PRIVACY POLICY

Preamble

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to simply as “data”) that we process, for which purposes, and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”). The terms used are not gender-specific.

Last updated:May 7, 2024

Controller

Nils Oberheim
Brunnenstraße 10
40223 Düsseldorf
E-mail address: nils.oberheim@oberheim-speakers.de
Imprint: https://oberheim-speakers.de/impressum/

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.

Types of data processed

• Inventory data.

• Payment data.

• Location data.

• Contact data.

• Content data.

• Contract data.

• Usage data.

• Meta, communication and procedural data.

• Log data.

Categories of data subjects

• Service recipients and clients.

• Interested parties.

• Communication partners.

• Users.

• Business and contractual partners.

Purposes of processing

• Provision of contractual services and fulfillment of contractual obligations.

• Communication.

• Security measures.

• Direct marketing.

• Reach measurement.

• Tracking.

• Office and organizational procedures.

• Conversion measurement.

• Target group formation.

• Organizational and administrative procedures.

• Feedback.

• Marketing.

• Profiles with user-related information.

• Provision of our online offering and user-friendliness.

• Information technology infrastructure.

• Public relations.

• Sales promotion.

• Business processes and commercial procedures.

Relevant legal bases

Relevant legal bases under the GDPR:

Below you will find an overview of the legal bases of the GDPR on the basis of which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) – The data subject has given consent to the processing of personal data concerning him or her for a specific purpose or several specific purposes.

Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that the interests, fundamental rights and freedoms of the data subject which require protection of personal data do not override those interests.

National data protection regulations in Germany:

In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and transfer as well as automated decision-making in individual cases including profiling. Furthermore, state data protection laws of the individual federal states may apply.

Security measures

In accordance with legal requirements, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access related to them, input, disclosure, ensuring availability, and their separation. Furthermore, have we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to threats to data. Furthermore, we take the protection of personal data into account already during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by data protection-friendly default settings.

Securing online connections through TLS/SSL encryption technology (HTTPS): In order to protect users’ data transmitted via our online services against unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the Internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator for users that their data is transmitted securely and in encrypted form.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, transfer of, and ensuring the availability and separation of the data. Furthermore, we have established procedures that guarantee the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data during the development and selection of hardware, software, and processes, in accordance with the principles of data protection by design and by default.

Securing online connections with TLS/SSL encryption technology (HTTPS): To protect user data transmitted through our online services from unauthorized access, we rely on TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user's browser (or between two servers), thus protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions meet the highest security standards. When a website is secured with an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transfer of personal data

In the course of our processing of personal data, it may occur that such data is transferred to other bodies, companies, legally independent organizational units, or persons or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the statutory requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.

International data transfers

Data processing in third countries:

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this shall only take place in accordance with the statutory requirements. If the level of data protection in the third country has been recognized by means of an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers shall only take place if the level of data protection is otherwise ensured, in particular through standard contractual clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or in the case of contractually or legally required transfers (Art. 49 para. 1 GDPR). Otherwise, we will inform you of the bases for the third-country transfer for the individual providers from the third country, whereby adequacy decisions shall apply as the primary basis. Information on third-country transfers and existing adequacy decisions can be found in the information offering of the European Commission can be taken from:

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de.

EU-US Trans-Atlantic Data Privacy Framework:

Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection for certain companies from the USA as safe by means of the adequacy decision of 10 July 2023. The list of certified companies as well as further information on the DPF can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We inform you within the scope of the privacy notices which service providers used by us are certified under the Data Privacy Framework.

General information on data storage and deletion

We delete personal data that we process in accordance with the statutory provisions as soon as the underlying consents are revoked or no further legal bases for processing exist. This applies to cases in which the original purpose of processing no longer applies or the data is no longer required. Exceptions to this rule exist if statutory obligations or special interests require longer storage or archiving of the data.

In particular, data that must be retained for commercial or tax law reasons or whose storage is necessary for legal enforcement or the protection of the rights of other natural or legal persons must be archived accordingly.

