de
en

Privacy Policy

Thank you for your interest in our services. We would like you to feel safe when visiting our website, especially in regard to the protection of your personal data.

 

The following sections will tell you when which data is collected and how it is used (nature, scope and purpose of processing personal data) within our website content and the websites, functions and contents associated with it as well as external websites, such as our social media profiles (hereinafter collectively referred to as website). Regarding the terms used, such as processing or controller e.g., please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

 

Natureof the processed data:

- subscriber data (e.g. names, addresses)
- contact data (e.g. email, telephone numbers)
- content data (e.g. text entries, photos, videos)
- usage data (e.g. websites accessed, interest in content, times of access)
- meta/communication data (e.g. device information, IP addresses)

 

Data subject categories

Visitors and users of the website (hereinafter users).

 

Purpose of processing

- provision of the website, its functions and content
- responding to enquiries and communication with users
- security measures
- reach measurement/marketing

 

Terms used

Personal data is any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors;

Processing is any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Profiling is any form of automated processing of personal data consisting of the use of personal data, to evaluate, assess, analyse or predict certain personal aspects relating to a natural person;

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures, to ensure that the data cannot be attributed to a data subject;

Controller is the natural or legal person, public authority, agency or other body, which, alone or jointly with others, determines the purposes and means of the processing of personal data;

Processor is a natural or legal person, public authority, agency or other body, which processes personal data on behalf of the controller;

 

Relevant legal bases

Insofar as we seek consent from the data subject for the processing of personal data, Art. 6 par. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the processing of personal data required to perform a contract to which the data subject is a contractual party, Art. 6 par. 1 lit. b of the GDPR serves as the legal basis. This also applies to processing required to implement pre-contractual measures.

Insofar as a processing of personal data is required to fulfil a legal obligation that our company is subject to, Art. 6 par. 1 lit. c of the GDPR serves as legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 par. 1 lit. d of the GDPR serves as the legal basis.

If processing is required to safeguard a legitimate interest pursued by the company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 par. 1 lit. f of the GDPR serves as the legal basis for processing.

 

Security measures

Taking the latest technology, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons into account, we take suitable technical and organisational measures to ensure a level of protection appropriate for the risk.

In particular, these measures include securing the confidentiality, integrity and availability of data. We achieve this by monitoring physical access to the data as well as its relevant access, entry, transmission, securing the availability and its separation. Moreover, we set up procedures which ensure exercising rights of data subjects, deleting data and reactions to endangerment of the data. Furthermore, we already take the protection of personal data into account when developing or selecting hardware, software as well as procedures in accordance with the principle of data protection through technical design and through data protection friendly default settings (Art. 25 of the GDPR).

 

Collaboration with processors and third parties

Insofar as we disclose data to other companies or persons (processors and/or third parties) in line with processing, or transmit said data to them or otherwise grant them access to the data, this is solely based on a legal basis, if they gave their consent, a legal obligation forces us to do so or based on our legitimate interests.

Insofar as we authorise third parties to process data based on a so-called processor agreement, this occurs based on Art. 28 of the GDPR.

 

Transmission to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or this takes place in line with using third party services or disclosure resp. transmission of data to third parties, this only takes place if it is to fulfil our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. If there are legal or contractual authorisations, we only process data in a third country if the requirements set forth in Art. 44 et sqq. of the GDPR are met

 

Data subjects’ rights

You have the right to request a confirmation from us as to whether or not your personal data is processed (Art. 15 of the GDPR).

You have the right to request us to correct your personal data if it is inaccurate. Taking the purposes of processing into account, you have the right to request the completion of incomplete personal data; also by means of a supplementary declaration (Art. 16 of the GDPR).

You have the right (with exceptions) to request us immediately to delete your personal data (Art. 17 of the GDPR).

Under certain circumstances, you have the right to request the restriction of processing (Art. 18 of the GDPR).

You have the right to receive the personal data you made available to us in a structured, common and machine-readable format and to transmit this data to another controller (Art. 20 of the GDPR).

You have the right to lodge a complaint with the responsible supervisory authority (Art. 77 of the GDPR).

 

Right to withdrawal

You have the right to withdraw consent given with effect for the future in accordance with Art. 7 par. 3 of the GDPR.

 

Right to object

You have the right to object to the processing of your personal data, which is conducted based on Article 6 paragraph 1 lit. e or f at any time; this also applies to profiling based on those provisions (Art. 21 of the GDPR)

 

Cookies and the right to object to direct advertising

Cookies are small files which are stored on users’ computers. Various information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to a website. Cookies that are deleted after a user leaves a website and closes his/her browser are called temporary cookies or session cookies or transient cookies. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as permanent or persistent cookies. For example, the login status can be stored in this manner when the users return to the website after several days. Furthermore, the users’ interests can be stored in such a cookie, which are used for reach measurement and marketing purposes. Cookies offered by providers other than the controller who operates the website are called third-party cookies (otherwise, if there are only cookies from the controller, they are referred to as first-party cookies).

We can use temporary and permanent cookies and provide information on this in line with our Privacy Policy.

