IMAP GmbH | Logo

Privacy Policy

IMAPHome

Privacy Policy

Introduction

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also referred to as “data”), the purposes for which they are processed, and the extent of such processing. This privacy policy applies to all processing of personal data carried out by us, both in the context of providing our services and, in particular, on our websites, in mobile applications, and within external online presences, such as our social media profiles (hereinafter collectively referred to as the “Online Offering”).

Last updated: 7 January 2022

Controller

IMAP GmbH
Cantadorstraße 3
40211 Düsseldorf

Authorised representative: Bülent Arslan

E-mail: info@imap-institut.de
Telephone: +49 (0)211-513 69 73-0

Legal Notice: https://imap-institut.de/impressum/

Data Protection Officer

sicdata – Unternehmensberatung
Cynthia Höhnel
Heiligenstock 34c
42697 Solingen

Telephone: +49 (0)212-73 87 24-0
Fax: +49 (0)212-73 87 24-99
E-mail: hoehnel@sicdata.de

Overview of Processing

The following overview summarises the types of data processed, the purposes of their processing, and the categories of data subjects concerned.

Types of Data Processed

  • Inventory data (e.g. names, addresses).
  • Applicant data (e.g. personal details, postal and contact addresses, application documents and related information such as cover letters, CVs, certificates, and further information voluntarily provided by applicants concerning their person or qualifications in relation to a specific role).
  • Content data (e.g. text entries, photographs, videos).
  • Contact data (e.g. e-mail addresses, telephone numbers).
  • Meta/communication data (e.g. device information, IP addresses).
  • Usage data (e.g. websites visited, interest in content, access times).
  • Location data (data indicating the location of an end user’s device).
  • Contract data (e.g. contract subject matter, terms, customer categories).
  • Payment data (e.g. bank details, invoices, payment history).

Special Categories of Data

  • Data revealing racial or ethnic origin.

Categories of Data Subjects

  • Employees (e.g. staff, applicants, former employees).
  • Applicants.
  • Business and contractual partners.
  • Interested parties.
  • Communication partners.
  • Customers.
  • Users (e.g. website visitors, users of online services).

Purposes of Processing

  • Registration procedures.
  • Provision of our online offering and user-friendliness.
  • Analysis of visitor behaviour.
  • Application procedures (initiation, potential execution, and possible termination of an employment relationship).
  • Office and organisational procedures.
  • Content Delivery Network (CDN).
  • Cross-device tracking (processing of user data across devices for marketing purposes).
  • Direct marketing (e.g. via e-mail or post).
  • Feedback (e.g. collection of feedback via online forms).
  • Interest-based and behavioural marketing.
  • Handling of contact requests and communication.
  • Conversion measurement (measuring the effectiveness of marketing measures).
  • Profiling (creation of user profiles).
  • Remarketing.
  • Reach measurement (e.g. access statistics, recognition of returning visitors).
  • Security measures.
  • Tracking (e.g. interest-/behaviour-based profiling, use of cookies).
  • Contractual services and customer support.
  • Administration and handling of enquiries.
  • Audience building (identification of target groups relevant for marketing purposes or for the delivery of other content).

 

Legal Bases

In the following, we inform you of the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that, in addition to the provisions of the GDPR, the national data protection regulations applicable in your or our country of residence and establishment may also apply. Where more specific legal bases are relevant in individual cases, we will inform you of these within this privacy policy.

  • Consent (Art. 6 (1) sentence 1 lit. a GDPR) – The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Performance of contract and pre-contractual enquiries (Art. 6 (1) sentence 1 lit. b GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation (Art. 6 (1) sentence 1 lit. c GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Protection of vital interests (Art. 6 (1) sentence 1 lit. d GDPR) – Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Legitimate interests (Art. 6 (1) sentence 1 lit. f GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.
  • Special legal bases for application procedures (Art. 9 GDPR)
    Where, in the context of an application procedure, special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability or ethnic origin) are requested from applicants, so that the controller or the data subject can exercise rights arising from employment law, social security law and social protection law and fulfil obligations in this regard, their processing is carried out in accordance with Art. 9 (2) lit. b GDPR.
    In cases where vital interests of applicants or other persons require protection, processing is carried out in accordance with Art. 9 (2) lit. c GDPR.
    For purposes of preventive or occupational medicine, for the assessment of an employee’s working capacity, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services, processing is based on Art. 9 (2) lit. h GDPR.
    Where special categories of data are provided voluntarily on the basis of consent, their processing is carried out in accordance with Art. 9 (2) lit. a GDPR.

 

National data protection regulations in Germany
In addition to the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, as well as automated individual decision-making including profiling. Furthermore, it regulates the processing of data for the purposes of employment relationships (§ 26 BDSG), in particular with regard to the establishment, performance, or termination of employment relationships and the consent of employees. In addition, data protection laws of the individual federal states may apply.

 

Security Measures

In accordance with legal requirements and taking into account the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transfer, ensuring availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subjects’ rights, the erasure of data, and responses to data threats. In addition, we take the protection of personal data into account when developing or selecting hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

 

SSL encryption (https): To protect the data you transmit via our online offering, we use SSL encryption. You can recognise such encrypted connections by the prefix “https://” in the address bar of your browser.

 

Transmission and Disclosure of Personal Data

In the course of processing personal data, it may occur that data is transmitted to, or disclosed to, other entities, companies, legally independent organisational units, or individuals. Recipients of this data may include, for example, payment institutions within the context of payment transactions, IT service providers, or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data to protect your data.

Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to such data. If this transfer takes place for administrative purposes, it is based on our legitimate business and commercial interests, or it takes place where necessary to fulfil our contractual obligations, or where the consent of the data subjects or a legal permission exists.

