The protection of your personal rights and data is very important to us. We protect your data with appropriate technical and organizational measures and take the legal provisions on data protection very seriously, in particular the EU General Data Protection Regulation and the Federal Data Protection Act. Below you will find information on what data is collected in connection with your visit to this website and how it is used.
Legal basis for data processing
According to Art. 13 DSGVO, you should be informed about the legal basis of our data processing. If the legal basis is not mentioned in this privacy notice, the following applies:
The legal basis for data processing based on consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures and answering inquiries is Art. 6(1)(b) DSGVO, the legal basis for processing for the performance of our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing based on our legitimate interests is Art. 6(1)(f) DSGVO. If, on one occasion, vital interests of a data subject or another natural person make data processing of personal data necessary, we base this data processing on Art. 6 (1) lit. d DSGVO.
Disclosure of data to third parties and third-party providers
We only share your data with third parties (other persons or companies) if you consent to this or if this is otherwise permitted by law. This may be the case, for example, if this is necessary in the context of contract initiation or for the performance of a contractual obligation, Art. 6 para. 1 lit. b DSGVO, we comply with a legal obligation under Art. 6 para. 1 lit. c DSGVO or if the transfer serves our legitimate interests in accordance with Art. 6 para. 1 lit. f DSVGO in an economic and effective business operation.
If we involve subcontractors in the processing of your data, we ensure through legal precautions and appropriate technical and organizational measures that your data is protected and the relevant legal requirements are met. If we commission third parties with the processing of data on the basis of a so-called “order processing agreement”, this is done on the basis of Art. 28 DSGVO.
Should a subcontractor carry out data processing outside the European Union or the European Economic Area, the data will only be transferred there if an appropriate level of data protection is ensured at the location of the data processing, you have expressly consented to this, or other legal permission exists.
Data transfer to third countries
In some cases, data is also processed by our service providers in so-called third countries. These are countries outside the European Union (EU) or the European Economic Area (EEA). This happens either to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. However, such processing only takes place if the specific requirements of Art. 44 DSGVO are met. In these cases, too, an adequate level of data protection is ensured. This is because in these third countries there are either appropriate guarantees that a level of data protection comparable to the EU exists (e.g. for the USA through the “EU-US Privacy Shield”) or we involve our service providers via special contractual obligations that ensure this level of data protection (so-called “EU standard contractual clauses”).
Deletion of data
We delete or restrict the processing of personal data in accordance with Articles 17 and 18 of the GDPR. Stored data is generally deleted when it is no longer needed for your purpose, unless the deletion conflicts with legal retention obligations. We restrict data processing if the data cannot be deleted because it is to be used for other and legally permissible purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
In Germany, data is retained in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (AO) (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Insofar as you are expressly informed in our data protection information when data will be deleted, this specific statement on the deletion date will of course apply.
On our websites, we use SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
Automatically collected data
Personal data is any data that can be assigned to an identified or identifiable person. In principle, you can visit our websites without telling us who you are. For technical reasons, however, your IP address is always processed when you call up a website. Only in this way can the respective website be delivered to your browser.
Access data/server log files
We – or our hosting service provider on our behalf – automatically collect and store information in so-called server log files, which your browser automatically transmits to us when you access our website. These are: The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
We carry out this data processing on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The collection of this data serves IT security and protection against unauthorized use. In this respect, we reserve the right to check this data subsequently if we become aware of concrete indications of unlawful use. This data will not be merged with other data sources. This data is deleted within a maximum of 7 days after data collection, unless your continued storage is necessary until a specific incident is clarified.
Data collection in cookies
On our website we use so-called cookies. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer.
We use so-called session cookies. The use of these cookies is technically necessary to enable you, for example, to set your language. However, no further data collection takes place as a result. The cookies are usually deleted as soon as you close your browser.
We also use “persistent” or “permanent” cookies on our websites. These cookies remain stored until their expiration date passes or you delete them prematurely. These cookies allow us to recognize your browser when you visit our website again. We use these types of cookies, for example, for reach analysis.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. If you disable all cookies, the functionality of the websites may be limited.
Data that you consciously transmit to us – contacting us
If you contact us (e.g. by e-mail or telephone), your data will be processed for the purpose of handling the contact request and its processing.
This means that if personal data (such as your name or e-mail address) is collected when you contact us, this is because you are interested in our services, for example, or because you provide us with data to establish, define the content of or amend a contractual relationship between you and us (Art. 6 (1) lit. b DS-GVO) or have another request. In the latter case, we carry out the data processing on the basis of our legitimate interest in an effective external contact (Art. 6 para. 1 lit. f DS-GVO).
The personal data transmitted when contacting us will be stored, processed and deleted if it is no longer required for these purposes and further storage or processing for other legitimate interests does not take place and no legal retention obligations prevent deletion.
The hosting services used by us serve to provide the following services: Operation of the websites, computing capacity, storage space and database services.
Data that you enter in a web form on our website is transmitted directly to us by the hosting provider or kept available for us.
Our hosting provider processes contact data, inventory and content data, usage data, meta data and communication data of customers, interested parties and visitors on our website on our behalf. This is done on the basis of our legitimate interests in an efficient and secure provision of our websites pursuant to Art. 6 para. 1 lit. f DS-GVO in conjunction with. Art. 28 DS-GVO (order processing contract).
You can object to the storage of a user profile and information about your visit to our website by Hotjar as well as the setting of Hotjar tracking cookies on other websites via this link: https://www.hotjar.com/legal/compliance/opt-out
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in a shortened form, thus excluding the possibility of personal references. As far as the data collected about you a personal reference, this is excluded immediately and the personal data is deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
On our websites, we use external fonts, so-called web fonts, which are provided by Google Inc. for the uniform display of fonts: https://www.google.com/fonts (“Google Fonts”).
When you access the website, your browser loads the required web fonts into your browser cache so that the texts and fonts can be displayed correctly. The integration of Google Fonts is done by a server call at Google (usually in the USA). To make this technically possible, Google processes your IP address. Google records which fonts are loaded in your browser for statistical evaluation. Beyond that, however, no cookie is set that would store personal data.
If your browser does not support web fonts, a standard font from your computer will be used.
You can also object to Google processing your data for advertising purposes by opting out at http://www.google.de/settings/ads (“Manage the information Google uses to serve you ads”).
Google also processes your personal data in the US, but is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Rights of access, blocking and deletion
You have the right to request information about whether and how data concerning you is processed, further information and a copy of the data in accordance with Art. 15 DSGVO.
You have the right, in accordance with Art. 16 DSGVO, to request the completion of the data concerning you or the correction of incorrect data concerning you.
In accordance with Art. 17 of the GDPR, you have the right to demand that your data be deleted without delay or, alternatively, to demand restriction of the processing of the data in accordance with Art. 18 of the GDPR.
Right to data portability
According to Art. 20 DSGVO, you have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right of appeal to the competent supervisory authority
If you assume unlawful data processing, you are free to file a complaint with the competent supervisory authority. The competent supervisory authority in data protection matters is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to revoke your consent to data processing
You can revoke a declared consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of objection
You can also object to the processing of your personal data at any time in accordance with the legal requirements. The objection can be made in particular against the processing for purposes of direct advertising. Insofar as we provide you with an opt-out option in this data protection declaration, you can simply exercise your right of objection in this way.
Current valid status