This data protection declaration clarifies the type, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services and within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profile (hereinafter jointly referred to as “online offer”). With regard to the terminology used, such as We refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR) for “processing” or “responsible person”.
Types of data processed
– Inventory data (e.g., personal master data, names or addresses).
– Contact details (e.g., e-mail, telephone numbers).
– Content data (e.g., text input, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta / communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offer (in the following we also refer to the persons concerned collectively as “users”).
Purpose of processing
– Answering contact requests and communicating with users.
– Safety measures.
“Personal data” is all information that relates to an identified or identifiable natural person (hereinafter “data subject”); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or one or more special features, which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” is any process carried out with or without the aid of automated processes or any such series of processes in connection with personal data. The term is broad and includes practically every handling of data. “Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
“Profiling” means any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects that relate to a natural person, in particular aspects relating to work performance, economic situation, health, personal To analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.
“Responsible” means the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data.
“Processor” means a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.
Relevant legal bases
In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. For users from the scope of the General Data Protection Regulation (GDPR), i.e. of the EU and the EEC, unless the legal basis is mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR; The legal basis for processing in order to fulfill our services and carry out contractual measures as well as answering inquiries is Article 6 Paragraph 1 lit. b GDPR; The legal basis for processing in order to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR; In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis. The legal basis for the processing required to carry out a task that is in the public interest or is carried out in the exercise of official authority that has been transferred to the person responsible is Article 6 Paragraph 1 lit. e GDPR.
The legal basis for processing to safeguard our legitimate interests is Art. 6 Para. 1 lit. f GDPR. The processing of data for purposes other than those for which they were collected is determined in accordance with the requirements of Art 6 Para. 4 GDPR. The processing of special categories of data (in accordance with Art. 9 Para. 1 GDPR) is determined in accordance with the requirements of Art. 9 Para. 2 GDPR.
We take appropriate technical and organizational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the type, scope, circumstances and purposes of processing as well as the different probability of occurrence and severity of the risk for the rights and freedoms of natural persons to ensure a level of protection appropriate to the risk.
The measures include, in particular, securing the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, forwarding, ensuring availability and their separation. In addition, we have set up procedures that ensure the exercise of data subject rights, deletion of data and reaction to data threats. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
Cooperation with contract processors, jointly responsible persons and third parties
If we disclose data to other persons and companies (contract processors, jointly responsible persons or third parties) within the scope of our processing, transmit them to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, such as payment service providers to fulfill the contract), users have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.).
If we disclose, transmit or otherwise grant access to data to other companies in our group of companies, this is done in particular for administrative purposes as a legitimate interest and, furthermore, on a legal basis.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or in the context of the use of third-party services or disclosure or transmission of data to other persons or companies happens, this only happens if it is done to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transmission, we process or allow the data only in third countries with a recognized level of data protection, to which the US processors certified under the “Privacy Shield” belong or on the basis of special guarantees, e.g. contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission).
Rights of data subjects
Right to information: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data as well as further information and a copy of the data in accordance with legal requirements.
Right to rectification: You have accordingly. the legal requirements to request the completion of the data concerning you or the correction of the incorrect data concerning you.
Right to deletion and restriction of processing: In accordance with the legal requirements, you have the right to demand that the relevant data be deleted immediately or, alternatively, to request a restriction on the processing of the data in accordance with the legal requirements.
Right to data portability: You have the right to receive data relating to you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
Complaint to the supervisory authority: In accordance with the legal requirements, you also have the right to lodge a complaint with the responsible supervisory authority.
Right of withdrawal
You have the right to revoke your consent with effect for the future.
Right of objection
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. e or f GDPRtakes place to object; this also applies to profiling based on these provisions. If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
Deletion of data
The data processed by us will be deleted or restricted in their processing in accordance with legal requirements. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention requirements.
If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons.
We ask you to inform yourself regularly about the content of our data protection declaration. We will adapt the data protection declaration as soon as the changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.
Data when using our contact form
If you send us a message using our contact form, you can use a pseudonym instead of your correct first name and surname. You need to enter an email address to enable us to contact you by email. Entering a telephone number is optional. If you give us your telephone number, you are declaring that you would also like a one-off telephone consultation on your message. The data you enter in the contact form will only be used by us to answer the contact in the context of your inquiry to us via the contact form. We do not pass on the data you have entered in the contact form to third parties or use this data for any purposes other than answering your request.
We integrate the fonts (“Google Fonts”) from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to Google, the user data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform presentation and consideration of possible licensing restrictions for their integration. Data protection declaration: https://www.google.com/policies/privacy/.
We integrate maps from the “Google Maps” service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include, in particular, the users’ IP addresses and location data, which, however, are not collected without their consent (usually in the context of the settings of their mobile devices). The data can be processed in the USA. Data protection:https://www.google.com/policies/privacy/,
In order to ensure sufficient data security when submitting forms, we use the reCAPTCHA service from Google Inc. in certain cases. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. The different data protection provisions of Google Inc. apply for this. For more information on the data protection guidelines of Google Inc., see http://www.google.de/intl/de/privacy/ or https://www.google.com/intl/de/policies/privacy/