Data transfer within the organisation: We may transfer personal data to other entities within our organisation or grant them access to such data. If this transfer takes place for administrative purposes, it is based on our legitimate business and commercial interests, or it takes place where necessary to fulfil our contractual obligations, or where the consent of the data subjects or a legal permission exists.

 

Data Processing in Third Countries

Where we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or processing takes place in the context of using the services of third parties, or the disclosure or transmission of data to other persons, entities, or companies, this is carried out only in compliance with the legal requirements.

Subject to explicit consent or transmission required by contract or law, we process or permit the processing of data only in third countries with a recognised level of data protection, which includes US processors certified under the “Privacy Shield”, or on the basis of special guarantees such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications, or binding corporate rules (Articles 44 to 49 GDPR; information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

 

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after their visit within an online offering. The stored information may include, for example, language settings on a website, login status, a shopping cart, or the position at which a video was viewed. The term “cookies” also includes other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also referred to as “user IDs”).

The following types and functions of cookies are distinguished:

  • Temporary Cookies (also: Session Cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their browser.
  • Permanent Cookies: Permanent cookies remain stored even after the browser has been closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, user interests that are used for reach measurement or marketing purposes may be stored in such a cookie.
  • First-Party Cookies: First-party cookies are set by us directly.
  • Third-Party Cookies: Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
  • Necessary (also: essential or strictly required) Cookies: Some cookies are strictly necessary for the operation of a website (e.g., to save logins or other user inputs or for security reasons).
  • Statistics, Marketing, and Personalization Cookies: Cookies are also generally used for reach measurement, as well as when a user’s interests or behavior (e.g., viewing certain content, using features, etc.) are stored in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This process is also referred to as “tracking,” i.e., monitoring the potential interests of users. Insofar as we use cookies or “tracking” technologies, we will inform you separately in this privacy policy or in the context of obtaining your consent.

Notes on Legal Bases: The legal basis on which we process your personal data with the help of cookies depends on whether we ask for your consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the consent you have given. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the efficient and economical operation of our online offering and its improvement) or, if the use of cookies is necessary, in order to fulfill our contractual obligations.

General Information on Withdrawal and Objection (Opt-Out): Depending on whether processing is based on consent or legal permission, you have the option at any time to withdraw a previously given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can first declare your objection via the settings of your browser, for example, by disabling the use of cookies (although this may also limit the functionality of our online offering). An objection to the use of cookies for online marketing purposes can also be declared via a number of services, particularly in the case of tracking, through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you may receive further information on opting out within the notices regarding the services and cookies used.

Processing of Cookie Data Based on Consent: Before we process or have data processed in the context of the use of cookies, we ask users for their consent, which can be revoked at any time. Until consent has been given, only cookies that are necessary for the operation of our online offering will be used. The use of these cookies is based on our interest, as well as the users’ interest, in the expected functionality of our online offering.

  • Categories of Data Processed: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Legal Bases: Consent (Art. 6(1)(1)(a) GDPR), Legitimate Interests (Art. 6(1)(1)(f) GDPR).

 

Commercial and Business Services

We process data of our contractual and business partners, e.g., customers and prospects (collectively referred to as “contractual partners”), within the framework of contractual or comparable legal relationships, as well as related measures and communication with the contractual partners (including pre-contractual communication), e.g., to respond to inquiries.

We process this data in order to fulfill our contractual obligations, to safeguard our rights, and for purposes of related administrative tasks and business organization. We only disclose contractual partners’ data to third parties within the framework of applicable law to the extent necessary for the aforementioned purposes, to fulfill legal obligations, or with the consent of the contractual partners (e.g., to telecommunications providers, transport and other auxiliary services, subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Contractual partners are informed of additional processing, e.g., for marketing purposes, within this privacy notice.

Which data is required for the aforementioned purposes is communicated to contractual partners prior to or during data collection (e.g., in online forms, by special markings such as colors or symbols such as asterisks), or personally.

We delete the data after the expiry of statutory warranty or comparable obligations, i.e., generally after four years, unless the data is stored in a customer account or must be retained for statutory archiving reasons (e.g., 10 years for tax purposes). Data disclosed to us by the contractual partner within the scope of an order is deleted according to the contractual requirements, generally after the end of the order.

Where we use third-party providers or platforms to deliver our services, the terms and privacy notices of those third parties or platforms apply in the relationship between users and the providers.

Customer Accounts: Contractual partners may create an account within our online offering (e.g., customer or user account, hereinafter “customer account”). Where registration of a customer account is required, contractual partners are informed of this as well as the required information. Customer accounts are not public and cannot be indexed by search engines. As part of registration as well as subsequent logins and use of the customer account, we store customers’ IP addresses along with access times in order to be able to prove registration and prevent misuse of the customer account.

When customers terminate their customer account, the related data will be deleted, unless its retention is required for legal reasons. It is the responsibility of customers to back up their data prior to termination of the customer account.

Shop and E-Commerce: We process our customers’ data in order to enable them to select, purchase, or order chosen products, goods, and related services, as well as to pay for and deliver or execute them. Required information is marked as such during the ordering or comparable purchase process and includes the information necessary for delivery or provision and billing, as well as contact information to allow for necessary communication.

Agency Services: We process our clients’ data in the course of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting, and training services.

Education and Training Services: We process the data of participants in our educational and training programs (collectively “trainees”) to provide them with our training services. The type, scope, purpose, and necessity of data processing are determined by the underlying contractual and training relationship. Processing may also include performance evaluation and assessment of our services as well as those of the instructors.

In the course of our activities, we may also process special categories of data, particularly information on trainees’ health, or data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs. Where required, we obtain explicit consent from trainees; otherwise, such data is processed only if necessary for the provision of training services, for health care, social protection, or to protect vital interests of the trainees.

If necessary for contract performance, the protection of vital interests, or legal requirements, or with consent, we disclose or transfer trainees’ data to third parties or contractors, e.g., authorities or service providers in IT, office, or comparable services, in compliance with professional confidentiality rules.

