PRIVACY POLICY


Introduction


With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”) that we process, for what purposes, and to what extent. The privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).


Controller

The data processing on this website is carried out by the website operator. You can find the operator’s contact details in the legal notice (Imprint) of this website.


Overview of processing activities

The following overview summarizes the types of data processed, the purposes of their processing, and identifies the categories of data subjects concerned.


Types of processed data

  • Master data (e.g. names, addresses).
  • Content data (e.g. entries in online forms).
  • Contact data (e.g. email addresses, telephone numbers).
  • Metadata/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. visited pages, interest in content, access times).


Categories of data subjects

  • Communication partners
  • Users (e.g. website visitors, users of online services).


Purposes of processing

  • Provision of our online offering and user-friendliness
  • Contact requests and communication


Applicable legal bases


Below, we inform you of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or domicile. Furthermore, should more specific legal bases be applicable in individual cases, we will inform you of these in this privacy policy.

  • Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
  • Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR) - Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.


National data protection regulations in Germany:

In addition to the data protection provisions of the General Data Protection Regulation (GDPR), national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which is intended to protect against the misuse of personal data in data processing. The BDSG contains, in particular, specific provisions regarding the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transfer, as well as automated decision-making in individual cases, including profiling. It also regulates data processing for purposes of the employment relationship (§ 26 BDSG), particularly with regard to the establishment, implementation, or termination of employment relationships and the consent of employees. In addition, the data protection laws of the individual federal states may also apply.


Security measures


We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access to, input of, disclosure of, and ensuring the availability and separation of such data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. In addition, we take the protection of personal data into account when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

SSL encryption (HTTPS): To protect the data you transmit via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix “https://” in your browser’s address bar.


Provision of the online offering and web hosting


In order to provide our online offering securely and efficiently, we use the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offering can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services, as well as security services and technical maintenance services.

The data processed in the context of providing the hosting services may include all information relating to users of our online offering that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offerings to browsers, as well as all entries made within our online offering or on websites.


Email sending and hosting:

The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of recipients and senders, as well as further information relating to the email transmission (e.g. the providers involved), and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails on the internet are generally not sent in encrypted form. As a rule, emails are encrypted during transmission, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. Therefore, we cannot assume responsibility for the transmission path of emails between the sender and receipt on our server.

  • Types of processed data: Content data (e.g. entries in online forms), usage data (e.g. visited pages, interest in content, access times), metadata/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Legal bases: Legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).


Contacting us


When you contact us (e.g. via contact form, email, telephone, or social media), the information provided by the requesting persons is processed to the extent necessary to respond to the contact requests and any requested measures.


The response to contact requests within the framework of contractual or pre-contractual relationships is carried out for the fulfillment of our contractual obligations or to respond to (pre-)contractual inquiries and otherwise on the basis of our legitimate interests in responding to the inquiries.

  • Types of processed data: Master data (e.g. names, addresses), contact data (e.g. email addresses, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. visited pages, interest in content, access times), metadata/communication data (e.g. device information, IP addresses).
  • Data subjects: Communication partners.
  • Purposes of processing: Contact requests and communication.
  • Legal bases: Performance of a contract and pre-contractual inquiries (Art. 6(1) sentence 1 lit. b GDPR), legitimate interests (Art. 6(1) sentence 1 lit. f GDPR).


Plugins and embedded functions as well as content


We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or social media buttons and posts (hereinafter collectively referred to as “content”).

The integration always requires that the third-party providers of this content process the users’ IP address, as they would otherwise not be able to send the content to the users’ browser without the IP address. The IP address is therefore required for the display of this content or these functions. We make every effort to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” allow information such as visitor traffic on the pages of this website to be evaluated. The pseudonymous information may also be stored in cookies on the users’ device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other information about the use of our online offering, and may also be combined with such information from other sources.


Information on legal bases:

If we ask users for their consent to the use of third-party providers, the legal basis for the processing of data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e. interest in efficient, economical, and user-friendly services). In this context, we would also like to refer you to the information on the use of cookies in this privacy policy.

  • Types of processed data: Usage data (e.g. visited pages, interest in content, access times), metadata/communication data (e.g. device information, IP addresses).
  • Data subjects: Users (e.g. website visitors, users of online services).
  • Purposes of processing: Provision of our online offering and user-friendliness.