Privacy Policy

Table of Contents

• Introduction and Overview
• Scope of Application
• Legal Basis
• Contact information for the data controller
• Contact information for the Data Protection Officer
• Retention period
• Rights under the General Data Protection Regulation
• Data transfers to third countries
• Data Processing Security
• Communication
• Data Processing Agreement (DPA)
• Cookies
• Application Information
• Customer data
• Registration
• Web Hosting Introduction
• Introduction to Web Analytics
• Email Marketing Introduction
• Introduction to Social Media
• Cloud services
• Online Map Services: Introduction
• Miscellaneous Introduction
• Explanation of Terms Used

Introduction and Overview

We have prepared this Privacy Policy (Version 09/27/2023-122077330) to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 and applicable national laws, which personal data (hereinafter “data”) we, as the data controller—and the processors we engage (e.g., service providers)—process, will process in the future, and what legal options you have. The terms used are to be understood as gender-neutral.
In short: We provide you with comprehensive information about the data we process regarding you.

Privacy policies usually sound very technical and use legal jargon. This privacy policy, however, is designed to explain the most important points to you as simply and transparently as possible. Wherever it helps with transparency, technical terms are explained in a reader-friendly way, links to further information are provided, and graphics are used. We use clear and simple language to inform you that, within the scope of our business activities, we process personal data only when there is a corresponding legal basis for doing so. This certainly isn’t possible if we provide explanations that are as brief, unclear, and legally technical as those often found online when it comes to data protection. I hope you find the following explanations interesting and informative, and perhaps there is some information here that you were not previously aware of.
If you still have questions, please contact the responsible party listed below or in the legal notice, follow the provided links, and review additional information on third-party websites. You can, of course, also find our contact information in the legal notice.

Scope of Application

This Privacy Policy applies to all personal data processed by us within the company and to all personal data processed by companies we have commissioned (processors). By “personal data,” we mean information as defined in Article 4(1) of the GDPR, such as a person’s name, email address, and mailing address. The processing of personal data enables us to offer and bill for our services and products, whether online or offline. The scope of this Privacy Policy includes:

• all online platforms (websites, online stores) that we operate
• Social media presence and email communication
• mobile apps for smartphones and other devices

In short: This Privacy Policy applies to all areas within the company where personal data is processed in a structured manner through the channels listed above. Should we enter into a legal relationship with you outside of these channels, we will notify you separately if necessary.

Legal Basis

In the following privacy policy, we provide you with transparent information regarding the legal principles and regulations—that is, the legal basis under the General Data Protection Regulation—that allow us to process personal data.
With regard to EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can, of course, read this EU General Data Protection Regulation online on EUR-Lex, the portal for EU law, at https://eur-lex.europa.eu/legal-content/DE/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

1. Consent (Article 6(1)(a) of the GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of the data you entered in a contact form.
2. Contract (Article 6(1)(b) of the GDPR): We process your data to fulfill a contract or pre-contractual obligations with you. For example, if we enter into a purchase agreement with you, we need certain personal information in advance.
3. Legal obligation (Article 6(1)(c) of the GDPR): We process your data when we are subject to a legal obligation to do so. For example, we are legally required to retain invoices for accounting purposes. These invoices typically contain personal data.
4. Legitimate interests (Article 6(1)(f) of the GDPR): In cases where legitimate interests do not override your fundamental rights, we reserve the right to process personal data. For example, we must process certain data in order to operate our website securely and cost-effectively. This processing therefore constitutes a legitimate interest.

Other conditions, such as the processing of data in the public interest, the exercise of official authority, or the protection of vital interests, do not generally apply to us. However, if such a legal basis were to apply, it will be indicated in the relevant section.

In addition to the EU regulation, national laws also apply:

• In Austria, this is the Federal Act on the Protection of Natural Persons with Regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
• In Germany, the Federal Data Protection Act( BDSG) applies.

If additional regional or national laws apply, we will provide you with information about them in the following sections.

Contact information for the data controller

If you have any questions regarding data protection or the processing of personal data, please find the contact details of the responsible person or department below:
Langer GmbH
Steyrerstrasse 13, 4470 Enns
Austria
Authorized representative: Fritz Aichhorn
Email: fritz@langer-magnet.com
Phone: +43 7223 82592-0
Legal Notice: https://www.langer-magnet.com/impressum/

Contact information for the Data Protection Officer

Below are the contact details for the Data Protection Officer:

Langer GmbH
Fritz Aichhorn
Steyrerstrasse 13, 4470 Enns
Austria

Email: fritz@langer-magnet.com
Phone: +43 664 2324180

Retention period

It is our general policy to retain personal data only for as long as is strictly necessary to provide our services and products. This means that we delete personal data as soon as the reason for processing it no longer exists. In some cases, we are legally required to retain certain data even after the original purpose has ceased to exist, for example, for accounting purposes.

If you wish to have your data deleted or withdraw your consent to data processing, the data will be deleted as soon as possible, provided there is no legal obligation to retain it.

We will provide you with information below regarding the specific duration of each data processing activity, provided we have further details on this matter.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we are informing you of the following rights to which you are entitled to ensure that your data is processed fairly and transparently:

• Under Article 15 of the GDPR, you have the right to request information about whether we process your data. If this is the case, you have the right to receive a copy of the data and to be informed of the following:
  • for what purpose we process the data;
  • the categories, i.e., the types of data that are processed;
  • who receives this data, and if the data is transferred to third countries, how security can be ensured;
  • how long the data is stored;
  • the existence of the right to rectification, erasure, or restriction of processing, and the right to object to processing;
  • that you can file a complaint with a supervisory authority (links to these authorities are provided below);
  • the source of the data, if we did not collect it from you;
  • whether profiling is carried out—that is, whether data is automatically analyzed to create a personal profile of you.
• Under Article 16 of the GDPR, you have the right to have your data corrected, which means that we must correct any errors you find.
• Under Article 17 of the GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you may request the erasure of your data.
• Under Article 18 of the GDPR, you have the right to restrict processing, which means that we may only store the data but may not use it further.
• Under Article 20 of the GDPR, you have the right to data portability, which means that, upon request, we will provide you with your data in a commonly used format.
• Under Article 21 of the GDPR, you have the right to object, which, once exercised, will result in a change to the processing.
  • If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interests), you may object to the processing. We will then review your objection as soon as possible to determine whether we can legally comply with it.
  • If your data is used for direct marketing purposes, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for direct marketing.
  • If your data is used for profiling, you may object to this type of data processing at any time. We will then no longer be permitted to use your data for profiling.
• Under Article 22 of the GDPR, you may have the right not to be subject to a decision based solely on automated processing (such as profiling).
• Under Article 77 of the GDPR, you have the right to lodge a complaint. This means that you may lodge a complaint with the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights—don’t hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection laws or that your data protection rights have been infringed in any other way, you may file a complaint with the supervisory authority. In Austria, this is the Data Protection Authority, whose website can be found at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For further information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Austrian Data Protection Authority

Director: Mag . Dr. Andrea Jelinek
Address: Barichgasse 40-42, 1030 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at
Website: https://www.dsb.gv.at/

Data transfers to third countries

We transfer or process data to countries outside the EU (third countries) only if you consent to such processing, if it is required by law, or if it is contractually necessary, and in any case only to the extent generally permitted. In most cases, your consent is the primary reason we process data in third countries. The processing of personal data in third countries such as the United States, where many software providers offer services and have their server locations, may mean that personal data is processed and stored in unexpected ways.

We expressly note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. Data processing by U.S. services (such as Google Analytics) may result in data being processed and stored without being anonymized. Furthermore, U.S. government authorities may, in some cases, access specific data. Additionally, collected data may be linked to data from other services of the same provider, provided you have a corresponding user account. Whenever possible, we strive to use server locations within the EU, provided such options are available.

We provide more detailed information about data transfers to third countries in the relevant sections of this Privacy Policy, where applicable.

Data Processing Security

To protect personal data, we have implemented both technical and organizational measures. Whenever possible, we encrypt or pseudonymize personal data. In this way, we do everything in our power to make it as difficult as possible for third parties to infer personal information from our data.

Article 25 of the GDPR refers to “data protection through technology design and privacy-friendly default settings,” meaning that security must always be a priority—whether in software (e.g., forms) or hardware (e.g., access to the server room)—and appropriate measures must be implemented. Below, we will discuss specific measures where necessary.

TLS encryption with HTTPS

TLS, encryption, and HTTPS sound very technical—and they are. We use HTTPS (which stands for "Hypertext Transfer Protocol Secure") to transmit data over the internet in a way that prevents eavesdropping.
This means that the entire transmission of all data from your browser to our web server is secure—no one can "eavesdrop."

This allows us to add an extra layer of security and ensure data protection through design (Article 25(1) of the GDPR). By using TLS (Transport Layer Security), an encryption protocol designed to ensure secure data transmission over the Internet, we can guarantee the protection of confidential data.
You can tell that this data transmission security feature is in use by the small padlock icon in the top-left corner of the browser, to the left of the web address (e.g., examplepage.com) and the use of the https protocol (instead of http) as part of our web address.
If you’d like to learn more about encryption, we recommend searching Google for “Hypertext Transfer Protocol Secure wiki” to find useful links to further information.

Communication

Communication Summary 👥 Data Subjects: Anyone who communicates with us by phone, email, or online form 📓 Data Processed: e.g., phone number, name, email address, form data entered. You can find more details under the respective contact method 🤝 Purpose: Handling communication with customers, business partners, etc. 📅 Retention period: Duration of the business transaction and as required by law ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

When you contact us and communicate with us by phone, email, or through our online form, we may process your personal data.

The data is processed for the purpose of handling and addressing your inquiry and the related business transaction. The data will be stored for as long as necessary or as required by law.

Affected individuals

These changes affect everyone who contacts us through the communication channels we provide.

Phone

When you call us, the call data is stored in pseudonymized form on the respective device and with the telecommunications provider used. In addition, data such as your name and phone number may subsequently be sent via email and stored for the purpose of responding to your inquiry. The data will be deleted as soon as the business matter has been resolved and legal requirements permit.

