RENT
Privacy policy
As of July 1, 2023
Contents
- Controller
- Overview of the processing
- Relevant legal basics
- Safety measures
- Transmission of personal data
- International data transfers
- Deletion of data
- Rights of data subjects
- Use of cookies
- Business Achievements
- Provision of the online offer and web hosting
- Contact and request management
- Application process
- Newsletters and electronic notifications
- Advertising communication via email, post, fax or telephone
- Web analysis, monitoring and optimization
- Online marketing
- Presence in social networks (social media)
- Plugins and embedded functions as well as content
- Modification and update of the privacy policy
Controller
Karl Bauer / Luibl GmbH
Regensburger Strasse 61
94036 Passau
E-mail address:
info@luibl-lift.com
Phone:
+49 851 7568680
Imprint:
www.luibl.eu/company/imprint
Relevant legal basics
Relevant legal bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR, on the basis of which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements may apply in your or our country of residence or domicile. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.
- Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) - The data subject has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.
- Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures that are carried out at the request of the data subject.
- Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR) - The processing is necessary to fulfill a legal obligation to which the controller is subject.
- Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR) - The processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, outweigh this.
- Application procedure as a pre-contractual or contractual relationship (Art. 6 Para. 1 Clause 1 Letter b) GDPR) - Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 DSGVO (e.g. health data, such as severe disability or ethnic origin) are requested from applicants as part of the application process, so that the person responsible or the person concerned can can exercise rights arising from labor law and social security and social protection law and fulfill his or her obligations in this regard, their processing is carried out in accordance with Article 9(2)(b). GDPR, in the case of protecting the vital interests of applicants or other persons in accordance with Art. 9 (2) lit. c. DSGVO or for the purposes of health care or occupational medicine, for the assessment of the employee's ability to work, for medical diagnostics, care or treatment in the health or social area or for the administration of systems and services in the health or social area in accordance with Art. 9 Paragraph 2 lit. h. GDPR. In the case of a notification of special categories of data based on voluntary consent, their processing takes place on the basis of Article 9 Paragraph 2 lit. GDPR.
National data protection regulations in Germany: In addition to the data protection regulations of the GDPR, national data protection regulations apply in Germany. This includes in particular the law to protect against misuse of personal data during data processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes and transmission and automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of the individual federal states may apply.
Overview of the processing
The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.
Types of processed data
- inventory data.
- payment details.
- Contact details.
- content data.
- contract data.
- usage data.
- Meta, communication and procedural data.
- Applicant data.
- Contact information (Facebook).
- Event Data (Facebook).
Categories of affected persons
- Customers.
- Interested persons.
- Communication partner.
- user.
- Applicants.
- Business and contractor.
Purposes of processing
- Provision of contractual services and customer service.
- Contact requests and communication.
- Safety measures.
- direct marketing.
- range measurement.
- tracking.
- Office and organizational procedures.
- Remarketing.
- conversion measurement.
- Click tracking.
- Target group formation.
- Management and answering of inquiries.
- Application process.
- Feedback.
- Marketing.
- Profiles with user-related information.
- Providing our online offer and user-friendliness.
- information technology infrastructure.
Safety measures
We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different probabilities of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.
TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission of personal data
As part of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. The recipients of this data can include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
Data transfer within the group of companies: We may transfer personal data to other companies within our group of companies or grant them access to this data. If this transfer is for administrative purposes, the data is transferred based on our legitimate business and commercial interests or if it is necessary to fulfil our contractual obligations or if there is consent from the data subject or legal permission.
International data transfers
Data processing in third countries: If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing takes place in the context of the use of third-party services or the disclosure or transmission of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transmission, we process or have the data processed only in third countries with a recognized level of data protection, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, Information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
Deletion of data
The data processed by us will be deleted in accordance with the legal requirements as soon as your consent to processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data no longer applies or it is not required for the purpose). If the data is not deleted because it is required for other, legally permissible purposes, its processing will be limited to these purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Our data protection information may also contain further information on the storage and deletion of data, which have priority for the respective processing.
Rights of data subjects
Rights of the person concerned from the GDPR: As a person concerned, you have various rights under the GDPR, which result in particular from Articles 15 to 21 GDPR:
- Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
- Withdrawal with consent: You have the right to revoke your consent at any time.
- Right: You have the right to obtain confirmation as to whether or not data in question is being processed and to obtain information on such data, as well as further information and a copy of the data in accordance with legal requirements.
- Right to rectification: You have the right, in accordance with the legal requirements, to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
- Right to cancellation and limitation of processing: In accordance with the statutory provisions, you have the right to demand that data relating to you be deleted immediately, or alternatively to demand a restriction of the processing of data in accordance with the statutory provisions.
- Right to data portability: You have the right to receive data relating to you provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
- Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of your personal data is contrary to the Violates the requirements of the GDPR.
Use of cookies
Cookies are small text files or other memory notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the content of a shopping cart in an e-shop, the content accessed or the functions used in an online offer. Cookies can also be used for various purposes, e.g. for purposes of functionality, security and comfort of online offers as well as the creation of analyzes of visitor flows.
Notes on consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users, except where not required by law. In particular, consent is not necessary if the storage and reading of the information, including cookies, is absolutely necessary in order to provide the users with a telemedia service (i.e. our online offer) that they have expressly requested. Strictly necessary cookies usually include cookies with functions that enable the online offer to be displayed and run, load balancing, security, storing user preferences and choices, or similar to providing the main and ancillary functions requested by users serve purposes related to the online offer. The revocable consent is clearly communicated to the users and contains the information on the respective cookie use.
Notes on data protection legal bases: The data protection legal basis on which we process the personal data of users with the help of cookies depends on whether we ask users for their consent. If the users consent, the legal basis for the processing of your data is the declared consent. Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests (e.g. in the commercial operation of our online offer and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is necessary to enable our to fulfill contractual obligations. We will explain the purposes for which we process cookies in the course of this data protection declaration or as part of our consent and processing processes.
Storage time: With regard to the storage period, the following types of cookies are distinguished:
- Temporary cookies (also: session or session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile application).
- Permanent Cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information on the type and storage period of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and the storage period can be up to two years.
General information on revocation and objection (so-called “opt-out”): Users can revoke the consent they have given at any time and object to the processing in accordance with the legal requirements. For this purpose, users can, among other things, restrict the use of cookies in their browser settings (which can also limit the functionality of our online offer). You can also object to the use of cookies for online marketing purposes via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/ be explained.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
Further information on processing processes, procedures and services:
- Processing of cookie data based on consent: We use a procedure for cookie consent management, in the context of which the consent of the user to the use of cookies or the processing and providers mentioned in the context of the cookie consent management procedure is obtained and managed and revoked by the user can become. The declaration of consent is stored here so that the query does not have to be repeated and to be able to prove the consent in accordance with the legal obligation. The storage can take place on the server side and/or in a cookie (so-called opt-in cookie, or with the help of comparable technologies) in order to be able to assign the consent to a user or his device. Subject to individual information about the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. A pseudonymous user identifier is created and stored with the time of the consent, information on the scope of the consent (e.g. which categories of cookies and/or service providers) and the browser, system and end device used; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
- BorlabsCookie: cookie consent management; Service provider: Hosted locally on our server, no data sharing with third parties; Website: https://de.borlabs.io/borlabs-cookie/; Further information: An individual user ID, language and types of consent and the time of their submission are stored on the server and in the cookie on the user's device.
Business Achievements
We process data from our contractual and business partners, e.g. customers and interested parties (collectively referred to as “contractual partners”) in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with the contractual partners (or pre-contractual), e.g. to answer inquiries answer.
We process this data to fulfill our contractual obligations. This includes in particular the obligations to provide the agreed services, any updating obligations and remedy in the case of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of the administrative tasks associated with these obligations and the corporate organization. In addition, we process the data on the basis of our legitimate interests in proper and economical business management and security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. to involve telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of the applicable law, we only pass on the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. The contractual partners will be informed about other forms of processing, e.g. for marketing purposes, within the scope of this data protection declaration.
Which data for the aforementioned purposes are necessary, we inform the contracting parties before or in the context of the data collection, eg in on-line forms, by special marking (eg colors) and / or symbols (eg asterisk), or in person with.
We delete the data after statutory warranty and comparable obligations have expired, ie, in principle after 4 years, unless the data is stored in a customer account, e.g. for as long as it must be kept for legal archiving reasons. The statutory retention period is ten years for documents relevant to tax law and for trading books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents and accounting documents required to understand these documents, and six years for received commercial and business letters and reproductions of the commercial and business letters sent. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report were drawn up, the commercial or business letter was received or sent or the accounting document was created, and the recording was also made has been made or the other documents have been created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
- Processed data types: Inventory data (e.g. names, addresses); payment data (e.g. bank details, invoices, payment history); Contact information (e.g. email, phone numbers); Contract data (e.g. subject of the contract, term, customer category); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
- Affected people: Customers; Interested persons; business and contractual partners.
- Purposes of processing: Provision of contractual services and customer service; Safety measures; contact requests and communication; office and organizational procedures; Management and response to inquiries.
- Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR); Legal obligation (Art. 6 Para. 1 S. 1 lit. c) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Watchlist/Wishlist: Customers can create a product/wish list. In this case, the products will be stored as part of the fulfillment of our contractual obligations until the account is deleted, unless the product list entries are removed by the customer or we expressly inform the customer of different storage periods; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
- Shop and e-commerce: We process the data of our customers in order to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, in particular postal, forwarding and shipping companies, to carry out the delivery or execution for our customers. We use the services of banks and payment service providers to process payment transactions. The required information is marked as such in the context of the ordering or comparable acquisition process and includes the information required for delivery or provision and billing as well as contact information in order to be able to hold any consultation; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
- Rental services: We process the data of our tenants and prospective tenants in accordance with the underlying rental agreement. We can also process information about the characteristics and circumstances of people or items belonging to them if this is necessary within the framework of the rental agreement. This can include, for example, information about personal living circumstances, movable or immovable property and the financial situation as well as the use of additional services (such as water or energy supply).
As part of our assignment, it may be necessary for us to process special categories of data within the meaning of Art. 9 Para. 1 GDPR, in particular information about a person's health. The processing is carried out in order to be able to protect the health interests of the tenants and otherwise only with the consent of the tenants.
If necessary for the performance of the contract or legally required or approved by the tenant or based on our legitimate interests, we disclose or transmit the tenants' data in the context of coverage inquiries, conclusion and processing of contracts, e.g. to financial service providers, credit institutions, utilities (e.g. electricity) or authorities.
Furthermore, we process tenants’ data if this is necessary to fulfil legal obligations (e.g. information obligations in connection with additional services and additional costs); Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
Provision of the online offer and web hosting
We process user data in order to be able to provide our online services to them. For this purpose we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the browser or the end device of the user.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Content data (e.g. entries in online forms).
- Affected people: Users (eg website visitors, users of online services).
- Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Safety measures.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Provision of online offer on rented storage space: For the provision of our online offer, we use storage space, computing capacity and software that we rent from a corresponding server provider (also called "web hoster") or obtain from another source; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- Collection of access data and log files: Access to our online offering is logged in the form of so-called “server log files”. The server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used on the one hand for security purposes, e.g. to avoid overloading the server (especially in the case of abusive attacks, so-called DDoS attacks) and on the other hand to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
- HostEurope: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacity); Service provider: Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.hosteurope.de; Data protection statement: https://www.hosteurope.de/AGB/Datenschutzerklaerung; Order processing contract: https://www.hosteurope.de/Dokumente/.
- WordPress.com: hosting and software for creating, providing and operating websites, blogs and other online offerings; Service provider: Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin, D02 AY86, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://wordpress.com; Data protection statement: https://automattic.com/de/privacy/; Order processing contract: https://wordpress.com/support/data-processing-agreements/.
Contact and request management
When contacting us (e.g. by post, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the details of the requesting person are processed to the extent necessary to answer the contact request and any requested measures.
- Processed data types: Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
- Affected people: Communication partner.
- Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) DSGVO).
Further information on processing processes, procedures and services:
- Contact form: If users contact us via our contact form, e-mail or other communication channels, we process the data communicated to us in this context to process the communicated request; Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Application process
The application process requires that applicants provide us with the data required for their assessment and selection. The information required can be found in the job description or, in the case of online forms, from the information provided there.
In principle, the information required includes personal information such as name, address, a contact option and evidence of the qualifications required for a position. In response to inquiries, we will also be happy to provide you with information that is required.
If made available, applicants can send us their applications using an online form. The data is encrypted and transmitted to us in accordance with the state of the art. Applicants can also send us their applications via email. Please note, however, that emails on the Internet are generally not sent in encrypted form. As a rule, emails are encrypted while they are being transported, but not on the servers from which they are sent and received. We can therefore not assume any responsibility for the transmission path of the application between the sender and receipt on our server.
For the purpose of applicant search, submission of applications and selection of applicants, we can make use of applicant management or recruitment software and platforms and services from third-party providers in compliance with legal requirements.
Applicants are welcome to contact us about how to submit their application or to send us the application by post.
Processing of special categories of data: If special categories of personal data (Article 9 (1) GDPR, e.g. health data such as severe disability status or ethnic origin) are requested from applicants as part of the application process, they will be processed so that the controller or the data subject can exercise the rights arising from employment law and social security and social protection law and fulfil his or her obligations in this regard, in the case of protecting the vital interests of applicants or other persons or for the purposes of healthcare or occupational medicine, for assessing the employee's ability to work, for medical diagnostics, for care or treatment in the health or social sector or for the administration of systems and services in the health or social sector (Article 9 (2) (b), (c) and (h) GDPR).
Deletion of data: If the application is successful, we can process the data provided by the applicants for the purposes of the employment relationship. Otherwise, if the application for a job offer is unsuccessful, the applicant's data will be deleted. The applicant's data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. The deletion takes place, subject to a justified revocation of the applicants, at the latest after the expiry of a period of six months, so that we can answer any follow-up questions about the application and meet our obligations to provide evidence from the regulations on equal treatment of applicants. Invoices for any reimbursement of travel expenses are archived in accordance with tax law requirements.
Admission to an applicant pool: The inclusion in an applicant pool, if offered, is based on consent. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process and that they can revoke their consent at any time for the future.
- Processed data types: Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Applicant data (e.g. personal details, postal and contact addresses, the documents associated with the application and the information contained therein, such as cover letters, CVs, certificates and other information about their person or qualifications provided voluntarily by applicants with regard to a specific position) .
- Affected people: Applicants.
- Purposes of processing: Application process (justification and possible subsequent implementation as well as possible later termination of the employment relationship).
- Legal basis: Application procedure as a pre-contractual or contractual relationship (Art. 6 Para. 1 S. 1 lit. b) GDPR).
Newsletters and electronic notifications
We send newsletters, e-mails and other electronic notifications (hereinafter “newsletter”) only with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the consent of the user. In addition, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your e-mail address. However, we may ask you to provide a name for personal address in the newsletter, or other information as required for the purpose of the newsletter.
Double opt-in procedure: The registration for our newsletter basically takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after logging in, requesting confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. Registration for the newsletter will be logged in order to prove the registration process in accordance with the legal requirements. This includes saving the login and confirmation times as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
Deletion and limitation of processing: We can store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed at the same time. In the case of obligations to permanently observe contradictions, we reserve the right to store the e-mail address in a block list for this purpose alone.
The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider with the dispatch of e-mails, this is done on the basis of our legitimate interests in an efficient and secure shipping system.
Contents:
Information about us, our services, promotions and offers.
- Processed data types: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Usage data (e.g. websites visited, interest in content, access times).
- Affected people: Communication partner.
- Purposes of processing: Direct marketing (e.g. by email or post); reach measurement (e.g. access statistics, recognition of returning visitors).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- Opposition possibility (opt-out): You can cancel the receipt of our newsletter at any time, ie revoke your consent, or object to further reception. You can find a link to cancel the newsletter either at the end of each newsletter or else you can use one of the above-mentioned contact options, preferrably e-mail.
Further information on processing processes, procedures and services:
- Measurement of open and click rates: The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a shipping service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected.
This information is used to technically improve our newsletter based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened and which links are clicked. This information is assigned to the individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The measurement of the opening rates and click rates as well as the storage of the measurement results in the user profiles and their further processing are based on the consent of the user.
Unfortunately, it is not possible to revoke the performance measurement separately. In this case, the entire newsletter subscription must be cancelled or revoked. In this case, the stored profile information will be deleted; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
- Reminder emails about the ordering process: If users do not complete an order process, we can remind users of the order process by email and send them a link to continue the process. This function can be useful, for example, if the purchase process could not be continued due to a browser crash, oversight or forgetting. The dispatch is based on consent, which users can revoke at any time; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
- Brief: email marketing platform; Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.brevo.com/; Data protection statement: https://www.brevo.com/legal/privacypolicy/; Order processing contract: Provided by the service provider.
Advertising communication via email, post, fax or telephone
We process personal data for the purposes of advertising communication, which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements.
The recipients have the right to revoke their consent at any time or to object to advertising communication at any time.
After revocation or objection, we store the data required to prove the previous authorization for contacting or sending up to three years after the end of the year of the revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid being contacted again (e.g. e-mail address, telephone number, name depending on the communication channel).
- Processed data types: Inventory data (e.g. names, addresses); Contact information (e.g. email, phone numbers).
- Affected people: Communication partner.
- Purposes of processing: Direct marketing (eg by e-mail or by post).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Web analysis, monitoring and optimization
The web analysis (also referred to as “range measurement”) is used to evaluate the flow of visitors to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at which time our online offer or its functions or content are used most often or invite you to reuse. We can also understand which areas need optimization.
In addition to the web analysis, we can also use test methods, for example, to test and optimize different versions of our online offer or its components.
Unless otherwise stated below, profiles, ie data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have given their consent to us or the providers of the services we use to collect their location data, location data can also be processed.
It also stores the IP addresses of the users. However, we use an IP masking method (ie, pseudonymization by truncating the IP address) to protect users. In general, in the context of web analysis, A / B-testing and optimization, no clear data of users (such as e-mail addresses or names) are stored, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
- Affected people: Users (eg website visitors, users of online services).
- Purposes of processing: Remarketing; target group formation; reach measurement (e.g. access statistics, recognition of returning visitors); profiles with user-related information (creation of user profiles); provision of our online offer and user-friendliness.
- Safety measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Google Analytics 4: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data such as names or email addresses. It is used to assign analysis information to a device in order to identify which content users have accessed within one or different usage processes, which search terms they have used, which they have accessed again or which have interacted with our online offering. The time of use and its duration are also stored, as are the sources of the users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, whereby cookies can be used. Analytics provides higher-level geolocation data by collecting the following metadata from IP lookup: City (and the city's derived latitude and longitude), Continent, Country, Region , “subcontinent” (and the ID-based equivalents). To ensure the protection of user data in the EU, Google receives and processes all user data via domains and servers within the EU. The user's IP address is not logged and is shortened by the last two digits by default. The shortening of the IP address takes place on EU servers for EU users. Additionally, all sensitive data collected from users in the EU will be deleted before it is collected across EU domains and servers; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Data protection statement: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://business.safety.google/adsprocessorterms; Opposition possibility (opt-out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (Types of processing and the processed data).
- Target group creation with Google Analytics: We use Google Analytics to display ads placed within advertising services of Google and its partners only to users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to the potential interests of users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Legal basis: https://business.safety.google/adsprocessorterms/; Data protection statement: https://policies.google.com/privacy; Order processing contract: https://business.safety.google/adsprocessorterms/; Further information: Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions for Google advertising products and standard contractual clauses for third-country transfers of data: https://business.safety.google/adsprocessorterms.
Online marketing
We process personal data for online marketing purposes, which can include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is stored. This information can include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times and functions used. If users have consented to the collection of their location data, this can also be processed.
The IP addresses of the users are also saved. However, we use available IP masking procedures (ie pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) are stored as part of the online marketing process, but pseudonyms. This means that we and the providers of the online marketing process do not know the actual identity of the users, only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or similar procedures. These cookies can later generally also on other websites that use the same online marketing method, read and analyzed for purposes of displaying content as well as be supplemented with other data and stored on the server of the online marketing process provider.
As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. by giving their consent during registration.
In principle, we only have access to summarized information about the success of our advertisements. However, in the context of so-called conversion measurements, we can examine which of our online marketing methods led to a so-called conversion, ie, for example, to a contract with us. The conversion measurement is used solely to analyze the success of our marketing efforts.
Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.
- Processed data types: Content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta, communication and procedural data (e.g. IP addresses, time information, identification numbers, consent status); Event data (Facebook) (“Event data” is data that we can transmit to Facebook, for example via Facebook pixel (via apps or other means) and that relates to people or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event data is processed for the purpose of creating target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as comments written), login information, or contact information (i.e. no names, email addresses, or phone numbers). Event data is deleted by Facebook after a maximum of two years, and the target groups created from it when our Facebook account is deleted); Contact information (Facebook) (“Contact information” is data that (clearly) identifies data subjects, such as names, email addresses and telephone numbers, which can be transmitted to Facebook, e.g. via Facebook pixel or upload, for matching purposes in order to create custom audiences; after matching in order to create target groups, the contact information is deleted).
- Affected people: Users (eg website visitors, users of online services).
- Purposes of processing: Reach measurement (e.g. access statistics, recognition of returning visitors); tracking (e.g. interest/behavior-related profiling, use of cookies); conversion measurement (measurement of the effectiveness of marketing measures); target group formation; marketing; profiles with user-related information (creation of user profiles); provision of our online offer and user-friendliness; remarketing; click tracking.
- Safety measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- Opposition possibility (opt-out): We refer to the data protection notices of the respective providers and the options for objection specified for the providers (so-called “opt-out”). If no explicit opt-out option has been specified, you can turn off cookies in your browser settings. However, this can limit the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas:
a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) United States: https://www.aboutads.info/choices.
d) Cross-regional: https://optout.aboutads.info.
Further information on processing processes, procedures and services:
- Facebook pixels and target group formation (Custom Audiences): With the help of the Facebook pixel (or comparable functions, for the transmission of event data or contact information via interfaces in apps), Facebook is able to use the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook Ads"). ) to determine. Accordingly, we use the Facebook pixel so that the Facebook ads placed by us are only available to users on Facebook and within the services of the partners cooperating with Facebook (so-called “Audience Network”). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called “custom audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion measurement”). Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.facebook.com; Data protection statement: https://www.facebook.com/about/privacy; Further information: Event data of users, i.e. behavioral and interest information, are processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility (“Addendum for Responsible Parties”, https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- Advanced matching for the Facebook pixel: In addition to the processing of event data when using the Facebook pixel (or comparable functions, e.g. in apps), contact information (data that identifies individuals, such as names, email addresses and telephone numbers) is also collected by Facebook within our online offering or transmitted to Facebook. The processing of contact information serves to create target groups (so-called “custom audiences”) for the display of content and advertising information based on the presumed interests of users. The collection, transmission and comparison with data available on Facebook does not take place in plain text, but as so-called “hash values”, i.e. mathematical representations of the data (this method is used, for example, when storing passwords). After the comparison for the purpose of creating target groups, the contact information is deleted. The processing of contact information is carried out on the basis of a contract processing agreement with Meta Platforms Ireland Limited (“Data Processing Conditions”, https://www.facebook.com/legal/terms/dataprocessing), the “Data Security Conditions” (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transmission addendum, https://www.facebook.com/legal/EU_data_transfer_addendum). Further information on the processing of contact information can be found in the “Terms of Use for Facebook Business Tools”, https://www.facebook.com/legal/technology_terms.; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
- Google Ads and conversion measurement: Online marketing procedures for the purpose of placing content and ads within the service provider's advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the ads . In addition, we measure the conversion of the ads, ie whether the users took the opportunity to interact with the ads and use the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR), legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://marketingplatform.google.com; Data protection statement: https://policies.google.com/privacy; Further information: Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
- Google Ads Remarketing: Google Remarketing, also known as retargeting, is a technology that adds users who use an online service to a pseudonymous remarketing list so that users can be shown ads on other online offerings based on their visit to the online service; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://marketingplatform.google.com; Data protection statement: https://policies.google.com/privacy; Further information: Types of processing and processed data: https://privacy.google.com/businesses/adsservices; Data processing conditions between controllers and standard contractual clauses for third-country transfers of data: https://business.safety.google/adscontrollerterms.
- Advanced Conversions for Google Ads: When customers click on our Google ads and then use the advertised service (so-called "conversion"), the data entered by the user, such as the email address, name, home address or telephone number, can be transmitted to Google. The hash values are then compared with the users' existing Google accounts in order to better evaluate and improve the users' interaction with the ads (e.g. clicks or views) and thus their performance; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://support.google.com/google-ads/answer/9888656.
- Instagram Ads: Placing advertisements within the Instagram platform and evaluating the advertising results; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR); Website: https://www.instagram.com; Data protection statement: https://instagram.com/about/legal/privacy; Opposition possibility (opt-out): We refer to the data protection and advertising settings in the user profile on the Instagram platform as well as in the context of Instagram's consent process and Instagram's contact options for exercising information and other data subject rights in Instagram's privacy policy; Further information: Event data of users, i.e. behavioral and interest information, are processed for the purposes of targeted advertising and target group formation on the basis of the agreement on joint responsibility (“Addendum for Responsible Parties”, https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
- UTM parameters: Analysis of sources and user actions based on an extension of web addresses referring to us with an additional parameter, the “UTM” parameter. For example, a UTM parameter “utm_source=platformX &utm_medium=video” can tell us that a person clicked on the link on platform X within a video. The UTM parameters provide information about the source of the link, the medium used (eg social media, website, newsletter), the type of campaign or the content of the campaign (eg posting, link, image and video). With the help of this information, we can, for example, check our visibility on the Internet or the effectiveness of our campaigns; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Presence in social networks (social media)
We maintain an online presence within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example.
Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of the user behavior and resulting user interests. The usage profiles can in turn be used, for example, to switch advertisements inside and outside the networks that are supposed to correspond to the interests of the users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of opting out (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
Also in the case of requests for information and the assertion of data subject rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
- Processed data types: Contact information (e.g. email, phone numbers); Content data (e.g. entries in online forms); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status).
- Affected people: Users (eg website visitors, users of online services).
- Purposes of processing: contact requests and communication; Feedback (e.g. collecting feedback via online form); Marketing.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Instagram: Social network; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.instagram.com; Data protection statement: https://instagram.com/about/legal/privacy.
- Facebook Pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see “Things Done and Provided by You and Others” in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by the users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook data policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, called "Page Insights," to site operators so that they can gain insights into how people are using their Pages and interact with the content associated with them. We have entered into a special agreement with Facebook (“Page Insights Information”, https://www.facebook.com/legal/terms/page_controller_addendum), in which it is regulated in particular which security measures Facebook must observe and in which Facebook has declared its willingness to fulfill the rights of the data subject (ie users can, for example, send information or requests for deletion directly to Facebook). The rights of users (in particular to information, deletion, objection and complaints to the competent supervisory authority) are not restricted by the agreements with Facebook. For more information, see the “About Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.facebook.com; Data protection statement: https://www.facebook.com/about/privacy; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Further information: Agreement of joint responsibility: https://www.facebook.com/legal/terms/information_about_page_insights_data. Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, an EU based company. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which in particular concerns the transmission of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of the agreement between Meta Platforms Ireland Limited and Meta Platforms, Inc. concluded standard contractual clauses).
- LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.linkedin.com; Data protection statement: https://www.linkedin.com/legal/privacy-policy; Order processing contract: https://legal.linkedin.com/dpa; Standard contractual clauses (ensuring the level of data protection when processing in third countries): https://legal.linkedin.com/dpa; Opposition possibility (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- YouTube: social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Data protection statement: https://policies.google.com/privacy; Opposition possibility (opt-out): https://adssettings.google.com/authenticated.
- Xing: Social network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.xing.de; Data protection statement: https://privacy.xing.com/de/datenschutzerklaerung.
Plugins and embedded functions as well as content
We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). This can be, for example, graphics, videos or city maps (hereinafter uniformly referred to as "content").
The integration always presupposes that the third-party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device and contain, among other things, technical information on the browser and operating system, the websites to be referred to, the time of visit and other information on the use of our online offer, as well as being linked to such information from other sources.
- Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and procedural data (e.g. IP addresses, times, identification numbers, consent status); Inventory data (e.g. names, addresses); Contact details (e.g. email, telephone numbers); Content data (e.g. entries in online forms).
- Affected people: Users (eg website visitors, users of online services).
- Purposes of processing: Providing our online offer and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
Further information on processing processes, procedures and services:
- Google Fonts (obtained from Google Server): Obtaining fonts (and symbols) for the purpose of technically safe, maintenance-free and efficient use of fonts and symbols with regard to topicality and loading times, their uniform representation and consideration of possible license restrictions. The provider of the fonts is informed of the IP address of the user so that the fonts can be made available in the user's browser. In addition, technical data (language settings, screen resolution, operating system, hardware used) are transmitted that are necessary for the provision of the fonts depending on the devices used and the technical environment. This data can be processed on a server of the font provider in the USA - When visiting our online offer, the user's browser sends their browser HTTP requests to the Google Fonts Web API (ie a software interface for retrieving the fonts). The Google Fonts Web API provides users with the Google Fonts Cascading Style Sheets (CSS) and then the fonts specified in the CCS. These HTTP requests include (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server and (3) the HTTP headers, including the user agent, which describes the browser and operating system versions of the website visitors, as well as the referrer URL (ie the web page where the Google font is to be displayed). IP addresses are not logged or stored on Google servers and they are not analyzed. The Google Fonts Web API logs details of HTTP requests (requested URL, user agent, and referrer URL). Access to this data is restricted and strictly controlled. The requested URL identifies the font families for which the user wants to download fonts. This data is logged so that Google can determine how often a particular font family is requested. The Google Fonts Web API requires the user agent to customize the font that is generated for each browser type. The user-agent is logged primarily for debugging and is used to generate aggregate usage statistics that measure font family popularity. These aggregate usage statistics are published on the Google Fonts Analytics page. Finally, the referrer URL is logged so the data can be used for production maintenance and an aggregated report can be generated on the top integrations based on the number of font requests. According to its own information, Google does not use any of the information collected by Google Fonts to create profiles of end users or to place targeted ads; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://fonts.google.com/; Data protection statement: https://policies.google.com/privacy; Further information: https://developers.google.com/fonts/faq/privacy?hl=de.
- Font Awesome (provided on own server): display of fonts and symbols; Service provider: The Font Awesome icons are hosted on our server, no data is transmitted to the provider of Font Awesome; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).
- YouTube videos: video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR); Website: https://www.youtube.com; Data protection statement: https://policies.google.com/privacy; Opposition possibility (opt-out): Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of commercials: https://adssettings.google.com/authenticated.
Modification and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will inform you as soon as the changes require your participation (eg consent) or other individual notification.
Sofern wir in dieser Datenschutzerklärung Adressen und Kontaktinformationen von Unternehmen und Organization in angeben, bitten wir zu beachten, dass die Adressen sich über die Zeit ändern können und bitten die Angaben vor Kontaktaufnahme zu prüfen.