Coaching: We process the data of our clients, prospects, and other contracting parties (collectively “clients”) in order to provide our services. The type, scope, purpose, and necessity of data processing are determined by the underlying contractual and client relationship.

In the course of our activities, we may also process special categories of data, in particular information on clients’ health (possibly relating to their sex life or sexual orientation), as well as data revealing racial and ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Where required, we obtain explicit consent; otherwise, such data is processed only if necessary for clients’ health, publicly available, or permitted by law.

If necessary for contract performance, protection of vital interests, legal requirements, or with consent, we disclose or transfer clients’ data to third parties or contractors, e.g., authorities, billing providers, or service providers in IT, office, or comparable services, in compliance with professional confidentiality rules.

Consulting: We process the data of our clients, customers, prospects, and other contracting parties (collectively “clients”) in order to provide consulting services. The type, scope, purpose, and necessity of data processing are determined by the underlying contractual and client relationship.

If necessary for contract performance, protection of vital interests, legal requirements, or with consent, we disclose or transfer clients’ data to third parties or contractors, e.g., authorities, subcontractors, or service providers in IT, office, or comparable services, in compliance with professional confidentiality rules.

Project and Development Services: We process the data of our customers and contracting parties (collectively “customers”) to enable them to select, purchase, or commission chosen services or works, and related activities, as well as to pay for and deliver or perform them. Required information is marked as such during the order or comparable contractual process and includes the information necessary for service delivery and billing, as well as contact details to allow for necessary communication. Where we gain access to information of end customers, employees, or other individuals, we process such data in accordance with legal and contractual requirements.

Recruitment Services: In the course of our services, which include in particular the search for potential job candidates, contacting them, and placing them, we process the data of candidates as well as the personal data of potential employers and their employees.

We process candidates’ information and contact details for the purpose of initiating, performing, and, if applicable, terminating an employment placement contract. Furthermore, we may contact interested parties at a later stage, in accordance with legal requirements, to inquire about the success of our placement services.

We process the data of candidates as well as employers in order to fulfill our contractual obligations and to satisfactorily handle the placement requests. We may log placement activities to demonstrate compliance with statutory accountability obligations (Art. 5(2) GDPR). Such records are stored for three to four years in order to be able to prove the original request (e.g., to demonstrate the legitimacy of contacting candidates).

Software and Platform Services: We process the data of our users, including registered and test users (collectively “users”), in order to provide them with our contractual services and, on the basis of legitimate interests, to ensure the security and further development of our offering. Required information is marked as such during the order or comparable contractual process and includes the information necessary for service delivery and billing, as well as contact details for communication.

Events and Activities: We process the data of participants in events, activities, and similar offerings (collectively “participants” and “events”) to enable their participation and to provide related services or activities.

Where we process health data, religious, political, or other special categories of data in this context, processing is based on the obvious nature of such data (e.g., in thematically oriented events) or serves health care, safety, or takes place with consent.

Required information is marked as such during the order or comparable contractual process and includes the information necessary for service delivery and billing, as well as contact details to allow for communication. Where we gain access to information of end customers, employees, or other individuals, we process such data in accordance with legal and contractual requirements.

Further information on commercial services: We process the data of our customers and clients (hereinafter collectively referred to as “customers”) in order to enable them to select, purchase, or commission the chosen services or works, as well as related activities, and to facilitate their payment, delivery, execution, or provision.

The required information is identified as such in the context of order, purchase, or comparable contractual processes and includes the data necessary for the provision and billing of services, as well as contact information for any necessary correspondence.

Types of data processed:

  • Master data: e.g. names, addresses
  • Payment data: e.g. bank details, invoices, payment history
  • Contact data: e.g. email addresses, telephone numbers
  • Contract data: e.g. subject matter of the contract, duration, customer category
  • Usage data: e.g. visited web pages, interest in content, access times
  • Meta-/communication data: e.g. device information, IP addresses
  • Applicant data: e.g. personal details, postal and contact addresses, application documents (such as cover letters, CVs, certificates), and any additional information provided voluntarily by applicants regarding their person or qualifications

Special categories of personal data:

  • Health data (Art. 9(1) GDPR)
  • Data concerning sexual life or sexual orientation (Art. 9(1) GDPR)
  • Religious or philosophical beliefs (Art. 9(1) GDPR)
  • Data revealing racial or ethnic origin

Data subjects:
Prospective clients, business and contractual partners, customers, applicants

Purposes of processing:

  • Provision of contractual services
  • Handling of contact requests and communication
  • Office and organisational procedures
  • Management and response to enquiries
  • Security measures

Legal bases:

  • Performance of a contract and pre-contractual requests (Art. 6(1)(b) GDPR)
  • Legal obligation (Art. 6(1)(c) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR)

 

Use of online marketplaces for e-commerce

We offer our services on online platforms operated by third-party service providers. In this context, in addition to our own privacy notice, the privacy policies of the respective platforms also apply. This is particularly relevant with regard to the procedures used on these platforms for reach measurement and interest-based marketing.

Types of data processed:

  • Master data: e.g. names, addresses
  • Payment data: e.g. bank details, invoices, payment history
  • Contact data: e.g. email addresses, telephone numbers
  • Contract data: e.g. subject matter of the contract, duration, customer category
  • Usage data: e.g. visited web pages, interest in content, access times
  • Meta-/communication data: e.g. device information, IP addresses

Data subjects:
Customers

Purposes of processing:
Provision of contractual services

Legal bases:

  • Performance of a contract and pre-contractual requests (Art. 6(1)(b) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR)

 

Registration, Sign-up, and User Account

Users can create a user account. During registration, users are informed of the required mandatory information, which is processed for the purpose of providing the user account on the basis of contractual obligations. The data processed include, in particular, login information (name, password, and email address). The data entered during registration are used for the purposes of using the user account and its intended functions.