Email

When you communicate with us via email, data may be stored on your device (computer, laptop, smartphone, etc.) and on the email server. The data will be deleted as soon as the matter has been resolved and legal requirements permit.

Online Forms

When you contact us via the online form, your data is stored on our web server and, if necessary, forwarded to one of our email addresses. The data will be deleted as soon as the matter has been resolved and legal requirements permit.

Legal Basis

The processing of data is based on the following legal grounds:

• Art. 6(1)(a) GDPR (Consent): You give us your consent to store your data and to use it for purposes related to the business transaction;
• Art. 6(1)(b) of the GDPR (Contract): It is necessary for the performance of a contract with you or a processor, such as a telephone service provider, or we need to process the data for pre-contractual activities, such as preparing a quote;
• Art. 6(1)(f) GDPR (Legitimate Interests): We aim to handle customer inquiries and business communications in a professional manner. To do so, certain technical systems—such as email programs, Exchange servers, and mobile network operators—are necessary to ensure efficient communication.

Data Processing Agreement (DPA)

In this section, we would like to explain what a data processing agreement is and why it is necessary. Since the term “data processing agreement” is quite a mouthful, we will often use the acronym DPA throughout this text. Like most companies, we do not operate in isolation but also utilize the services of other companies or individuals.  By involving various companies or service providers, we may need to share personal data for processing. These partners then act as data processors, with whom we enter into a contract known as a Data Processing Agreement (DPA). The most important thing for you to know is that the processing of your personal data takes place exclusively in accordance with our instructions and must be governed by the DPA.

Who are data processors?

As a company and website owner, we are responsible for all data we process from you. In addition to the data controllers, there may also be so-called data processors. This includes any company or individual that processes personal data on our behalf. More specifically, and according to the GDPR definition: any natural or legal person, public authority, agency, or other body that processes personal data on our behalf is considered a data processor. Processors can therefore include service providers such as hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

To help clarify the terminology, here is an overview of the three roles under the GDPR:

Data subject(you as a customer or prospective customer) → Data controller (we as a company and data controller) → Data processor (service providers such as web hosts or cloud providers)

Contents of a Data Processing Agreement

As mentioned above, we have entered into a Data Processing Agreement (DPA) with our partners who act as data processors. Above all, this agreement stipulates that the data processor shall process the data exclusively in accordance with the GDPR. The agreement must be concluded in writing; however, in this context, an electronic agreement is also considered “in writing.” The processing of personal data takes place only on the basis of the contract. The contract must include the following:

• Commitment to us as the responsible party
• Duties and Rights of the Data Controller
• Categories of data subjects
• Type of personal data
• Nature and Purpose of Data Processing
• Purpose and Duration of Data Processing
• Location of data processing

In addition, the contract sets out all of the data processor’s obligations. The most important obligations are:

• Measures to ensure data security
• to take appropriate technical and organizational measures to protect the rights of the data subject
• to maintain a data processing register
• to cooperate with the data protection supervisory authority at its request
• to conduct a risk assessment regarding the personal data received
• Sub-processors may only be engaged with the written consent of the controller

You can see what a standard employment contract actually looks like at https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html, for example. A sample contract is provided there.

Cookies

Cookies Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Depends on the specific cookie. For more details, see below or contact the software provider that sets the cookie. 📓 Data processed: Depends on the specific cookie used. For more details, see below or contact the software provider that sets the cookie. 📅 Storage duration: Depends on the specific cookie; can vary from hours to years ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are cookies?

Our website uses HTTP cookies to store user-specific data.
Below, we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a web browser. Some well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing is undeniable: cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are other types of cookies for different applications. HTTP cookies are small files that our website stores on your computer. These cookie files are automatically placed in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as your language or personal page settings. When you visit our site again, your browser sends this “user-specific” information back to our site. Thanks to cookies, our website recognizes you and provides you with the settings you’re accustomed to. In some browsers, each cookie has its own file; in others, such as Firefox, all cookies are stored in a single file.

The following diagram illustrates a possible interaction between a web browser, such as Chrome, and a web server. In this scenario, the web browser requests a website and receives a cookie from the server, which the browser uses again the next time a different page is requested.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our website, while third-party cookies are created by partner websites (e.g., Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiration time of a cookie also varies from a few minutes to a few years. Cookies are not software programs and do not contain viruses, Trojans, or other “malware.” Cookies also cannot access information on your computer.

Here's an example of what cookie data might look like:

Name: _ga
Value:GA1.2.1326744211.152122077330-9
Purpose: To distinguish between website visitors
Expiration date:After 2 years

A browser should be able to support these minimum sizes:

• At least 4,096 bytes per cookie
• At least 50 cookies per domain
• At least 3,000 cookies in total

What types of cookies are there?

The specific cookies we use depend on the services we employ and are explained in the following sections of this privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are four types of cookies:

Essential Cookies
These cookiesare necessary to ensure the website’s basic functionality. For example, these cookies are needed when a user adds a product to their shopping cart, then browses other pages, and only proceeds to checkout later. These cookies ensure that the shopping cart is not cleared, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behavior and whether the user receives any error messages. They are also used to measure the website’s loading time and performance across different browsers.

Functional cookies
These cookies improve the user experience. For example, they store locations, font sizes, or form data that you have entered.

Advertising cookies
These cookies are also known as targeting cookies. They are used to deliver personalized ads to users. This can be very convenient, but it can also be very annoying.

Usually, when you visit a website for the first time, you’ll be asked which of these types of cookies you’d like to allow. And, of course, this decision is also stored in a cookie.

If you’d like to learn more about cookies and don’t mind reading technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Internet Engineering Task Force (IETF) Request for Comments titled “HTTP State Management Mechanism.”

Purpose of processing via cookies

The purpose ultimately depends on the specific cookie. You can find more details below or by contacting the manufacturer of the software that sets the cookie.

What data is processed?

Cookies are small tools that help with a wide variety of tasks. Unfortunately, it is not possible to generalize about what data is stored in cookies, but we will inform you about the data that is processed or stored in the following privacy policy.

How long cookies are stored

The duration for which cookies are stored depends on the specific cookie and is explained in more detail below. Some cookies are deleted after less than an hour, while others may remain stored on a computer for several years.

You also have control over how long cookies are stored. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies that are based on your consent will be deleted at the latest upon withdrawal of your consent, although the lawfulness of their storage up to that point remains unaffected.

Right to object – how can I delete cookies?

You decide for yourself whether and how you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, disable, or allow only certain cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to see which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find these options in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing Cookies and Website Data with Safari

Firefox: Clear cookies to remove data that websites have stored on your computer

Internet Explorer: Deleting and Managing Cookies

Microsoft Edge: Deleting and Managing Cookies

If you do not want to accept cookies at all, you can configure your browser to notify you whenever a cookie is about to be set. This allows you to decide on a case-by-case basis whether to accept each cookie or not. The procedure varies depending on the browser. If you are using Chrome, we recommend searching for instructions on Google using the search terms “delete cookies Chrome” or “disable cookies Chrome.”

Zur Verwaltung der eingesetzten Cookies und ähnlichen Technologien (Tracking-Pixel, Web-Beacons etc.) und diesbezüglicher Einwilligungen setzen wir das Consent Tool „Real Cookie Banner“ ein. Details zur Funktionsweise von „Real Cookie Banner“ findest du unter <a href=“https://devowl.io/de/rcb/datenverarbeitung/“ rel=“noreferrer“ target=“_blank“>https://devowl.io/de/rcb/datenverarbeitung/</a>.

Rechtsgrundlagen für die Verarbeitung von personenbezogenen Daten in diesem Zusammenhang sind Art. 6 Abs. 1 lit. c DS-GVO und Art. 6 Abs. 1 lit. f DS-GVO. Unser berechtigtes Interesse ist die Verwaltung der eingesetzten Cookies und ähnlichen Technologien und der diesbezüglichen Einwilligungen.

Die Bereitstellung der personenbezogenen Daten ist weder vertraglich vorgeschrieben noch für den Abschluss eines Vertrages notwendig. Du bist nicht verpflichtet die personenbezogenen Daten bereitzustellen. Wenn du die personenbezogenen Daten nicht bereitstellst, können wir deine Einwilligungen nicht verwalten.

Legal basis

The so-called “Cookie Directive” has been in effect since 2009. It stipulates that the storage of cookies requires your consent (Article 6(1)(a) of the GDPR). However, reactions to this directive still vary widely among EU countries. In Austria, however, this directive was implemented in Section 96(3) of the Telecommunications Act (TKG). In Germany, the Cookie Directive was not implemented as national law. Instead, this directive was largely implemented in Section 15(3) of the Telemedia Act (TMG).

For strictly necessary cookies, even in the absence of consent, there are legitimate interests (Article 6(1)(f) of the GDPR), which are typically of an economic nature. We want to provide website visitors with a pleasant user experience, and certain cookies are often essential to achieve this.

Unless strictly necessary cookies are used, this will only occur with your consent. The legal basis for this is Article 6(1)(a) of the GDPR.

The following sections provide more detailed information about the use of cookies, provided that the software in question uses cookies.

Application Information

Summary of Application Data 👥 Data Subjects: Users who apply for a job with us 🤝 Purpose: Processing of the application procedure 📓 Data Processed: Name, address, contact information, email address, phone number, proof of qualifications (certificates), and potentially special categories of data. 📅 Retention period: If the application is successful, until the end of the employment relationship. Otherwise, the data will be deleted after the application process or stored for a certain period with your consent. ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), legitimate interest (Art. 6(1)(f) GDPR), Art. 6(1)(b) GDPR (contract), Art. 9(2)(a) GDPR (processing of special categories of data)

What is application data?

You can apply for a position at our company via email, an online form, or a recruiting tool. All data we receive and process from you as part of an application is considered application data. In doing so, you will always provide personal information such as your name, date of birth, address, and phone number.

Why do we process job application data?

