Privacy Policy
1. Controller
The controller responsible for data processing on this website is: CHROMEDIA GmbH, Osterwaldstraße 10, 80805 Munich, Germany, represented by Managing Director Christian Börner, e-mail: info@chromedia.de.
2. Data Protection Officer
We have appointed IITR Datenschutz GmbH (Dr. Sebastian Kraska), Munich, as our external data protection officer. For data protection matters, please contact dataprivacy@chromedia.de.
3. General information and legal bases
We process personal data only to the extent necessary to provide a functional website and our content and services. The legal bases are, in particular, your consent (Art. 6(1)(a) GDPR), the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR), and our legitimate interest in secure and economical operation (Art. 6(1)(f) GDPR).
4. Hosting and content management
This website is operated on our own servers in Germany. We use the self-hosted Payload CMS as our content management system. No data is transferred to external hosting providers.
5. Server log files
When you access the website, technical access data is automatically recorded in server log files (including IP address, date and time, page accessed, browser type). This data ensures trouble-free and secure operation (Art. 6(1)(f) GDPR) and is anonymised or deleted promptly.
6. SSL/TLS encryption
For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://" in your browser's address bar.
7. Cookies and consent management
We use the consent management tool Klaro to manage your consent. Technologies requiring consent (see below) are only loaded after your active consent (Art. 6(1)(a) GDPR). You can change or withdraw your choice at any time via the “Cookie settings" link in the footer. Technically necessary cookies are set without consent on the basis of Art. 6(1)(f) GDPR.
8. Web analytics with Umami
We use the self-hosted, privacy-friendly analytics tool Umami for statistical evaluation of website usage. Umami works without cookies, stores no personal data and creates no cross-device profiles. No consent is required; the legal basis is our legitimate interest in analysing and improving our offering (Art. 6(1)(f) GDPR).
9. Google Tag Manager
After your consent, we use Google Tag Manager (Google Ireland Limited) to centrally manage website tags. The Tag Manager itself stores no personal data but may trigger further tags. The legal basis is your consent (Art. 6(1)(a) GDPR).
10. HubSpot
After your consent, we use HubSpot (provided via the provider's EU infrastructure) for website analysis and to process form enquiries. Usage data and the contact data you provide in forms may be processed. A data processing agreement is in place with the provider. The legal basis is your consent or contract initiation (Art. 6(1)(a) and (b) GDPR).
11. LinkedIn Insight Tag
After your consent, we use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) for conversion measurement and retargeting within LinkedIn campaigns. The legal basis is your consent (Art. 6(1)(a) GDPR).
12. Contact and enquiry forms
If you contact us via a form, we process the data you provide to handle your request. Transmission to HubSpot takes place within the scope of data processing on our behalf. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR.
13. Applications and job listings (Personio)
We use the recruiting software Personio (Personio SE & Co. KG, Munich) to manage job listings and applications. Data processed as part of an application is used solely for the application procedure. A data processing agreement is in place. The legal basis is § 26 BDSG or Art. 6(1)(b) GDPR.
14. Your rights
You have the right to information, rectification, erasure, restriction of processing, data portability and to object to processing. You may withdraw any consent given at any time with effect for the future. An informal message to dataprivacy@chromedia.de is sufficient to exercise your rights.
15. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.
Note: This privacy policy has been adapted to the current technical state of the website. A legal review is recommended before the final public launch.