Data privacy statement

Introduction

With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") we process for which purposes and to what extent. The Data protection declaration applies to all processing of personal data carried out by us, both within the framework the provision of our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as as "online offer").

The terms used are not gender specific.

As of July 1, 2022

Table of Contents

• Introduction
• Overview of processing
• Relevant legal bases
• Security Measures
• Data processing in third countries
• Deletion of data
• Use of cookies
• Business Achievements
• Provision of the online offer and web hosting
• Contact and request management
• Newsletters and electronic notifications
• Web analysis, monitoring and optimization
• Plugins and embedded functions and content
• Definitions of terms

Overview of processing

The following overview summarizes the types of data processed and the purposes for which they are processed refers to the persons concerned.

Types of data processed

• Inventory data.
• Payment details.
• Contact details.
• Content data.
• Contract data.
• Usage data.
• Meta/Communication Data.

Categories of data subjects

• Customers.
• Prospects.
• Communication partner.
• Users.
• Business and contractual partners.

Purposes of processing

• Provision of contractual services and customer service.
• Contact requests and communication.
• Direct marketing.
• Reach measurement.
• Office and organizational procedures.
• Conversion measurement.
• Managing and responding to requests.
• Feedback.
• Profiles with user-related information.
• Provision of our online offer and user-friendliness.
• Information technology infrastructure.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data in the Data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to Information, the right to erasure, the right to object, the processing of special categories of personal data data, for processing for other purposes and for transmission and automated decision-making in Individual case including profiling. It also regulates data processing for the purposes of Employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. Furthermore, state data protection laws of apply to individual federal states.

Security Measures

We meet in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural Persons take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk guarantee.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data Control of physical and electronic access to the data, as well as access related to them input, forwarding, ensuring availability and their separation. We also have procedures set up, which enables the rights of data subjects to be exercised, the deletion of data and reactions to the threat of the data. Furthermore, we already take the protection of personal data into account during development or selection of hardware, software and procedures in accordance with the principle of data protection Technical design and through data protection-friendly default settings.

SSL encryption (https): In order to protect your data transmitted via our online offer, we use a SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your Browsers.

Data processing in third countries

If we store data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) process or the processing in the context of the use of third party services or disclosure or transmission of data to other persons, bodies or companies, this only takes place in accordance with the legal requirements.

Process subject to express consent or contractually or legally required transfer or do we leave the data only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, if certifications are available or more binding process internal data protection regulations (Articles 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

Deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as they are ready for processing permitted consents are revoked or other permissions no longer apply (e.g. if the purpose of the processing of this data has been omitted or is not required for the purpose). If the data is not deleted, because they are required for other and legally permissible purposes, their processing is limited to these purposes limited. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons or their storage to assert, exercise or defense of legal claims or to protect the rights of another natural or legal entity is required.

Our data protection information may also contain further information on the storage and deletion of data that apply with priority to the respective processing.

Use of cookies

Cookies are small text files or other memory notes that store information on end devices and Read information from the end devices. E.g. the login status in a user account, a shopping cart content in an e-shop, store the content called up or the functions used of an online offer. Cookies can also be used for different purposes, e.g. for purposes of functionality, security and Comfort of online offers and the creation of analyzes of visitor flows.

Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except where not required by law is. In particular, consent is not necessary if the information is stored and read out, i.e also of cookies, which are absolutely necessary in order to provide the users with one of the services they have expressly requested To provide telemedia service (i.e. our online offer). The revocable consent is given to clearly communicated to the users and contains the information on the respective cookie use.

Notes on the legal basis under data protection law: On which data protection law The legal basis for us processing the personal data of users with the help of cookies depends on whether we Ask users for consent. If users consent, the legal basis for processing is yours Data the declared consent. Otherwise, the data processed using cookies will be based on our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or if this is part of the fulfillment of our contractual obligations takes place if the use of cookies is necessary to fulfill our contractual obligations. to We will clarify the purposes for which the cookies are processed by us in the course of this data protection declaration as part of our consent and processing processes.

Storage period: In terms of storage period, the following types of cookies are used distinguished:

• Temporary cookies (also: session or session cookies): Temporary cookies are no later than deleted after a user has left an online offer and his end device (e.g. browser or mobile application) has closed.
• Permanent cookies: Permanent cookies remain even after the end device is closed saved. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies Users are used to measure reach. Unless we give users explicit information about the type and Inform users of the storage period of cookies (e.g. when obtaining consent). assume that cookies are permanent and the storage period can be up to two years.