We process your data so that we can conduct a proper selection process for the advertised position. In addition, we would be happy to keep your application documents in our applicant database. This is because it often happens that, for a variety of reasons, a collaboration for the advertised position does not work out, but we are impressed by you and your application and can very well envision working with you in the future. If you give us your consent to do so, we will archive your documents so that we can easily contact you for future opportunities within our company.

We guarantee that we will handle your data with the utmost care and process it only in accordance with the law. Even within our company, your data will be shared only with those who are directly involved in your application. In short: your data is safe with us!

What data is processed?

For example, if you apply to us via email, we will, of course, receive personal data as mentioned above. Even your email address is considered personal data. However, during the application process, we only process the data that is relevant to our decision on whether or not to welcome you to our team.

Exactly which data is processed depends primarily on the job posting. In most cases, however, it includes your name, date of birth, contact information, and proof of qualifications. If you submit your application via an online form, the data is transmitted to us in encrypted form. If you send us your application by email, this encryption does not take place. We therefore cannot assume any responsibility for the transmission process. However, once the data is on our servers, we are responsible for the lawful handling of your data.

During the application process, in addition to the information mentioned above, we may also request information about your health or ethnic origin so that both we and you can exercise our rights under labor law, social security, and social protection, while also fulfilling our corresponding obligations. This information constitutes special categories of data.

Here is a list of the types of data we may collect and process from you:

• Name
• Contact information
• Email address
• phone number
• Date of Birth
• Information contained in the cover letter and resume
• Proof of qualifications (e.g., certificates)
• Special categories of data (e.g., ethnic origin, health data, religious beliefs)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

When we hire you as a team member at our company, your data will be processed for the purposes of the employment relationship and retained by us at least until the employment relationship ends. All application documents will then be added to your personnel file.

If we do not offer you the position, if you decline our offer, or if you withdraw your application, we may retain your data for up to 6 months after the conclusion of the application process based on our legitimate interest (Art. 6(1)(f) GDPR). After that, both your electronic data and all data from physical application documents will be completely deleted or destroyed. We retain your data, for example, so that we can still answer any follow-up questions or, in the event of a legal dispute, provide evidence regarding the application. If a legal dispute arises and we may still need the data after the 6-month period has expired, we will only delete the data once there is no longer any reason to retain it. If there are legal retention obligations to be fulfilled, we must generally store the data for longer than 6 months.

In addition, we may retain your data for a longer period if you have given us specific consent to do so. We do this, for example, if we can envision working with you in the future. In that case, it is helpful to have your data on file so that we can easily reach you. In this instance, your data will be added to our applicant pool. Of course, you can revoke your consent to the extended retention of your data at any time. If you do not revoke your consent and do not provide new consent, your data will be deleted after 2 years at the latest.

Legal basis

The legal basis for the processing of your data is Article 6(1)(a) of the GDPR (consent), Article 6(1)(b) of the GDPR (contract or pre-contractual measures), Article 6(1)(f) of the GDPR (legitimate interests), and Article 9(2)(a) of the GDPR (processing of special categories of data).

If we add you to our applicant pool, this is done on the basis of your consent (Art. 6(1)(a) GDPR). Please note that your inclusion in our applicant pool is voluntary, has no impact on the application process, and you may withdraw your consent at any time. The lawfulness of the processing up to the time of withdrawal remains unaffected.

In cases involving the protection of vital interests, data processing is carried out in accordance with Article 9(2)(c) of the GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Article 9(2)(h) of the GDPR. If you voluntarily provide special categories of data, processing is based on Article 9(2)(a) of the GDPR.

Customer data

Customer Data Summary 👥 Data Subjects: Customers and business and contractual partners 🤝 Purpose: Provision of services agreed upon in a contract or pre-contractual agreement, including related communication 📓 Processed Data: Name, address, contact information, email address, phone number, payment information (such as invoices and bank details), contract details (such as term and subject matter of the contract), IP address, order details 📅 Retention period: The data will be deleted as soon as it is no longer necessary for the fulfillment of our business purposes and there is no legal obligation to retain it. ⚖️ Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), Contract (Art. 6(1)(b) GDPR)

What is customer data?

In order to provide our services and fulfill our contractual obligations, we also process data from our customers and business partners. This data always includes personal information. Customer data refers to all information processed on the basis of a contractual or pre-contractual relationship in order to provide the services we offer. Customer data therefore encompasses all information we collect and process about our customers.

Why do we process customer data?

There are many reasons why we collect and process customer data. The most important reason is that we simply need various types of data to provide our services. Sometimes your email address is all we need, but if you purchase a product or service, for example, we also require information such as your name, address, bank details, or contract information. We subsequently use this data for marketing and sales optimization so that we can improve our overall service for our customers. Another important aspect is our customer service, which is always very important to us. We want you to be able to contact us at any time with questions about our offerings, and for that we need at least your email address.

What data is processed?

At this point, we can only describe the specific data we collect in general terms. This depends entirely on the services you receive from us. In some cases, you simply provide us with your email address so that we can, for example, contact you or answer your questions. In other cases, you purchase a product or service from us, and for that we need significantly more information, such as your contact details, payment information, and contract details.

Here is a list of the types of data we may collect and process from you:

• Name
• Contact information
• Email address
• phone number
• Date of Birth
• Payment information (invoices, bank details, payment history, etc.)
• Contract details (term, content)
• Usage data (websites visited, access data, etc.)
• Metadata (IP address, device information)

How long is the data stored?

As soon as we no longer need the customer data to fulfill our contractual obligations and for our purposes, and the data is also not required for any potential warranty or liability obligations, we will delete the relevant customer data. This is the case, for example, when a business contract ends. After that, the statute of limitations is generally 3 years, although longer periods may apply in individual cases. Of course, we also comply with statutory retention requirements. Your customer data will certainly not be disclosed to third parties unless you have explicitly given your consent.

Legal basis

The legal basis for the processing of your data is Article 6(1)(a) of the GDPR (consent), Art. 6(1)(b) GDPR (contract or pre-contractual measures), Art. 6(1)(f) GDPR (legitimate interests), and in specific cases (e.g., medical services) Art. 9(2)(a) GDPR (processing of special categories of data).

In cases involving the protection of vital interests, data processing is carried out in accordance with Article 9(2)(c) of the GDPR. For the purposes of healthcare, occupational medicine, medical diagnostics, care or treatment in the health or social sector, or the administration of systems and services in the health or social sector, the processing of personal data is carried out in accordance with Article 9(2)(h) of the GDPR. If you voluntarily provide special categories of data, processing is based on Article 9(2)(a) of the GDPR.

Registration

Registration Summary 👥 Data Subjects: All individuals who register, create an account, log in, and use the account. 📓 Processed Data: Email address, name, password, and other data collected during registration, login, and account use. 🤝 Purpose: Provision of our services. Communication with customers in connection with the services. 📅 Retention period:As long as the company account associated with the texts exists, and generally for 3 years thereafter. ⚖️ Legal basis: Art. 6(1)(b) GDPR (Contract), Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

When you register with us, we may process personal data if you enter personally identifiable information or if data such as your IP address is collected during the processing. You can read more below about what we mean by the rather cumbersome term “personal data.”

Please enter only the information we require for registration and for which you have a third party’s authorization if you are registering on behalf of someone else. If possible, use a strong password that you do not use anywhere else and an email address that you check regularly.

Below, we provide details about how we process your data, because we want you to feel comfortable with us!

What is registration?

When you register, we collect certain information from you, which allows you to easily log in online and use your account with us later. Having an account with us has the advantage that you don’t have to re-enter all your information every time. This saves time and effort and ultimately helps prevent errors in the delivery of our services.

Why do we process personal data?

In short, we process personal data to enable you to create and use an account with us.
If we didn’t do this, you’d have to enter all your data every time, wait for us to approve it, and then enter everything all over again. Neither we nor many, many customers would like that. How would you feel about it?

What data is processed?

All data that you provided during registration, enter when logging in, or enter when managing your account information.

During registration, we process the following types of data: 

• First name
• Last name
• Email address
• Company name
• Street + House number
• Place of residence
• Zip code
• Country

When you sign up, we process the information you provide during registration—such as your username and password—as well as data collected in the background, such as device information and IP addresses.

When you use your account, we process the data you enter while using the account and the data generated in connection with your use of our services.

Retention period

We store the data you provide at least for as long as the account associated with that data remains active and in use with us, for as long as contractual obligations between us exist, and, if the contract ends, until the respective claims arising from it become time-barred. In addition, we store your data for as long as and to the extent that we are subject to legal obligations regarding storage. Thereafter, we retain booking documents related to the contract (invoices, contract documents, account statements, etc.) as well as other relevant business records for the duration required by law (usually several years).

Right to object

Have you registered, entered your data, and now wish to withdraw your consent? No problem. As you can see above, under the General Data Protection Regulation, your rights remain in effect during and after registration, sign-up, or the creation of an account with us. Please contact the Data Protection Officer listed above to exercise your rights. If you already have an account with us, you can easily view and manage your data and text directly within your account.

Legal basis

By completing the registration process, you are engaging with us on a pre-contractual basis to enter into a user agreement for our platform (although this does not automatically create an obligation to pay). Youinvest time in entering data and registering, and we provide you with our services after you log in to our system and grant you access to your customer account. In addition, we fulfill our contractual obligations. Finally, we must keep registered users informed of important changes via email. Thus, Article 6(1)(b) of the GDPR (implementation of pre-contractual measures, performance of a contract) applies.

If necessary, we may also seek your consent, for example, if you voluntarily provide more information than is strictly necessary or if we are permitted to send you promotional materials. Article 6(1)(a) of the GDPR (Consent) therefore applies.

We also have a legitimate interest in knowing who we are dealing with in order to contact them in certain cases. In addition, we need to know who is using our services and whether they are being used in accordance with our Terms of Use; therefore, Article 6(1)(f) of the GDPR (legitimate interests) applies.

Note: Users should check the following sections as needed:

Registration using your real name

Since we need to know who we are dealing with in our business operations, registration is only possible using your real name (real name) and not pseudonyms.

Registration using pseudonyms

You may use a pseudonym when registering, which means you do not have to register with us using your real name. This ensures that we cannot process your name. 