If necessary, the storage of cookies on the computer can be disabled by the user in the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to a limitation of the functions of this website.

A general explanation of the application of cookies used for purposes of online marketing can be found at any of the many services, particularly in the case of tracking, via the American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be managed by disabling them in the browser settings. Please note that the exclusion of cookies can lead to a limitation of the functions of the website.

 

Data deletion

We delete the data we process according to Art. 17 of the GDPR or restrict its processing (Art. 18 of the GDPR). Unless expressly stated in this Privacy Policy, the data we store is deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If the data is not permitted to be deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data will be blocked and not processed for other purposes. This applies to data, which must be retained, for example, for reasons of commercial and tax laws.

According to legal requirements, retention is conducted in particular for 10 years in accordance with §§ 147 par. 1 of the General Tax Code, 257 par. 1 no. 1 and 4, par. 4 of the German Commercial Code (books, drawings, reports, accounting records, account books, for documents relevant for taxation, etc.) and 6 years in accordance with § 257 par. 1 no. 2 and 3, par. 4 of the German Commercial Code (business letters).

 

Hosting and sending of emails

The hosting services used by us serve the provision of the following services: Infrastructure and platform services, sending of emails, memory capacity and data bank services, computing capacity, security services as well as technical maintenance services, which we use for purposes of operating this website.

At the same time, we process resp. our hosting service provider processes subscriber data, contact data, contractual data, content data, meta and communication data from customers, prospective clients and visitors of this website based on our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 par. 1 lit. f of the GDPR in conjunction with Art. 28 of the GDPR (conclusion processor agreement).

 

Collection of access data and log files

We or our hosting service provider collect data on each access to the server on which this service is located (so-called server log files) based on our legitimate interest in accordance with Art. 6 par. 1 lit. f of the GDPR. This access data includes the name of the accessed website, file, date and time of access, data volume transferred, report on successful access, browser type, including version, the user’s operating system, referrer URL (the previously visited page), IP address and the enquiring provider.

For reasons of security (e.g. to investigate cases of misuse or fraud) log file information is stored for a maximum of 7 days and then, deleted. Data, for which further storage is required for purposes of evidence, is excluded from deletion until ultimate clarification of the respective incident.

 

Google Analytics

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website in accordance with Art. 6 par. 1 lit. f of the GDPR), we use Google Analytics. Google Analytics is a web analysis service of the Google LLC (Google). Google uses cookies and stores the information generated by the cookies on the use of the website by the users. This information is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Policy and therefore, guarantees to observe the European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate the use of our website by the users. It will also compile reports on the activities within this website and to render additional services to us that are associated with the use of this website and the use of the internet. In the process, pseudonymous usage profiles of the users can be created from the processed data.

We only use Google Analytics with activated IP anonymisation. That means that the users’ IP address is shortened by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. In exceptional cases, the complete IP address is transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not pooled with other Google data. Users can disable the storage of cookies using the respective setting in their browser software. Furthermore, users can prevent the collection of the data generated by the cookie and regarding their use of the website by Google as well as the processing of this data by Google, by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Additional information regarding the use of data by Google, setting and objection options can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

The users’ personal data is deleted or anonymised after 14 months.

 

Google AdWords and conversion tracking

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website in terms of Art. 6 par. 1 lit. f of the GDPR), we use the services of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (Google).

Google is certified under the Privacy Shield Policy and therefore, guarantees to observe the European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing process Google “AdWords” to place ads in the Google advertising network (e.g. in search results), so that these can be shown to the users, who have a presumed interest in the ads. This allows us to display our ads for and within our website in a more targeted manner in order only to present ads to users that may correspond to their interests. If a user is shown ads for products in which he/she has shown interest on other websites, for example, this is referred to as remarketing. For these purposes, a code from Google

is immediately executed by Google, when our or another website is accessed, on which the Google advertising network is active

and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file is stored on the users’ device (instead of cookies, similar technologies can be used). In this file, it is recorded which websites the user visited, which content he/she was interested in and which offers the user clicked on. Furthermore, technical information regarding the browser and operating system, referring websites, time of visit as well as other information on the use of the website are is recorded.

Moreover, we receive an individual conversation cookie. The information obtained with the help of the cookie enables Google to compile conversation statistics for us. However, we only learn about the anonymous total number of users who clicked on our ad and who were routed to a page equipped with a conversation tracking tag. We do not receive any information, with which users can be personally identified.

In line with the Google Advertising network, user data is processed pseudonymously. For example, Google does not store the name or email address of a user but processes the relevant data according to the cookie within pseudonymous user profiles. That means from Google’s perspective, the ads are not managed and shown for a specifically identified person but for the cookie owner; irrespective of who this cookie owner is. Excluded from this are users, who explicitly allowed Google, to process the data without pseudonymisation. The collected user information is transmitted to Google and stored on Google’s servers in the USA.

Further information on the use of data by Google, setting and objection options can be found in Google’s Privacy Policy (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

 

Google Maps

We incorporate the maps from the Google Maps service from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In particular, the processed data can include the users’ IP addresses and location data, which is however, not collected without their consent (usually carried out in line with the settings in your mobile devices). The data can be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated