Data protection statement
This data protection statement informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to in brief as “data”) within our online presence and the websites, functions and content associated with it as well as external online presences such as our social media profiles (hereinafter referred to jointly as “online presence”). With regard to the terms used such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Types of data processed:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text input, photographs, videos).
- Usage data (e.g. websites visited, interest in content, access times).
- Meta/communication data (e.g. device information, IP addresses).
Categories of data subjects
Visitors and users of the online presence (in the following, we refer to the data subjects jointly as “users”).
Purpose of processing
- Provision of the online presence, its functions and its content.
- Answering of contact requests and communication with Users.
- Security measures.
- Range measurement / marketing
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of Personal data, whether or not by automated means. The term is a broad one and incorporates virtually any handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant legal bases
Pursuant to Art. 13 GDPR, we notify you of the legal bases of our data processing. The following applies if the legal basis is not stipulated in the data protection statement: The legal basis for obtaining consent is Art. 6 Par. 1 Letter a and Art. 7 GDPR, the legal basis for the processing for the fulfilment of our services and implementation of contractual measures and the answering of enquiries is Art. 6 Par. 1 Letter b GDPR, the legal basis for the processing for the fulfilment of our legal obligations is Art. 6 Par. 1 Letter c GDPR and the legal basis for the processing to safeguard our justified interests is Art. 6 Par. 1 Letter f GDPR. In the event that vital interests of the data subject or another natural person necessitate a processing of personal data, Art. 6 Par. 1 Letter d GDPR serves as a legal basis.
Collaboration with contract processors and third parties
If within the framework of our processing, we disclose data to other persons and companies (contract processors or third parties), or communicate the data to them or otherwise grant them access to the data, this is only done on the basis of statutory consent (e.g. if a communication of the data to third parties such as payment service providers is necessary to fulfil the contract pursuant to Art. 6 Par. 1 Letter b GDPR), you have consented to this, a legal obligation makes provision for this or on the basis of our justified interests (when using agents, web hosters, etc.).
If we commission third parties with the processing of data on the basis of a so-called “contract processing agreement”, this is done on the basis of Art. 28 GDPR.
Communication to third countries
If we process data in a third country (i.e. outside of the European Union (EU) or the European Economic Area (EEA)), or this is done within the framework of the use of services of third parties or disclosure and/or communication of data to third parties, this is only done if it is done to meet our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our justified interests. Subject to statutory or contractual authorisations, we process the data in a third country or have them processed only if the special prerequisites of Art. 44 et seq. GDPR are met. In other words, the processing is done, e.g. on the basis of special guarantees such as the officially recognised establishment of a data protection level corresponding to that in the EU (e.g. for the US through the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contract clauses”).
Rights of the data subjects
You have the right to request a confirmation as to whether respective data is processed and to request information about this data and to further request information and a copy of the data in accordance with Art. 15 GDPR.
In accordance with Art. 16 GDPR, you have the right to request the completion of the data relating to you or the correction of the incorrect data relating to you.
Pursuant to Art. 17 GDPR, you have the right to demand that corresponding data is deleted immediately or alternatively pursuant to Art. 18 GDPR to demand a restriction in the processing of the data.
Pursuant to Art. 20 GDPR, you have the right to demand to receive the data relating to you and that you have provided to us and to demand their communication to other controllers.
Pursuant to Art. 77 GDPR, you have the right to submit a complaint to the competent supervisory authority.
Right of revocation
Pursuant to Art. 7 Par. 3 of the GDPR, you have the right to revoke consent given with effect for the future
Right to object
You can object to the future processing of the data relating to you pursuant to Art. 21 of the GDPR at any time. The objection can be given in particular to the processing for purposes of direct advertising.
Cookies and right to object in the case of direct advertising
“Cookies” are small files that are saved on computers of users. Different information can be saved within the cookies. A cookie is primarily used to save the information about a user (or the device on which the cookie is saved) during or after his or her visit to an online presence. Temporary or “session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online presence and closes his/her browser. For instance, the content of a shopping basket in an online shop or a login status can be saved in such a cookie. “Permanent” or “persistent” cookies are cookies that remain saved even after the browser is closed. For instance, the login status can be saved if the users call up the respective sites after several days. The interests of the users can also be saved in such a cookie and this data used for range measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the controller who operates the online presence (otherwise if these are only the controller’s cookies, they are called “first-party cookies”.