Storage of IP addresses

During the registration, login, and account usage processes, we store your IP address in the background for security reasons to verify that the account is being used legitimately.

Public Profile

User profiles are publicly visible, meaning that parts of the profile can be viewed online without entering a username or password.

Two-factor authentication (2FA)

Two-factor authentication (2FA) provides additional security during login, as it prevents you from logging in without a smartphone, for example. This technical measure to secure your account protects you from data loss or unauthorized access even if your username and password were known. You can find out which 2FA method is used during registration, when logging in, and within the account itself.

Web Hosting Introduction

Web Hosting Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Professional hosting of the website and ensuring its operation 📓 Data processed: IP address, time of website visit, browser used, and other data. More details can be found below or with the respective web hosting provider. 📅 Retention period: Depends on the respective provider, but generally 2 weeks ⚖️ Legal basis: Art. 6(1)(f) GDPR (Legitimate interests)

What is web hosting?

When you visit websites today, certain information—including personal data—is automatically generated and stored, and this applies to this website as well. This data should be processed as sparingly as possible and only for legitimate reasons. By “website,” we mean the entirety of all web pages on a domain, i.e., everything from the home page to the very last subpage (such as this one). By “domain,” we mean, for example, example.de or sampleexample.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You’re probably familiar with some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We often just call them browsers or web browsers.

To display a website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complex and resource-intensive task, which is why it is typically handled by professional providers. These providers offer web hosting services, ensuring that website data is stored reliably and without errors. That’s a lot of technical terms, but please stick with it—it gets even better!

When your browser establishes a connection on your computer (desktop, laptop, tablet, or smartphone) and during the transfer of data to and from the web server, personal data may be processed. On the one hand, your computer stores data; on the other hand, the web server must also store data for a certain period of time to ensure proper operation.

A picture is worth a thousand words, so the following diagram illustrates the interaction between the browser, the internet, and the hosting provider.

Why do we process personal data?

The purposes of data processing are:

1. Professional website hosting and ensuring smooth operation
2. to maintain operational and IT security
3. Anonymous analysis of user behavior to improve our services and, if necessary, for law enforcement purposes or to pursue claims

What data is processed?

Even as you are visiting our website right now, our web server—the computer on which this website is hosted—typically automatically stores data such as

• the full web address (URL) of the webpage being viewed
• Browser and browser version (e.g., Chrome 87)
• the operating system used (e.g., Windows 10)
• the address (URL) of the previously visited page (referrer URL) (e.g., https://www.beispielquellsite.de/vondabinichgekommen/)
• the hostname and IP address of the device from which the request is being made (e.g., COMPUTERNAME and 194.23.43.121)
• Date and time
• in files known as web server log files

How long is data stored?

As a rule, the data mentioned above is stored for two weeks and then automatically deleted. We do not share this data with third parties; however, we cannot rule out the possibility that government authorities may access this data in the event of unlawful conduct.

In short: Your visit is logged by our provider (the company that hosts our website on special computers called servers), but we will not share your data without your consent!

Legal basis

The lawfulness of processing personal data in the context of web hosting is based on Article 6(1)(f) of the GDPR (protection of legitimate interests), as the use of professional hosting services from a provider is necessary to present the company on the internet in a secure and user-friendly manner and, if necessary, to investigate any attacks or claims arising therefrom.

We generally have a contract with the hosting provider regarding data processing in accordance with Article 28 et seq. of the GDPR, which ensures compliance with data protection regulations and guarantees data security.

Hetzner Privacy Policy

We use Hetzner for our website, which is, among other things, a web hosting provider. The service provider is the German company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

For more information about the data processed through the use of Hetzner, please see the privacy policy at https://www.hetzner.com/de/legal/privacy-policy.

Hetzner Data Processing Agreement (DPA)

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a data processing agreement (DPA) with Hetzner. You can read more about what exactly a DPA is and, above all, what must be included in a DPA in our general section titled “Data Processing Agreement (DPA).”

This agreement is required by law because Hetzner processes personal data on our behalf. It specifies that Hetzner may only process data received from us in accordance with our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/.

Introduction to Web Analytics

Web Analytics Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Analysis of visitor information to optimize the website. 📓 Data processed: Access statistics, which include data such as visitor locations, device information, duration and time of access, navigation behavior, click behavior, and IP addresses. You can find more details on this in the respective web analytics tool. 📅 Storage period: Depends on the web analytics tool used ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is web analytics?

We use software on our website to analyze the behavior of website visitors, commonly referred to as web analytics. This process involves the collection of data, which is stored, managed, and processed by the respective analytics tool provider (also known as a tracking tool). This data is used to generate analyses of user behavior on our website, which are then made available to us as the website operator. In addition, most tools offer various testing options. For example, this allows us to test which offers or content are most popular with our visitors. To do this, we show you two different offers for a limited period of time. After the test (known as an A/B test), we know which product or content our website visitors find more interesting. For such testing procedures, as well as for other analytics procedures, user profiles may also be created and the data stored in cookies.

Why do we use web analytics?

With our website, we have a clear goal in mind: we want to provide the best online experience in our industry. To achieve this goal, we aim to offer the best and most engaging content while ensuring that you feel completely at home on our website. Using web analytics tools, we can closely examine the behavior of our website visitors and then improve our website for both you and us accordingly. For example, we can determine the average age of our visitors, where they come from, when our website receives the most traffic, or which content or products are particularly popular. All of this information helps us optimize the website and tailor it to best meet your needs, interests, and preferences.

What data is processed?

Exactly what data is stored depends, of course, on the analytics tools used. However, as a rule, the following information is stored: what content you view on our website, which buttons or links you click, when you visit a page, which browser you use, what device (PC, tablet, smartphone, etc.) you use to visit the website, and what operating system you use. If you have consented to the collection of location data, this information may also be processed by the web analytics tool provider.

In addition, your IP address is also stored. According to the General Data Protection Regulation (GDPR), IP addresses are considered personal data. However, your IP address is generally stored in a pseudonymized form (i.e., in an unrecognizable and abbreviated form). For the purposes of testing, web analytics, and web optimization, no direct data—such as your name, age, address, or email address—is stored. All such data, if collected, is stored in pseudonymized form. This ensures that you cannot be identified as an individual.

The following example schematically illustrates how Google Analytics works as an example of client-side web tracking using JavaScript code.

How long the data is stored depends on the provider. Some cookies store data for only a few minutes or until you leave the website, while others can store data for several years.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details on this matter. In general, we process personal data only for as long as is strictly necessary to provide our services and products. If required by law—as is the case with accounting, for example—this retention period may be extended.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Legal basis

The use of web analytics requires your consent, which we have obtained via our cookie pop-up. Pursuant to Article 6(1)(a) of the GDPR (Consent), this consent serves as the legal basis for the processing of personal data, such as that collected by web analytics tools.

In addition to your consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our services both technically and economically. Using web analytics, we detect website errors, identify attacks, and improve cost-effectiveness. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use these tools if you have given your consent.

Since web analytics tools use cookies, we also recommend that you read our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should review the privacy policies of the respective tools.

Information about specific web analytics tools, if available, can be found in the following sections.

Facebook Pixel Privacy Policy

We use the Facebook Pixel on our website. To do this, we have implemented a code snippet on our website. The Facebook Pixel is a snippet of JavaScript code that loads a set of functions allowing Facebook to track your user actions if you arrived at our website via Facebook Ads. For example, if you purchase a product on our website, the Facebook Pixel is triggered and stores your actions on our website in one or more cookies. These cookies allow Facebook to match your user data (customer data such as IP address, user ID) with the data from your Facebook account. Facebook then deletes this data. The collected data is anonymous to us and cannot be viewed by us; it is used solely for the purpose of displaying advertisements. If you are a Facebook user and are logged in, your visit to our website is automatically associated with your Facebook user account.

We want to show our services and products only to those people who are genuinely interested in them. With the help of Facebook Pixel, our advertising campaigns can be better tailored to your preferences and interests. This way, Facebook users (provided they have enabled personalized ads) see ads that are relevant to them. Facebook also uses the collected data for analytical purposes and to create its own ads.

Below, we list the cookies that were set by embedding Facebook pixels on a test page. Please note that these are only example cookies. Different cookies are set depending on your interaction with our website.

Name: _fbp
Value: fb.1.1568287647279.257405483-6122077330-7
Purpose: Facebook uses this cookie to display advertising.
Expiration date: after 3 months

Name:fr
Value: 0aPf312HOS5Pboo2r..Bdeiuf…1.0.Bdeiuf.
Purpose: This cookie is used to ensure that Facebook pixels function properly.
Expiration date: after 3 months

Name: comment_author_50ae8267e2bdf1253ec1a5769f48e062122077330-3
Value: Author's name
Purpose: This cookie stores the text and name of a user who, for example, leaves a comment.
Expiration date: after 12 months

Name: comment_author_url_50ae8267e2bdf1253ec1a5769f48e062
Value: https%3A%2F%2Fwww.testseite…%2F (author's URL)
Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.
Expiration date: after 12 months

Name: comment_author_email_50ae8267e2bdf1253ec1a5769f48e062
Value: Author's email address
Purpose: This cookie stores the user's email address if they have provided it on the website.
Expiration date: after 12 months

Note: Thecookies listed above are based on individual user behavior. When it comes to the use of cookies, changes on Facebook can never be ruled out.

If you are logged into Facebook, you can change your ad settings yourself at https://www.facebook.com/adpreferences/advertisers/. If you are not a Facebook user, you can generally manage your usage-based online advertising at https://www.youronlinechoices.com/de/praferenzmanagement/. There, you have the option to disable or enable providers.

Facebook processes your data in the United States, among other places. Facebook, or Meta Platforms, is an active participant in the EU-US Data Privacy Framework, which regulates the proper and secure transfer of personal data from EU citizens to the United States. You can find more information about this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR). Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the US. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

Facebook's Data Processing Terms, which refer to the Standard Contractual Clauses, can be found at https://www.facebook.com/legal/terms/dataprocessing.