Our privacy notices contain additional information on the retention and deletion of data that applies specifically to certain processing operations.

If there are multiple specifications regarding the retention period or deletion deadlines of a data set, the longest period shall always apply.

If a period does not explicitly begin on a specific date and lasts at least one year, it shall automatically begin at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships in the context of which data is stored, the event triggering the period is the time at which the termination becomes effective or other termination of the legal relationship.

Data that is no longer stored for the originally intended purpose, but due to statutory requirements or other reasons, is processed by us exclusively for the reasons that justify its retention.

Further information on processing operations, procedures, and services:

  • Retention and deletion of data: The following general periods apply for retention and archiving under German law:
  • 10 years – Retention period for books and records, annual financial statements, inventories, management reports, opening balance sheets, as well as the working instructions and other organizational documents required for their understanding, accounting documents and invoices (Section 147 para. 3 in conjunction with para. 1 nos. 1, 4 and 4a AO, Section 14b para. 1 UStG, Section 257 para. 1 nos. 1 and 4, para. 4 HGB).
  • 6 years – Other business documents: received commercial or business letters, reproductions of sent commercial or business letters, other documents insofar as they are relevant for taxation, e.g. hourly wage slips, operating accounting sheets, calculation documents, price labels, but also payroll documents insofar as they are not already accounting documents and cash register strips (Section 147 para. 3 in conjunction with para. 1 nos. 2, 3, 5 AO, Section 257 para. 1 nos. 2 and 3, para. 4 HGB).

3 years – Data required to consider potential warranty and damage compensation claims or similar contractual claims and rights as well as to process related inquiries, based on previous business experience and customary industry practices, are stored for the duration of the regular statutory limitation period of three years (Sections 195, 199 BGB).

Rights of the data subjects

Rights of the data subjects under the GDPR:

As data subjects, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 GDPR:

Right to object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. Where personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

Right of withdrawal of consent: You have the right to withdraw any consent you have given at any time.

Right of access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain access to such data as well as further information and a copy of the data in accordance with the statutory provisions.

Right to rectification: In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the rectification of inaccurate data concerning you.

Right to erasure and restriction of processing: In accordance with the statutory provisions, you have the right to request that data concerning you be deleted without undue delay or, alternatively, to request restriction of the processing of the data in accordance with the statutory provisions.

Right to data portability: You have the right to receive data concerning you that you have provided to us, in accordance with the statutory provisions, in a structured, commonly used and machine-readable format or to request its transmission to another controller.

Complaint to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the provisions of the GDPR.

Business services

We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”), within the framework of contractual and comparable legal relationships and related measures and with regard to communication with the contractual partners (or pre-contractually), for example to respond to inquiries.

We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations, and remedies in the event of warranty and other service disruptions. In addition, we use the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations as well as corporate organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economically sound business management as well as in security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g. for the involvement of telecommunications, transport, and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers, or financial authorities). Within the framework of applicable law, we only pass on the data of contractual partners to third parties insofar as this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, such as for marketing purposes, within the scope of this privacy policy.

We inform the contractual partners which data is required for the aforementioned purposes before or within the scope of data collection, e.g. in online forms, by special markings (e.g. colors) or symbols (e.g. asterisks or similar), or personally.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e. generally after four years, unless the data is stored in a customer account, e.g. as long as it must be retained for archiving purposes for legal reasons (for example, for tax purposes generally ten years). Data that is provided to us by the contractual partner within the scope of an order that have been disclosed are deleted by us in accordance with the requirements and generally after the end of the assignment.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contact data (e.g. postal and email addresses or telephone numbers); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Service recipients and clients; interested parties. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; security measures; communication; office and organizational procedures; organizational and administrative procedures. Business processes and commercial procedures.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Online shop, order forms, e-commerce and delivery: We process the data of our customers in order to enable them to select, purchase, or order the selected products, goods, and related services, as well as their payment and delivery or execution. If required for the execution of an order, we use service providers, in particular postal, freight, and shipping companies, to carry out the delivery or execution for our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required information is marked as such within the order or comparable acquisition process and includes the information required for delivery or provision and billing as well as contact information in order to be able to make inquiries if necessary; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Business processes and procedures

Personal data of service recipients and clients – including customers, clients, or in special cases principals, patients, or business partners as well as other third parties – is processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates commercial processes in areas such as customer management, sales, payment transactions, accounting, and project management.

The collected data serves to fulfill contractual obligations and to design operational processes efficiently. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies, and the safeguarding of internal accounting and financial processes. In addition, the data supports the safeguarding of the rights of the controller and promotes administrative tasks as well as the organization of the company.

Personal data may be passed on to third parties insofar as this is necessary for the fulfillment of the stated purposes or legal obligations – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext); payment data (e.g. bank details, invoices, payment history – This text section must be unlocked with a premium license. – premiumtext premiumtext); contact data (e.g. postal and email addresses or – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext); content data (e.g. textual or visual messages and contributions as well as information relating to them, such as information on authorship – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext premiumtext); contract data (e.g. subject matter of the contract, term, customer category – This text section must be unlocked with a premium license. – premiumtext premiumtext); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext premiumtext premiumtext). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved – This text section must be unlocked with a premium license. – premiumtext premiumtext premiumtext).
  • Data subjects: Service recipients and clients; interested parties; communication partners. Business and contractual partners.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; office and organizational procedures. Business processes and commercial procedures.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Economic analyses and market research: For the fulfillment of commercial purposes and for identifying market trends and the wishes of contractual partners and users, the existing data on business transactions, contracts, inquiries, etc. are analyzed. The group of data subjects may include contractual partners, interested parties, customers, visitors, and users of the controller’s online offering. The performance of the analyses serves the purposes of business evaluations, marketing, and market research (e.g. to determine customer groups with different characteristics). Where available, profiles of registered users together with their information on services used are taken into account. The analyses serve exclusively the controller and are not disclosed externally unless they are anonymous analyses with aggregated, i.e. anonymized, values. In addition, the privacy of users is taken into account; the data is processed for analysis purposes in a pseudonymized manner where possible and, where feasible, anonymized (e.g. as aggregated data); legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Payment procedures

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the data subjects efficient and secure payment options and use additional service providers in addition to banks and credit institutions (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes inventory data, such as name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract-related, amount-related, and recipient-related information. This information is required in order to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information with confirmation or negative information regarding the payment. Under certain circumstances, the payment service providers may transmit the data to credit agencies. This transmission serves the purpose of identity and creditworthiness checks. In this regard, we refer to the GTC and the privacy notices of the payment service providers.

The terms and conditions and the privacy notices of the respective payment service providers apply to payment transactions and can be accessed on the respective websites or transaction applications. We also refer to these for further information and for asserting rights of withdrawal, access, and other data subject rights.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); payment data (e.g. bank details, invoices, payment history); contract data (e.g. subject matter of the contract, term, customer category); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Service recipients and clients; business and contractual partners. Interested parties.
  • Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Business processes and commercial procedures.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Mastercard: Payment services (technical connection of online payment methods); service provider: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website: https://www.mastercard.de/de-de.html. Privacy policy: https://www.mastercard.de/de-de/datenschutz.html.
  • PayPal: Payment services (technical connection of online payment methods) (e.g. PayPal, PayPal Plus, Braintree); service provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website: https://www.paypal.com/de. Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
  • Visa: Payment services (technical connection of online payment methods); service provider: Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, UK; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR); website: https://www.visa.de; privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html. Basis for third-country transfers: adequacy decision (UK).