General information on revocation and objection (opt-out): Users can submit the Revoke consent at any time and also object to processing in accordance with statutory provisions Insert requirements in Art. 21 GDPR. Users can also object via their browser settings explain, e.g. by deactivating the use of cookies (which also affects the functionality of our online services may be limited). An objection to the use of cookies Online marketing purposes can also be carried out via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Business services

We process data from our contractual and business partners, e.g. customers and interested parties (summary referred to as "contractual partner") in the context of contractual and comparable legal relationships and therewith related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to to answer inquiries.

We process this data in order to fulfill our contractual obligations. These include in particular the Obligations to provide the agreed services, any update obligations and remedy Warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of the administrative tasks associated with these obligations as well as the company organization. In addition, we process the data on the basis of our legitimate interests in a proper and business management as well as security measures to protect our contractual partners and of our business operations against misuse, endangerment of your data, secrets, information and rights (e.g. for Involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we provide the data by contractual partners to third parties only insofar as this is necessary for the aforementioned purposes or for fulfilment legal obligations is required. About other forms of processing, e.g. for marketing purposes, the contractual partners within the framework of this data protection declaration.

We will inform the contractual partners before or within the framework of which data is required for the aforementioned purposes Data collection, e.g. in online forms, through special identification (e.g. colors) or symbols (e.g. asterisks or similar), or in person.

We delete the data after the expiry of statutory warranty and comparable obligations, i.e., as a matter of principle after 4 years, unless the data is stored in a customer account, e.g. for as long as they are out must be kept for legal reasons of archiving. The legal retention period is at documents relevant to tax law as well as trading books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents required to understand these documents and Accounting documents ten years as well as commercial and business letters received and reproductions of those sent Commercial and business letters six years. The period begins at the end of the calendar year in which the last Entry made in the book, the inventory, the opening balance sheet, the financial statements or the management report drawn up, the commercial or business letter has been received or sent or the accounting document has been created, furthermore, the recording has been made or the other documents have been created.

Insofar as we use third-party providers or platforms to provide our services, the relationship between users and providers the terms and conditions and data protection notices of the respective third-party providers or platforms.

• Types of data processed: Inventory data (e.g. names, addresses); payment details (e.g. bank details, invoices, payment history); Contact information (e.g. email, phone numbers); Contract data (e.g. Subject of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Persons affected: interested parties; business and contractual partners; customers.
• Purposes of processing: Provision of contractual services and customer service; contact requests and communication; office and organizational procedures; managing and responding to inquiries; Conversion measurement (measurement of the effectiveness of marketing measures); Profiles with user-related information (Creating user profiles).
• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. GDPR).

Further information on processing, procedures and services:

• Economic analysis and market research: For business reasons and around In order to be able to identify market trends, the wishes of contractual partners and users, we analyze the data available to us Data on business transactions, contracts, inquiries, etc., being included in the group of data subjects Contractual partners, interested parties, customers, visitors and users of our online offer. The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we can, if available, the profiles of registered users together with their information, e.g. on services used, consider. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e. anonymous values. Furthermore, we take into account the privacy of the users and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymous (e.g. as aggregated data); Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).
• Artistic and literary services: We process the data of our clients in order to them the selection, acquisition or commissioning of the selected services or works as well as related ones To enable activities as well as their payment and delivery or execution or provision. The required information is as such in the context of the contract, order or comparable of the conclusion of the contract and include the information required for delivery and billing as well as Contact information to be able to hold any consultations; Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO).
• Project and development services: We process the data of our customers as well as Clients (hereinafter uniformly referred to as "customers") to enable them to select, purchase or Commissioning of the selected services or works and related activities as well as their payment and To enable provision or execution or provision. The required information is as such in the context of the contract, order or comparable of the conclusion of the contract and include the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations. As far as we have access to information of end customers, employees or other persons, we process them in accordance with the law and contractual requirements; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR).
• Offering software and platform services: We process the data of our users, registered and any test users (hereinafter referred to as "users") to you to be able to provide our contractual services and, on the basis of legitimate interests, to To ensure the security of our offer and to be able to develop it further. The information required is identified and included as such within the framework of the contract, order or comparable contract conclusion the information required for the provision of services and billing as well as contact information in order to to be able to hold consultations; Legal basis: Performance of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR).

Provision of the online offer and web hosting

In order to be able to provide our online offer securely and efficiently, we use the services of one or several web hosting providers, from their servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.

All users of our Information relating to the online offer that arises in the context of use and communication. For this regularly include the IP address, which is necessary to deliver the content of online offers to browsers can, and all entries made within our online offer or from websites.