If you would like to learn more about Facebook's privacy practices, we recommend reviewing the company's privacy policy at https://www.facebook.com/privacy/policy.

Matomo Privacy Policy

We use Matomo, a website analytics tool, on our website. The service provider is the New Zealand-based company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

For more information about the data processed through the use of Matomo, please refer to the Privacy Policy at https://matomo.org/privacy-policy/. If you have any questions regarding data protection, please send an email to privacy@matomo.org.

Matomo On-Premise Privacy Policy

We use the privacy-friendly analytics tool Matomo On-Premise on our website. With the on-premise version, Matomo is installed on our own server. This means we act as the software operator, and any data we may collect from you is stored directly with us. Data processing therefore remains entirely under our control. The service provider is the New Zealand company InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand.

If you would like to learn more about how Matomo On-Premise processes data, please feel free to contact us. We also recommend reviewing Matomo’s privacy policy at https://matomo.org/privacy-policy/.

Matomo On-Premise (without cookies)

Many web analytics tools commonly use so-called cookies to collect and process a significant amount of personal data for analytical purposes and for their own marketing. Cookies are small text files that are typically stored in your browser and may contain personal data. We want to respect and protect your privacy as much as possible. That is why we have decided to take a different approach and use Matomo On-Premise entirely without cookies. While we can perform various measurements and web analytics with Matomo, no personal data about you is stored in cookies. Matomo On-Premise without cookies is one of the most privacy-friendly web analytics services on the market.

 

 

Email Marketing Introduction

Email Marketing Summary 👥 Data Subjects: Newsletter subscribers 🤝 Purpose: Direct marketing via email, notifications about system-related events 📓 Data Processed: Data entered during registration, but at a minimum the email address. You can find more details in the documentation for the respective email marketing tool. 📅 Retention period: Duration of the subscription ⚖️ Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (legitimate interests)

What is email marketing?

To keep you up to date, we also use email marketing. In this context, provided you have consented to receiving our emails or newsletters, we will process and store your data. Email marketing is a subset of online marketing. It involves sending news or general information about a company, products, or services via email to a specific group of people who are interested in them.

If you would like to subscribe to our email marketing (usually via newsletter), you typically just need to sign up with your email address. To do so, simply fill out an online form and submit it. However, we may also ask for your title and name so that we can address you personally.

Generally, newsletter subscriptions work using the so-called “double opt-in process.” After you subscribe to our newsletter on our website, you will receive an email asking you to confirm your subscription. This ensures that the email address belongs to you and that no one has subscribed using someone else’s email address. We, or a notification tool we use, log every single subscription. This is necessary so that we can verify that the subscription process was carried out in accordance with legal requirements. Typically, the time of subscription, the time of confirmation, and your IP address are stored. Additionally, any changes you make to your stored data are also logged.

Why do we use email marketing?

Of course, we want to stay in touch with you and keep you updated on the most important news about our company. To this end, we use email marketing—often simply referred to as “newsletters”—as a key component of our online marketing strategy. Provided you consent or it is permitted by law, we will send you newsletters, system emails, or other notifications via email. When we use the term “newsletter” in the following text, we mainly refer to emails sent on a regular basis. Of course, we do not want to bother you in any way with our newsletters. That is why we always strive to provide only relevant and interesting content. For example, you can learn more about our company, our services, or our products. Since we are constantly improving our offerings, our newsletter will also keep you informed whenever there is news or when we are currently offering special, lucrative promotions. If we engage a service provider that offers a professional mailing tool for our email marketing, we do so to ensure we can deliver newsletters to you quickly and securely. The primary purpose of our email marketing is to inform you about new offers and to help us achieve our business goals.

What data is processed?

When you subscribe to our newsletter via our website, you confirm your subscription to an email list via email. In addition to your IP address and email address, your title, name, address, and phone number may also be stored. However, this will only occur if you consent to the storage of this data. The data marked as such is necessary for you to use the service we offer. Providing this information is voluntary; however, failure to do so will prevent you from using the service. Additionally, information about your device or your preferred content on our website may also be stored. You can find more information about data storage when you visit a website in the section “Automatic Data Storage.” We record your declaration of consent so that we can always demonstrate that it complies with our laws.

Duration of data processing

If you unsubscribe from our email/newsletter mailing list, we may retain your email address for up to three years based on our legitimate interests, so that we can still demonstrate your prior consent. We may only process this data if we need to defend ourselves against any potential claims.

However, if you confirm that you have given us your consent to subscribe to the newsletter, you may submit a request to have your data deleted at any time. If you permanently revoke your consent, we reserve the right to add your email address to a block list. As long as you have voluntarily subscribed to our newsletter, we will, of course, continue to retain your email address.

Right to object

You can unsubscribe from our newsletter at any time. To do so, simply revoke your consent to receive the newsletter. This usually takes just a few seconds or one or two clicks. You’ll usually find a link to unsubscribe from the newsletter right at the bottom of each email. If you really can’t find the link in the newsletter, please contact us by email and we’ll cancel your newsletter subscription immediately.

Legal basis

We send our newsletter based on your consent (Article 6(1)(a) of the GDPR). This means that we may only send you a newsletter if you have actively subscribed to it beforehand. We may also send you promotional messages if you have become a customer and have not objected to the use of your email address for direct marketing.

Information about specific email marketing services and how they process personal data—where available—can be found in the following sections.

Click-Tip Privacy Policy

We use Klick-Tipp, a marketing automation service, on our website. The service provider is the British company Klick-Tipp Limited, 15 Cambridge Court, 210 Shepherd’s Bush Road, London W67NJ, United Kingdom. You can learn more about the data processed through the use of Klick-Tipp in the Privacy Policy at https://www.klicktipp.com/datenschutzerklarung/.

Introduction to Social Media

Social Media Privacy Policy Summary 👥 Data subjects: Visitors to the website 🤝 Purpose: Presenting and optimizing our services, contacting visitors, prospective customers, etc., advertising 📓 Data processed: Data such as phone numbers, email addresses, contact information, user behavior data, information about your device, and your IP address. You can find more details on the respective social media tool used. 📅 Storage period: Depends on the social media platforms used ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is social media?

In addition to our website, we are also active on various social media platforms. In doing so, we may process user data so that we can target users who are interested in us via social networks. Furthermore, elements of a social media platform may also be embedded directly into our website. This is the case, for example, when you click on a so-called social media button on our website and are redirected directly to our social media presence. The term “social media” refers to websites and apps through which registered members can create content, share content publicly or within specific groups, and network with other members.

Why do we use social media?

For years, social media platforms have been the place where people communicate and connect online. Through our social media presence, we can introduce our products and services to potential customers. The social media elements integrated into our website allow you to quickly and easily access our social media content.

The data stored and processed through your use of a social media platform is primarily intended to enable web analytics. The goal of these analytics is to develop more precise and personalized marketing and advertising strategies. Depending on your behavior on a social media platform, the analyzed data can be used to draw conclusions about your interests and create so-called user profiles. This also enables the platforms to present you with tailored advertisements. In most cases, cookies are placed in your browser for this purpose to store data about your usage behavior.

We generally assume that we remain the data controller under data protection law, even when we use the services of a social media platform. However, the European Court of Justice has ruled that, in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Article 26 of the GDPR. Where this is the case, we will make a separate note of it and operate on the basis of a relevant agreement. The key terms of the agreement are then set out below for the relevant platform.

Please note that when you use social media platforms or our embedded features, your data may also be processed outside the European Union, as many social media channels—such as Facebook or Twitter—are U.S.-based companies. As a result, you may find it more difficult to exercise or enforce your rights regarding your personal data.

What data is processed?

Exactly what data is stored and processed depends on the specific social media platform provider. However, it typically includes data such as phone numbers, email addresses, information you enter into a contact form, user data (such as which buttons you click, who you like or follow, and when you visited which pages), information about your device, and your IP address. Most of this data is stored in cookies. Especially if you have a profile on the social media platform you’re visiting and are logged in, data can be linked to your profile.

All data collected via a social media platform is also stored on the providers' servers. This means that only the providers have access to the data and can provide you with the relevant information or make changes.

If you want to know exactly what data social media providers store and process, and how you can object to this data processing, you should carefully read the company’s privacy policy. If you have questions about data storage and processing or wish to exercise your rights in this regard, we recommend that you contact the provider directly.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details. For example, the social media platform Facebook stores data until it is no longer needed for its own purposes. However, customer data that is matched with your own user data is deleted within two days. In general, we process personal data only for as long as is strictly necessary to provide our services and products. If required by law—as is the case with accounting, for example—this retention period may be exceeded.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers, such as embedded social media elements, at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since social media tools may use cookies, we also recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, you should read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In principle, if consent has been given, your data is also stored and processed on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in maintaining fast and effective communication with you or other customers and business partners. However, we only use these tools to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific social media platforms—if available—can be found in the following sections.

LinkedIn Privacy Policy

LinkedIn Privacy Policy Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: To optimize our services 📓 Processed Data: Data such as user behavior data, information about your device, and your IP address. You can find more details below in the privacy policy. 📅 Retention period: The data is generally deleted within 30 days ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is LinkedIn?

We use social plugins from the social media network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA, on our website. These social plugins may include feeds, content sharing, or links to our LinkedIn page. The social plugins are clearly marked with the familiar LinkedIn logo and allow you, for example, to share interesting content directly from our website. For the European Economic Area and Switzerland, LinkedIn Ireland Unlimited Company, located at Wilton Place in Dublin, is responsible for data processing.

When these plug-ins are embedded, data may be sent to LinkedIn, stored there, and processed. In this privacy policy, we aim to inform you about what data is involved, how the network uses this data, and how you can manage or prevent the storage of this data.

LinkedIn is the largest social network for professional connections. Unlike Facebook, for example, the company focuses exclusively on building professional connections. Companies can use the platform to showcase their services and products and establish business relationships. Many people also use LinkedIn to look for jobs or to find suitable employees for their own companies. In Germany alone, the network has over 11 million members. In Austria, there are about 1.3 million.

Why do we use LinkedIn on our website?