Provision of the online offering and web hosting

We process users’ data in order to be able to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the users’ browser or end device.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons); log data (e.g. log files relating to logins or the retrieval of data or access times). Content data (e.g. textual or visual messages and contributions as well as the data relating to them the information relating to them, such as information on authorship or the time of creation).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); security measures. Provision of contractual services and fulfillment of contractual obligations.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Provision of the online offering on rented storage space: For the provision of our online offering, we use storage space, computing capacity, and software that we rent or otherwise obtain from a corresponding server provider (also referred to as “web host”); legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files.” The server log files may include the address and name of the accessed websites and files, date and time of access, transmitted data volumes, notification of successful access, browser type including version, the user’s operating system, referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and on the other hand, to ensure server utilization and stability; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Deletion of data: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
  • Email dispatch and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders as well as other information relating to email dispatch (e.g. the providers involved) and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. We ask you to note that emails are generally not sent encrypted on the Internet. As a rule, emails are encrypted during transmission, but (unless a so-called end-to-end encryption procedure is used) not on the servers from which they are sent and received. We can therefore assume no responsibility for the transmission path of emails between the sender and receipt on our server; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • 1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities); service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.ionos.de; privacy policy: https://www.ionos.de/terms-gtc/terms-privacy. Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Use of cookies

Cookies are small text files or other storage notes that store information on end devices and read information from them. For example, to store the login status in a user account, the contents of a shopping cart in an e-shop, the accessed content, or functions used in an online offering. Cookies may also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings and for creating analyses of visitor flows.

Notes on consent: We use cookies in accordance with statutory provisions. Therefore, we obtain prior consent from users unless it is not required by law. Permission is not required in particular if the storage and reading of information, including cookies, is absolutely necessary in order to provide users with a telemedia service expressly requested by them (i.e. our online offering). The revocable consent is clearly communicated to users and contains information about the respective use of cookies.

Notes on data protection legal bases: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we ask users for consent. If users accept, the legal basis for the use of their data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offering and the improvement of its usability) or, if this takes place within the framework of fulfilling our contractual obligations, if the use of cookies is necessary in order to comply with our contractual obligations. We explain the purposes for which cookies are used by us in the course of this privacy policy or within the scope of our consent and processing procedures.

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

 Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user leaves an online offering and closes their end device (e.g. browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be stored and preferred content can be displayed directly when the user visits a website again. Likewise, usage data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g. as part of obtaining consent), they should assume that these are permanent and that the storage duration may be up to two years.

General notes on withdrawal and objection (opt-out):

Users may revoke the consents they have given at any time and may also declare an objection to processing in accordance with the statutory provisions, including by means of their browser’s privacy settings.

  • Types of data processed: Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Further information on processing operations, procedures, and services:

  • Processing of cookie data on the basis of consent: We use a consent management solution in which users’ consent to the use of cookies or to the procedures and providers named within the consent management solution is obtained. This procedure serves to obtain, document, manage, and revoke consents, in particular with regard to the use of cookies and comparable technologies that are used to store, read, and process information on users’ end devices. Within the scope of this procedure, users’ consents for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management procedure, are obtained. Users also have the option to manage and revoke their consents. The consent declarations are stored in order to avoid repeated requests and to be able to provide proof of consent in accordance with statutory requirements. Storage takes place server-side and/or in a cookie (so-called opt-in cookie) or by means of comparable technologies in order to be able to assign the consent to a specific user or their device. If no specific information on the providers of consent management services is available, the following general information applies: the duration of storage of the consent is up to two years. In doing so, a pseudonymous user identifier is created, which is stored together with the time of consent, information on the scope of consent (e.g. relevant categories of cookies and/or service providers) as well as information about the browser, the system, and the end device used; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Contact and inquiry management

When contacting us (e.g. by post, contact form, email, telephone, or via social media) as well as within the framework of existing user and business relationships, the information provided by the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as information relating to them, such as information on authorship or time of creation); usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Communication partners.
  • Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g. collection of feedback via online form). Provision of our online offering and user-friendliness.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further information on processing operations, procedures, and services:

  • Contact form: When contacting us via our contact form, by email, or other communication channels, we process the personal data transmitted to us in order to answer and process the respective request. This usually includes information such as name, contact information, and, if applicable, further information that is communicated to us and is required for appropriate processing. We use this data exclusively for the stated purpose of contacting and communication; legal bases: performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Newsletter and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) exclusively with the consent of the recipients or on the basis of a legal provision. If the contents of the newsletter are specified during registration, these contents are decisive for the users’ consent. Registration for our newsletter usually requires only the provision of your email address. However, in order to be able to offer you a personalized service, we may ask you to provide your name for personal addressing in the newsletter or further information if this is necessary for the purpose of the newsletter.