Users may be informed by email about operations relevant to their user account, such as technical changes. When users terminate their account, their data related to the user account will be deleted, subject to any legal retention obligations. It is the responsibility of users to back up their data before the end of the contract. We are entitled to permanently delete all data stored by the user during the contract period.

As part of using our registration and sign-up features and the user account, we store the IP address and the time of each user action. Storage is based on our legitimate interests as well as those of users to protect against misuse and other unauthorised use. These data are generally not shared with third parties, unless necessary to assert our claims or if there is a legal obligation to do so.

Online Forum: Participation in the forum requires registration, where, unless otherwise specified in the registration form, a name, password, and email address to which access data will be sent must be provided. For security reasons, the password should comply with the state of the art, i.e., be complex (users are informed of this during registration if necessary) and should not be used elsewhere. Posts in the forum are visible to the public unless visibility is restricted to specific members or member groups. Posts by authors are stored along with their names, if registered or provided, the time, and the content of the entry. When registering and posting entries, users’ IP addresses are also stored in case entries contain unlawful content and the IP addresses may serve legal enforcement purposes. The controller reserves the right to delete registrations and entries based on a reasonable assessment.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), meta/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contractual services and support, security measures, administration and response to enquiries.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual requests (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

Single Sign-On Registration

“Single Sign-On” or “Single Sign-On registration/authentication” refers to procedures that allow users to log in to our online services using a user account from a Single Sign-On provider (e.g., a social network). Single Sign-On authentication requires that users are registered with the respective Single Sign-On provider and enter the necessary login data in the provided online form, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via a button.

Authentication takes place directly with the respective Single Sign-On provider. During such authentication, we receive a user ID indicating that the user is logged in under this user ID with the Single Sign-On provider, and an ID (so-called “User Handle”) that cannot be used for any other purpose. Whether additional data are transmitted to us depends solely on the Single Sign-On procedure used, the data permissions granted during authentication, and the data the user has made available in the privacy or other account settings at the Single Sign-On provider. Depending on the provider and user choices, this may include various data, usually the email address and username. The password entered with the Single Sign-On provider is not visible to us and is not stored by us.

Users are asked to note that the information stored with us may automatically be synchronised with their account at the Single Sign-On provider; however, this may not always be possible or actually occur. For example, if users change their email addresses, they must manually update them in their account with us.

We may use Single Sign-On registration, if agreed with the users, within or prior to contract fulfilment. In such cases, we process data based on the users’ consent, or otherwise on the basis of our legitimate interests and the interests of users in an effective and secure login system.

If users decide not to use the connection between their Single Sign-On provider account and our services, they must disconnect this link within their Single Sign-On provider account. To have their data deleted with us, users must terminate their registration with us.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contractual services and support, login procedures.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual requests (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services Used and Service Providers

Auth0: Authentication service; service provider: Auth0, Inc., 10800 NE 8th Street, Suite 700, Bellevue, WA 98004, USA; website: https://auth0.com/de; Privacy Policy: https://auth0.com/privacy/; Privacy Shield (guaranteeing data protection standards when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TQsZAAW&status=Active.

Microsoft Single Sign-On: Authentication service; service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; website: https://www.microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement; Security information: https://www.microsoft.com/de-de/trustcenter; Privacy Shield (guaranteeing data protection standards when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.

 

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter “publication media”). Readers’ data are processed for the purposes of the publication media only to the extent necessary for its presentation, communication between authors and readers, or for security reasons. Otherwise, we refer to the information on the processing of visitors’ data to our publication media as provided in these privacy notices.

Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is for our security in case someone posts unlawful content in comments or contributions (e.g., insults, prohibited political propaganda, etc.). In such cases, we could be held liable for the comment or contribution and are therefore interested in identifying the author.

Furthermore, we reserve the right, based on our legitimate interests, to process users’ information for spam detection purposes.

On the same legal basis, we may store users’ IP addresses for the duration of surveys and use cookies to prevent multiple submissions.

Information provided in comments and contributions, such as personal data, contact or website information, as well as content-related details, will be stored by us indefinitely until the user objects.

Comment Subscriptions: Users can subscribe to follow-up comments with their consent. Users receive a confirmation email to verify that they are the owner of the email address provided. Users may cancel ongoing comment subscriptions at any time. The confirmation email will include instructions on how to withdraw consent. For the purpose of evidencing users’ consent, we store the subscription timestamp along with the users’ IP addresses and delete this information when users unsubscribe.

You can cancel receipt of our subscription at any time, i.e., revoke your consent. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to demonstrate previously given consent. The processing of this data is limited to the purpose of potentially defending against claims. An individual deletion request can be submitted at any time, provided that the former existence of consent is confirmed.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, phone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Data Subjects: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contractual services and support, feedback (e.g., collecting feedback via online forms), security measures, management and response to inquiries, contact requests and communication.
  • Legal Bases: Performance of a contract and pre-contractual obligations (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR), consent (Art. 6(1)(a) GDPR), protection of vital interests (Art. 6(1)(d) GDPR).

 

Contacting Us

When you contact us (e.g., via contact form, email, telephone, or social media), we process the information provided by the inquiring parties to the extent necessary to respond to contact requests and any requested actions.

The response to contact requests within the context of contractual or pre-contractual relationships is carried out for the fulfillment of our contractual obligations or to respond to (pre-)contractual inquiries, and otherwise on the basis of our legitimate interest in responding to the inquiries.

  • Types of Data Processed: Inventory data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact requests and communication.
  • Legal Bases: Contract performance and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

Communication via Messenger

We use messenger services for communication purposes and therefore ask you to observe the following information regarding the functionality of messengers, encryption, the use of communication metadata, and your options for objection.