We can use temporary and permanent cookies and provide information on this in our data protection statement.
If the users do not wish cookies to be saved on their computer, they will be asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can result in functional restrictions in this online presence.
In addition, the saving of cookies can be prevented by deactivating them in the browser settings. Please note that in this case it may not be possible to use all functions of this online presence.
Deletion of data
The data processed by us will be deleted or restricted in their processing pursuant to Art. 17 and 18 of the GDPR. Unless explicitly indicated in this data protection statement, the data stored at our company will be deleted as soon as it is no longer required for its designated purpose and its deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, the processing thereof will be restricted. In other words, the data will be blocked and not processed for other purposes. This applies e.g. for data that has to be retained for commercial or fiscal law reasons.
Pursuant to the statutory specifications in Germany, the retention is done in particular for 6 years pursuant to Section 257 Par. 1 of the Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financials statements, trading letters, booking receipts, etc.) and for 10 years pursuant to Section 147 Par. 1 of the Tax Code (AO) (accounts, records, management reports, booking receipts, trading and business letters, documents relevant for taxation, etc.).
We also process
- Contract data (e.g. subject of the contract, term, customer category).
- Payment data (e.g. bank details, payment history)
of our customers, prospective clients and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computer capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online presence.
In the process, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors to this online presence on the basis of our justified interest in an efficient and reliable provision of this online presence pursuant to Art. 6 Par. 1 Letter f of the GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).
Collection of access data and log files
On the basis of our justified interests pursuant to Art. 6 Para. 1 Letter f. GDPR, we and our hosting provider respectively collect data about every access to the server on which this service is located (so-called server log files). The access data include the name of the website viewed, file, date and time of the view, data volume transmitted, report on successful view, browser type plus version, the operating system of the user, referral URL (the site visited previously), IP address and the requesting provider.
For security reasons (e.g. to clarify misuse or fraudulent actions), log file information is saved for a maximum of 7 days and then deleted. Data which needs to be further retained for evidence purposes is excluded from deletion until definitive clarification of the respective incident.
Administration, financial accounting, office organisation, contact administration
We process data within the process of administrative tasks and the organisation of our operations, financial accounting and compliance with our statutory obligations such as archiving. In this process, we process the same data that we process when providing our contractual services. The processing bases are Art. 6 Par. 1 Letter c. GDPR, Art. 6 Par. 1 Letter f., Art. 28 GDPR. Data subjects of the processing: Customers, prospective clients, business partners and website visitors. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve to uphold our business activities, carry out our tasks and provide our services. The deletion of the data with regard to contractual services and the contractual communication corresponds to the information provided for these processing activities.
In the process, we disclose or transmit data to the financial administration, consultants, etc. such as tax advisors or auditors and to other billing agencies and payment service providers.
On the basis of our business interest, we also save information about suppliers, organisers and other business partners, e.g. for the purpose of subsequent contact. As a fundamental rule, we permanently save this data, which is predominantly company-related data.
During contact with us (e.g. by contact form, email, telephone or via social media), the information about the user are processed to deal with the contact enquiry and its handling pursuant to Art. 6 Par. 1 Letter b) GDPR. The information about the users can be saved in a customer relationship management system (“CRM system”) or comparable enquiry organisation.
We delete the enquiries if they are no longer required. We review the necessity every two years; in addition, the statutory archiving obligations apply.
Integration of services and content of third parties
Within our online presence, we use content or service offers of third parties based on our justified interests (i.e. interests in the analysis, optimisation and commercial operation of our online presence pursuant to Art. 6 Par. 1 letter f. GDPR) in order to integrate their content and services such as videos or fonts (hereinafter referred to as “content”).
This always requires the third parties of this content to see the IP address of the users as they could not send the content to their browser without the IP address. The IP address is thus necessary to depict this content. We strive to only use the content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes. Information such as the visitor traffic on the pages of this website can be analysed by using the “pixel tags”. The pseudonymous information can also be saved in cookies on the device of the users and, among others, contain technical information about the browser and operating system, referring websites, time of visit and other information about the usage of our online presence, as well as be linked to such information from other sources.