Deletion and restriction of processing:

We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a potential defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocking list (so-called “block list”).

The logging of the registration process is carried out on the basis of our legitimate interests for the purpose of proving its proper execution. If we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests in an efficient and secure dispatch system.

Contents:

Information about us, our services, campaigns, and offers.

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • Right to object (opt-out): You may cancel the receipt of our newsletter at any time, i.e. revoke your consent or object to further receipt. You will find a link to cancel the newsletter either at the end of each newsletter or you may otherwise use one of the contact options listed above, preferably email, for this purpose.

Advertising communication via email, post, fax, or telephone

We process personal data for purposes of advertising communication, which may take place via various channels such as email, telephone, post, or fax in accordance with statutory provisions.

Recipients have the right to revoke any consent given at any time or to object to advertising communication at any time.

After revocation or objection, we store the data required to prove the previous authorization to contact or send communications for up to three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing users’ revocation or objection, we also store the data required to prevent renewed contact (e.g. depending on the communication channel, the email address, telephone number, name).

  • Types of data processed: Inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers). Content data (e.g. textual or visual messages and contributions as well as information relating to them, such as information on authorship or time of creation).
  • Data subjects: Communication partners.
  • Purposes of processing: Direct marketing (e.g. by email or post); marketing. Sales promotion.
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Web analytics, monitoring, and optimization

Web analytics (also referred to as “reach measurement”) serves to evaluate the visitor flows of our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. With the help of reach analysis, we can, for example, recognize at what time our online offering or its functions or content are most frequently used, or invite reuse. Likewise, it enables us to understand which areas require optimization.

In addition to web analytics, we may also use test procedures, for example to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles, i.e. data summarized for a usage process, may be created for these purposes and information may be stored in a browser or on an end device and then read. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data to us or to the providers of the services we use, the processing of location data is also possible.

In addition, the users’ IP addresses are stored. However, we use an IP masking procedure (i.e. pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as email addresses or names) is stored within the scope of web analytics, A/B testing, and optimization, but rather pseudonyms. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.

Notes on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles). Provision of our online offering and user-friendliness.
  • Security measures: IP masking (pseudonymization of the IP address).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Google Analytics: We use Google Analytics to measure and analyze the use of our online offering on the basis of a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to an end device in order to determine which content users have accessed within one or more usage processes, which search terms they have used, whether they have accessed these again, or interacted with our online offering. The time of use and its duration are also stored, as well as the sources of users that refer to our online offering and technical aspects of their end devices and browsers. In this process, pseudonymous profiles of users are created with information from the use of different devices, whereby cookies may be used. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics provides rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU data traffic, IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for further purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website: https://marketingplatform.google.com/intl/de/about/analytics/; security measures: IP masking (pseudonymization of the IP address); privacy policy: https://policies.google.com/privacy; data processing agreement: https://business.safety.google/adsprocessorterms/; basis for third-country transfers: Data Privacy Framework (DPF); right to object (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising insertions: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and processed data).

Online marketing

We process personal data for the purpose of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "content") based on the potential interests of users, as well as the measurement of its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie") or similar methods are used to store user information relevant to displaying the aforementioned content. This information may include, for example, viewed content, visited websites, used online networks, as well as communication partners and technical data such as the browser used, the computer system used, and information about usage times and functions used. If users have consented to the collection of their location data, this data may also be processed.

In addition, users' IP addresses are stored. However, we use available IP masking methods (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no clear user data (such as email addresses or names) is stored as part of the online marketing process; instead, pseudonyms are used. This means that neither we nor the providers of the online marketing methods know the actual user identity, but only the information stored in their profiles.