You may also contact us through alternative means, such as telephone or email. Please use the contact options provided to you or those listed within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), please note that the communication content (i.e., the message itself and attached images) is end-to-end encrypted. This means that the content of the messages cannot be viewed, not even by the messenger providers themselves. You should always use an up-to-date version of the messengers with encryption enabled to ensure the security of message content.

However, we also point out to our communication partners that while messenger providers cannot view the message content, they may still obtain information about the fact and time of communication with us, as well as technical information about the communication partners’ devices and, depending on device settings, location data (so-called metadata).

Legal Basis Notes: Where we request permission from communication partners before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent (e.g., when communication is initiated by the partner), we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure, and in the case of other interested parties and communication partners on the basis of our legitimate interest in fast and efficient communication and in fulfilling the communication needs of our partners. Furthermore, we point out that we do not transmit the contact details you have provided to us to the messengers for the first time without your consent.

Revocation, Objection, and Deletion: You may withdraw your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete messages in accordance with our general deletion policies (e.g., as described above, after the end of contractual relationships, within the context of archiving requirements, etc.), and otherwise as soon as we can assume that the inquiry has been answered, if no reference to a previous conversation is expected, and provided no legal retention obligations prevent deletion.

Reservation Regarding Alternative Communication Channels: For security reasons, we reserve the right not to respond to certain inquiries via messenger. This applies, for example, where contractual details require special confidentiality or where a reply via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

  • Types of Data Processed: Contact data (e.g., email addresses, telephone numbers), usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), content data (e.g., text entries, photographs, videos).
  • Data Subjects: Communication partners.
  • Purposes of Processing: Contact requests and communication, direct marketing (e.g., via email or postal mail).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and Service Providers Used:

 

Surveys and Questionnaires

The surveys and questionnaires conducted by us (hereinafter “Surveys”) are evaluated anonymously. The processing of personal data only occurs to the extent necessary for providing and technically conducting the surveys (e.g., processing the IP address to display the survey in the user’s browser or using a temporary cookie (session cookie) to allow the survey to be resumed) or if users have given their consent.

Notes on Legal Bases: If we ask participants for consent to process their data, this consent serves as the legal basis for processing. Otherwise, the processing of participants’ data is based on our legitimate interests in conducting an objective survey.

  • Types of Data Processed: Contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Affected Persons: Communication partners, users (e.g., website visitors, users of online services)
  • Purposes of Processing: Contact requests and communication, direct marketing (e.g., by email or post), tracking (e.g., interest-/behaviour-based profiling, use of cookies), feedback (e.g., collecting feedback via online forms), profiling (creating user profiles).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services Used and Service Providers:

 

Video Conferences, Online Meetings, Webinars and Screen Sharing

We use platforms and applications from third-party providers (hereinafter “Third Parties”) for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings. When selecting Third Parties and their services, we comply with statutory requirements.

In this context, data from participants in the communication may be processed and stored on the servers of the Third Parties, insofar as these form part of communication with us. This data may include, in particular, registration and contact information, visual and audio contributions, as well as chat entries and shared screen content.

If users are referred to Third Parties or their software or platforms in the course of communication, business, or other relationships with us, the Third Parties may process usage data and metadata for security purposes, service optimisation, or marketing purposes. We therefore ask users to review the privacy notices of the respective Third Parties.

Notes on Legal Bases: If we request users’ consent to the use of Third Parties or specific functions (e.g., consent to the recording of conversations), the legal basis for processing is the consent provided. Furthermore, the use of Third Parties may be part of our (pre-)contractual services, if agreed in this context. Otherwise, users’ data is processed on the basis of our legitimate interests in efficient and secure communication with our communication partners. In this context, we also refer you to the information on the use of cookies in this privacy policy.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Affected Persons: Communication partners, users (e.g., website visitors, users of online services).
  • Purposes of Processing: Contractual services and support, contact requests and communication, office and organisational procedures.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual enquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services Used and Service Providers:

 

Provision of the Online Offer and Web Hosting

In order to provide our online offer securely and efficiently, we make use of the services of one or more web hosting providers, from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may utilise infrastructure and platform services, computing capacity, storage space and database services, as well as security and technical maintenance services.

Data Processed in the Context of Hosting: The data processed as part of providing the hosting service may include any information relating to users of our online offer that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the content of online offers to browsers, as well as any input made within our online offer or on websites.

Email Transmission and Hosting: The web hosting services we use also cover the sending, receipt, and storage of emails. For these purposes, the addresses of recipients and senders, as well as further information relating to the email transmission (e.g., the providers involved), and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not transmitted encrypted over the internet. As a rule, emails are encrypted during transport, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We cannot therefore assume responsibility for the transmission path of emails between the sender and their reception on our server.

Collection of Access Data and Log Files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). Server log files may include the address and name of the accessed websites and files, date and time of access, amount of data transmitted, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (previously visited page), and usually IP addresses and the requesting provider.

Server log files may be used for security purposes, for example to prevent server overload (particularly in the event of abusive attacks, so-called DDoS attacks), and to ensure server utilisation and stability.

Content Delivery Network: We use a “Content Delivery Network” (CDN). A CDN is a service that allows content of an online offer, in particular large media files such as graphics or program scripts, to be delivered faster and more securely through regionally distributed servers connected via the Internet.

  • Types of Data Processed: Content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Affected Persons: Users (e.g., website visitors, users of online services).
  • Purposes of Processing: Content Delivery Network (CDN).
  • Legal Bases: Legitimate interests (Art. 6(1)(f) GDPR).

