The protection of your personal rights and data is very important to us. We protect your data with appropriate technical and organisational measures and take the legal provisions on data protection very seriously, in particular the EU Data Protection Basic Regulation and the Federal Data Protection Act. In the following you will find information about which data is collected in connection with your visit to this website and how it is used.
Legal bases of data processing
According to Art. 13 DSGVO, you should be informed of the legal basis of our data processing. If the legal basis is not mentioned in this data protection information, the following applies:
The legal basis for data processing on the basis of consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the purpose of fulfilling our services and implementing contractual measures and answering enquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing on the basis of our legitimate interests is Art. 6 para. 1 lit. f DSGVO. Should the vital interests of a data subject or other natural person make it necessary to process personal data, we base this processing on Art. 6 para. 1 lit. d DSGVO.
Transfer of data to third parties and third-party providers
We will only pass on your data to third parties (other persons or companies) if you give your consent or if this is otherwise permitted by law. This may be the case, for example, if this is necessary within the framework of the initiation of a contract or for the performance of a contractual obligation, Art. 6 Para. 1 lit. b DSGVO, we comply with a legal obligation in accordance with Art. 6 Para. 1 lit. c DSGVO or if the disclosure serves our legitimate interests in accordance with Art. 6 Para. 1 Para. 1 lit. f DSVGO in an economic and effective business operation.
If we involve subcontractors in the processing of your data, we ensure by means of legal precautions and appropriate technical and organisational measures that your data is protected and that the relevant statutory provisions are complied with. If we commission third parties to process data on the basis of a so-called „contract processing agreement“, this is done on the basis of Art. 28 DSGVO.
If a subcontractor carries out data processing outside the European Union or the European Economic Area, the data will only be transferred there if an appropriate level of data protection is ensured at the location of the data processing, if you have expressly consented or if another legal authorisation has been granted.
Data transfer to third countries
In some cases, data is also processed by our service providers in so-called third countries. These are states outside the European Union (EU) or the European Economic Area (EEA). This is done either to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. However, such processing only takes place if the special conditions of Art. 44 DSGVO are fulfilled. An adequate level of data protection is also ensured in these cases. This is because in these third countries there are either adequate guarantees that a level of data protection comparable to that in the EU exists (e.g. for the USA through the „EU-US Privacy Shield“) or we involve our service providers through special contractual obligations that ensure this level of data protection (so-called „EU standard contractual clauses“).
Deletion of data
We delete or restrict the processing of personal data in accordance with Articles 17 and 18 DSGVO. Stored data is generally deleted when it is no longer needed for its intended purpose, unless deletion is contrary to statutory storage obligations. We restrict data processing if the data cannot be deleted because, for example, it is to be used for other and legally permissible purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In Germany, data is stored in particular for 6 years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
Insofar as our data protection notices expressly inform you when data is deleted, this concrete statement will naturally apply at the time of deletion.
We use SSL encryption on our websites for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the lock symbol in your browser line. If SSL encryption is activated, the data you send to us cannot be read by third parties.
Automatically collected data
Personal data are all data that can be assigned to an identified or identifiable person. In principle, you can visit our websites without telling us who you are. For technical reasons, however, your IP address is always processed when you visit a website. Only in this way can the respective website be delivered to your browser.
Access data/server log files
We – or our hosting service provider on our behalf – automatically collect and store information in so-called server log files, which your browser automatically transmits to us when you visit our websites. These are: The name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
We carry out this data processing on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The collection of this data serves IT security and protection against unauthorised use. In this respect, we reserve the right to subsequently check this data if we become aware of concrete indications of illegal use. This data will not be merged with other data sources. This data will be deleted within a maximum of 7 days after data collection, unless your continued storage is necessary until a specific incident is clarified
Data collection in cookies
We use so-called cookies on our website. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer.
We use so-called session cookies. The use of these cookies is technically necessary, for example to enable you to set your language. A further data collection does not take place thereby however. The cookies are usually deleted as soon as you close your browser.