The information contained in the profiles is typically stored in cookies or using similar methods. These cookies can later be read on other websites that use the same online marketing method and analyzed for the purpose of displaying content, supplemented with further data, and stored on the server of the online marketing provider.

In exceptional cases, it is possible to associate personal data with profiles, primarily when users are, for example, members of a social network whose online marketing methods we use and the network links the user profiles with the aforementioned information. Please note that users may enter into additional agreements with the providers, for example, by giving their consent during registration.

We generally only receive access to aggregated information about the success of our advertisements. However, through conversion tracking, we can analyze which of our online marketing methods have led to a conversion, i.e., a contract signed with us. Conversion tracking is used solely for the purpose of analyzing the success of our marketing activities.

Unless otherwise stated, please assume that the cookies used will be stored for a period of two years.

Information on legal bases:If we request users' consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., our interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Information on cancellation and objection:

We refer you to the privacy policies of the respective providers and the opt-out options provided by them. If no explicit opt-out option is specified, you can disable cookies in your browser settings. However, this may limit the functionality of our website. We therefore also recommend the following opt-out options, which are offered for specific areas:

a) Europe:https://www.youronlinechoices.eu.

b) Canada:https://www.youradchoices.ca/choices.

c) USA:https://www.aboutads.info/choices.

d) Across regions:https://optout.aboutads.info.

  • Data types processed:Usage data (e.g., page views and time spent on the page, click paths, usage intensity and frequency, device types and operating systems used, interactions with content and functions). Metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, persons involved).
  • Affected persons:Users (e.g., website visitors, users of online services).
  • Purposes of processing:Audience measurement (e.g., access statistics, recognition of returning visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); target group creation; marketing; profiles with user-related information (creation of user profiles). Conversion measurement (measuring the effectiveness of marketing measures).
  • Security measures:IP masking (pseudonymization of the IP address).
  • Legal basis:Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Further information on processing procedures, methods and services:

  • Google Ads and conversion measurement:Online marketing methods for placing content and advertisements within the service provider's advertising network (e.g., in search results, videos, on websites, etc.) so that they are displayed to users who have a likely interest in the advertisements. We also measure ad conversions, i.e., whether users have taken the opportunity to interact with the advertisements and use the advertised offers (so-called conversions). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website:https://marketingplatform.google.comPrivacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed:https://business.safety.google/adsservices/Data processing conditions between controllers and standard contractual clauses for third-country data transfers:https://business.safety.google/adscontrollerterms.
  • Google AdSense with personalized ads:We integrate the Google AdSense service, which allows us to place personalized ads within our online offering. Google AdSense analyzes user behavior and uses this data to display targeted advertising tailored to the interests of our visitors. We receive financial compensation for each ad placement or other use of these ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Website:https://marketingplatform.google.comPrivacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed:https://business.safety.google/adsservices/Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country data transfers:https://business.safety.google/adscontrollerterms.
  • Google AdSense with non-personalized ads:We use the Google AdSense service to display non-personalized ads on our website. These ads are not based on individual user behavior, but are selected based on general characteristics such as the content of the page or your approximate geographic location. We receive compensation for displaying or otherwise using these ads; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal basis: consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); website:https://marketingplatform.google.comPrivacy Policy:https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF); Further information: Types of processing and data processed:https://business.safety.google/adsservices/Data processing terms for Google advertising products: Information on the services, data processing terms between controllers and standard contractual clauses for third-country data transfers:https://business.safety.google/adscontrollerterms.

Presences in social networks (social media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to provide information about us.

We point out that user data may be processed outside the territory of the European Union. This may result in risks for users, for example because the enforcement of user rights may be more difficult.

Furthermore, users’ data within social networks is generally processed for market research and advertising purposes. For example, usage profiles may be created on the basis of users’ usage behavior and the resulting interests. These profiles may in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to users’ interests. Therefore, cookies are generally stored on users’ computers in which users’ usage behavior and interests are stored. In addition, data may also be stored in usage profiles regardless of the devices used by users (in particular if they are members of the respective platforms and logged in there).

For a detailed presentation of the respective forms of processing and the objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.

Also in the case of requests for information and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only they have access to the user data and can directly take appropriate measures and provide information. If you nevertheless require assistance, you may contact us.

  • Types of data processed: Contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as information relating to them, such as information on authorship or time of creation). Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Communication; feedback (e.g. collection of feedback via online form). Public relations.
  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Further information on processing operations, procedures, and services:
  • Instagram: Social network; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.instagram.com; privacy policy: https://instagram.com/about/legal/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
  • Facebook pages: Profiles within the social network Facebook – We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data of visitors to our Facebook page (so-called “fan page”). This data includes information on the types of content that users view or interact with, or actions taken by them (see under “Things you and others do and provide” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under “Device Information” in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services, so-called “Page Insights”, to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a specific agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill data subject rights (i.e. users can, for example, address requests for information or deletion directly to Facebook). Users’ rights (in particular the right of access, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the “Page Insights Information” (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint responsibility is limited to the collection of data by and transmission to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which applies in particular to the transfer of data to the parent company Meta Platforms, Inc. in the USA; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.facebook.com; privacy policy: https://www.facebook.com/about/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
  • LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data of visitors that is created for the purpose of generating “page insights” (statistics) of our LinkedIn profiles.
  • This data includes information on the types of content that users view or interact with, or actions taken by them, as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data) and information from users’ profiles such as job function, country, industry, seniority level, company size, and employment status. Data protection information on the processing of users’ data by LinkedIn can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy
  • We have concluded a specific agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the ‘Addendum’)”, https://legal.linkedin.com/pages-joint-controller-addendum), which regulates in particular which security measures LinkedIn must observe and in which LinkedIn has agreed to fulfill data subject rights (i.e. users can, for example, address requests for information or deletion directly to LinkedIn). Users’ rights (in particular the right of access, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. Joint responsibility is limited to the collection of data by and the transfer to Ireland Unlimited Company, a company based in the EU. Further processing of the data is the sole responsibility of Ireland Unlimited Company, which applies in particular to the transfer of data to the parent company LinkedIn Corporation in the USA; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; basis for third-country transfers: Data Privacy Framework (DPF). Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • X: Social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)
  • GDPR). Privacy policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).

  • Plug-ins and embedded functions and content

  • We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as “content”).
  • Integration always requires that the third-party providers of this content process users’ IP addresses, as they would not be able to send the content to users’ browsers without an IP address. The IP address is therefore required for the display of this content or functions. We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit, as well as further information on the use of our online offering, but may also be combined with such information from other sources.

Notes on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical, and recipient-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of data processed: Usage data (e.g. page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g. IP addresses, time data, identification numbers, involved persons); inventory data (e.g. full name, residential address, contact information, customer number, etc.); contact data (e.g. postal and email addresses or telephone numbers); content data (e.g. textual or visual messages and contributions as well as information relating to them, such as information on authorship or time of creation); location data (information on the geographical position of a device or a person).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness; marketing. Profiles with user-related information (creation of user profiles).
  • Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Further information on processing operations, procedures, and services:

  • Google Fonts (provision on own server): Provision of font files for the purpose of a user-friendly presentation of our online offering; service provider: the Google Fonts are hosted on our server, no data is transmitted to Google; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
  • Google Fonts (retrieval from Google server): Retrieval of fonts (and symbols) for the purpose of technically secure, maintenance-free, and efficient use of fonts and symbols with regard to up-to-dateness and loading times, their uniform display, and consideration of possible licensing restrictions. The user’s IP address is transmitted to the font provider so that the fonts can be made available in the user’s browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) is transmitted that is necessary for providing the fonts depending on the devices used and the technical environment. This data may be processed on a server of the font provider in the USA – When visiting our online offering, users’ browsers send their browser HTTP requests to the Google Fonts Web API (i.e. a software interface for retrieving fonts). The Google Fonts Web API provides users with the Cascading Style Sheets (CSS) of Google Fonts and then the fonts specified in the CSS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (i.e. the webpage on which the Google font is to be displayed). IP addresses are neither logged nor stored on Google servers, and they are not analyzed. The Google Fonts Web API logs details of the HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to load fonts. This data is logged so that Google can determine how often a particular font family is requested. With the Google Fonts Web API, the user agent must adapt the font that is generated for the respective browser type. The user agent is primarily logged and used for debugging and to generate aggregated usage statistics with which the popularity of font families is measured. These aggregated usage statistics are published on the “Analytics” page of Google Fonts. Finally, the referrer URL is logged so that the data can be used for production maintenance and an aggregated report on the top integrations based on the number of font requests can be generated. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to display targeted advertising; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://fonts.google.com/; privacy policy: https://policies.google.com/privacy; basis for third-country transfers: Data Privacy Framework (DPF). Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
  • Google Maps: We integrate the maps of the “Google Maps” service provided by Google. The processed data may include, in particular, users’ IP addresses and location data; service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website: https://mapsplatform.google.com/; privacy policy: https://policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).
  • Instagram plugins and content: Instagram plugins and content – This may include, for example, content such as images, videos, or texts and buttons that enable users to share content of this online offering within Instagram. – We are jointly responsible with Meta Platforms Ireland Limited for the collection or receipt within the scope of a transfer (but not the further processing) of “event data” that Facebook collects by means of Instagram functions (e.g. embedding functions for content) that are executed on our online offering or receives within the scope of a transfer for the following purposes: a) display of content and advertising information that corresponds to users’ presumed interests; b) delivery of commercial and transactional messages (e.g. addressing users via Facebook Messenger); c) improvement of ad delivery and personalization of functions and content (e.g. improvement of recognizing which content or advertising information presumably corresponds to users’ interests). We have concluded a specific agreement with Facebook (“Controller Addendum”, https://www.facebook.com/legal/controller_addendum), which regulates in particular which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill data subject rights (i.e. users can, for example, direct requests for information or deletion directly to Facebook). Note: If Facebook provides us with metrics, analyses, and reports (which are aggregated, i.e. do not contain information on individual users and are anonymous to us), then this processing does not take place within the scope of joint controllership, but on the basis of a data processing agreement (“Data Processing Terms”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Terms” (https://www.facebook.com/legal/terms/data_security_terms), and, with regard to processing in the USA, on the basis of standard contractual clauses (“Facebook EU Data Transfer Addendum”, https://www.facebook.com/legal/EU_data_transfer_addendum). Users’ rights (in particular the right of access, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.instagram.com. Privacy policy: https://instagram.com/about/legal/privacy/.
  • LinkedIn plugins and content: LinkedIn plugins and content – This may include, for example, content such as images, videos, or texts and buttons that enable users to share content of this online offering within LinkedIn; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal bases: legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR); website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy; data processing agreement: https://legal.linkedin.com/dpa; basis for third-country transfers: Data Privacy Framework (DPF). Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • YouTube videos: Video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy; basis for third-country transfers: Data Privacy Framework (DPF). Right to object (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for the display of advertising insertions: https://myadcenter.google.com/personalizationoff.
  • YouTube videos: Video content; YouTube videos are embedded via a special domain (recognizable by the component “youtube-nocookie”) in the so-called “extended data protection mode”, whereby no cookies are collected for user activities in order to personalize video playback. Nevertheless, information on users’ interaction with the video (e.g. remembering the last playback position) may be stored; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; legal bases: consent (Art. 6 para. 1 sentence 1 lit. a GDPR); website: https://www.youtube.com; privacy policy: https://policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).

Supervisory authority responsible for us

Ministry of the Interior

of the State of North Rhine-Westphalia

Friedrichstr. 62–80

40217 Düsseldorf

Germany

Phone: +49 211 871-01

Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke