This privacy statement clarifies the nature, scope and purpose of the processing of personal data (hereinafter "data") within our online offer and the associated websites, functions and contents as well as external online presences, such as our social media profile (hereinafter collectively referred to as "online offer"). With regard to the terminology used, such as "processing" or "responsible person", we refer to the definitions in article 4 of the EU General Data Protection Regulation (GDPR).
Visitors and users of the online offer (hereinafter we refer to the persons concerned as "users").
"Personal data" shall be any information relating to an identified or identifiable natural person (hereinafter referred to as "the person concerned"); A natural person is considered to be identifiable if it can be identified, either directly or indirectly, in particular by assigning to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or to one or more special characteristics that are expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
"Processing" means any operation performed with or without help of automated procedures, or every series of operations in connection with personal data. The term extends far and covers virtually every use of data.
The "person responsible" shall mean the natural or legal entity, authority, institution or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.
In accordance with article 13 of the EU GDPR, we will inform you of the legal basis of our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: the legal basis for obtaining consent is Article 6 section 1 letter a and article 7 EU GDPR, the legal basis for processing in order to fulfil our services and to carry out contractual measures and to answer inquiries is Article 6 section 1 letter b EU GDPR, the legal basis for processing in order to comply with our legal obligations is article 6 section 1 letter c EU GDPR, and the legal basis for processing to protect our legitimate interests is Article 6 section 1 letter f EU GDPR. In the event that vital interests of the person concerned or of another natural person require the processing of personal data, article 6 section 1 letter d EU GDPR shall be used as a legal basis.
If we disclose data in terms of our processing to other persons and companies (processors or third parties), transmit data to them or otherwise grant them access to the data, this is only done:
If we entrust third parties with the processing of data on the basis of a so-called "contract processing contract", this is done on the basis of article 28 EU GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third party services or disclosure, or transmission of data to third parties, this only occurs when it is done to fulfil our (pre) contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permits, we process or leave the data in a third country only in the presence of the special conditions of article 44 ff. EU GDPR. This means processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy shield") or observance of officially recognised special contractual obligations (so-called "standard contractual clauses").
You have the right to request confirmation as to whether relevant data will be processed and the right for information about this data as well as on further details and copy of the data in accordance with article 15 EU GDPR.
You have accordingly to article 16 EU GDPR the right to request the completion of the data relating to you or the correction of incorrect data concerning you.
You have, in accordance with article 17 EU GDPR, the right to request that concerned data has to be deleted immediately or, alternatively, to require a restriction on the processing of the data in accordance with article 18 EU GDPR.
You have the right to demand that data relating to you, which you have provided to us, is given to you in accordance with article 20 of the EU GDPR and to request the transmission to other persons responsible.
According to Art. 77 GDPR, you also have the right to file a complaint with the competent supervisory authority.
You have the right to revoke your consent pursuant to article 7 section 3 of the EU GDPR with effect for the future
You can object to the future processing of your data in accordance with Article 21 EU GDPR at any time. The objection may in particular be made against processing for direct marketing purposes.
The data processed by us will be deleted or processing will be restricted in accordance with articles 17 and 18 EU GDPR. Unless expressly stated in the scope of this data protection declaration, the data stored with us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with statutory retention obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. i.e. the data is locked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, the storage is carried out in particular for 6 years pursuant to § 257 section 1 HGB (Trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for 10 years pursuant to § 147 section 1 AO (books, records, management reports, booking documents, trade and business letters, documents relevant for taxation, etc.).
We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use for the purpose of operating this online offer. Therefore we or our hosting provider processes stock data, contact data, content data, contract data, usage data, meta- and communication data of customers, interested parties and visitors of this online offer based on our legitimate interests of an efficient and secure provision of this online offer according to article 6 section 1 letter (f) EU GDPR in conjunction with article 28 EU GDPR.
We, respectively our hosting provider, collects on the basis of our legitimate interests within the meaning of article 6 section 1 letter f EU GDPR data about each access to the server on which this service resides (so-called server log files). The access data includes the name of the retrieved webpage, file, date and time of retrieval, transferred data quantity, message about successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g. for the investigation of abuse or fraud actions) and then deleted. Data for which further storage is required for evidence is excluded from the deletion until the final clarification of the respective incident.
When contacting us (e.g. via contact form, e-mail, telephone or via social media), the information of the user required for the activities based on the contact request are processed according to article 6 section 1 letter b EU GDPR. Users' information can be stored in a customer relationship management system ("CRM system") or a similar system of organizing requests. We will delete the requests if they are no longer required. We review the requirement every two years; The statutory archiving obligations also apply.
We use on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of article 6 section 1 letter f EU GDPR) the marketing and remarketing services (short "Google Marketing Services") of the Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google is certified under the Privacy Shield Agreement and provides a guarantee to comply with European Data protection Law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Marketing services allow us to more accurately display ads for and on our site to show users only ads that potentially match their interests. For example, if a user is shown ads for products for which he or she is interested in on other websites, this is called "remarketing". For these purposes, when we call up our and other websites where Google marketing services are active, Google will execute a code directly from Google and so called (Re) marketing tags (invisible graphics or code, also called "Web beacons") will be integrated into the website. With the help of this technology an individual cookie , i.e. a small file, is stored on the device of the user (instead of cookies comparable technologies can be used). The cookies can be set from different domains, including Google.com, Doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file is used to indicate which web pages the user is interested in, for which content he or she is interested in and on which offers he or she has clicked, as well as technical information about the browser and operating system, referring web pages, visiting time and other information regarding the use of the online offer. The IP address of the users is also recorded, whereby we inform in the context of Google-Analytics that the IP address is shortened within the Member States of the European Union or in other contracting States of the Agreement on the European Economic Area and transferred in this shortened format. A unshortened transfer to a Google server in the United States is done only in exceptional cases and is then shortened there. The IP address is not merged with the user's data within other Google offerings. The above information may also be linked by Google to such information from other sources. When the user then visits other web pages, he or she can view the ads that are matched to his or her interests.
The user's data is processed under the Google Marketing services pseudonym. i.e. Google does not store and process the name or e-mail address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. i.e. from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected from Google Marketing services through users is sent to Google and stored in the US on Google's servers.
Among the Google marketing services we include the online advertising program "Google AdWords". In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". As a result, cookies cannot be tracked over the websites of AdWords customers. The information obtained using the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers will see the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that allows them to identify users personally.
We maintain online presences within social networks and platforms in order to communicate with the active customers, interested parties and users and to inform them about our services there. When calling and using the respective networks and platforms, the terms and conditions and the data processing guidelines of the respective operators apply. Unless otherwise stated in the context of our data protection declaration, the data of the users will be processed if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
We place within our online offer on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 section 1 letter f EU GDPR) content or service offers from third-party providers to incorporate their content and services, such as videos or fonts (hereinafter referred to as "content"). This always assumes that the third-party providers of this content perceive the IP address of the users, since they could not send the contents to their browsers without the IP address. The IP address is therefore required to display this content. We only endeavour to use such content, whose provider uses the IP address only to deliver the content. Third parties can also use so-called pixel tags (invisible graphics, also known as "Web beacons") for statistical or marketing purposes. The “pixel tags” can be used to evaluate the traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device, including technical information on the browser and operating system, referring web pages, visiting time and other information on the use of our online offer, as well as being linked to such information from other sources.