 

Cloud Services

We use software services that are accessible via the Internet and run on the servers of their providers (so-called “cloud services”, also referred to as “Software as a Service”) for the following purposes.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta-/communication data (e.g., device information, IP addresses).
  • Affected Persons: Customers, employees (e.g., staff, applicants, former employees), prospects, communication partners.
  • Purposes of Processing: Office and organisational procedures.
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), performance of a contract and pre-contractual requests (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Services and Providers Used:

 

Newsletters and Mass Communication

We send newsletters, emails, and other electronic notifications (hereinafter “newsletters”) only with the consent of the recipients or where legally permitted. If, during newsletter registration, its contents are specifically described, these descriptions form the basis for the user’s consent. Otherwise, our newsletters contain information about our services and our organisation.

To register for our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personalised address in the newsletter, or additional information if required for the purposes of the newsletter.

Double-Opt-In Procedure: Registration for our newsletter is generally carried out using a double-opt-in procedure. This means that after registration, you will receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register using someone else’s email address. Newsletter registrations are logged in order to document the registration process in accordance with legal requirements. This includes storing the registration and confirmation timestamps as well as the IP address. Changes to data stored with the email service provider are also logged.

Deletion and Restriction of Processing: We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to prove a previously given consent. The processing of this data is restricted to the purpose of potential defence against claims. An individual deletion request can be made at any time, provided that the former existence of consent is simultaneously confirmed. In cases where there are obligations to permanently respect objections, we reserve the right to store the email address solely for this purpose on a suppression list (so-called “blacklist”).

Logging of the registration process is carried out on the basis of our legitimate interests to document its proper execution. If we engage a service provider to send emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.

Notes on Legal Basis: Newsletter distribution is carried out on the basis of recipients’ consent or, if consent is not required, on the basis of our legitimate interests in direct marketing, provided that this is legally permitted, e.g., in the case of existing customer advertising. If we engage a service provider to send emails, this is based on our legitimate interests. The registration process is logged based on our legitimate interests to demonstrate that it was conducted in accordance with the law.

Content: Information about us, our services, promotions, and offers.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), meta-/communication data (e.g., device information, IP addresses), usage data (e.g., visited websites, interest in content, access times).
  • Affected Persons: Communication partners.
  • Purposes of Processing: Direct marketing (e.g., by email or post).
  • Legal Bases: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).
  • Right to Object (Opt-Out): You may cancel receipt of our newsletter at any time, i.e., withdraw your consent or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter, or you may use one of the above contact options, preferably email, to do so.

Services and Service Providers Used:

 

Advertising Communication via E-Mail, Post, Fax, or Telephone

We process personal data for the purposes of advertising communication, which may be conducted via various channels such as e-mail, telephone, post, or fax, in accordance with legal requirements.

Recipients have the right to withdraw any consent given at any time or to object to advertising communication at any time.

After a withdrawal or objection, we may retain the data necessary to demonstrate consent for up to three years on the basis of our legitimate interests before deleting it. The processing of this data is limited to the purpose of potentially defending against claims. An individual request for deletion is possible at any time, provided that the previous existence of consent is confirmed.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers).
  • Data Subjects: Communication partners.
  • Purpose of Processing: Direct marketing (e.g., via e-mail or post).
  • Legal Basis: Consent (Art. 6(1)(a) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

 

Online Marketing

We process personal data for the purposes of online marketing, which particularly includes the marketing of advertising space or the display of advertising and other content (collectively referred to as “content”) based on the potential interests of users, as well as measuring its effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar methods are used, by which the information relevant for displaying the above-mentioned content is stored. This information may include, for example, viewed content, visited websites, used online networks, communication partners, and technical data such as the browser and computer system used, as well as usage times. If users have consented to the collection of their location data, this may also be processed.

User IP addresses are also stored. However, we use available IP-masking procedures (i.e., pseudonymization by truncating the IP address) to protect users. In general, no clear data of users (such as e-mail addresses or names) is stored within online marketing procedures, but pseudonyms. This means that neither we nor the providers of the online marketing procedures know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in cookies or similar methods. These cookies may later also be read on other websites using the same online marketing procedure, analyzed for content display purposes, supplemented with additional data, and stored on the server of the online marketing provider.

In exceptional cases, clear data may be associated with the profiles. This occurs, for example, if users are members of a social network whose online marketing procedure we use and the network links the users’ profiles with the above-mentioned information. Please note that users may make additional arrangements with the providers, for example, by giving consent during registration.

We generally only receive access to aggregated information about the success of our advertising. However, in the context of so-called conversion measurements, we can check which of our online marketing procedures led to a conversion, i.e., for example, to a contract conclusion with us. Conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise indicated, please assume that the cookies used are stored for a period of two years.

Legal Basis: If we ask users for their consent regarding the use of third-party providers, the legal basis for processing the data is consent. Otherwise, users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer you to the information on the use of cookies in this privacy policy.

 

Presence in Social Networks

We maintain online presences within social networks and process users’ data in this context in order to communicate with users active there or to provide information about us.

Please note that users’ data may be processed outside the European Union. This may entail risks for users, as it could, for example, make it more difficult to enforce their rights. For U.S. providers that are certified under the Privacy Shield or offer comparable guarantees of a secure data protection level, we point out that they commit to comply with EU data protection standards.

Furthermore, users’ data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ behavior and resulting interests. These profiles can in turn be used to display advertisements inside and outside the networks that presumably match users’ interests. For these purposes, cookies are usually stored on users’ devices, in which their usage behavior and interests are stored. Additionally, data in the usage profiles may be stored independently of the devices used by the users (especially if users are members of the respective platforms and logged in).

For a detailed description of the specific processing methods and options to object (opt-out), we refer to the privacy policies and information of the respective network operators.

Even in the case of requests for information and the exercise of data subject rights, please note that these are most effectively exercised directly with the providers. Only the providers have access to the users’ data and can take corresponding measures and provide information directly. Should you still require assistance, you may contact us.

  • Types of Data Processed: Master data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text entries, photographs, videos), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Affected persons: Users (e.g., website visitors, users of online services).
  • Purposes of processing: Contact requests and communication, tracking (e.g., interest-/behavior-based profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, detection of returning visitors).
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Used services and service providers:

 

Plugins and Embedded Features and Content

We integrate functional and content elements into our online offering that are provided by the servers of their respective providers (hereinafter referred to as “third parties”). These may include, for example, graphics, videos, social media buttons, or posts (hereinafter collectively referred to as “content”).

Embedding such content always requires that the third-party providers process users’ IP addresses, as they could not deliver the content to users’ browsers without the IP address. The IP address is therefore necessary for displaying these contents or functions. We strive to use only content whose providers use the IP address solely for delivering the content.

Third parties may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through pixel tags, information such as visitor traffic on the pages of this website can be collected. The pseudonymous information may also be stored in cookies on the users’ devices and can include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other details about the use of our online services. These data may also be combined with information from other sources.

Legal basis: If we request users’ consent for the use of third-party services, the legal basis for data processing is consent. Otherwise, users’ data are processed on the basis of our legitimate interests (i.e., interest in providing efficient, economic, and user-friendly services). In this context, please also refer to the information on the use of cookies in this privacy policy.

Integration of Third-Party Software, Scripts or Frameworks (e.g., jQuery)

We embed software in our online offering that we retrieve from servers of other providers (e.g., functional libraries used to enhance the display or usability of our online services). The respective providers may collect users’ IP addresses and use them for the purpose of delivering the software to users’ browsers, for security purposes, and for analysing and optimising their services.

Types of Data Processed:

  • Usage data (e.g., visited web pages, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)
  • Location data (data indicating the location of a user’s device)
  • Contact data (e.g., email addresses, telephone numbers)
  • Content data (e.g., text entries, photographs, videos)
  • Account data (e.g., names, addresses)

Data Subjects:

  • Users (e.g., website visitors, users of online services)
  • Communication partners

Purposes of Processing:

  • Provision of our online services and user-friendliness
  • Contractual services and support
  • Handling of contact requests and communication
  • Direct marketing (e.g., via email or postal mail)
  • Tracking (e.g., interest-/behaviour-based profiling, use of cookies)
  • Interest- and behaviour-based marketing
  • Profiling (creation of user profiles)
  • Security measures
  • Management and response to inquiries

Legal Basis (GDPR):

  • Legitimate interests (Art. 6(1)(f))
  • Consent (Art. 6(1)(a))
  • Performance of a contract and pre-contractual measures (Art. 6(1)(b))

Services and Service Providers Used

Font Awesome: Used for the display of fonts and icons.
Service provider: Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA
Website: https://fontawesome.com/
Privacy Policy: https://fontawesome.com/privacy

Google Tag Manager: We use Google Tag Manager, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deliver the tools embedded through it. However, it does collect your IP address, which may also be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. Where consent has been obtained, processing is based solely on Art. 6(1)(a) GDPR and §25(1) TDDDG, provided the consent covers cookie storage or access to information on the user’s device (e.g., device fingerprinting). Consent can be withdrawn at any time.

The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the EU and the US that ensures compliance with European data protection standards for processing in the US. Certified companies commit to maintaining these standards. More information is available from the provider: https://www.dataprivacyframework.gov/participant/5780

Google Fonts: We embed fonts (“Google Fonts”) provided by Google. User data are used solely for displaying the fonts in users’ browsers. Embedding is based on our legitimate interests in a technically secure, maintenance-free, and efficient use of fonts, their consistent presentation, and any licensing restrictions.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://fonts.google.com/
Privacy Policy: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google Maps: We embed maps from Google Maps. Data processed may include users’ IP addresses and location data, which are not collected without consent (typically via device settings).
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://cloud.google.com/maps-platform
Privacy Policy: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/authenticated

LinkedIn Plugins and Content: Includes content such as images, videos, text, or buttons allowing users to share content from this online service on LinkedIn.
Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Website: https://www.instagram.com
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

ReCaptcha: Used to detect bots, e.g., in online form submissions. Behavioural information (e.g., mouse movements or queries) is analysed to distinguish humans from bots.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://www.google.com/recaptcha/
Privacy Policy: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/authenticated

YouTube Videos: Video content embedded from YouTube.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: https://www.youtube.com/
Privacy Policy: https://policies.google.com/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Opt-out: https://tools.google.com/dlpage/gaoptout?hl=de, https://adssettings.google.com/authenticated

Vimeo Videos: Video content embedded from Vimeo.
Service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, NY 10011, USA
Website: https://vimeo.com
Privacy Policy: https://vimeo.com/privacy
Opt-out: Please note that Vimeo may use Google Analytics. For details, see https://policies.google.com/privacy, Google Analytics opt-out https://tools.google.com/dlpage/gaoptout?hl=de, or Google Ads settings https://adssettings.google.com/

 

Planning, Organisation and Auxiliary Tools

We use services, platforms, and software from other providers (hereinafter referred to as “third parties”) for purposes of organisation, management, planning, and the provision of our services. In selecting third parties and their services, we observe all applicable legal requirements.

In this context, personal data may be processed and stored on the servers of third parties. This may involve various types of data, which we process in accordance with this Privacy Policy. Such data may include, in particular, master and contact data of users, data related to processes, contracts, other operations, and their content.

Where users are referred to third parties or their software or platforms in the context of communication, business, or other relationships with us, the third parties may process usage data and metadata for security purposes, service optimisation, or marketing purposes. We therefore advise users to review the privacy information provided by the respective third parties.

Legal Basis: Where we ask users for their consent to the use of third parties, the legal basis for data processing is consent. Furthermore, the use of third parties may form part of our contractual or pre-contractual services if agreed in that context. Otherwise, user data is processed on the basis of our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we also refer to the information on the use of cookies in this Privacy Policy.

Types of Data Processed:

  • Master Data (e.g., names, addresses)
  • Contact Data (e.g., email addresses, telephone numbers)
  • Content Data (e.g., text entries, photographs, videos)
  • Usage Data (e.g., visited web pages, interest in content, access times)
  • Meta-/Communication Data (e.g., device information, IP addresses)

Affected Individuals: Communication partners, users (e.g., website visitors, users of online services)

Legal Bases:

  • Consent (Art. 6(1)(a) GDPR)
  • Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)
  • Legitimate interests (Art. 6(1)(f) GDPR)

 

Deletion of Data

The data we process will be deleted in accordance with statutory requirements as soon as the consent granted for its processing is withdrawn or other authorisations no longer exist (e.g., if the purpose of processing such data ceases to apply or the data is no longer required for that purpose).

If the data is not deleted because it is required for other legally permissible purposes, its processing will be limited to those purposes. In such cases, the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for asserting, exercising, or defending legal claims, or to protect the rights of another natural or legal person.

Further information regarding the deletion of personal data may also be provided within the individual privacy notices in this Privacy Policy.

 

Changes and Updates to the Privacy Policy

We encourage you to review the content of our Privacy Policy regularly. We will update this Privacy Policy whenever changes in our data processing practices make it necessary. You will be informed if such changes require any action on your part (e.g., giving consent) or any other individual notification.

Please note that any addresses or contact information of companies and organisations provided in this Privacy Policy may change over time, and we advise verifying the details before making contact.

 

Rights of Data Subjects

As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 18 and 21 GDPR:

  • Right to Object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data carried out under Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is related to such direct marketing.
  • Right to Withdraw Consent: You have the right to withdraw any consent you have given at any time.
  • Right of Access: You have the right to request confirmation as to whether your data is being processed, access to such data, and additional information, as well as a copy of your data in accordance with legal requirements.
  • Right to Rectification: You have the right, in accordance with statutory requirements, to request the completion of your data or the correction of inaccurate data concerning you.
  • Right to Deletion and Restriction of Processing: You have the right, in accordance with statutory requirements, to request that your data be deleted immediately, or alternatively, to request a restriction on its processing.
  • Right to Data Portability: You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request its transfer to another controller, in accordance with statutory requirements.
  • Right to Lodge a Complaint with a Supervisory Authority: In accordance with statutory requirements, you also have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

 

Definitions

This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken directly from the law, in particular Article 4 of the GDPR, and are legally binding. The explanations below are primarily intended to support understanding. The terms are listed in alphabetical order.

  • Behavioural and Interest-Based Marketing: This refers to the practice of determining the potential interests of users in advertisements and other content as precisely as possible. This is carried out on the basis of information about prior behaviour (e.g., visiting particular websites, spending time on them, purchasing behaviour, or interactions with other users), which is stored in a profile. Cookies are typically used for these purposes.
  • Conversion Measurement / Conversion Tracking: A method used to determine the effectiveness of marketing activities. Typically, a cookie is stored on users’ devices within the websites where marketing actions take place and is then retrieved again on the target website. In this way, for example, it can be tracked whether advertisements placed on other websites were successful.
  • Content Delivery Network (CDN): A service that helps to deliver the content of an online offering—especially large media files such as graphics or program scripts—more quickly and securely by means of regionally distributed servers connected via the Internet.
  • Cross-Device Tracking: A form of tracking in which behavioural and interest information about users is collected across devices and compiled into profiles by assigning users an online identifier. This allows information to be analysed for marketing purposes independently of the browsers or devices used (e.g., mobile phones or desktop computers). The online identifier is generally not linked with clear data such as names, postal addresses, or e-mail addresses.
  • IP Masking: A method in which the last octet, i.e., the last two numbers of an IP address, is deleted so that the IP address can no longer be used to uniquely identify a person. IP masking is therefore a means of pseudonymisation of processing procedures, particularly in online marketing.
  • Personal Data: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • Processing: “Processing” means any operation or set of operations performed on personal data, with or without the aid of automated processes. The term is broad and covers virtually any handling of data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, disclosure, transmission, dissemination, erasure, or destruction.
  • Profiling: Any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person. Depending on the type of profiling, this may include information concerning age, gender, location and movement data, interaction with websites and content, purchasing behaviour, or social interactions with other people. Profiling is often carried out using cookies and web beacons, for example to analyse, evaluate, or predict interests in specific content or products, click behaviour on a website, or location.
  • Reach Measurement (Web Analytics): Reach measurement is used to analyse visitor flows within an online offering and can include the behaviour or interests of visitors in particular information, such as website content. With the help of reach analysis, website operators can, for example, see when visitors access their site and what content interests them. This enables them to better tailor website content to their visitors’ needs. Pseudonymous cookies and web beacons are frequently used for this purpose in order to recognise returning visitors and thus obtain more accurate analyses of the use of an online offering.
  • Remarketing / Retargeting: This term refers to noting, for example for advertising purposes, which products a user has shown an interest in on a website, in order to remind the user of these products on other websites, for instance in advertisements.
  • Tracking: The term “tracking” refers to monitoring users’ behaviour across multiple online offerings. Behavioural and interest data is usually stored in cookies or on the servers of the providers of the tracking technologies (so-called profiling). This information may then be used, for example, to display advertisements to users that are likely to correspond to their interests.
  • Controller: The natural or legal person, authority, institution, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.
  • Target Group Formation (Custom Audiences / Lookalike Audiences): The process of defining target groups for marketing purposes, such as the display of advertisements. For example, if a user is interested in certain products or topics online, it can be inferred that they may also be interested in advertisements for similar products or the online shop where they viewed those products. “Lookalike Audiences” refers to content being displayed to users whose profiles or interests are presumed to resemble those of the users on whom the original profiles were based. Cookies and web beacons are generally used for the creation of custom and lookalike audiences.