We know how busy you are. It’s not possible to keep track of every social media channel individually. Even though, as in our case, it would be worth the effort. We regularly post interesting news and articles that are worth sharing. That’s why we’ve added a feature to our website that lets you share interesting content directly on LinkedIn or link directly to our LinkedIn page. We view built-in social plugins as an extended service on our website. The data LinkedIn collects also helps us ensure that any advertising we run is shown only to people who are interested in what we offer.

What data does LinkedIn store?

LinkedIn does not store any personal data simply by embedding social plugins. LinkedIn refers to this data generated by plug-ins as “passive impressions.” However, if you click on a social plug-in—for example, to share our content—the platform stores personal data as so-called “active impressions.” This occurs regardless of whether you have a LinkedIn account or not. If you are logged in, the collected data is associated with your account.

Your browser establishes a direct connection to LinkedIn’s servers when you interact with our plugins. This allows the company to log various usage data. In addition to your IP address, this may include, for example, login data, device information, or details about your internet or mobile service provider. If you access LinkedIn services via your smartphone, your location may also be determined (after you have given your consent). LinkedIn may also share this data in “hashed” form with third-party advertisers. Hashing means that a data record is converted into a string of characters. This allows the data to be encrypted in such a way that individuals can no longer be identified.

Most of the data regarding your user behavior is stored in cookies. These are small text files that are typically stored in your browser. LinkedIn may also use web beacons, pixel tags, ad tags, and other device identifiers.

Various tests also show which cookies are set when a user interacts with a social plugin. The data found is not exhaustive and is provided solely as an example. The following cookies were set without being logged in to LinkedIn:

Name: bcookie
Value: =2&34aab2aa-2ae1-4d2a-8baf-c2e2d7235c16122077330-
Purpose: This cookie is a so-called “browser ID cookie” and therefore stores your identification number (ID).
Expiration date: After 2 years

Name: lang
Value: v=2&lang=de-de
Purpose: This cookie stores your default or preferred language.
Expiration date: at the end of the session

Name: lidc
Value: 1818367:t=1571904767:s=AQF6KNnJ0G122077330…
Purpose: This cookie is used for routing. Routing tracks the paths you took to get to LinkedIn and how you navigate through the website.
Expiration date: after 24 hours

Name: rtc
Value: kt0lrv3NF3x3t6xvDgGrZGDKkX
Purpose:No further information about this cookie could be found.
Expiration date: after 2 minutes

Name: JSESSIONID
Value: ajax:1220773302900777718326218137
Purpose: This is a session cookie that LinkedIn uses to maintain anonymous user sessions on the server.
Expiration date: at the end of the session

Name: bscookie
Value: “v=1&201910230812…
Purpose: This cookie is a security cookie. LinkedIn describes it as a Secure Browser ID cookie.
Expiration date: after 2 years

Name: fid
Value: AQHj7Ii23ZBcqAAAA…
Purpose: No further information could be found about this cookie.
Expiration date: after 7 days

Note: LinkedIn also works with third-party providers. That is why we detected the two Google Analytics cookies, _ga and _gat, during our test.

How long and where will the data be stored?

In general, LinkedIn retains your personal data for as long as the company deems necessary to provide its services. However, LinkedIn deletes your personal data when you delete your account. In some exceptional cases, LinkedIn retains certain data in aggregated and anonymized form even after you delete your account. Once you delete your account, other people will no longer be able to view your data within one day. LinkedIn generally deletes the data within 30 days. However, LinkedIn retains data if required by law. Data that can no longer be linked to specific individuals remains stored even after the account is closed. The data is stored on various servers in the United States and presumably also in Europe.

How can I delete my data or prevent it from being stored?

You have the right to access and delete your personal data at any time. You can manage, edit, and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn.

Here's how to access the account information in your LinkedIn profile:

On LinkedIn, click your profile icon and select "Settings & Privacy." Next, click "Privacy," and then click "Change" in the "How LinkedIn uses your data" section. In just a few moments, you can download selected data about your web activity and account history.

You can also prevent LinkedIn from processing your data directly in your browser. As mentioned above, LinkedIn stores most of its data using cookies that are placed in your browser. You can manage, disable, or delete these cookies. The process varies slightly depending on which browser you use. Under the “Cookies” section, you’ll find links to the relevant instructions for the most popular browsers.

You can also configure your browser so that you are always notified when a cookie is about to be set. This allows you to decide on a case-by-case basis whether or not to accept the cookie.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

LinkedIn processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

LinkedIn uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, LinkedIn commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about the standard contractual clauses on LinkedIn, visit https://de.linkedin.com/legal/l/dpa or https://www.linkedin.com/legal/l/eu-sccs.

We have tried to provide you with the most important information about how LinkedIn processes data. Visit https://www.linkedin.com/legal/privacy-policy to learn more about how the social media network LinkedIn processes data.

Data Processing Agreement (DPA) LinkedIn

In accordance with Article 28 of the General Data Protection Regulation (GDPR), we have entered into a data processing agreement (DPA) with LinkedIn. You can read more about what exactly a DPA is and, most importantly, what must be included in a DPA in our general section titled “Data Processing Agreement (DPA).”

This agreement is required by law because LinkedIn processes personal data on our behalf. It specifies that LinkedIn may only process data received from us in accordance with our instructions and must comply with the GDPR. You can find the link to the Data Processing Agreement (DPA) at https://de.linkedin.com/legal/l/dpa.

Pinterest Privacy Policy

Pinterest Privacy Policy Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: To optimize our services 📓 Processed Data: Data such as user behavior data, information about your device, your IP address, and search terms. You can find more details below in the privacy policy. 📅 Retention period: until Pinterest no longer needs the data for its purposes ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Pinterest?

We use buttons and widgets from the social media network Pinterest, operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA, on our website. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related matters.

Pinterest is a social network that specializes in visual content and photographs. The name is a combination of the words “pin” and “interest.” Users can share their hobbies and interests on Pinterest and view each other’s profiles—featuring images—either publicly or within specific groups.

Why do we use Pinterest?

Pinterest has been around for several years now, and this social media platform remains one of the most visited and valued platforms. Pinterest is particularly well-suited to our industry because the platform is primarily known for its beautiful and interesting images. That’s why we’re naturally active on Pinterest and want to showcase our content there as well, beyond our website. The data collected may also be used for advertising purposes so that we can show promotional messages to exactly those people who are interested in our services or products.

What data does Pinterest process?

So-called log data may be stored. This includes information about your browser, IP address, the address of our website, and the activities you perform on it (for example, when you click the "Save" or "Pin" button), search histories, the date and time of the request, and cookie and device data. When you interact with an embedded Pinterest feature, cookies that store various types of data may also be set in your browser. In most cases, the log data mentioned above, default language settings, and clickstream data are stored in cookies. By “clickstream data,” Pinterest refers to information about your website behavior.

If you have a Pinterest account and are logged in, the data collected through our site may be added to your account and used for advertising purposes. When you interact with our embedded Pinterest features, you will typically be redirected to the Pinterest site. Here is an example of the types of cookies that will then be set in your browser.

Name: _auth
Value: 0
Purpose: This cookie is used for authentication. It may store a value such as your “username.” 
Expiration date: after one year

Name: _pinterest_referrer
Value: 1
Purpose: This cookie records that you arrived at Pinterest via our website. It therefore stores the URL of our website.
Expiration date: at the end of the session

Name: _pinterest_sess
Value: …9HRHZvVE0rQlUxdG89
Purpose: This cookie is used for logging in to Pinterest and contains user IDs, authentication tokens, and timestamps.
Expiration date: after one year

Name: _routing_id
Value: “8d850ddd-4fb8-499c-961c-77efae9d4065122077330-8”
Purpose: This cookie contains an assigned value used to identify a specific routing destination.
Expiration date: after one day

Name: cm_sub
Value: denied
Purpose: This cookie stores a user ID and a timestamp.
Expiration date: after one year

Name: csrftoken
Value: 9e49145c82a93d34fd933b0fd8446165122077330-1
Purpose: This cookie is most likely set for security reasons to prevent forged requests. However, we were unable to determine the exact purpose.
Expiration date: after one year

Name: sessionFunnelEventLogged
Value: 1
Purpose: We have not yet been able to obtain further informationabout this cookie.
Expiration date: after one day

How long and where will the data be stored?

Pinterest generally stores the collected data until it is no longer needed for the company’s purposes. As soon as data retention is no longer necessary—for example, to comply with legal requirements—the data is either deleted or anonymized so that you can no longer be identified as an individual. The data may also be stored on servers in the United States.

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers such as Pinterest at any time. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser.

Since embedded Pinterest elements may use cookies, we also recommend that you review our general privacy policy regarding cookies. To find out exactly what data is stored and processed about you, please read the privacy policies of the respective tools.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining fast and effective communication with you or other customers and business partners. However, we only use the tool to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Pinterest processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

Pinterest uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, Pinterest commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the U.S. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.

For more information about Pinterest’s standard contractual clauses, visit https://policy.pinterest.com/de/privacy-policy#section-residents-of-the-eea.

We have tried to provide you with the most important information about how Pinterest processes data. You can learn more about Pinterest’s privacy policy at https://policy.pinterest.com/de/privacy-policy.

Twitter Privacy Policy

Twitter Privacy Policy Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: Optimizing our services 📓 Processed Data: Data such as user behavior data, information about your device, and your IP address. You can find more details below in the privacy policy. 📅 Retention period: Twitter deletes data collected from other websites after 30 days at the latest ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Twitter?

We have integrated Twitter features into our website. These include, for example, embedded tweets, timelines, buttons, and hashtags. Twitter is a microblogging service and social media platform operated by Twitter Inc., One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

To the best of our knowledge, simply embedding Twitter features does not result in the transfer of any personal data or data regarding your web activity to Twitter within the European Economic Area or Switzerland. Only when you interact with Twitter features—such as clicking a button—can data be sent to Twitter, where it is stored and processed. We have no control over this data processing and assume no responsibility for it. In this privacy policy, we aim to provide you with an overview of what data Twitter stores, what Twitter does with this data, and how you can largely protect yourself against data transmission.

For some, Twitter is a news service; for others, a social media platform; and still others refer to it as a microblogging service. All of these terms are valid and mean more or less the same thing.

Both individuals and businesses use Twitter to communicate with interested people via short messages. Twitter limits each message to 280 characters. These messages are called “tweets.” Unlike Facebook, for example, the service does not focus on building a network of “friends,” but rather aims to be seen as a global and open messaging platform. On Twitter, users can also maintain an anonymous account, and tweets can be deleted either by the company or by the users themselves.

Why do we use Twitter on our website?

Like many other websites and companies, we strive to offer our services and communicate with our customers through various channels. Twitter, in particular, has become a favorite of ours as a useful “microblogging” platform. We regularly tweet or retweet exciting, funny, or interesting content. We realize that you can’t follow every channel separately. After all, you have other things to do. That’s why we’ve integrated Twitter features into our website. You can follow our Twitter activity “right here” or visit our Twitter page via a direct link. By integrating Twitter, we aim to enhance our service and improve the user experience on our website.

What data does Twitter store?

On some of our subpages, you’ll find built-in Twitter features. When you interact with Twitter content—such as by clicking a button—Twitter may collect and store data. This happens even if you don’t have a Twitter account yourself. Twitter refers to this data as “log data.” This includes demographic data, browser cookie IDs, your smartphone’s ID, hashed email addresses, and information about which pages you’ve visited on Twitter and what actions you’ve taken. Of course, Twitter stores more data if you have a Twitter account and are logged in. This data is usually stored via cookies. Cookies are small text files that are typically stored in your browser and transmit various types of information to Twitter.

We’ll now show you which cookies are set when you’re not logged in to Twitter but visit a website with embedded Twitter features. Please consider this list as an example. We cannot guarantee that this list is exhaustive, as the selection of cookies is constantly changing and depends on your individual interactions with Twitter content.

The following cookies were used in our test:

Name: personalization_id
Value: “v1_cSJIsogU51SeE122077330”
Purpose: This cookie stores information about how you use the website and which advertisements may have led you to Twitter.
Expiration date: after 2 years

Name: lang
Value: de
Purpose: This cookie stores your default or preferred language.
Expiration date: End of session

Name: guest_id
Value: 122077330v1%3A157132626
Purpose: This cookie is set to identify you as a guest.
Expiration date: after 2 years

Name: fm
Value: 0
Purpose: Unfortunately, we were unable to determine the purposeof this cookie.
Expiration date: atthe end of the session

Name: external_referer
Value: 1220773302beTA0sf5lkMrlGt
Purpose: This cookie collects anonymous data, such as how often you visit Twitter and how long you stay on Twitter.
Expiration date: After 6 days

Name: eu_cn
Value: 1
Purpose: This cookie stores user activity and is used for various advertising purposes by Twitter.
Expiration date: After one year

Name: ct0
Value: c1179f07163a365d2ed7aad84c99d966
Purpose: Unfortunately, we were unable to find any informationabout this cookie.
Expiration date: after 6 hours

Name: _twitter_sess
Value: 53D%253D–dd0248122077330-
Purpose: This cookie allows you to use features on the Twitter website.
Expiration date: at the end of the session

Note: Twitter also works with third-party providers. That is why we detected the three Google Analytics cookies _ga, _gat, and _gid during our test.

Twitter uses the data it collects both to better understand user behavior and thereby improve its own services and advertising offerings, and to support internal security measures.

How long and where will the data be stored?

When Twitter collects data from other websites, this data is deleted, aggregated, or otherwise anonymized after a maximum of 30 days. Twitter’s servers are located in various data centers in the United States. Accordingly, it can be assumed that the collected data is gathered and stored in the United States. Based on our research, we were unable to determine conclusively whether Twitter also has its own servers in Europe. In general, Twitter may store the collected data until it is no longer useful to the company, until you delete the data, or until a statutory retention period expires.

How can I delete my data or prevent it from being stored?

In its privacy policy, Twitter repeatedly emphasizes that it does not store any data from visits to external websites if you or your browser are located in the European Economic Area or Switzerland. However, if you interact directly with Twitter, Twitter will of course also store data about you.

If you have a Twitter account, you can manage your data by clicking "More" under the "Profile" button. Then click "Settings and Privacy." Here you can customize your data settings.

If you don't have a Twitter account, you can go to twitter.comand click on "Personalization." Under "Personalization and Data," you can manage the data collected about you.

As mentioned above, most data is stored via cookies, which you can manage, disable, or delete in your browser. Please note that you can only “manage” cookies in the browser you have selected. This means that if you use a different browser in the future, you will need to manage your cookies there again according to your preferences. Under the “Cookies” section, you will find links to the relevant instructions for the most popular browsers.

You can also configure your browser to notify you whenever a cookie is set. This way, you can decide on a case-by-case basis whether to accept a cookie or not.

Twitter also uses this data for personalized advertising both on and off Twitter. You can turn off personalized advertising in your settings under “Personalization and Data.” If you use Twitter in a browser, you can disable personalized advertising at https://optout.aboutads.info/?c=2&lang=EN.

Legal basis

If you have consented to the processing and storage of your data through embedded social media elements, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). In general, your data is also stored and processed based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining fast and effective communication with you or other customers and business partners. However, we only use the embedded social media elements to the extent that you have given your consent. Most social media platforms also set cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Twitter processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

Twitter uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to such countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, Twitter commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

For more information about Twitter’s standard contractual clauses, visit https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

We hope we have provided you with a general overview of how Twitter processes data. We do not receive any data from Twitter and are not responsible for how Twitter uses your data. If you have any further questions on this topic, we recommend that you review Twitter’s Privacy Policy at https://twitter.com/de/privacy.

Cloud services

Cloud Services Privacy Policy Summary 👥 Data Subjects: We as the website operator and you as the website visitor 🤝 Purpose: Security and data storage 📓 Processed Data: Data such as your IP address, name, or technical data such as browser version You can find more details below and in the individual privacy policies or in the providers’ privacy statements 📅 Storage period: In most cases, the data is stored until it is no longer needed to fulfill the service ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are cloud services?

Cloud services provide website operators with storage space and computing power via the Internet. Data can be transferred to an external system, processed, and stored via the Internet. The cloud provider manages this data. Depending on requirements, an individual or a company can choose the amount of storage space or computing power. Cloud storage is accessed via an API or storage protocols. API stands for Application Programming Interface, which refers to a programming interface that connects software and hardware components.

Why do we use cloud services?

We use cloud services for several reasons. A cloud service allows us to store our data securely. It also gives us access to our data from various locations and devices, providing us with greater flexibility and streamlining our work processes. Cloud storage also saves us money because we don’t have to set up and manage our own infrastructure for data storage and security. By centrally storing our data in the cloud, we can also expand our areas of application and manage our information much more effectively.

As website operators and as a company, we primarily use cloud services for our own purposes. For example, we use these services to manage our calendar and to store documents or other important information in the cloud. However, this may also involve the storage of your personal data. This is the case, for example, when you provide us with your contact information (such as your name and email address) and we store our customer data with a cloud provider. Consequently, data we process from you may also be stored and processed on external servers. When we offer certain forms or content from cloud services on our website, cookies may also be set for web analytics and advertising purposes. Furthermore, such cookies remember your settings (such as the language used) so that you will find your familiar web environment the next time you visit our website.

What data is processed by cloud services?

Much of the data we store in the cloud is not personally identifiable; however, some data qualifies as personal data under the definition of the GDPR. This often includes customer data such as name, address, IP address, or phone number, as well as technical device information. Videos, images, and audio files can also be stored in the cloud. Exactly how the data is collected and stored depends on the specific service. We strive to use only services that handle data in a highly trustworthy and professional manner. In general, services such as Amazon Drive have access to the stored files in order to provide their own services accordingly. To do so, however, these services require permissions, such as the right to copy files for security reasons. This data is processed and managed within the scope of the services and in compliance with applicable laws. This includes compliance with the GDPR for U.S. providers (via the Standard Contractual Clauses). In some cases, these cloud services also collaborate with third-party providers who may process data under instruction and in accordance with privacy policies and additional security measures. We would like to emphasize once again that all well-known cloud services (such as Amazon Drive, Google Drive, or Microsoft OneDrive) reserve the right to access stored content in order to provide and optimize their own services accordingly.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details. In general, cloud services store data until you or we revoke the data storage or delete the data. Generally, personal data is stored only for as long as is strictly necessary to provide the services. However, permanently deleting data from the cloud can take several months. This is because the data is usually not stored on just one server but is distributed across various servers.

Right to object

You also have the right and the option to withdraw your consent to the storage of your data in the cloud at any time. If cookies are used, you also have the right to withdraw your consent in this regard. You can do this either through our cookie management tool or via other opt-out features. For example, you can also prevent data collection via cookies by managing, disabling, or deleting cookies in your browser. We also recommend reviewing our general privacy policy regarding cookies. To find out exactly which of your data is stored and processed, you should read the privacy policies of the respective cloud providers.

Legal basis

We use cloud services primarily based on our legitimate interests (Art. 6(1)(f) GDPR) in maintaining a robust security and storage system.

Certain processing activities, in particular the use of cookies and storage functions, require your consent. If you have consented to the processing and storage of your data by cloud services, this consent serves as the legal basis for data processing (Art. 6(1)(a) GDPR). Most of the services we use place cookies in your browser to store data. We therefore recommend that you carefully read our privacy policy regarding cookies and review the privacy policy or cookie guidelines of the respective service provider.

Information about specific tools—if available—can be found in the following sections.

Dropbox Privacy Policy

We use Dropbox, an online storage service for files, photos, and videos, on our website. The service provider is the American company Dropbox Inc. The company’s European branch is located in Ireland (One Park Place, Floor 5, Upper Hatch Street, Dublin 2).

Dropbox processes your data in the United States, among other places. Please note that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the United States. This may entail various risks regarding the lawfulness and security of data processing.

