contact Details of the Data Protection Officer

Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection:

Heike Wedekind datenschutz süd GmbH Wörthstraße 15 97082 Würzburg

Web: www.datenschutz-sued.de Email: office@datenschutz-sued.de

Consult Heimat Werbeagentur GmbH's Imprint.