We also use „persistent“ or „permanent“ cookies on our websites. These cookies remain stored until their expiry date expires or you delete them prematurely. These cookies enable us to recognize your browser when you visit our website again. We use this type of cookies, for example, for range analysis.
You can set your browser so that you are informed when cookies are set and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. If you deactivate all cookies, the functionality of the websites may be limited.
Data that you consciously transmit to us – Contact
If you contact us (e.g. by e-mail or telephone), your data will be processed for the purpose of handling the contact request and its processing.
This means that if personal data (such as your name, address or e-mail address) is collected when you contact us, this is done because you are interested in our services, for example, or you provide us with data to establish, formulate the content of or amend a contractual relationship concluded between you and us (Art. 6 para. 1 lit. b DS-GVO) or have any other concerns. In the latter case, we will process the data on the basis of our justified interest in effective external contact (Art. 6 Paragraph 1 lit. f DS-GVO).
The personal data transmitted when making contact will be stored, processed and deleted if it is no longer required for these purposes and no further storage or processing for other legitimate interests is carried out and no legal storage obligations prevent deletion.
The hosting services we use serve to provide the following services: operation of the websites, computing capacity, storage space and database services.
Data that you enter in a web form on our website is transferred directly to us by the hosting provider or kept available for us.
Our hosting provider processes contact data, inventory and content data, usage data, meta and communication data of customers, interested parties and visitors to our website on our behalf. This is done on the basis of our legitimate interests in making our websites available efficiently and securely in accordance with Art. 6 Paragraph 1 lit. f DS-GVO in conjunction with Art. 6 Paragraph 1 lit. f DS-GVO. Art. 28 DS-GVO (contract for processing orders).
We use external fonts, so-called web fonts, which are provided by Google Inc. for the uniform display of fonts on our websites: https://www.google.com/fonts („Google Fonts“).
When you visit the website, your browser loads the required web fonts into your browser cache so that the texts and fonts can be displayed correctly. The integration of the Google Fonts is done by a server call at Google (usually in the USA). To make this technically possible, Google processes your IP address for this purpose. Google records which fonts are loaded in your browser for statistical evaluation. Beyond that, however, no cookie is set which would save personal data.
If your browser does not support web fonts, a standard font is used by your computer.
You may also opt-out of Google’s processing of your personal information for advertising purposes by visiting http://www.google.de/settings/ads („Manage information Google uses to serve ads to you“).
Google also processes your personal information in the United States, but is certified under the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Rights to information, blocking and deletion
You have the right to request information as to whether and how data concerning you is being processed, to receive further information and a copy of the data in accordance with Art. 15 DSGVO.
You have the right to request the completion of data concerning you or the correction of incorrect data concerning you, in accordance with Art. 16 DPA.
Under Art. 17 DSGVO, you have the right to request that data concerning you be deleted immediately, or alternatively, under Art. 18 DSGVO, to request that the processing of the data be restricted.
Right to data portability
According to Art. 20 DSGVO, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that it is technically feasible.
Right of appeal to the competent supervisory authority
If you accept an unlawful data processing operation, you are free to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. A list of the data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Right to withdraw your consent to data processing
You can revoke a declared consent at any time with effect for the future. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing that took place up to the revocation remains unaffected by the revocation.
Right of objection
You can also object to the processing of your personal data at any time in accordance with the legal requirements. The objection may in particular be made against processing for the purposes of direct advertising. If we provide you with an opt-out option in this data protection information, you can simply exercise your right of objection in this way.
Changes to the data protection information
The data protection information informs you about the current data processing on our websites. If there are changes in our services or this data processing or if the legal situation changes, we must adapt this data protection information accordingly. However, this only applies with regard to this data processing information. If your consent was necessary or if parts of the data protection information concern our contractual relationship with you, we will of course not make any changes to this without your consent. Please inform yourself regularly about the content of this data protection information.