Dropbox uses so-called Standard Contractual Clauses (Art. 46(2) and (3) of the GDPR) as the legal basis for data processing by recipients located in third countries (outside the European Union, Iceland, Liechtenstein, and Norway—specifically, the United States) or for data transfers to those countries. Standard Contractual Clauses (SCCs) are model templates provided by the European Commission and are intended to ensure that your data complies with European data protection standards even when it is transferred to and stored in third countries (such as the United States). Through these clauses, Dropbox commits to adhering to European data protection standards when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision by the European Commission. You can find the decision and the corresponding Standard Contractual Clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Data Processing Agreements, which are based on the Standard Contractual Clauses, can be found at https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf.

For more information about the data processed when using Dropbox, please see the Privacy Policy at https://www.dropbox.com/privacy.

Online Map Services: Introduction

Online Map Services Privacy Policy Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: Improving the user experience 📓 Processed Data: The specific data processed depends heavily on the services used. This typically includes IP addresses, location data, search terms, and/or technical data. You can find more details in the documentation for each tool used. 📅 Retention period: Depends on the tools used ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are online map services?

As an added service, we also use online map services on our website. Google Maps is likely the service you are most familiar with, but there are other providers that specialize in creating digital maps. These services allow us to display locations, route maps, or other geographic information directly on our website. Thanks to an integrated map service, you no longer need to leave our website to view, for example, the route to a location. To ensure the online map works on our website, map sections are embedded using HTML code. These services can then display road maps, the Earth’s surface, or aerial and satellite images. When you use the integrated map service, data is also transmitted to and stored in the tool being used. This data may include personal information.

Why do we use online map services on our website?

Generally speaking, our goal is to ensure you have a pleasant experience on our website. And, of course, your experience will only be pleasant if you can easily navigate our website and find all the information you need quickly and easily. That’s why we thought an online map system could significantly improve our website service. Without leaving our website, you can easily view route descriptions, locations, or even points of interest using the map system. It’s also super convenient that you can see at a glance where our headquarters are located, so you can find us quickly and easily. As you can see, there are simply many advantages, and we clearly view online map services on our website as part of our customer service.

What data do online map services store?

When you open a page on our website that includes an online map feature, personal data may be transmitted to the respective service and stored there. In most cases, this involves your IP address, which can also be used to determine your approximate location. In addition to your IP address, data such as search terms you’ve entered, as well as latitude and longitude coordinates, are also stored. For example, if you enter an address for route planning, this data is also stored. The data is not stored by us, but on the servers of the integrated tools. You can think of it like this: Although you are on our website, when you interact with a map service, this interaction actually takes place on their website. To ensure the service functions properly, at least one cookie is typically set in your browser. Google Maps, for example, also uses cookies to track user behavior in order to optimize its own service and display personalized ads. You can learn more about cookies in our “Cookies” section.

How long and where will the data be stored?

Each online map service processes different types of user data. If we have additional information, we will provide details on the duration of data processing below in the relevant sections for each tool. As a general rule, personal data is only retained for as long as necessary to provide the service. Google Maps, for example, stores certain data for a specified period, while other data must be deleted by you. With Mapbox, for instance, the IP address is retained for 30 days and then deleted. As you can see, each tool stores data for different lengths of time. We therefore recommend that you carefully review the privacy policies of the tools used.

Providers also use cookies to store data about your usage of the map service. You can find more general information about cookies in our “Cookies” section, but you can also check the privacy policies of individual providers to see which cookies may be used. In most cases, however, these are merely illustrative lists and are not exhaustive.

Right to object

You always have the option and the right to access your personal data and to object to its use and processing. You may also withdraw the consent you have given us at any time. The easiest way to do this is usually via the cookie consent tool. However, there are also other opt-out tools you can use. You can also manage, delete, or disable cookies set by the providers we use with just a few clicks. However, this may result in some features of the service no longer functioning as usual. How you manage cookies in your browser depends on the browser you are using. In the “Cookies” section, you will also find links to instructions for the most popular browsers.

Legal basis

If you have consented to the use of an online map service, this consent serves as the legal basis for the corresponding data processing. Pursuant to Article 6(1)(a) of the GDPR (Consent), this consent constitutes the legal basis for the processing of personal data, such as that which may occur when data is collected by an online map service.

We also have a legitimate interest in using an online map service to optimize the functionality of our website. The legal basis for this is Article 6(1)(f) of the GDPR (legitimate interests). However, we only use an online map service if you have given your consent. We want to make this point absolutely clear here.

Information about specific online map services is provided in the following sections, where available.

Miscellaneous Introduction

Miscellaneous Privacy Policy Summary 👥 Data Subjects: Visitors to the website 🤝 Purpose: Improving the user experience 📓 Data Processed: The specific data processed depends heavily on the services used. In most cases, this includes IP addresses and/or technical data. You can find more details in the descriptions of the respective tools. 📅 Storage period: Depends on the tools used ⚖️ Legal basis: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What falls under “Other”?

The “Other” category includes services that do not fit into any of the categories listed above. These are typically various plugins and embedded elements that enhance our website. These functions are generally sourced from third-party providers and integrated into our website. Examples include web search services such as Algolia Place, Giphy, and Programmable Search Engine, or online services for weather data such as OpenWeather.

Why do we use other third-party providers?

Our goal is to provide you with the best website in our industry. A website has long since ceased to be merely a business card for companies. Rather, it is a place designed to help you find what you’re looking for. To ensure our website remains as interesting and helpful as possible for you, we use various third-party services.

What data is processed?

Whenever elements are integrated into our website, your IP address is transmitted to the respective provider, stored, and processed there. This is necessary because otherwise the content would not be sent to your browser and consequently would not be displayed properly. Service providers may also use pixel tags or web beacons. These are small graphics on websites that can record a log file and also generate analyses of this file. Providers can use the information obtained to improve their own marketing efforts. In addition to pixel tags, such information (such as which button you click or when you visit which page) can also be stored in cookies. In addition to analytical data regarding your web behavior, technical information such as your browser type or operating system may also be stored there. Some providers may also link the collected data with other internal services or with third-party providers. Each provider handles your data differently. Therefore, we recommend that you carefully read the privacy policies of the respective services. We generally strive to use only services that handle data protection with the utmost care.

Duration of data processing

We provide information below regarding the duration of data processing, to the extent that we have further details on this matter. In general, we process personal data only for as long as is strictly necessary to provide our services and products.

Legal basis

If we ask for your consent and you agree to allow us to use the service, this serves as the legal basis for the processing of your data (Art. 6(1)(a) GDPR).  In addition to your consent, we have a legitimate interest in analyzing the behavior of website visitors in order to improve our services both technically and economically. The legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests). However, we only use these tools to the extent that you have given your consent.

Information about the specific tools—if available—can be found in the following sections.

Weglot Privacy Policy

We use the Weglot translation service for our website. The service provider is the French company Weglot SAS, located at 7 Cité Paradis, 75010 Paris, France.

For more information about the data processed when using Weglot, please see the Privacy Policy at https://weglot.com/privacy/.

Explanation of Terms Used

We always strive to make our privacy policy as clear and understandable as possible. However, this is not always easy, especially when it comes to technical and legal topics. It often makes sense to use legal terms (such as “personal data”) or specific technical terms (such as “cookies” or “IP address”). However, we do not want to use these terms without explanation. Below you will find an alphabetical list of important terms used that we may not have addressed sufficiently in the previous privacy policy. If these terms are taken from the GDPR and are definitions, we will also cite the relevant GDPR text here and, where necessary, add our own explanations.

Data processor

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller;

Explanation: As a company and website owner, we are responsible for all data we process from you. In addition to the controllers, there may also be so-called processors. This includes any company or individual that processes personal data on our behalf. Processors may therefore include, in addition to service providers such as tax advisors, hosting or cloud providers, payment or newsletter providers, or large companies such as Google or Microsoft.

Consent

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Explanation: On websites, this consent is typically obtained through a cookie consent tool. You’re probably familiar with this. Whenever you visit a website for the first time, you’re usually asked via a banner whether you agree to or consent to data processing. In most cases, you can also adjust individual settings and thus decide for yourself which data processing you allow and which you don’t. If you do not consent, no personal data about you may be processed. Of course, consent can also be given in writing, i.e., not via a tool.

Personal data

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“personal data” any information relating to an identified or identifiable natural person (hereinafter “data subject”); A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

Explanation: Personal data is any information that can be used to identify you as an individual. This typically includes information such as:

• Name
• Address
• Email address
• Mailing address
• phone number
• Date of Birth
• Identification numbers such as Social Security number, tax identification number, ID card number, or student ID number
• Banking information such as account numbers, credit information, account balances, and much more.

According to the European Court of Justice (ECJ), your IP address is also considered personal data. IT experts can use your IP address to determine at least the approximate location of your device and, subsequently, identify you as the account holder. Therefore, storing an IP address also requires a legal basis under the GDPR. There are also so-called “special categories” of personal data that require special protection. These include:

• racial and ethnic background
• political views
• religious or ideological beliefs
• union membership
• genetic data, such as data obtained from blood or saliva samples
• biometric data (information about psychological, physical, or behavioral characteristics that can identify a person).
  Health data
• Information about sexual orientation or sex life

Profiling

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Profiling” means any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;

Explanation: Profiling involves gathering various pieces of information about a person in order to learn more about them. On the web, profiling is often used for advertising purposes or for credit checks. For example, web analytics and advertising analytics programs collect data about your behavior and interests on a website. This results in a specific user profile that can be used to deliver targeted advertising to a specific audience.

 

Person in charge

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Explanation: In our case, we are responsible for processing your personal data and are therefore the “data controller.” If we share collected data with other service providers for processing, they are “data processors.” A “Data Processing Agreement (DPA)” must be signed for this purpose.

 

Processing

Definition pursuant to Article 4 of the GDPR

For the purposes of this regulation, the term:

“Processing” any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or any other form of making available, the alignment or combination, the restriction, erasure, or destruction;

Note: When we refer to "processing" in our Privacy Policy, we mean any type of data processing. As mentioned above in the original GDPR statement, this includes not only the collection but also the storage and processing of data.

All texts are protected by copyright.