• Types of data processed: content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Persons affected: users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Further information on processing, procedures and services:

• Email delivery and hosting: The web hosting services we use include also the sending, receiving and storing of e-mails. For these purposes, the addresses of Recipients and senders as well as further information regarding the e-mail dispatch (e.g. the parties involved provider) as well as the content of the respective e-mails. The aforementioned data can also be used for purposes the detection of SPAM are processed. We ask you to note that e-mails on the Internet are generally are not sent encrypted. As a rule, e-mails are encrypted during transport, but (unless a so-called end-to-end encryption method is used) not on the servers from which they are sent and received. We are therefore responsible for the transmission path of the e-mails between the assume no responsibility for the sender and receipt on our server; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
• Collection of access data and log files: We (or our web hosting provider) collect them Data on each access to the server (so-called server log files). The address and Name of the websites and files accessed, date and time of access, amounts of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page) and usually IP addresses and the requesting provider. On the one hand, the server log files can be used for security purposes, e.g. to prevent overloading of the to avoid servers (especially in the case of abusive attacks, so-called DDoS attacks) and to others to ensure server utilization and stability; Legal bases: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further storage is required for evidentiary purposes are until the final Clarification of the respective incident excluded from the deletion.

Contact and request management

When contacting us (e.g. via contact form, e-mail, telephone or via social media) as well as in the framework existing user and business relationships, the details of the requesting persons are processed insofar as this is necessary for Answering the contact requests and any requested measures is required.

Answering contact inquiries and managing contact and inquiry data within the framework of contractual or pre-contractual relationships takes place to fulfill our contractual obligations or to answer (Pre)contractual inquiries and otherwise on the basis of legitimate interests in answering the Inquiries and maintenance of user and business relationships.

• Types of data processed: contact details (e.g. e-mail, telephone numbers); content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Persons affected: Communication partners.
• Purposes of processing: Provision of contractual services and customer service; contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness.
• Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Further information on processing, procedures and services:

• Contact form: When users use our contact form, email or other means of communication contact us, we process the data communicated to us in this context to process the communicated concern. For this purpose, we process personal data in the context of pre-contractual and contractual business relationships, insofar as this is necessary for their fulfillment and otherwise on the basis of our legitimate interests and the interests of the communication partners in answering the concerns and our legal retention requirements; Legal basis: performance of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. DSGVO), legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Newsletters and electronic notifications

We send newsletters, e-mails and other electronic notifications (hereinafter "newsletters") only with the Consent of the recipient or a legal permission. If as part of a registration for the newsletter Contents are specifically described, they are decisive for the consent of the user. Incidentally, our Newsletter Information about our services and us.

In order to register for our newsletter, it is generally sufficient if you enter your e-mail address. we However, you can ask for a name so that we can address you personally in the newsletter, or other information, if these are necessary for the purposes of the newsletter.

Double opt-in procedure: Registration for our newsletter takes place in one step so-called double opt-in procedure. This means that after registration you will receive an e-mail asking for confirmation will be asked for your registration. This confirmation is necessary so that no one can log in with someone else's e-mail address can register. Registrations for the newsletter are logged in order to ensure that the registration process is carried out in accordance with the to be able to prove legal requirements. This includes the storage of the registration and Confirmation time as well as the IP address. Likewise, the changes of your at the shipping service provider saved data is logged.

Deletion and restriction of processing: We can use the unsubscribed e-mail addresses up to three years on the basis of our legitimate interests before we delete them to a formerly given to be able to prove consent. The processing of this data is based on the purpose of a possible defense against claims limited. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed. In the case of obligations to permanently observe contradictions we reserve the right to store the e-mail address in a blacklist (so-called "Blocklist").

The registration process is logged on the basis of our legitimate interests for the purposes of Evidence of its due process. If we commission a service provider to send emails, this is based on our legitimate interests in an efficient and secure shipping system.

Information about us, our services, promotions and offers.

• Types of data processed: Inventory data (e.g. names, addresses); Contact details (e.g. e-mail, phone numbers); Meta/communication data (e.g. device information, IP addresses); usage data (e.g. websites visited, interest in content, access times).
• Persons affected: Communication partners.
• Purposes of processing: Direct marketing (e.g. by email or post).
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR).
• Possibility of objection (opt-out): You can unsubscribe from our newsletter at any time cancel, i.e. revoke your consent or object to further receipt. A link to cancel of the newsletter can be found either at the end of each newsletter or you can otherwise use one of the above Use contact options, preferably e-mail.

