In the following, we inform you about the processing of your personal data by our company when you visit and use our social media channels on Facebook, LinkedIn and Xing (hereinafter referred to as “social media platforms”) and about the data protection rights to which you are entitled.

I. Principles

a) Please carefully check which personal data you exchange and share with us via the social media platforms.
If you wish to prevent the operator of a social media platform from processing personal data that you have transmitted to us, please
data transmitted by you to us, please contact us by other means, for example via the address below.
b) You can also find out about us and our offers and services via our website at In this case, the service providers do not contain any informations

II. Responsible party

The “controller” pursuant to Art. 4 (7) GDPR is
a) Bedifol GmbH, Byk-Gulden-Straße 2/12, 78467 Konstanz, Germany, telephone: +49 7531 12738 10, e-mail:
b) and the respective service provider
Facebook: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

When users visit our social media channels, the service providers collect personal data and information that is used in particular to analysed and evaluated and made available to us as aggregated statistics (so-called page insights / page insights). For these cases in particular and in the context of the provision and use of our social media channels, we have concluded a data protection an agreement with the service provider between jointly responsible parties in accordance with Art. 26 GDPR concluded.

IV. Cookies

When operating social media platforms, service providers regularly use services with data processing technologies, that make it possible to store and process users’ personal data for various purposes. Technologies are cookies, small text files that are stored on your end device by the web browser.
All information on the cookies used by the service provider, on the integration of cookies by other websites and on your revocation revocation, objection and deletion options can be found in the information on cookies from the respective provider:

Facebook: and



You can also configure your browser settings according to your own wishes and thus make a general advance decision on the use of cookies. Further information on this can be found in the help function of the browser used. If you wish to restrict or prevent processing by the service providers, you should log out of your accounts or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser or app. In addition, on mobile devices (smartphones, tablets, laptops), you can block the service provider’s access to contact and calendar data in the settings options there.
access to contact and calendar data, photos, location data, etc. in the settings options. However, this depends on the operating system used. We have no influence on the data processing carried out by the service provider in connection with cookies. We also do not receive any access to personal data, with the exception of the Insights data mentioned above.

V. Processing of personal data

Data subject category: Visitors and users of our social media pages Data categories: Interaction data from likes, dislikes, stroyviews, follows, unfollows, comments, tweets, @-mentions, tags, ratings, photographs, other content shared by you, personal data that you disclose about yourself in the public area of your profile, health data, insights data Page Insights are summarised statistics that are created based on certain events.
As the site operator, we receive these events summarised in the page insights as aggregated statistics in the form of anonymised or pseudonymised data, which are used to gain insights into the types of actions that people take on our site. The Page Insights do not allow any conclusions to be drawn about you as an individualisable person. Events are defined exclusively by the service provider. We cannot set up, change or otherwise influence events and we cannot access the individual data. We can only view your public social media profile. The information that can be viewed here depends on your settings in your profile. We do not merge the data with any personal data stored by us, even if it were possible for us to do so. However, we cannot recognise which and to what extent service providers, regardless of whether you are logged in or registered as a user of the social media platform or not, use web tracking tools and use your profile and behavioural data to evaluate your habits, personal relationships or preferences and merge them with your existing Facebook profile. However, please assume that service providers will collate and analyse your visit to and interactions with our social media channels.
and analyse them.

All information on the Insights data can be found in the data protection information of the respective service provider:
Facebook Page Insights:
LinkedIn analysis data:
Xing profile visitor analysis (Premium membership only): in the user account

Purposes of processing: Provision of the social media channels, presentation of the company, implementation of marketing campaigns, user retention through communication on the social media platforms, processing and responding to contact requests and applications, interaction through direct messages / comments / recommendations / sharing and similar, recruitment, advertising activities, implementation of pre-contractual measures, deletion of inappropriate content, analysis and statistical evaluation of user behaviour based on insights data provided by the platform, optimisation of our content and advertising activities.