Web analysis, monitoring and optimization

The web analysis (also referred to as "reach measurement") is used to evaluate the flow of visitors to our website online offering and may track behavior, interests, or demographic information about visitors, such as the Age or gender, as pseudonymous values. With the help of the range analysis, we can recognize, for example, at which time our online offer or its functions or contents are used most frequently or to invite reuse. We can also understand which areas need optimization.

In addition to web analysis, we can also use test procedures, e.g. to check different versions of our to test and optimize the online offer or its components.

Unless otherwise stated below, profiles, i.e. a usage process, can be created for these purposes summarized data is created and information is stored in a browser or in a terminal device and off be read from this. The information collected includes, in particular, websites visited and those used there Elements and technical information, such as the browser used, the computer system used and information about times of use. If users consent to the collection of their location data from us or from the providers of If you have agreed to the services we use, location data can also be processed.

The IP addresses of the users are also saved. However, we use an IP masking procedure (i.e., Pseudonymization by shortening the IP address) to protect users. In general, in the context of web analysis, A/B testing and optimization no clear user data (e.g. e-mail addresses or names) is stored, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the user users, but only the information stored in their profiles for the purposes of the respective procedures.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Persons affected: users (e.g. website visitors, users of online services).
• Purposes of processing: Reach measurement (e.g. access statistics, detection returning visitor); Profiles with user-related information (creating user profiles).
• Security measures: IP masking (pseudonymization of the IP address).

Plugins and embedded functions and content

We integrate functional and content elements into our online offer that are provided by the servers of their respective providers (hereinafter referred to as "third-party provider"). These may be graphics, videos, for example or trade city maps (hereinafter collectively referred to as "Content").

The integration always requires that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is thus for the Display of this content or functions required. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or use for marketing purposes. The "pixel tags" can provide information such as visitor traffic on the pages this website, are evaluated. The pseudonymous information can also be stored in cookies on the user's device are stored and, among other things, technical information about the browser and the operating system to be referred to websites, the time of visit and other information on the use of our online offer as well as with such information from other sources.

• Types of data processed: Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
• Persons affected: users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of our online offer and user-friendliness.
• Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).

Further information on processing, procedures and services:

• Google Fonts (obtained from Google Server): Obtaining fonts (and symbols) for the purpose of a technically safe, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform representation and consideration of possible license restrictions. The provider of the fonts will be informed of the IP address of the user so that the fonts can be displayed in the browser of the user can be made available. In addition, technical data (language settings, screen resolution, operating system, hardware used) required for the provision of the fonts are necessary depending on the devices used and the technical environment; Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR); Website: https://fonts.google.com/; Privacy Policy: https://policies.google.com/privacy.

• Conversion measurement: The conversion measurement (also known as "visit action evaluation") is a procedure with which the effectiveness of marketing measures can be determined. This is usually the case a cookie on the user's devices within the websites on which the marketing measures take place, saved and then retrieved again on the target webpage. For example, we can understand whether the ads placed by us on other websites were successful.
• Personal Information: “Personal Information” means any information relating to a identified or identifiable natural person (hereinafter "data subject"); as a natural person is considered to be identifiable, who can be identified directly or indirectly, in particular by means of attribution to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie) or can be identified to one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of these are natural persons.
• Profiles with user-related information: The processing of "profiles with user-related Information", or "profiles" for short, includes any type of automated processing of personal data, which consists in the fact that this personal data is used to measure certain personal aspects that relate to a natural person (depending on the type of profile creation, different Information regarding demographics, behavior and interests, such as interaction with websites and their content, etc.), to analyse, evaluate or predict them (e.g. the interests in certain content or products, click behavior on a website or location). For the purpose of Cookies and web beacons are often used for profiling.
• Reach measurement: Reach measurement (also known as web analytics) is used for Evaluation of the flow of visitors to an online offer and can determine the behavior or interests of the visitors certain information, such as the content of websites. With the help of the range analysis For example, website owners can see at what time visitors visit their website and what content they choose interested. This enables them, for example, to adapt the website content better to the needs of their visitors to adjust. Pseudonymous cookies and web beacons are often used for range analysis purposes to recognize recurring visitors and thus to obtain more precise analyzes of the use of an online offer.
• Responsible person: The "responsible person" is the natural or legal person, authority, Establishment or other body that alone or jointly with others decides on the purposes and means of processing of personal data decides.
• Processing: "Processing" means any with or without the aid of automated processes performed operation or any such series of operations related to personal data. The term goes far and covers practically every handling of data, be it collection, evaluation, storage, Submission or Deletion.