All information on the purposes of processing by the service providers can be found in the data protection information of the respective service provider:

LinkedIn: Xing:,,

Legal basis: Art. 6 para. 1 lit. b GDPR for pre-contractual measures in the context of the application procedure and for the implementation of pre-contractual measures, Art. 6 para. 1 lit. f GDPR for communication via the social media platforms, to answer contact enquiries, to carry out advertising activities and to analyse and statistically evaluate user behaviour on the basis of insights data provided by the platform to publicise our company and a profit-making intention, Art. 9 para. 2 lit. e GDPR in the case of transmitted health data

All information on the legal basis for processing by the service providers can be found in the data protection information of the respective service provider.
protection of the respective service provider:

Recipient categories: Within our company, access to the personal data is granted to those persons who are responsible for maintaining the social media pages and to those persons for whom the data is relevant, e.g. in the application process. The data will not be passed on to third parties or otherwise disseminated by us unless you have consented to the transfer of data
or the data transfer is required by law.

In some cases, we rely on the support of external service providers to process personal data. These service providers work for us as processors. Processors are contractually bound to our instructions in accordance with Art. 28 GDPR and are regularly monitored. A contract for order processing has been concluded with all of them to ensure the protection of your personal data. If these are service providers who are not processors, they have been carefully selected and commissioned by us.

Data sources: We process the personal data that you provide to us via the respective social media platform or that we receive from the respective social media provider.

Third country transfer:
We only transfer personal data to countries outside the EU or the EEA if this is necessary for the operation of the social media channel or communication with you, if this is required by law, if the user has given their consent or in the context of order processing. In these cases, a transfer is only permitted if the European Commission has established an adequate level of data protection for the third country concerned or if suitable guarantees are provided and enforceable rights and effective legal remedies are available to the data subject.

Information on data recipients, data transfers, data sources used by service providers and, in particular, the merging of your personal data by them can be found in the data protection information of the respective service provider:

If personal data is transmitted within the service provider’s group, it may be transmitted to the parent company’s servers in the USA and processed there. For cases in which personal data is transferred to the USA, the service providers have certified themselves in accordance with the EU-US Transatlantic Data Privacy Framework, The certification confirms an adequate level of data protection in accordance with the EU Commission’s implementing decision.

Storage period: We generally delete personal data from the social media platforms once storage is no longer necessary. For personal data from communication, we assume that further storage in the social media platforms is not necessary if it can be inferred from the circumstances that the matter in question has been conclusively clarified or our legitimate interest in processing has ceased to exist.
clarified or our legitimate interest in the processing has ceased to exist. Exceptions to the deletion obligation exist if statutory retention obligations prevent deletion or if storage is still necessary, e.g. for the enforcement and defence of legal claims.

Information on the management and deletion of the processed data by the service providers can be found in the data protection information of the respective service provider:


VI. Rights of data subjects

You have the right to obtain information about the personal data stored about you and to have incorrect data corrected or deleted if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued. You also have the right to restriction of processing if one of the conditions specified in Art. 18 GDPR applies and, in the cases specified in Art. 20 GDPR, the right to data portability. According to Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you.
which produces legal effects concerning you or similarly significantly affects you. If you are of the opinion that the processing of the data concerning you violates data protection regulations, you have the right to
you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. The right to lodge a complaint can be asserted in particular with a supervisory authority in the Member State in which you are resident or the place of the alleged infringement. In Baden-Württemberg, the competent supervisory authority is the State Commissioner for Data Protection and Freedom of Information in Stuttgart.

Your right to object in the case of legitimate interests
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (f) GDPR. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms.
processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.

You can assert your data subject rights at any time both against us and against the respective service provider.

If you assert your rights against us, you can reach us and our data protection officer using the contact details given above.

We are obliged to forward your enquiry to the relevant service providers. They will inform you and ensure that your rights can be enforced (including information obligations Art. 12-13 GDPR, rights of data subjects Art. 15-22 GDPR and data security and reporting of data breaches Art. 32-34 GDPR). We have no influence on how the service providers fulfil their obligations and implement decisions.

The data protection officer of the respective service provider or a contact form for asserting a data subject right can be found in the information on data protection of the respective service provider: